Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/2eed24-0dff-4400-a57c-459ddc631bcc/1/nuCDYMjfdPtsYVU7WTW5x_sW2cg.roa
File:                     nuCDYMjfdPtsYVU7WTW5x_sW2cg.roa (raw, json)
Hash identifier:          1LZK4FHuHQKaGJZSj7Gnkyh3poCpi+Q0Dy5dwtFDmx4=
Subject key identifier:   9E:E0:83:60:C8:DF:74:FB:6C:61:55:3B:59:35:B9:C7:FB:16:D9:C8
Certificate issuer:       /CN=5a02ca81b9f0a9713b099687dc81551c45e3f8fc
Certificate serial:       018DC1C1D43678C634380EA196CCAC1A89EA
Authority key identifier: 5A:02:CA:81:B9:F0:A9:71:3B:09:96:87:DC:81:55:1C:45:E3:F8:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WgLKgbnwqXE7CZaH3IFVHEXj-Pw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/2eed24-0dff-4400-a57c-459ddc631bcc/1/nuCDYMjfdPtsYVU7WTW5x_sW2cg.roa
Signing time:             Mon 19 Feb 2024 14:25:21 +0000
ROA not before:           Mon 19 Feb 2024 14:25:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        141.30.0.0/16 maxlen: 16
                          141.76.0.0/16 maxlen: 16
                          2a13:dd80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/2eed24-0dff-4400-a57c-459ddc631bcc/1/WgLKgbnwqXE7CZaH3IFVHEXj-Pw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/2eed24-0dff-4400-a57c-459ddc631bcc/1/WgLKgbnwqXE7CZaH3IFVHEXj-Pw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WgLKgbnwqXE7CZaH3IFVHEXj-Pw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c1:c1:d4:36:78:c6:34:38:0e:a1:96:cc:ac:1a:89:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a02ca81b9f0a9713b099687dc81551c45e3f8fc
        Validity
            Not Before: Feb 19 14:25:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ee08360c8df74fb6c61553b5935b9c7fb16d9c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:60:c4:15:da:f7:d9:c3:12:f6:81:0e:5f:fc:
                    a6:27:cd:2c:8f:39:c1:49:da:b8:74:0a:d4:a8:c5:
                    04:02:cc:38:5a:a3:ba:7b:86:8b:ac:b3:84:a1:25:
                    dd:74:ab:ad:36:a7:52:c8:87:08:85:2b:16:50:c8:
                    26:a3:21:27:1f:89:ba:d4:6a:db:58:28:22:4b:fe:
                    16:33:e1:ae:59:97:09:57:61:e4:f8:f4:3a:7e:ec:
                    d6:cf:7a:0c:de:77:71:60:48:5d:b1:f7:2c:b3:dc:
                    c8:31:50:82:83:32:a9:ec:1a:6b:82:be:cf:7d:fe:
                    7d:f0:fb:29:19:04:62:fa:c4:8e:af:4d:34:87:38:
                    3d:75:ba:01:b8:e8:8f:3c:77:1a:3f:5e:a8:70:0d:
                    ef:86:cc:ef:1a:c0:98:7a:24:3b:ce:1b:37:d8:67:
                    fc:7e:3e:75:92:04:a3:b2:18:4b:96:0a:f1:46:a5:
                    9c:f4:db:fd:0e:fc:0f:81:24:41:6c:91:a2:39:9c:
                    da:8a:5f:51:18:33:4e:c4:b8:2e:a8:5e:fe:0b:d1:
                    25:4f:ea:79:7b:a3:d0:92:18:b2:8a:cc:dd:9f:ed:
                    47:f5:2a:fc:c6:91:d4:ac:08:4b:6e:26:f3:2c:dd:
                    22:04:5a:d0:9f:be:09:22:e7:90:7e:51:28:8b:94:
                    c7:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:E0:83:60:C8:DF:74:FB:6C:61:55:3B:59:35:B9:C7:FB:16:D9:C8
            X509v3 Authority Key Identifier:
