Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1e7d2e-1a62-4421-b71b-b119274ad654/1/nHFDaIILOdTjKywJ536u2NbijQ4.roa
File:                     nHFDaIILOdTjKywJ536u2NbijQ4.roa (raw, json)
Hash identifier:          GZUS5OKqPLBVaLkWEyB2Ce3k2q8gf8Rj7vaTEKCevNk=
Subject key identifier:   9C:71:43:68:82:0B:39:D4:E3:2B:2C:09:E7:7E:AE:D8:D6:E2:8D:0E
Certificate issuer:       /CN=90eb336d5604d47bae817238b0dbb49771e24729
Certificate serial:       0194266C31F0DE8BAA1EE6E22BF137DAA33F
Authority key identifier: 90:EB:33:6D:56:04:D4:7B:AE:81:72:38:B0:DB:B4:97:71:E2:47:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kOszbVYE1HuugXI4sNu0l3HiRyk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1e7d2e-1a62-4421-b71b-b119274ad654/1/nHFDaIILOdTjKywJ536u2NbijQ4.roa
Signing time:             Thu 02 Jan 2025 09:50:12 +0000
ROA not before:           Thu 02 Jan 2025 09:50:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        141.60.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1e7d2e-1a62-4421-b71b-b119274ad654/1/kOszbVYE1HuugXI4sNu0l3HiRyk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1e7d2e-1a62-4421-b71b-b119274ad654/1/kOszbVYE1HuugXI4sNu0l3HiRyk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kOszbVYE1HuugXI4sNu0l3HiRyk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 03:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:31:f0:de:8b:aa:1e:e6:e2:2b:f1:37:da:a3:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90eb336d5604d47bae817238b0dbb49771e24729
        Validity
            Not Before: Jan  2 09:50:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c714368820b39d4e32b2c09e77eaed8d6e28d0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:f6:03:0a:7c:00:57:8c:2a:f6:dc:85:df:0b:
                    86:a9:03:be:7e:30:21:62:7a:eb:f7:47:9b:ae:df:
                    d5:36:50:d7:fb:c8:4c:8c:94:a4:6f:93:fb:6a:07:
                    ce:ec:47:49:43:85:41:b8:79:88:48:8e:60:f5:48:
                    c4:98:87:5e:11:90:d3:39:df:ce:da:41:8d:9f:71:
                    78:32:5e:17:60:91:03:71:23:83:ce:9a:13:c7:e8:
                    0a:ae:48:4f:6a:2b:96:02:63:97:c6:eb:34:a6:65:
                    5d:37:03:b6:3e:19:de:e3:79:64:c0:33:ea:af:f3:
                    9a:df:24:b6:37:5e:7f:44:8a:0d:45:a2:b9:40:4b:
                    6b:78:19:4b:46:ac:b6:34:06:76:39:b1:9b:b9:41:
                    f9:f6:0d:9f:ad:2d:38:eb:cc:2d:21:c8:07:92:01:
                    69:64:f5:18:34:05:29:d9:9d:6e:17:71:3c:8a:10:
                    3d:db:a7:dd:af:25:1d:02:5c:cc:4c:cb:1c:20:e6:
                    55:f8:72:0b:ac:ab:46:92:6f:ef:80:e1:66:32:b8:
                    04:6d:7a:91:34:a9:0d:1b:a2:b5:38:05:21:a0:0d:
                    01:b4:9a:d9:73:7f:e8:d4:50:b9:5e:5b:ab:03:26:
                    00:ab:40:43:2c:71:50:89:66:ef:10:15:2e:bd:5e:
                    fe:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:71:43:68:82:0B:39:D4:E3:2B:2C:09:E7:7E:AE:D8:D6:E2:8D:0E
            X509v3 Authority Key Identifier:
                keyid:90:EB:33:6D:56:04:D4:7B:AE:81:72:38:B0:DB:B4:97:71:E2:47:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kOszbVYE1HuugXI4sNu0l3HiRyk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1e7d2e-1a62-4421-b71b-b119274ad654/1/nHFDaIILOdTjKywJ536u2NbijQ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1e7d2e-1a62-4421-b71b-b119274ad654/1/kOszbVYE1HuugXI4sNu0l3HiRyk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.60.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         22:24:ea:32:e1:57:d1:7c:89:df:95:38:f0:0d:9b:ce:00:23:
         04:09:68:74:72:55:3b:da:8b:83:6d:7e:0b:d6:1c:21:12:c3:
         f9:1f:a3:32:1f:5d:d6:3d:03:96:9c:2a:bc:77:e3:db:78:ea:
         3d:d6:42:bc:a8:45:ac:8c:d4:3f:da:27:48:0e:24:95:5e:ca:
         d1:8c:15:69:35:10:42:65:9f:72:50:79:3b:b7:80:bd:99:bb:
         d0:67:85:df:ed:61:d3:f4:0d:1d:66:80:a5:b6:27:9a:da:ad:
         21:61:51:22:0b:5c:49:36:2e:0e:5e:5f:d9:5b:22:cb:6f:99:
         00:1d:91:04:af:cd:96:49:a8:fc:a3:34:b7:76:2d:66:d5:99:
         d9:6b:56:d5:d8:f0:d5:94:f0:98:70:c3:be:3a:a5:fc:7f:c2:
         24:61:08:41:93:10:d1:1a:e1:98:a9:9b:30:87:e9:e9:0f:56:
         8b:45:26:ab:4f:83:da:e7:aa:4b:3d:4d:a0:9e:32:c1:1c:f5:
         60:87:43:a5:8d:e7:35:37:56:18:09:13:a6:31:fb:80:b8:95:
         6e:f8:fb:86:7a:d2:40:e6:57:38:bd:a1:1b:17:d1:81:a9:d3:
         4e:60:c3:84:f8:eb:0a:ef:28:0a:40:da:05:95:ec:de:ea:7c:
         20:0c:b1:47
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQmbDHw3ouqHubiK/E32qM/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwZWIzMzZkNTYwNGQ0N2JhZTgxNzIzOGIwZGJiNDk3NzFl
MjQ3MjkwHhcNMjUwMTAyMDk1MDEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzcxNDM2ODgyMGIzOWQ0ZTMyYjJjMDllNzdlYWVkOGQ2ZTI4ZDBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovYDCnwAV4wq9tyF3wuGqQO+fjAh
Ynrr90ebrt/VNlDX+8hMjJSkb5P7agfO7EdJQ4VBuHmISI5g9UjEmIdeEZDTOd/O
2kGNn3F4Ml4XYJEDcSODzpoTx+gKrkhPaiuWAmOXxus0pmVdNwO2Phne43lkwDPq
r/Oa3yS2N15/RIoNRaK5QEtreBlLRqy2NAZ2ObGbuUH59g2frS0468wtIcgHkgFp
ZPUYNAUp2Z1uF3E8ihA926fdryUdAlzMTMscIOZV+HILrKtGkm/vgOFmMrgEbXqR
NKkNG6K1OAUhoA0BtJrZc3/o1FC5XlurAyYAq0BDLHFQiWbvEBUuvV7+fwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFJxxQ2iCCznU4yssCed+rtjW4o0OMB8GA1UdIwQY
MBaAFJDrM21WBNR7roFyOLDbtJdx4kcpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva09zemJWWUUxSHV1Z1hJNHNOdTBsM0hpUnlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xZTdkMmUtMWE2Mi00NDIxLWI3MWIt
YjExOTI3NGFkNjU0LzEvbkhGRGFJSUxPZFRqS3l3SjUzNnUyTmJpalE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xZTdkMmUtMWE2Mi00NDIxLWI3MWItYjExOTI3NGFkNjU0
LzEva09zemJWWUUxSHV1Z1hJNHNOdTBsM0hpUnlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjTwwDQYJ
KoZIhvcNAQELBQADggEBACIk6jLhV9F8id+VOPANm84AIwQJaHRyVTvai4NtfgvW
HCESw/kfozIfXdY9A5acKrx349t46j3WQryoRayM1D/aJ0gOJJVeytGMFWk1EEJl
n3JQeTu3gL2Zu9Bnhd/tYdP0DR1mgKW2J5rarSFhUSILXEk2Lg5eX9lbIstvmQAd
kQSvzZZJqPyjNLd2LWbVmdlrVtXY8NWU8Jhww746pfx/wiRhCEGTENEa4ZipmzCH
6ekPVotFJqtPg9rnqks9TaCeMsEc9WCHQ6WN5zU3VhgJE6Yx+4C4lW74+4Z60kDm
Vzi9oRsX0YGp005gw4T46wrvKApA2gWV7N7qfCAMsUc=
-----END CERTIFICATE-----