Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/Ns_jj4BnMM2LwRsazkTqfKprGhE.roa
File:                     Ns_jj4BnMM2LwRsazkTqfKprGhE.roa (raw, json)
Hash identifier:          kZQvcW1Z81mwOmd7ZB9qOH2xMG9kJ4ETEBkP2mpWCW4=
Subject key identifier:   36:CF:E3:8F:80:67:30:CD:8B:C1:1B:1A:CE:44:EA:7C:AA:6B:1A:11
Certificate issuer:       /CN=88b213bf1627548efdfb1b2e2645baaf1d983aa0
Certificate serial:       018D3E0E770FFF730B2043EB9202391921EA
Authority key identifier: 88:B2:13:BF:16:27:54:8E:FD:FB:1B:2E:26:45:BA:AF:1D:98:3A:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/Ns_jj4BnMM2LwRsazkTqfKprGhE.roa
Signing time:             Thu 25 Jan 2024 00:39:11 +0000
ROA not before:           Thu 25 Jan 2024 00:39:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211439
IP address blocks:        188.244.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3e:0e:77:0f:ff:73:0b:20:43:eb:92:02:39:19:21:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88b213bf1627548efdfb1b2e2645baaf1d983aa0
        Validity
            Not Before: Jan 25 00:39:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36cfe38f806730cd8bc11b1ace44ea7caa6b1a11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:b3:71:66:c3:91:8c:98:5b:a3:3b:5d:78:8a:
                    ef:62:cb:8f:0b:61:20:32:02:09:67:c7:31:bf:0f:
                    ce:89:7c:5f:57:4b:45:bb:19:03:02:3f:63:24:bc:
                    a6:93:58:6e:bc:cd:fc:86:5d:ff:c8:5a:06:96:75:
                    d0:51:c3:ff:a7:8a:e3:ae:c1:65:72:39:73:db:27:
                    36:db:2c:ab:7b:56:79:fe:a4:f9:bb:69:ef:66:e2:
                    5f:49:f5:e1:36:6a:f8:ef:3c:43:6b:ee:5c:29:b3:
                    45:f3:62:4d:10:fc:db:6c:ae:e6:a4:a9:ed:47:72:
                    07:55:d7:86:03:fc:15:d8:f1:bf:d1:c6:a2:e4:f4:
                    a3:08:6a:6f:77:05:63:6f:55:fd:28:1e:81:48:9e:
                    57:92:7a:58:b6:e9:a4:64:25:37:b9:ab:86:54:70:
                    e1:de:22:fa:09:50:8d:88:7e:d3:e4:7c:e4:63:a4:
                    48:4e:84:9b:90:03:44:56:2a:83:99:9d:2a:84:aa:
                    ca:01:3f:c4:0f:13:0d:b2:14:fa:51:97:d0:7c:84:
                    b1:9c:6e:8e:8d:a6:53:8e:fa:2c:4f:9b:04:7e:7e:
                    b7:65:04:3e:12:23:32:e4:5f:ab:f4:d2:2c:9a:42:
                    8c:d4:5c:03:23:b5:10:84:f9:08:e7:cb:55:a3:bf:
                    b0:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:CF:E3:8F:80:67:30:CD:8B:C1:1B:1A:CE:44:EA:7C:AA:6B:1A:11
            X509v3 Authority Key Identifier:
                keyid:88:B2:13:BF:16:27:54:8E:FD:FB:1B:2E:26:45:BA:AF:1D:98:3A:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/Ns_jj4BnMM2LwRsazkTqfKprGhE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.244.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:1c:46:ba:8e:e1:5f:24:9f:54:f6:c7:9a:32:be:66:c6:39:
