Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/6afd1e-cb7e-4e6e-a8a4-e18602739cd5/1/navET64WjDznMyZwQ_DOauhQ_9c.roa
File:                     navET64WjDznMyZwQ_DOauhQ_9c.roa (raw, json)
Hash identifier:          0cyJx0VGxqHx5SG278Ye2Mukf1TTlmRpgV9pjTpL9aA=
Subject key identifier:   9D:AB:C4:4F:AE:16:8C:3C:E7:33:26:70:43:F0:CE:6A:E8:50:FF:D7
Certificate issuer:       /CN=5853e65a3087b4ca85c8802b60ff0f02b4106d97
Certificate serial:       01941FFA634D8D0EB5D759DE41CE72B549BC
Authority key identifier: 58:53:E6:5A:30:87:B4:CA:85:C8:80:2B:60:FF:0F:02:B4:10:6D:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WFPmWjCHtMqFyIArYP8PArQQbZc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/6afd1e-cb7e-4e6e-a8a4-e18602739cd5/1/navET64WjDznMyZwQ_DOauhQ_9c.roa
Signing time:             Wed 01 Jan 2025 03:48:10 +0000
ROA not before:           Wed 01 Jan 2025 03:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44870
IP address blocks:        212.107.240.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/6afd1e-cb7e-4e6e-a8a4-e18602739cd5/1/WFPmWjCHtMqFyIArYP8PArQQbZc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/6afd1e-cb7e-4e6e-a8a4-e18602739cd5/1/WFPmWjCHtMqFyIArYP8PArQQbZc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WFPmWjCHtMqFyIArYP8PArQQbZc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:63:4d:8d:0e:b5:d7:59:de:41:ce:72:b5:49:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5853e65a3087b4ca85c8802b60ff0f02b4106d97
        Validity
            Not Before: Jan  1 03:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9dabc44fae168c3ce733267043f0ce6ae850ffd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:a9:0f:19:6e:92:c2:05:18:00:c3:b2:ac:a7:
                    81:86:2b:ec:99:a6:3b:72:50:9e:8d:ad:4a:c4:42:
                    ab:3e:f3:94:e6:c9:91:0d:ad:2b:1d:a0:da:31:e1:
                    df:6c:da:1a:d2:2b:6d:61:f5:34:67:0e:ae:d3:d9:
                    f2:6d:90:ca:6c:f5:ab:b1:64:a3:cc:95:fc:d7:a9:
                    be:1f:40:c2:48:c7:48:23:93:d1:d4:e4:ed:60:7d:
                    fc:be:ff:a9:89:9f:e1:f8:59:54:5d:86:38:b2:64:
                    fe:f4:dc:16:1a:f2:91:15:a2:eb:b3:f3:be:12:53:
                    a1:1a:c3:3b:72:9e:f5:26:53:16:75:a7:f1:0b:fb:
                    02:1f:6a:32:95:9e:29:49:69:e0:13:a1:29:d9:f6:
                    29:e8:c7:b5:4a:7d:17:f6:a4:70:13:e6:27:08:91:
                    32:7b:a0:29:06:3c:95:a2:2d:d0:b6:64:b8:b9:18:
                    19:50:c2:0d:e6:b1:85:8f:70:ee:25:7a:97:8c:7a:
                    ca:58:b8:d4:5a:9f:db:72:e1:1a:7e:b3:24:28:e9:
                    6a:99:b6:1f:01:48:25:21:f2:a8:32:15:cb:17:9e:
                    22:1d:20:9e:ff:82:dd:a9:f8:4b:e5:8f:9f:6c:69:
                    39:9f:89:46:44:4c:49:7b:10:cd:c8:71:3b:c3:37:
                    39:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:AB:C4:4F:AE:16:8C:3C:E7:33:26:70:43:F0:CE:6A:E8:50:FF:D7
