Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/7dae2f-d236-41f7-b1bc-8448dcfb27aa/1/NjSg1DoFjdSFczcprl6RMOggk7U.roa
File:                     NjSg1DoFjdSFczcprl6RMOggk7U.roa (raw, json)
Hash identifier:          D5CbOHDGTmy143jKrCZXhCI3NXgQt1lfpG4ZX67LREo=
Subject key identifier:   36:34:A0:D4:3A:05:8D:D4:85:73:37:29:AE:5E:91:30:E8:20:93:B5
Certificate issuer:       /CN=391462364ed45f676ad50a9eae2d342d8cfd7441
Certificate serial:       018CC2DB335FF915F4778E903130ACDC87C8
Authority key identifier: 39:14:62:36:4E:D4:5F:67:6A:D5:0A:9E:AE:2D:34:2D:8C:FD:74:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ORRiNk7UX2dq1Qqeri00LYz9dEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/7dae2f-d236-41f7-b1bc-8448dcfb27aa/1/NjSg1DoFjdSFczcprl6RMOggk7U.roa
Signing time:             Mon 01 Jan 2024 02:29:54 +0000
ROA not before:           Mon 01 Jan 2024 02:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        141.83.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/7dae2f-d236-41f7-b1bc-8448dcfb27aa/1/ORRiNk7UX2dq1Qqeri00LYz9dEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/7dae2f-d236-41f7-b1bc-8448dcfb27aa/1/ORRiNk7UX2dq1Qqeri00LYz9dEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ORRiNk7UX2dq1Qqeri00LYz9dEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:33:5f:f9:15:f4:77:8e:90:31:30:ac:dc:87:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=391462364ed45f676ad50a9eae2d342d8cfd7441
        Validity
            Not Before: Jan  1 02:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3634a0d43a058dd485733729ae5e9130e82093b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:1e:8a:eb:7e:cc:a0:7c:84:21:11:c3:75:33:
                    99:d5:3b:27:b3:a8:e1:ad:54:dd:ba:af:a4:51:61:
                    32:47:2f:a0:99:90:a8:c4:ba:82:ab:ae:e9:6a:00:
                    1e:1d:9c:67:61:10:79:c4:1c:1b:d8:8d:88:2c:39:
                    9a:33:fa:f6:ca:7f:72:48:d3:ed:65:0d:f7:94:44:
                    b1:2b:b7:96:fa:c8:46:62:0f:3e:9f:d8:ba:b4:93:
                    70:e8:60:f9:d7:62:b1:3b:e6:85:16:76:18:44:3f:
                    6c:79:77:e8:d6:ee:29:92:72:48:63:56:c3:9d:2d:
                    8e:7b:83:60:be:d9:06:55:97:f6:4b:09:c3:5b:b4:
                    e8:41:2d:35:a6:c5:34:3b:06:2a:f3:87:15:64:00:
                    43:74:c0:93:4c:ec:2b:fb:d8:a2:b5:04:48:d4:43:
                    be:74:e4:20:fb:4a:1d:72:36:a1:e6:f7:55:fe:08:
                    8a:6b:46:b6:14:a6:c2:37:ce:a3:51:75:0e:61:36:
                    8b:48:72:f5:53:ca:ae:2a:99:13:76:c3:05:63:37:
                    bf:7b:16:fb:4c:7c:3d:52:58:1d:83:fe:40:a8:64:
                    32:55:3b:6d:67:43:c8:37:8a:88:b8:07:d0:72:3d:
                    99:92:a5:52:cb:06:85:0c:30:10:89:e8:6f:2f:f1:
                    fd:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:34:A0:D4:3A:05:8D:D4:85:73:37:29:AE:5E:91:30:E8:20:93:B5
            X509v3 Authority Key Identifier:
