Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/3343d2-5253-4243-a01f-587fc84acefe/1/Nt1fKtuueUcFvyduNruvB0rsXTM.roa
File:                     Nt1fKtuueUcFvyduNruvB0rsXTM.roa (raw, json)
Hash identifier:          OadIklbcH6DaiU3mJRMVt9RBv1MK3P63QgxLlQBt6Fo=
Subject key identifier:   36:DD:5F:2A:DB:AE:79:47:05:BF:27:6E:36:BB:AF:07:4A:EC:5D:33
Certificate issuer:       /CN=bf56ba98c6745a63026d78fc284722399d2eb849
Certificate serial:       018CC801CDA22C0EB3659AEA1C27669D9545
Authority key identifier: BF:56:BA:98:C6:74:5A:63:02:6D:78:FC:28:47:22:39:9D:2E:B8:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v1a6mMZ0WmMCbXj8KEciOZ0uuEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/3343d2-5253-4243-a01f-587fc84acefe/1/Nt1fKtuueUcFvyduNruvB0rsXTM.roa
Signing time:             Tue 02 Jan 2024 02:30:10 +0000
ROA not before:           Tue 02 Jan 2024 02:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50959
IP address blocks:        45.15.43.0/24 maxlen: 24
                          2a07:4900::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/3343d2-5253-4243-a01f-587fc84acefe/1/v1a6mMZ0WmMCbXj8KEciOZ0uuEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/3343d2-5253-4243-a01f-587fc84acefe/1/v1a6mMZ0WmMCbXj8KEciOZ0uuEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v1a6mMZ0WmMCbXj8KEciOZ0uuEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:cd:a2:2c:0e:b3:65:9a:ea:1c:27:66:9d:95:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf56ba98c6745a63026d78fc284722399d2eb849
        Validity
            Not Before: Jan  2 02:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36dd5f2adbae794705bf276e36bbaf074aec5d33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:9e:1a:0b:c6:89:48:85:43:39:48:65:10:f5:
                    4c:f6:6c:00:75:21:46:c0:0a:1d:09:82:c8:47:f1:
                    a7:a9:94:98:53:2b:47:17:e3:8b:d9:da:0d:5d:9a:
                    3e:6b:2d:70:e8:69:c1:a0:ae:e3:de:dd:e8:79:b9:
                    69:4e:e6:c6:54:68:30:da:d3:4f:21:21:0a:ac:ce:
                    a5:a5:16:7f:7d:d5:32:0c:ba:78:ae:90:b2:5a:61:
                    43:6e:2c:48:31:f5:88:29:8a:e1:42:20:30:fd:fb:
                    f1:da:b6:53:7c:9d:97:70:99:33:18:ec:ce:80:0c:
                    cd:53:60:f6:a2:49:01:dc:ad:55:45:ad:b3:52:5b:
                    96:30:bf:85:27:81:f7:ca:d4:b5:10:56:7f:4a:b3:
                    ff:e9:30:87:97:15:d1:0b:ad:09:84:96:40:14:af:
                    ac:21:05:6b:4f:e3:58:6f:c1:5c:9b:a5:f3:c4:d9:
                    f4:70:5c:5b:c5:be:3d:97:1c:86:00:d2:1e:17:d1:
                    32:26:fc:fb:db:bf:1d:20:e4:ce:89:a0:34:e0:3e:
                    aa:28:d9:a2:da:09:0a:76:b4:7d:50:5d:89:f7:46:
                    a5:a3:9a:72:a7:87:d1:e3:bd:41:14:3b:24:57:11:
                    ce:10:6e:50:9a:81:44:ed:22:7f:64:3a:bf:48:60:
                    95:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:DD:5F:2A:DB:AE:79:47:05:BF:27:6E:36:BB:AF:07:4A:EC:5D:33
            X509v3 Authority Key Identifier:
