Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/1-NKP1CHafre4vU52sp4fnXcS8v8.roa
File:                     1-NKP1CHafre4vU52sp4fnXcS8v8.roa (raw, json)
Hash identifier:          v+mjhqPc9zglY03U3cT2GrpVZ5JmbXCgiLV04tLH5QM=
Subject key identifier:   F8:D2:8F:D4:21:DA:7E:B7:B8:BD:4E:76:B2:9E:1F:9D:77:12:F2:FF
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       01954E9F07828C9B0B31DC5E3C76741DB8DB
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/1-NKP1CHafre4vU52sp4fnXcS8v8.roa
Signing time:             Fri 28 Feb 2025 22:13:19 +0000
ROA not before:           Fri 28 Feb 2025 22:13:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212966
IP address blocks:        45.154.32.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:4e:9f:07:82:8c:9b:0b:31:dc:5e:3c:76:74:1d:b8:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: Feb 28 22:13:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f8d28fd421da7eb7b8bd4e76b29e1f9d7712f2ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:ae:2b:9e:59:a6:1f:16:79:18:96:40:fe:90:
                    1a:2e:d3:6b:bb:d8:36:ff:19:8b:02:64:5a:7f:e5:
                    41:5c:70:fd:89:c6:aa:1a:7a:a9:84:fd:9e:63:d4:
                    23:ba:06:c1:38:61:8b:f7:42:f5:e3:5d:82:58:f4:
                    a7:eb:18:9e:6e:2f:a5:39:19:5c:eb:94:ba:d3:89:
                    f6:b6:aa:67:8c:24:f1:77:ac:06:2e:89:4f:46:56:
                    6b:fb:00:a1:87:a7:a0:1b:d8:87:dd:50:05:18:d4:
                    62:0c:ac:b3:69:1b:07:3d:08:fa:f7:b9:b4:55:5c:
                    e9:99:f6:05:d3:66:09:68:8b:d5:8e:30:db:89:2a:
                    3d:81:a8:cc:bc:ea:47:f8:4c:7a:72:c8:fb:70:55:
                    44:12:6a:4f:54:1a:56:a5:65:cf:8f:5c:69:1a:46:
                    4b:31:44:5c:ea:2f:54:da:ab:c4:49:8b:a3:9c:d0:
                    50:ff:8b:5a:49:4c:12:57:c9:a1:56:70:76:71:9c:
                    5a:8f:88:0b:f2:37:84:f7:e6:d8:de:bf:35:b3:d8:
                    34:91:4e:75:47:13:58:3d:81:59:2a:2b:9b:57:2d:
                    e2:f9:4e:13:4e:13:db:97:93:eb:ab:2d:33:a8:26:
                    77:a1:94:de:db:22:ae:2c:4f:e3:91:2f:41:91:e8:
                    e4:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:D2:8F:D4:21:DA:7E:B7:B8:BD:4E:76:B2:9E:1F:9D:77:12:F2:FF
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/1-NKP1CHafre4vU52sp4fnXcS8v8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:02:f2:c4:2f:39:e0:ed:e9:3a:ee:bb:e5:e8:f5:8a:17:ab:
         49:7a:4e:d5:e2:64:a4:4a:be:eb:87:32:fc:c8:9e:a6:2d:e3:
         bf:cc:57:a2:eb:71:c0:d7:03:0a:d4:91:71:d3:0a:d7:35:fa:
         ee:d6:ce:51:04:ee:d4:e8:15:04:25:88:fb:a1:b4:be:46:6b:
         8b:e0:18:3f:5e:ed:17:0e:ea:e3:10:e7:eb:8d:b2:a5:9f:27:
         a2:4f:e2:8a:be:63:3e:06:f4:49:bd:3b:58:a0:28:fe:9c:2c:
         1b:ec:7f:7f:02:41:96:a0:b2:e1:2b:31:fb:a0:09:51:99:48:
         36:6f:dc:2b:02:b6:45:f7:d9:d0:27:0f:77:46:cc:c5:81:1a:
         b3:a5:64:3d:16:b8:b8:cd:20:5e:70:21:7a:5d:8c:78:ac:f9:
         6c:91:c2:ad:ee:5e:b2:a8:c6:b5:41:fd:1e:ec:09:14:ba:38:
         9f:91:a2:64:12:df:1f:9e:8a:c7:75:52:3f:dc:27:0d:dc:c7:
         a1:0e:5d:ab:53:6d:72:9b:1e:39:14:84:08:20:2b:2b:91:0d:
         6c:fe:8e:e7:33:8f:39:55:ac:38:5b:27:08:4a:04:b0:c4:f6:
         74:9f:ff:b5:13:e8:96:0f:57:de:80:a9:42:9c:74:ca:d8:9a:
         db:58:2d:9d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZVOnweCjJsLMdxePHZ0HbjbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjUwMjI4MjIxMzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGQyOGZkNDIxZGE3ZWI3YjhiZDRlNzZiMjllMWY5ZDc3MTJmMmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmK4rnlmmHxZ5GJZA/pAaLtNru9g2
/xmLAmRaf+VBXHD9icaqGnqphP2eY9QjugbBOGGL90L1412CWPSn6xiebi+lORlc
65S604n2tqpnjCTxd6wGLolPRlZr+wChh6egG9iH3VAFGNRiDKyzaRsHPQj697m0
VVzpmfYF02YJaIvVjjDbiSo9gajMvOpH+Ex6csj7cFVEEmpPVBpWpWXPj1xpGkZL
MURc6i9U2qvESYujnNBQ/4taSUwSV8mhVnB2cZxaj4gL8jeE9+bY3r81s9g0kU51
RxNYPYFZKiubVy3i+U4TThPbl5Prqy0zqCZ3oZTe2yKuLE/jkS9Bkejk4QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPjSj9Qh2n63uL1OdrKeH513EvL/MB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEvMS1OS1AxQ0hhZnJlNHZVNTJzcDRmblhjUzh2OC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZmIvNDc0ZjI3LWIyODYtNDZmMC1hZTQ1LTEzMmZmYzhiZGU0
Ni8xL0RUVllWR29zVkx2WUVxR1NLS3FZNEhqVHFtZy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2aIDAN
BgkqhkiG9w0BAQsFAAOCAQEAegLyxC854O3pOu675ej1iherSXpO1eJkpEq+64cy
/Miepi3jv8xXoutxwNcDCtSRcdMK1zX67tbOUQTu1OgVBCWI+6G0vkZri+AYP17t
Fw7q4xDn642ypZ8nok/iir5jPgb0Sb07WKAo/pwsG+x/fwJBlqCy4Ssx+6AJUZlI
Nm/cKwK2RffZ0CcPd0bMxYEas6VkPRa4uM0gXnAhel2MeKz5bJHCre5esqjGtUH9
HuwJFLo4n5GiZBLfH56Kx3VSP9wnDdzHoQ5dq1NtcpseORSECCArK5ENbP6O5zOP
OVWsOFsnCEoEsMT2dJ//tRPolg9X3oCpQpx0ytia21gtnQ==
-----END CERTIFICATE-----