                keyid:5A:02:CA:81:B9:F0:A9:71:3B:09:96:87:DC:81:55:1C:45:E3:F8:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WgLKgbnwqXE7CZaH3IFVHEXj-Pw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/2eed24-0dff-4400-a57c-459ddc631bcc/1/nuCDYMjfdPtsYVU7WTW5x_sW2cg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/2eed24-0dff-4400-a57c-459ddc631bcc/1/WgLKgbnwqXE7CZaH3IFVHEXj-Pw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.30.0.0/16
                  141.76.0.0/16
                IPv6:
                  2a13:dd80::/29

    Signature Algorithm: sha256WithRSAEncryption
         8c:a1:55:13:e0:25:8f:9d:17:fe:7a:24:e2:c2:42:c9:b2:4e:
         55:12:21:0a:dc:d5:6c:f2:2d:67:9b:b1:ca:1d:b4:0d:97:d5:
         9d:e8:e9:82:e0:68:5b:89:7f:0d:3a:37:bc:04:51:1d:9a:a8:
         18:f8:1a:79:28:d7:f1:c3:a3:f9:a9:d7:85:09:55:95:33:3d:
         95:8c:c4:c4:97:d9:69:2d:bd:cd:f8:35:bd:7b:36:32:db:9e:
         09:06:8d:d7:b2:1b:9f:bf:63:c7:03:42:c8:16:c0:82:16:1f:
         ba:4f:b6:ae:10:b9:66:e4:59:ff:69:99:27:d6:08:07:36:ab:
         af:c5:6e:2e:9a:c2:4d:f7:2f:04:09:3b:aa:8f:fd:00:fe:46:
         7d:ee:41:1e:a6:6e:96:07:8f:e2:d2:85:e7:75:fc:63:7b:e9:
         e1:01:3d:78:12:9b:63:a6:b5:bb:57:d6:a0:73:6d:07:d0:a4:
         43:44:1a:d5:30:3b:63:fd:17:6a:30:13:1e:b9:66:0c:a5:04:
         15:b4:02:5f:4e:dc:77:3a:e7:c7:5a:ac:75:e1:85:1b:34:80:
         2e:0d:c1:bc:f3:63:8a:27:65:d2:22:48:49:6a:6c:45:99:f4:
         3d:54:5e:82:bf:75:80:dc:61:aa:35:2e:09:f3:e8:3a:9d:71:
         a3:9a:95:c9
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAY3BwdQ2eMY0OA6hlsysGonqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhMDJjYTgxYjlmMGE5NzEzYjA5OTY4N2RjODE1NTFjNDVl
M2Y4ZmMwHhcNMjQwMjE5MTQyNTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWUwODM2MGM4ZGY3NGZiNmM2MTU1M2I1OTM1YjljN2ZiMTZkOWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl2DEFdr32cMS9oEOX/ymJ80sjznB
Sdq4dArUqMUEAsw4WqO6e4aLrLOEoSXddKutNqdSyIcIhSsWUMgmoyEnH4m61Grb
WCgiS/4WM+GuWZcJV2Hk+PQ6fuzWz3oM3ndxYEhdsfcss9zIMVCCgzKp7Bprgr7P
ff598PspGQRi+sSOr000hzg9dboBuOiPPHcaP16ocA3vhszvGsCYeiQ7zhs32Gf8
fj51kgSjshhLlgrxRqWc9Nv9DvwPgSRBbJGiOZzail9RGDNOxLguqF7+C9ElT+p5
e6PQkhiyiszdn+1H9Sr8xpHUrAhLbibzLN0iBFrQn74JIueQflEoi5THkwIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFJ7gg2DI33T7bGFVO1k1ucf7FtnIMB8GA1UdIwQY
MBaAFFoCyoG58KlxOwmWh9yBVRxF4/j8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2dMS2dibndxWEU3Q1phSDNJRlZIRVhqLVB3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni8yZWVkMjQtMGRmZi00NDAwLWE1N2Mt
NDU5ZGRjNjMxYmNjLzEvbnVDRFlNamZkUHRzWVZVN1dUVzV4X3NXMmNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni8yZWVkMjQtMGRmZi00NDAwLWE1N2MtNDU5ZGRjNjMxYmNj
LzEvV2dMS2dibndxWEU3Q1phSDNJRlZIRVhqLVB3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDIGCCsGAQUFBwEHAQH/BCMwITAQBAIAATAKAwMAjR4DAwCN
TDANBAIAAjAHAwUDKhPdgDANBgkqhkiG9w0BAQsFAAOCAQEAjKFVE+Alj50X/nok
4sJCybJOVRIhCtzVbPItZ5uxyh20DZfVnejpguBoW4l/DTo3vARRHZqoGPgaeSjX
8cOj+anXhQlVlTM9lYzExJfZaS29zfg1vXs2MtueCQaN17Ibn79jxwNCyBbAghYf
uk+2rhC5ZuRZ/2mZJ9YIBzarr8VuLprCTfcvBAk7qo/9AP5Gfe5BHqZulgeP4tKF
53X8Y3vp4QE9eBKbY6a1u1fWoHNtB9CkQ0Qa1TA7Y/0XajATHrlmDKUEFbQCX07c
dzrnx1qsdeGFGzSALg3BvPNjiidl0iJISWpsRZn0PVRegr91gNxhqjUuCfPoOp1x
o5qVyQ==
-----END CERTIFICATE-----