Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/60a100-f166-42d5-8712-1e84f08c1dcb/1/qbsq5RIpBYSt6Acjnm9VMK4lh5Q.roa
File:                     qbsq5RIpBYSt6Acjnm9VMK4lh5Q.roa (raw, json)
Hash identifier:          /BVUBkpCvOhscqGKvwkpJcmsKH6fBnI2N1sPDW/OVh0=
Subject key identifier:   A9:BB:2A:E5:12:29:05:84:AD:E8:07:23:9E:6F:55:30:AE:25:87:94
Certificate issuer:       /CN=349fd357c3fb8ea30e1207823b646e125318380e
Certificate serial:       018CC3B7044F5EEBAB3D02DCE29997BFEE61
Authority key identifier: 34:9F:D3:57:C3:FB:8E:A3:0E:12:07:82:3B:64:6E:12:53:18:38:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NJ_TV8P7jqMOEgeCO2RuElMYOA4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/60a100-f166-42d5-8712-1e84f08c1dcb/1/qbsq5RIpBYSt6Acjnm9VMK4lh5Q.roa
Signing time:             Mon 01 Jan 2024 06:30:00 +0000
ROA not before:           Mon 01 Jan 2024 06:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204647
IP address blocks:        185.244.116.0/22 maxlen: 24
                          2a0d:2c80::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/60a100-f166-42d5-8712-1e84f08c1dcb/1/NJ_TV8P7jqMOEgeCO2RuElMYOA4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/60a100-f166-42d5-8712-1e84f08c1dcb/1/NJ_TV8P7jqMOEgeCO2RuElMYOA4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NJ_TV8P7jqMOEgeCO2RuElMYOA4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:04:4f:5e:eb:ab:3d:02:dc:e2:99:97:bf:ee:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=349fd357c3fb8ea30e1207823b646e125318380e
        Validity
            Not Before: Jan  1 06:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9bb2ae512290584ade807239e6f5530ae258794
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:7e:98:db:59:e8:20:8b:93:8e:cd:94:cc:18:
                    99:34:03:5e:4e:cf:c6:fe:c4:bd:b5:61:c0:78:24:
                    3c:1f:56:a4:a5:4f:33:55:47:d8:be:d8:25:16:d9:
                    19:00:da:5d:f3:d0:6c:ca:64:27:a5:4c:e5:29:9d:
                    79:11:33:f0:ea:52:45:fc:3d:4e:70:47:87:2f:ff:
                    e0:b7:4e:5f:9a:1c:c5:f7:9f:b6:49:d3:71:0d:d6:
                    1b:d9:98:bc:aa:44:16:a1:1f:b8:d6:73:6b:f0:08:
                    08:bb:e7:7b:58:89:53:7f:1f:f4:e4:e0:85:05:3e:
                    f8:db:69:e1:8f:46:2c:69:60:93:09:e9:7f:87:c3:
                    98:49:23:0f:df:d3:5b:bc:ce:50:b6:2e:cf:27:d2:
                    fe:74:e0:3b:b0:fa:71:26:f0:36:f8:8a:a1:1b:c5:
                    f3:0f:c2:b7:af:4f:6e:84:df:69:0f:44:7e:d6:c0:
                    4d:08:84:1d:52:25:30:ea:2a:24:23:6f:c6:de:9c:
                    c6:d8:bc:22:a1:d0:60:6c:6c:ac:f6:74:23:c9:95:
                    53:b7:66:be:d0:d7:d6:ed:0c:a0:8f:26:cf:4a:9f:
                    6f:df:1e:04:f9:1f:19:88:65:99:e7:3f:5e:92:fc:
                    aa:a8:e6:7a:92:0a:52:b4:25:52:41:b2:e5:57:24:
                    ab:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:BB:2A:E5:12:29:05:84:AD:E8:07:23:9E:6F:55:30:AE:25:87:94
            X509v3 Authority Key Identifier:
