Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/NJbsjRToAWS0CVfCoU8R0v_G8HE.roa
File:                     NJbsjRToAWS0CVfCoU8R0v_G8HE.roa (raw, json)
Hash identifier:          pPz//JJGQH3mOnBNtaSSOO/HlI1E+T9F/LYzQEbB6RY=
Subject key identifier:   34:96:EC:8D:14:E8:01:64:B4:09:57:C2:A1:4F:11:D2:FF:C6:F0:71
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       018CC348DEF83B786F3A717E86EB6DCA46F3
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/NJbsjRToAWS0CVfCoU8R0v_G8HE.roa
Signing time:             Mon 01 Jan 2024 04:29:41 +0000
ROA not before:           Mon 01 Jan 2024 04:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199642
IP address blocks:        195.65.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:de:f8:3b:78:6f:3a:71:7e:86:eb:6d:ca:46:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 04:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3496ec8d14e80164b40957c2a14f11d2ffc6f071
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:de:0f:f9:37:0e:1f:f1:1f:79:01:25:6a:db:
                    a9:d5:1c:b4:d3:60:b5:c5:19:cb:0e:6e:2c:9a:9a:
                    64:ed:2d:32:35:65:c7:7e:01:ea:9f:c1:88:b0:7d:
                    a5:62:04:d4:72:39:93:f1:04:52:a4:f7:10:d6:08:
                    83:01:14:af:0c:e1:1c:52:f7:7c:51:14:f5:e3:51:
                    94:b2:83:82:9c:d3:78:6b:ae:15:f4:75:c9:b3:13:
                    8d:24:78:05:d2:c5:66:f9:c9:fb:3c:24:c8:42:6b:
                    e0:70:56:6e:0c:68:68:74:1b:4f:58:93:85:54:11:
                    d5:96:95:5b:91:d6:30:d8:0f:8a:0e:a8:ab:a4:8e:
                    f6:5c:78:af:e0:94:67:f7:48:96:13:7c:96:dd:d3:
                    0c:c6:d0:9a:42:a3:4e:3b:a8:51:dc:cd:f5:cf:16:
                    13:76:14:11:08:85:65:f1:35:e8:34:d3:28:2e:74:
                    3c:66:37:2a:27:94:b4:8a:32:41:b9:e2:6a:e6:28:
                    92:85:ea:3f:01:6d:3e:d5:20:48:8d:ec:76:4f:4b:
                    40:60:39:aa:24:49:2e:5f:e0:d9:00:dd:ce:f7:c4:
                    40:ea:e9:0c:90:e1:5c:94:43:30:06:c8:e4:70:0f:
                    e8:35:55:e2:bc:62:97:86:48:73:60:e2:42:63:62:
                    9d:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:96:EC:8D:14:E8:01:64:B4:09:57:C2:A1:4F:11:D2:FF:C6:F0:71
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/NJbsjRToAWS0CVfCoU8R0v_G8HE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.65.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:7d:0c:a1:ee:ef:d6:c5:51:56:5b:65:43:f0:07:4d:88:d9:
         6c:6c:f3:af:b2:2a:fe:34:f8:ca:40:1b:ad:2b:2a:1b:18:45:
         e8:da:60:f4:73:f1:3c:f5:73:a6:76:14:00:fa:87:e9:3d:cd:
         48:ff:15:e9:ed:7b:ff:b0:06:b7:0b:3a:49:91:85:89:b0:fc:
         5c:58:41:28:de:ab:db:92:a9:c3:35:0e:04:15:0e:68:92:21:
         80:09:33:0c:da:57:82:27:d4:ba:73:be:8e:22:6f:1e:62:a8:
         7c:ae:37:70:e1:fd:a2:d9:35:a3:ed:a6:00:80:b3:10:74:96:
         5d:b8:6b:c0:04:44:bf:7a:32:05:92:c5:b1:05:9d:f3:c5:9d:
         1b:55:2e:99:48:30:76:85:eb:cf:aa:0e:c5:78:cc:41:db:ec:
         1b:9d:43:5d:74:3e:80:19:5b:2c:76:ed:b7:0f:c3:3d:91:94:
         bc:fe:9f:54:7d:32:81:89:9c:07:cb:c9:23:38:cd:a1:3a:06:
         3f:4f:c3:4c:d4:1a:eb:bd:0e:6e:9e:92:b4:44:2b:62:5d:64:
         8c:2f:45:83:63:05:d5:ef:d8:47:02:4a:ed:86:1e:c7:ac:b1:
         8b:33:33:fe:52:a3:a2:f8:c4:8c:16:b1:b4:31:d1:2e:4d:0b:
         6c:ad:92:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSN74O3hvOnF+huttykbzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjQwMTAxMDQyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDk2ZWM4ZDE0ZTgwMTY0YjQwOTU3YzJhMTRmMTFkMmZmYzZmMDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA194P+TcOH/EfeQElatup1Ry002C1
xRnLDm4smppk7S0yNWXHfgHqn8GIsH2lYgTUcjmT8QRSpPcQ1giDARSvDOEcUvd8
URT141GUsoOCnNN4a64V9HXJsxONJHgF0sVm+cn7PCTIQmvgcFZuDGhodBtPWJOF
VBHVlpVbkdYw2A+KDqirpI72XHiv4JRn90iWE3yW3dMMxtCaQqNOO6hR3M31zxYT
dhQRCIVl8TXoNNMoLnQ8ZjcqJ5S0ijJBueJq5iiSheo/AW0+1SBIjex2T0tAYDmq
JEkuX+DZAN3O98RA6ukMkOFclEMwBsjkcA/oNVXivGKXhkhzYOJCY2KdIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDSW7I0U6AFktAlXwqFPEdL/xvBxMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvTkpic2pSVG9BV1MwQ1ZmQ29VOFIwdl9HOEhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0EAMA0G
CSqGSIb3DQEBCwUAA4IBAQCKfQyh7u/WxVFWW2VD8AdNiNlsbPOvsir+NPjKQBut
KyobGEXo2mD0c/E89XOmdhQA+ofpPc1I/xXp7Xv/sAa3CzpJkYWJsPxcWEEo3qvb
kqnDNQ4EFQ5okiGACTMM2leCJ9S6c76OIm8eYqh8rjdw4f2i2TWj7aYAgLMQdJZd
uGvABES/ejIFksWxBZ3zxZ0bVS6ZSDB2hevPqg7FeMxB2+wbnUNddD6AGVssdu23
D8M9kZS8/p9UfTKBiZwHy8kjOM2hOgY/T8NM1BrrvQ5unpK0RCtiXWSML0WDYwXV
79hHAkrthh7HrLGLMzP+UqOi+MSMFrG0MdEuTQtsrZKC
-----END CERTIFICATE-----