                keyid:BF:56:BA:98:C6:74:5A:63:02:6D:78:FC:28:47:22:39:9D:2E:B8:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v1a6mMZ0WmMCbXj8KEciOZ0uuEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/3343d2-5253-4243-a01f-587fc84acefe/1/Nt1fKtuueUcFvyduNruvB0rsXTM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/3343d2-5253-4243-a01f-587fc84acefe/1/v1a6mMZ0WmMCbXj8KEciOZ0uuEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.43.0/24
                IPv6:
                  2a07:4900::/29

    Signature Algorithm: sha256WithRSAEncryption
         01:14:bc:9a:42:a8:cc:c8:3e:17:4c:27:fb:4f:17:02:01:e7:
         6c:73:a5:05:3e:5e:7b:be:a4:00:86:2f:9d:d7:13:73:9b:4d:
         e9:39:93:5c:67:21:96:2f:3d:30:2f:11:12:b2:0b:7c:8e:91:
         a8:2f:5c:d2:51:75:9e:4e:a9:92:1d:df:f8:45:78:69:a8:fa:
         c5:0c:e7:9e:4d:d1:8d:31:8a:32:68:7a:01:b3:15:50:60:6b:
         b6:1c:3b:c8:74:8e:ca:b3:7e:3d:15:67:a5:89:49:fd:9d:1b:
         2d:0b:f1:5c:7f:31:ec:39:22:4c:da:c5:88:1d:e5:88:cd:27:
         17:ad:11:6b:bc:d0:36:f4:53:8f:95:73:0d:11:8e:ce:3e:64:
         d2:8d:0f:08:ef:9c:17:17:55:d2:37:d7:2d:fd:4f:ee:b9:09:
         72:45:a3:19:d6:2c:2e:84:56:9c:5f:4f:e7:2d:5c:43:35:40:
         4b:50:17:77:1d:90:e8:1f:3b:10:f9:2d:d8:ec:1d:03:3b:66:
         1d:37:5c:ba:e9:c5:9b:ed:35:15:78:00:f3:2a:d4:a9:63:a3:
         2c:5c:d8:e9:5b:db:76:e2:a7:89:ed:e3:e6:08:4c:28:e7:16:
         ef:7b:9c:b6:6e:c9:df:92:c6:9a:8b:b9:d4:f5:b6:3b:26:91:
         31:86:a8:90
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIAc2iLA6zZZrqHCdmnZVFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmNTZiYTk4YzY3NDVhNjMwMjZkNzhmYzI4NDcyMjM5OWQy
ZWI4NDkwHhcNMjQwMTAyMDIzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmRkNWYyYWRiYWU3OTQ3MDViZjI3NmUzNmJiYWYwNzRhZWM1ZDMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJ4aC8aJSIVDOUhlEPVM9mwAdSFG
wAodCYLIR/GnqZSYUytHF+OL2doNXZo+ay1w6GnBoK7j3t3oeblpTubGVGgw2tNP
ISEKrM6lpRZ/fdUyDLp4rpCyWmFDbixIMfWIKYrhQiAw/fvx2rZTfJ2XcJkzGOzO
gAzNU2D2okkB3K1VRa2zUluWML+FJ4H3ytS1EFZ/SrP/6TCHlxXRC60JhJZAFK+s
IQVrT+NYb8Fcm6XzxNn0cFxbxb49lxyGANIeF9EyJvz7278dIOTOiaA04D6qKNmi
2gkKdrR9UF2J90alo5pyp4fR471BFDskVxHOEG5QmoFE7SJ/ZDq/SGCVJwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDbdXyrbrnlHBb8nbja7rwdK7F0zMB8GA1UdIwQY
MBaAFL9WupjGdFpjAm14/ChHIjmdLrhJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjFhNm1NWjBXbU1DYlhqOEtFY2lPWjB1dUVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy8zMzQzZDItNTI1My00MjQzLWEwMWYt
NTg3ZmM4NGFjZWZlLzEvTnQxZkt0dXVlVWNGdnlkdU5ydXZCMHJzWFRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy8zMzQzZDItNTI1My00MjQzLWEwMWYtNTg3ZmM4NGFjZWZl
LzEvdjFhNm1NWjBXbU1DYlhqOEtFY2lPWjB1dUVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALQ8rMA0E
AgACMAcDBQMqB0kAMA0GCSqGSIb3DQEBCwUAA4IBAQABFLyaQqjMyD4XTCf7TxcC
Aedsc6UFPl57vqQAhi+d1xNzm03pOZNcZyGWLz0wLxESsgt8jpGoL1zSUXWeTqmS
Hd/4RXhpqPrFDOeeTdGNMYoyaHoBsxVQYGu2HDvIdI7Ks349FWeliUn9nRstC/Fc
fzHsOSJM2sWIHeWIzScXrRFrvNA29FOPlXMNEY7OPmTSjQ8I75wXF1XSN9ct/U/u
uQlyRaMZ1iwuhFacX0/nLVxDNUBLUBd3HZDoHzsQ+S3Y7B0DO2YdN1y66cWb7TUV
eADzKtSpY6MsXNjpW9t24qeJ7ePmCEwo5xbve5y2bsnfksaai7nU9bY7JpExhqiQ
-----END CERTIFICATE-----