         37:98:84:4f:76:75:33:25:fc:48:fc:5d:36:80:7c:7c:ee:04:
         4a:6c:af:fa:9c:6b:47:12:cb:fd:a4:eb:2f:c0:4c:d8:8c:28:
         17:7b:25:32:4c:bd:01:49:aa:22:f0:9e:ab:5e:f8:bc:8c:24:
         52:19:7e:8a:69:22:cf:5a:8c:12:07:34:c4:9a:16:2b:65:27:
         26:49:bf:c1:0e:33:96:35:a2:34:da:42:ab:7d:85:5c:f2:b4:
         81:d6:e9:78:07:0c:5d:8f:cb:ab:1f:fc:74:ab:d1:87:63:78:
         b6:14:d7:35:e3:28:85:2d:c3:15:9f:25:d4:c3:b5:54:db:9c:
         76:f1:e0:95:ed:ea:ab:49:4f:cf:55:6a:72:b6:92:9c:35:0f:
         f5:9d:fa:2b:c3:73:89:3f:ae:a4:8d:11:7b:fb:7d:82:43:5f:
         6e:fe:8f:60:42:64:44:ad:0b:cd:6b:41:5a:bc:77:50:1c:71:
         fb:69:f5:cd:b8:7a:99:22:b6:31:fd:70:0a:78:81:22:10:06:
         98:cd:0d:f5:0a:22:30:be:d3:fc:78:c9:67:b3:39:e2:75:99:
         2b:68:32:96:6d:1d:52:09:ec:88:8d:c5:5f:7e:ca:de:52:9d:
         6a:50:19:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0+DncP/3MLIEPrkgI5GSHqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YjIxM2JmMTYyNzU0OGVmZGZiMWIyZTI2NDViYWFmMWQ5
ODNhYTAwHhcNMjQwMTI1MDAzOTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmNmZTM4ZjgwNjczMGNkOGJjMTFiMWFjZTQ0ZWE3Y2FhNmIxYTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk7NxZsORjJhboztdeIrvYsuPC2Eg
MgIJZ8cxvw/OiXxfV0tFuxkDAj9jJLymk1huvM38hl3/yFoGlnXQUcP/p4rjrsFl
cjlz2yc22yyre1Z5/qT5u2nvZuJfSfXhNmr47zxDa+5cKbNF82JNEPzbbK7mpKnt
R3IHVdeGA/wV2PG/0cai5PSjCGpvdwVjb1X9KB6BSJ5XknpYtumkZCU3uauGVHDh
3iL6CVCNiH7T5HzkY6RIToSbkANEViqDmZ0qhKrKAT/EDxMNshT6UZfQfISxnG6O
jaZTjvosT5sEfn63ZQQ+EiMy5F+r9NIsmkKM1FwDI7UQhPkI58tVo7+wjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDbP44+AZzDNi8EbGs5E6nyqaxoRMB8GA1UdIwQY
MBaAFIiyE78WJ1SO/fsbLiZFuq8dmDqgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUxJVHZ4WW5WSTc5LXhzdUprVzZyeDJZT3FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8zYzAyNjktYzE5NC00ZTZkLWFiY2Ut
NzI3MzVlMTE4ZDUxLzEvTnNfamo0Qm5NTTJMd1JzYXprVHFmS3ByR2hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8zYzAyNjktYzE5NC00ZTZkLWFiY2UtNzI3MzVlMTE4ZDUx
LzEvaUxJVHZ4WW5WSTc5LXhzdUprVzZyeDJZT3FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvPRxMA0G
CSqGSIb3DQEBCwUAA4IBAQBpHEa6juFfJJ9U9seaMr5mxjk3mIRPdnUzJfxI/F02
gHx87gRKbK/6nGtHEsv9pOsvwEzYjCgXeyUyTL0BSaoi8J6rXvi8jCRSGX6KaSLP
WowSBzTEmhYrZScmSb/BDjOWNaI02kKrfYVc8rSB1ul4Bwxdj8urH/x0q9GHY3i2
FNc14yiFLcMVnyXUw7VU25x28eCV7eqrSU/PVWpytpKcNQ/1nforw3OJP66kjRF7
+32CQ19u/o9gQmRErQvNa0FavHdQHHH7afXNuHqZIrYx/XAKeIEiEAaYzQ31CiIw
vtP8eMlnsznidZkraDKWbR1SCeyIjcVffsreUp1qUBkn
-----END CERTIFICATE-----