Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1e7d2e-1a62-4421-b71b-b119274ad654/1/nokgLYYJqbrRUCaFU7A1l-eQC2k.roa
File:                     nokgLYYJqbrRUCaFU7A1l-eQC2k.roa (raw, json)
Hash identifier:          LIb1yebuC2c+yNQVGf5CBLDumF81hxFIAiW1wLKaRxo=
Subject key identifier:   9E:89:20:2D:86:09:A9:BA:D1:50:26:85:53:B0:35:97:E7:90:0B:69
Certificate issuer:       /CN=90eb336d5604d47bae817238b0dbb49771e24729
Certificate serial:       018CC424CA03BC095AAAF92D24EC4AAEE21D
Authority key identifier: 90:EB:33:6D:56:04:D4:7B:AE:81:72:38:B0:DB:B4:97:71:E2:47:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kOszbVYE1HuugXI4sNu0l3HiRyk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1e7d2e-1a62-4421-b71b-b119274ad654/1/nokgLYYJqbrRUCaFU7A1l-eQC2k.roa
Signing time:             Mon 01 Jan 2024 08:29:54 +0000
ROA not before:           Mon 01 Jan 2024 08:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        141.60.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1e7d2e-1a62-4421-b71b-b119274ad654/1/kOszbVYE1HuugXI4sNu0l3HiRyk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1e7d2e-1a62-4421-b71b-b119274ad654/1/kOszbVYE1HuugXI4sNu0l3HiRyk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kOszbVYE1HuugXI4sNu0l3HiRyk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:ca:03:bc:09:5a:aa:f9:2d:24:ec:4a:ae:e2:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90eb336d5604d47bae817238b0dbb49771e24729
        Validity
            Not Before: Jan  1 08:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e89202d8609a9bad150268553b03597e7900b69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:2b:f0:28:ea:56:03:9f:f0:ba:a9:df:d9:72:
                    fb:97:b5:d2:31:bf:8e:db:19:7d:a2:77:79:48:d1:
                    03:e6:01:41:4a:9f:2a:28:cd:3f:72:ad:42:28:8e:
                    62:3e:1c:fe:3b:69:67:cf:68:35:2d:e0:a9:eb:fd:
                    5e:27:cb:57:f9:09:bc:a3:12:a2:d6:ae:d1:70:95:
                    35:0f:f1:e9:37:45:5a:b2:ff:65:d7:96:96:17:9b:
                    cf:dd:f0:58:78:7b:ca:7d:b6:0b:ad:5c:c9:93:f9:
                    27:2e:2c:19:50:55:c1:b3:e1:92:76:9b:c4:7e:a3:
                    10:7d:a9:94:41:9f:65:af:00:03:f1:cb:d5:24:8b:
                    b0:02:88:2f:31:ce:51:b3:c6:31:93:a4:b4:89:82:
                    16:a5:90:fc:6b:d4:da:e9:73:50:94:c4:37:08:aa:
                    5c:ee:88:c6:50:c0:d1:88:d1:f7:b8:cc:78:c0:31:
                    14:2b:4b:84:01:3a:c2:03:4b:08:46:dc:6f:45:8a:
                    da:b7:18:9a:a0:a1:39:f3:e8:62:33:33:e2:7d:16:
                    7a:54:7c:34:6e:7e:dc:3c:5b:a2:c7:e2:93:5a:ac:
                    16:fa:cd:0d:0f:0b:5a:9f:a5:0b:05:f7:03:22:af:
                    a9:71:c3:6d:3f:b4:9b:a8:87:ba:2b:51:a4:d4:75:
                    26:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:89:20:2D:86:09:A9:BA:D1:50:26:85:53:B0:35:97:E7:90:0B:69
            X509v3 Authority Key Identifier:
                keyid:90:EB:33:6D:56:04:D4:7B:AE:81:72:38:B0:DB:B4:97:71:E2:47:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kOszbVYE1HuugXI4sNu0l3HiRyk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1e7d2e-1a62-4421-b71b-b119274ad654/1/nokgLYYJqbrRUCaFU7A1l-eQC2k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1e7d2e-1a62-4421-b71b-b119274ad654/1/kOszbVYE1HuugXI4sNu0l3HiRyk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.60.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         1b:fb:44:3b:67:95:68:a0:6a:46:4b:3b:a0:fb:08:6a:76:10:
         e6:4f:53:42:e5:1c:a3:25:a5:33:b9:67:74:e3:4f:76:0a:46:
         8d:3d:2a:91:e6:bb:92:24:4c:ec:d8:92:15:28:b8:d8:be:b3:
         8b:64:30:51:ca:fe:8e:3f:1b:f3:b0:49:44:24:9b:e2:ad:f5:
         1f:c1:1f:ca:7d:ec:12:e0:f8:15:4f:93:23:10:cb:8e:a4:1e:
         4c:db:2f:9d:60:94:b4:90:b4:d8:59:ec:e1:5e:26:61:be:17:
         1c:7b:4d:c2:73:c1:af:22:52:ef:45:41:8d:f5:b3:fd:10:e5:
         e8:d4:39:3c:a6:08:3c:87:0a:d3:bf:a9:18:57:0e:6b:1f:f5:
         d6:15:a0:cf:4f:e4:90:2f:99:3c:0c:87:59:df:a5:92:00:3a:
         d1:23:72:3e:a5:89:90:21:ec:72:ad:19:f4:a4:f1:33:2a:81:
         4e:13:a4:8c:eb:7f:94:e5:4d:07:f8:81:a6:25:d8:24:52:fc:
         e7:50:5c:19:c0:cc:0f:c2:23:64:83:35:5f:e8:3d:a8:c6:5b:
         ce:c8:3f:56:04:f6:2a:d0:02:6e:01:fb:b5:5c:93:0b:f3:5a:
         69:2d:c4:fc:00:00:fb:64:58:9a:c4:08:38:7a:de:46:b8:e4:
         42:f5:e3:e4
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzEJMoDvAlaqvktJOxKruIdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwZWIzMzZkNTYwNGQ0N2JhZTgxNzIzOGIwZGJiNDk3NzFl
MjQ3MjkwHhcNMjQwMTAxMDgyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTg5MjAyZDg2MDlhOWJhZDE1MDI2ODU1M2IwMzU5N2U3OTAwYjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsSvwKOpWA5/wuqnf2XL7l7XSMb+O
2xl9ond5SNED5gFBSp8qKM0/cq1CKI5iPhz+O2lnz2g1LeCp6/1eJ8tX+Qm8oxKi
1q7RcJU1D/HpN0Vasv9l15aWF5vP3fBYeHvKfbYLrVzJk/knLiwZUFXBs+GSdpvE
fqMQfamUQZ9lrwAD8cvVJIuwAogvMc5Rs8Yxk6S0iYIWpZD8a9Ta6XNQlMQ3CKpc
7ojGUMDRiNH3uMx4wDEUK0uEATrCA0sIRtxvRYratxiaoKE58+hiMzPifRZ6VHw0
bn7cPFuix+KTWqwW+s0NDwtan6ULBfcDIq+pccNtP7SbqIe6K1Gk1HUmZQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFJ6JIC2GCam60VAmhVOwNZfnkAtpMB8GA1UdIwQY
MBaAFJDrM21WBNR7roFyOLDbtJdx4kcpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva09zemJWWUUxSHV1Z1hJNHNOdTBsM0hpUnlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xZTdkMmUtMWE2Mi00NDIxLWI3MWIt
YjExOTI3NGFkNjU0LzEvbm9rZ0xZWUpxYnJSVUNhRlU3QTFsLWVRQzJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xZTdkMmUtMWE2Mi00NDIxLWI3MWItYjExOTI3NGFkNjU0
LzEva09zemJWWUUxSHV1Z1hJNHNOdTBsM0hpUnlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjTwwDQYJ
KoZIhvcNAQELBQADggEBABv7RDtnlWigakZLO6D7CGp2EOZPU0LlHKMlpTO5Z3Tj
T3YKRo09KpHmu5IkTOzYkhUouNi+s4tkMFHK/o4/G/OwSUQkm+Kt9R/BH8p97BLg
+BVPkyMQy46kHkzbL51glLSQtNhZ7OFeJmG+Fxx7TcJzwa8iUu9FQY31s/0Q5ejU
OTymCDyHCtO/qRhXDmsf9dYVoM9P5JAvmTwMh1nfpZIAOtEjcj6liZAh7HKtGfSk
8TMqgU4TpIzrf5TlTQf4gaYl2CRS/OdQXBnAzA/CI2SDNV/oPajGW87IP1YE9irQ
Am4B+7VckwvzWmktxPwAAPtkWJrECDh63ka45EL14+Q=
-----END CERTIFICATE-----