                keyid:39:14:62:36:4E:D4:5F:67:6A:D5:0A:9E:AE:2D:34:2D:8C:FD:74:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ORRiNk7UX2dq1Qqeri00LYz9dEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/7dae2f-d236-41f7-b1bc-8448dcfb27aa/1/NjSg1DoFjdSFczcprl6RMOggk7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/7dae2f-d236-41f7-b1bc-8448dcfb27aa/1/ORRiNk7UX2dq1Qqeri00LYz9dEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.83.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         49:53:b1:c3:c7:aa:be:82:cb:50:5b:0f:ee:56:2d:24:83:f5:
         41:4a:ba:1e:b6:0c:e8:9b:f2:2e:f6:51:c7:d8:ea:0d:aa:29:
         bb:2c:1b:70:27:b9:01:6e:8c:94:71:f5:49:ab:eb:32:86:28:
         89:e9:42:60:d8:e9:5c:1f:da:23:9a:68:fa:47:ed:b1:82:75:
         04:7c:ad:6f:ce:9c:72:9e:dd:2a:6e:e2:d2:53:29:7a:f1:66:
         1e:9a:b2:03:d4:f5:da:b3:f7:ae:e2:b0:04:2d:73:fd:b7:f0:
         20:7c:02:28:81:37:72:f2:8e:10:fc:59:7e:0d:03:36:98:09:
         f1:53:c5:cf:af:bc:46:df:24:6b:92:c5:98:d2:e3:b7:9b:d4:
         5e:ad:55:25:df:89:5d:90:d2:a2:56:f0:a6:2d:d6:02:b6:f3:
         f3:be:dc:86:19:43:78:f4:68:bc:e1:bd:96:fe:a0:6b:a3:d4:
         19:b6:24:0f:35:8f:bd:3e:9f:37:2c:01:57:49:de:74:23:8d:
         88:a8:c8:00:59:6e:dc:bd:59:01:1c:3a:72:ab:9d:34:3b:bb:
         cb:93:04:e7:3a:db:ac:7e:97:4c:1e:6b:bb:93:2f:e0:53:af:
         cd:1f:31:d1:ef:be:6b:33:2d:5a:86:dd:8c:f3:48:3c:49:9d:
         ef:08:31:8c
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzC2zNf+RX0d46QMTCs3IfIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MTQ2MjM2NGVkNDVmNjc2YWQ1MGE5ZWFlMmQzNDJkOGNm
ZDc0NDEwHhcNMjQwMTAxMDIyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjM0YTBkNDNhMDU4ZGQ0ODU3MzM3MjlhZTVlOTEzMGU4MjA5M2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgB6K637MoHyEIRHDdTOZ1Tsns6jh
rVTduq+kUWEyRy+gmZCoxLqCq67pagAeHZxnYRB5xBwb2I2ILDmaM/r2yn9ySNPt
ZQ33lESxK7eW+shGYg8+n9i6tJNw6GD512KxO+aFFnYYRD9seXfo1u4pknJIY1bD
nS2Oe4NgvtkGVZf2SwnDW7ToQS01psU0OwYq84cVZABDdMCTTOwr+9iitQRI1EO+
dOQg+0odcjah5vdV/giKa0a2FKbCN86jUXUOYTaLSHL1U8quKpkTdsMFYze/exb7
THw9Ulgdg/5AqGQyVTttZ0PIN4qIuAfQcj2ZkqVSywaFDDAQiehvL/H9uwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFDY0oNQ6BY3UhXM3Ka5ekTDoIJO1MB8GA1UdIwQY
MBaAFDkUYjZO1F9natUKnq4tNC2M/XRBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1JSaU5rN1VYMmRxMVFxZXJpMDBMWXo5ZEVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi83ZGFlMmYtZDIzNi00MWY3LWIxYmMt
ODQ0OGRjZmIyN2FhLzEvTmpTZzFEb0ZqZFNGY3pjcHJsNlJNT2dnazdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi83ZGFlMmYtZDIzNi00MWY3LWIxYmMtODQ0OGRjZmIyN2Fh
LzEvT1JSaU5rN1VYMmRxMVFxZXJpMDBMWXo5ZEVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjVMwDQYJ
KoZIhvcNAQELBQADggEBAElTscPHqr6Cy1BbD+5WLSSD9UFKuh62DOib8i72UcfY
6g2qKbssG3AnuQFujJRx9Umr6zKGKInpQmDY6Vwf2iOaaPpH7bGCdQR8rW/OnHKe
3Spu4tJTKXrxZh6asgPU9dqz967isAQtc/238CB8AiiBN3LyjhD8WX4NAzaYCfFT
xc+vvEbfJGuSxZjS47eb1F6tVSXfiV2Q0qJW8KYt1gK28/O+3IYZQ3j0aLzhvZb+
oGuj1Bm2JA81j70+nzcsAVdJ3nQjjYioyABZbty9WQEcOnKrnTQ7u8uTBOc626x+
l0wea7uTL+BTr80fMdHvvmszLVqG3YzzSDxJne8IMYw=
-----END CERTIFICATE-----