Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/nXNdENuE8h2ELbhOePeZcrViwRE.roa
File:                     nXNdENuE8h2ELbhOePeZcrViwRE.roa (raw, json)
Hash identifier:          t3YbtmN7ePyp4hmtMKRfkDNouqgovL2LEAAEtnomjRM=
Subject key identifier:   9D:73:5D:10:DB:84:F2:1D:84:2D:B8:4E:78:F7:99:72:B5:62:C1:11
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018CC56DFFD9B4748DAF7A040728B75C6123
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/nXNdENuE8h2ELbhOePeZcrViwRE.roa
Signing time:             Mon 01 Jan 2024 14:29:29 +0000
ROA not before:           Mon 01 Jan 2024 14:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39047
IP address blocks:        5.101.208.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:ff:d9:b4:74:8d:af:7a:04:07:28:b7:5c:61:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  1 14:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d735d10db84f21d842db84e78f79972b562c111
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:da:aa:12:df:b1:76:9f:cf:2c:93:02:0e:57:
                    b7:f2:e7:56:b5:2c:64:87:da:ab:80:22:74:52:57:
                    b5:fb:4b:49:02:fc:cc:ab:77:d3:56:ca:a3:13:42:
                    16:20:3a:d7:12:b8:da:3a:ea:99:82:5b:5c:23:88:
                    70:82:c2:be:9c:c5:34:25:fa:f6:2b:2d:bc:27:0b:
                    da:cc:8e:a9:cf:94:f8:56:7c:dd:aa:29:21:c0:9d:
                    b5:c7:2c:f8:45:82:aa:48:de:4e:62:65:b2:15:5e:
                    1f:bb:d1:2c:48:f0:49:e3:70:79:69:89:42:05:eb:
                    99:26:3e:5e:2d:1b:18:9e:8d:4a:9a:9e:05:3e:50:
                    01:a7:00:8e:1f:56:3f:52:2b:5f:10:44:1c:9b:a1:
                    2f:65:ac:8d:53:fd:88:27:86:6f:a7:40:28:94:8e:
                    f3:4f:0b:f1:7d:fb:d0:aa:15:f3:c9:5e:32:58:7d:
                    77:4d:95:2a:97:e9:89:89:86:b2:b9:35:31:c0:db:
                    90:bc:d6:0c:aa:29:79:0f:bc:80:91:c3:9c:4f:3e:
                    b9:e9:05:bb:88:29:13:6d:4d:1f:d8:a7:33:f4:e8:
                    d8:9e:57:31:75:38:c5:59:ef:9e:a5:0e:f2:96:72:
                    08:32:c1:7a:81:fd:fd:ef:f3:9e:bf:23:3b:77:18:
                    fc:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:73:5D:10:DB:84:F2:1D:84:2D:B8:4E:78:F7:99:72:B5:62:C1:11
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/nXNdENuE8h2ELbhOePeZcrViwRE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.101.208.0/21

    Signature Algorithm: sha256WithRSAEncryption
         0a:33:92:d3:13:54:4e:39:3b:45:32:52:48:ee:41:85:4f:62:
         87:a9:9a:f6:8e:10:76:0d:e8:bc:00:79:36:4b:3e:a0:90:a8:
         6a:0e:ca:1a:e1:39:17:25:dc:3a:e8:60:59:e6:09:41:f6:92:
         9a:35:c8:a6:3e:f2:0a:79:b3:11:72:e8:c4:a6:0f:a6:72:b0:
         36:a4:cd:fb:55:76:4f:b6:61:3d:0e:43:42:7a:12:29:73:82:
         2d:cb:58:ae:0b:7e:69:22:20:fe:5f:a8:1f:58:87:9d:bf:5d:
         4f:20:30:95:f2:a1:85:28:03:ba:03:11:78:a3:ef:79:02:5f:
         dc:ce:2c:1c:d6:03:3f:50:fb:0e:ab:85:af:fb:92:84:a2:02:
         f0:a3:2c:cd:77:df:2f:74:9c:18:b3:c7:f4:1d:e7:be:81:26:
         ab:6b:37:08:8b:2b:1b:c6:f2:32:b8:87:3c:1a:e9:79:d7:e8:
         6e:ac:ba:5b:16:53:84:e2:61:3f:cb:eb:c0:77:98:41:fb:cf:
         32:57:06:02:a9:68:f9:15:4b:bf:77:ac:f0:e6:9d:4c:63:df:
         ee:8e:33:f7:9d:9d:e8:7f:a4:b9:fe:b9:1d:cf:00:27:04:7e:
         89:f8:fa:a4:09:f6:e8:4c:a8:05:0c:57:46:4e:db:1f:22:8c:
         6a:ff:9c:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbf/ZtHSNr3oEByi3XGEjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwMTAxMTQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDczNWQxMGRiODRmMjFkODQyZGI4NGU3OGY3OTk3MmI1NjJjMTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAitqqEt+xdp/PLJMCDle38udWtSxk
h9qrgCJ0Ule1+0tJAvzMq3fTVsqjE0IWIDrXErjaOuqZgltcI4hwgsK+nMU0Jfr2
Ky28JwvazI6pz5T4VnzdqikhwJ21xyz4RYKqSN5OYmWyFV4fu9EsSPBJ43B5aYlC
BeuZJj5eLRsYno1Kmp4FPlABpwCOH1Y/UitfEEQcm6EvZayNU/2IJ4Zvp0AolI7z
TwvxffvQqhXzyV4yWH13TZUql+mJiYayuTUxwNuQvNYMqil5D7yAkcOcTz656QW7
iCkTbU0f2Kcz9OjYnlcxdTjFWe+epQ7ylnIIMsF6gf397/OevyM7dxj8zwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ1zXRDbhPIdhC24Tnj3mXK1YsERMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvblhOZEVOdUU4aDJFTGJoT2VQZVpjclZpd1JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDBWXQMA0G
CSqGSIb3DQEBCwUAA4IBAQAKM5LTE1ROOTtFMlJI7kGFT2KHqZr2jhB2Dei8AHk2
Sz6gkKhqDsoa4TkXJdw66GBZ5glB9pKaNcimPvIKebMRcujEpg+mcrA2pM37VXZP
tmE9DkNCehIpc4Ity1iuC35pIiD+X6gfWIedv11PIDCV8qGFKAO6AxF4o+95Al/c
ziwc1gM/UPsOq4Wv+5KEogLwoyzNd98vdJwYs8f0Hee+gSarazcIiysbxvIyuIc8
Gul51+hurLpbFlOE4mE/y+vAd5hB+88yVwYCqWj5FUu/d6zw5p1MY9/ujjP3nZ3o
f6S5/rkdzwAnBH6J+PqkCfboTKgFDFdGTtsfIoxq/5wc
-----END CERTIFICATE-----