Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/b71d9f-f1da-400a-b485-04dbc9ac1444/1/NJ5-rR9fKxo3ypgPOOSB0palupo.roa
File:                     NJ5-rR9fKxo3ypgPOOSB0palupo.roa (raw, json)
Hash identifier:          rJFYDs6L28VC/6rt8nTipzw44euqlS2JMXw2JwVvmPI=
Subject key identifier:   34:9E:7E:AD:1F:5F:2B:1A:37:CA:98:0F:38:E4:81:D2:96:A5:BA:9A
Certificate issuer:       /CN=ae8ed33b70be6cc20c89fbbac77a59ca3b4c0934
Certificate serial:       018CCA2B371BE59CC6956AEBCEAD17B34004
Authority key identifier: AE:8E:D3:3B:70:BE:6C:C2:0C:89:FB:BA:C7:7A:59:CA:3B:4C:09:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ro7TO3C-bMIMifu6x3pZyjtMCTQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/b71d9f-f1da-400a-b485-04dbc9ac1444/1/NJ5-rR9fKxo3ypgPOOSB0palupo.roa
Signing time:             Tue 02 Jan 2024 12:34:38 +0000
ROA not before:           Tue 02 Jan 2024 12:34:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20910
IP address blocks:        178.213.48.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/b71d9f-f1da-400a-b485-04dbc9ac1444/1/ro7TO3C-bMIMifu6x3pZyjtMCTQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/b71d9f-f1da-400a-b485-04dbc9ac1444/1/ro7TO3C-bMIMifu6x3pZyjtMCTQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ro7TO3C-bMIMifu6x3pZyjtMCTQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 07:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:37:1b:e5:9c:c6:95:6a:eb:ce:ad:17:b3:40:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae8ed33b70be6cc20c89fbbac77a59ca3b4c0934
        Validity
            Not Before: Jan  2 12:34:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=349e7ead1f5f2b1a37ca980f38e481d296a5ba9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:f8:9b:b2:f0:cb:27:65:ff:f0:be:87:c4:25:
                    be:e9:4f:80:b4:ba:dc:2d:eb:94:6d:54:40:61:eb:
                    32:a5:a0:71:7c:2b:7a:0d:6b:79:dd:1d:a0:4f:c7:
                    0e:1f:29:8e:39:27:2e:65:92:ee:89:c5:4b:44:ba:
                    15:f7:2a:d5:b9:f2:0d:64:7a:47:9c:3b:e8:a4:61:
                    d0:6b:ca:43:66:e3:51:e6:db:b1:8f:ea:a6:f2:ab:
                    fd:28:52:c3:4c:48:8b:1b:a7:70:6b:11:37:2c:30:
                    ae:57:a1:8d:72:72:80:14:e4:5b:79:bd:4d:08:65:
                    85:b1:b7:e5:98:9e:b8:e8:ea:1f:bb:84:c9:1f:97:
                    fe:22:11:fd:d5:0f:c9:09:63:16:8e:68:85:f8:70:
                    15:f9:c4:70:76:b4:f0:40:3a:06:15:05:81:50:87:
                    f9:72:70:93:c1:df:da:b8:0f:d4:99:2e:0f:1c:fc:
                    35:68:08:fe:41:96:94:0e:3b:98:d8:5d:b9:2b:ac:
                    84:78:38:3f:c3:27:30:cc:b8:86:35:e3:50:63:14:
                    98:a3:85:2f:8c:38:97:53:d1:f7:f1:b1:61:a3:32:
                    6f:2e:fb:1c:7e:f5:f8:a4:3b:6e:e5:6a:ae:49:db:
                    ab:2e:b4:75:e0:fa:ba:09:c3:cb:6c:3a:f0:d6:3d:
                    5a:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:9E:7E:AD:1F:5F:2B:1A:37:CA:98:0F:38:E4:81:D2:96:A5:BA:9A
            X509v3 Authority Key Identifier:
                keyid:AE:8E:D3:3B:70:BE:6C:C2:0C:89:FB:BA:C7:7A:59:CA:3B:4C:09:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ro7TO3C-bMIMifu6x3pZyjtMCTQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/b71d9f-f1da-400a-b485-04dbc9ac1444/1/NJ5-rR9fKxo3ypgPOOSB0palupo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/b71d9f-f1da-400a-b485-04dbc9ac1444/1/ro7TO3C-bMIMifu6x3pZyjtMCTQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.213.48.0/21

    Signature Algorithm: sha256WithRSAEncryption
         99:3c:11:49:6f:0f:e9:75:d2:ea:0a:f3:30:63:43:70:61:e4:
         3a:c5:f4:47:ff:2d:00:77:5f:06:ca:bd:59:94:80:76:db:b1:
         41:ba:1c:0a:3a:f7:24:0a:90:83:5e:96:3a:05:04:01:99:cc:
         bc:69:76:31:5d:1f:be:9b:c7:b6:be:8d:6e:d3:9e:de:02:c1:
         26:95:ec:dc:b7:fe:14:13:a1:9a:bf:e0:5f:df:59:6c:47:0d:
         74:57:4f:85:b6:81:3c:6b:17:5d:a7:d5:28:3e:af:64:b1:85:
         27:c1:5d:ec:c8:9d:ca:be:fe:f1:5f:36:e4:0d:e3:89:18:5b:
         23:9e:85:cc:0e:b6:e2:c9:af:68:de:0c:61:5c:a8:12:4d:b7:
         97:26:a5:26:94:64:8f:8e:46:8c:ba:62:3f:43:25:aa:de:6c:
         98:1f:3b:16:2d:2d:ae:a2:28:08:26:92:36:43:f6:40:3e:52:
         97:08:06:41:e4:e2:59:eb:11:d0:78:45:05:9a:31:5c:08:c9:
         33:d9:56:0d:04:b4:ca:99:38:52:91:17:62:18:72:2c:e8:ac:
         5a:37:cd:2b:18:59:59:49:ef:2d:1c:78:e0:7b:6f:9c:79:53:
         5c:c3:07:a4:a8:59:21:ff:13:34:4c:88:f7:56:c0:f3:07:e1:
         ad:9d:2a:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKzcb5ZzGlWrrzq0Xs0AEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlOGVkMzNiNzBiZTZjYzIwYzg5ZmJiYWM3N2E1OWNhM2I0
YzA5MzQwHhcNMjQwMTAyMTIzNDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDllN2VhZDFmNWYyYjFhMzdjYTk4MGYzOGU0ODFkMjk2YTViYTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/ibsvDLJ2X/8L6HxCW+6U+AtLrc
LeuUbVRAYesypaBxfCt6DWt53R2gT8cOHymOOScuZZLuicVLRLoV9yrVufINZHpH
nDvopGHQa8pDZuNR5tuxj+qm8qv9KFLDTEiLG6dwaxE3LDCuV6GNcnKAFORbeb1N
CGWFsbflmJ646Oofu4TJH5f+IhH91Q/JCWMWjmiF+HAV+cRwdrTwQDoGFQWBUIf5
cnCTwd/auA/UmS4PHPw1aAj+QZaUDjuY2F25K6yEeDg/wycwzLiGNeNQYxSYo4Uv
jDiXU9H38bFhozJvLvscfvX4pDtu5WquSdurLrR14Pq6CcPLbDrw1j1aLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDSefq0fXysaN8qYDzjkgdKWpbqaMB8GA1UdIwQY
MBaAFK6O0ztwvmzCDIn7usd6Wco7TAk0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcm83VE8zQy1iTUlNaWZ1NngzcFp5anRNQ1RRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy9iNzFkOWYtZjFkYS00MDBhLWI0ODUt
MDRkYmM5YWMxNDQ0LzEvTko1LXJSOWZLeG8zeXBnUE9PU0IwcGFsdXBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy9iNzFkOWYtZjFkYS00MDBhLWI0ODUtMDRkYmM5YWMxNDQ0
LzEvcm83VE8zQy1iTUlNaWZ1NngzcFp5anRNQ1RRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDstUwMA0G
CSqGSIb3DQEBCwUAA4IBAQCZPBFJbw/pddLqCvMwY0NwYeQ6xfRH/y0Ad18Gyr1Z
lIB227FBuhwKOvckCpCDXpY6BQQBmcy8aXYxXR++m8e2vo1u057eAsEmlezct/4U
E6Gav+Bf31lsRw10V0+FtoE8axddp9UoPq9ksYUnwV3syJ3Kvv7xXzbkDeOJGFsj
noXMDrbiya9o3gxhXKgSTbeXJqUmlGSPjkaMumI/QyWq3myYHzsWLS2uoigIJpI2
Q/ZAPlKXCAZB5OJZ6xHQeEUFmjFcCMkz2VYNBLTKmThSkRdiGHIs6KxaN80rGFlZ
Se8tHHjge2+ceVNcwwekqFkh/xM0TIj3VsDzB+GtnSrs
-----END CERTIFICATE-----