                keyid:34:9F:D3:57:C3:FB:8E:A3:0E:12:07:82:3B:64:6E:12:53:18:38:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJ_TV8P7jqMOEgeCO2RuElMYOA4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/60a100-f166-42d5-8712-1e84f08c1dcb/1/qbsq5RIpBYSt6Acjnm9VMK4lh5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/60a100-f166-42d5-8712-1e84f08c1dcb/1/NJ_TV8P7jqMOEgeCO2RuElMYOA4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.116.0/22
                IPv6:
                  2a0d:2c80::/29

    Signature Algorithm: sha256WithRSAEncryption
         2d:f9:41:17:ce:58:56:54:f2:20:6e:6c:7a:26:a3:c3:90:1f:
         b2:4c:82:15:73:9a:05:e0:bc:aa:9b:c1:1c:8d:1b:ee:20:dc:
         4f:01:09:e1:45:03:6d:e8:b7:aa:b8:c2:b3:03:d0:20:93:83:
         52:1c:22:fc:79:57:0f:60:5a:9b:a4:9a:9f:79:81:d7:93:ab:
         29:6b:0d:e1:83:40:e4:d8:39:c6:f0:59:11:41:27:d3:5b:ed:
         a7:77:50:65:56:3d:0d:06:64:68:86:36:c6:4c:77:1d:b3:65:
         38:90:f3:5d:2d:bb:31:92:00:a9:c9:12:82:6d:98:98:bc:00:
         cd:4d:70:c9:5c:3e:d0:a1:15:77:9f:ce:95:fe:71:79:4a:b0:
         7b:77:ec:a2:6f:10:72:03:5f:95:67:b6:ea:9c:b5:71:e3:bb:
         e4:af:41:45:b7:c8:95:d7:54:ce:6e:d9:39:90:3e:0a:fc:59:
         0c:e2:71:85:d0:3b:0a:f7:5f:4c:84:33:9d:a1:a9:f2:4f:4a:
         f2:ab:80:bd:9b:c1:2f:4f:00:d6:24:14:6d:db:4e:a7:c0:f0:
         78:64:eb:e6:22:dc:6f:64:71:ec:bb:26:aa:15:c7:81:66:27:
         6a:5b:7a:8f:fd:eb:74:35:b5:fe:96:5e:37:4a:c3:03:d6:d4:
         c0:9c:cf:f0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDtwRPXuurPQLc4pmXv+5hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWZkMzU3YzNmYjhlYTMwZTEyMDc4MjNiNjQ2ZTEyNTMx
ODM4MGUwHhcNMjQwMTAxMDYzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWJiMmFlNTEyMjkwNTg0YWRlODA3MjM5ZTZmNTUzMGFlMjU4Nzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyH6Y21noIIuTjs2UzBiZNANeTs/G
/sS9tWHAeCQ8H1akpU8zVUfYvtglFtkZANpd89BsymQnpUzlKZ15ETPw6lJF/D1O
cEeHL//gt05fmhzF95+2SdNxDdYb2Zi8qkQWoR+41nNr8AgIu+d7WIlTfx/05OCF
BT7422nhj0YsaWCTCel/h8OYSSMP39NbvM5Qti7PJ9L+dOA7sPpxJvA2+IqhG8Xz
D8K3r09uhN9pD0R+1sBNCIQdUiUw6iokI2/G3pzG2LwiodBgbGys9nQjyZVTt2a+
0NfW7QygjybPSp9v3x4E+R8ZiGWZ5z9ekvyqqOZ6kgpStCVSQbLlVySrwwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKm7KuUSKQWEregHI55vVTCuJYeUMB8GA1UdIwQY
MBaAFDSf01fD+46jDhIHgjtkbhJTGDgOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkpfVFY4UDdqcU1PRWdlQ08yUnVFbE1ZT0E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS82MGExMDAtZjE2Ni00MmQ1LTg3MTIt
MWU4NGYwOGMxZGNiLzEvcWJzcTVSSXBCWVN0NkFjam5tOVZNSzRsaDVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS82MGExMDAtZjE2Ni00MmQ1LTg3MTItMWU4NGYwOGMxZGNi
LzEvTkpfVFY4UDdqcU1PRWdlQ08yUnVFbE1ZT0E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufR0MA0E
AgACMAcDBQMqDSyAMA0GCSqGSIb3DQEBCwUAA4IBAQAt+UEXzlhWVPIgbmx6JqPD
kB+yTIIVc5oF4Lyqm8EcjRvuINxPAQnhRQNt6LequMKzA9Agk4NSHCL8eVcPYFqb
pJqfeYHXk6spaw3hg0Dk2DnG8FkRQSfTW+2nd1BlVj0NBmRohjbGTHcds2U4kPNd
LbsxkgCpyRKCbZiYvADNTXDJXD7QoRV3n86V/nF5SrB7d+yibxByA1+VZ7bqnLVx
47vkr0FFt8iV11TObtk5kD4K/FkM4nGF0DsK919MhDOdoanyT0ryq4C9m8EvTwDW
JBRt206nwPB4ZOvmItxvZHHsuyaqFceBZidqW3qP/et0NbX+ll43SsMD1tTAnM/w
-----END CERTIFICATE-----