            X509v3 Authority Key Identifier:
                keyid:58:53:E6:5A:30:87:B4:CA:85:C8:80:2B:60:FF:0F:02:B4:10:6D:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WFPmWjCHtMqFyIArYP8PArQQbZc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/6afd1e-cb7e-4e6e-a8a4-e18602739cd5/1/navET64WjDznMyZwQ_DOauhQ_9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/6afd1e-cb7e-4e6e-a8a4-e18602739cd5/1/WFPmWjCHtMqFyIArYP8PArQQbZc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.107.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         10:22:0e:08:80:ec:87:e8:1e:d1:97:d4:18:26:38:c4:e5:78:
         96:9d:ab:51:6b:80:7d:db:5a:5c:b4:01:8a:23:57:88:03:b6:
         a4:fc:f7:66:86:b1:07:92:e6:ab:aa:44:7a:64:c3:c0:1e:f0:
         e7:cd:41:6c:a4:73:91:02:83:24:f3:aa:3a:48:4b:ee:a4:94:
         9f:24:d7:08:58:30:11:6c:a4:4e:ee:a9:21:1f:54:29:6b:f9:
         82:a1:32:26:3e:9c:cd:9f:87:29:9e:e5:55:eb:cc:bf:ac:87:
         74:e2:d1:0e:49:ca:d3:47:da:59:bc:48:1a:68:2f:df:a3:6c:
         26:3c:dd:90:84:5a:75:d8:04:72:c7:30:22:42:a0:77:b2:0a:
         b6:62:79:0c:5e:90:8d:b5:0e:e9:cd:ef:d7:e2:35:26:35:42:
         a7:1c:81:9b:60:1d:08:a4:c1:53:ed:e7:40:d3:ed:ff:2f:42:
         7b:85:ee:23:9b:9c:af:18:f3:88:2b:03:2b:64:a1:e7:69:ec:
         e5:59:18:cf:67:41:68:2f:c3:b8:5e:2b:71:1e:a0:cf:1d:79:
         51:b1:c8:08:37:3b:dd:b9:97:e2:87:12:79:0c:cd:41:5f:6c:
         91:4e:5d:e8:3a:9b:0d:83:02:6b:e3:f2:48:4e:5b:7d:b4:17:
         19:0a:8f:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+mNNjQ6111neQc5ytUm8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4NTNlNjVhMzA4N2I0Y2E4NWM4ODAyYjYwZmYwZjAyYjQx
MDZkOTcwHhcNMjUwMTAxMDM0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGFiYzQ0ZmFlMTY4YzNjZTczMzI2NzA0M2YwY2U2YWU4NTBmZmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6kPGW6SwgUYAMOyrKeBhivsmaY7
clCeja1KxEKrPvOU5smRDa0rHaDaMeHfbNoa0ittYfU0Zw6u09nybZDKbPWrsWSj
zJX816m+H0DCSMdII5PR1OTtYH38vv+piZ/h+FlUXYY4smT+9NwWGvKRFaLrs/O+
ElOhGsM7cp71JlMWdafxC/sCH2oylZ4pSWngE6Ep2fYp6Me1Sn0X9qRwE+YnCJEy
e6ApBjyVoi3QtmS4uRgZUMIN5rGFj3DuJXqXjHrKWLjUWp/bcuEafrMkKOlqmbYf
AUglIfKoMhXLF54iHSCe/4LdqfhL5Y+fbGk5n4lGRExJexDNyHE7wzc5cQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ2rxE+uFow85zMmcEPwzmroUP/XMB8GA1UdIwQY
MBaAFFhT5lowh7TKhciAK2D/DwK0EG2XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0ZQbVdqQ0h0TXFGeUlBcllQOFBBclFRYlpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi82YWZkMWUtY2I3ZS00ZTZlLWE4YTQt
ZTE4NjAyNzM5Y2Q1LzEvbmF2RVQ2NFdqRHpuTXlad1FfRE9hdWhRXzljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi82YWZkMWUtY2I3ZS00ZTZlLWE4YTQtZTE4NjAyNzM5Y2Q1
LzEvV0ZQbVdqQ0h0TXFGeUlBcllQOFBBclFRYlpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD1GvwMA0G
CSqGSIb3DQEBCwUAA4IBAQAQIg4IgOyH6B7Rl9QYJjjE5XiWnatRa4B921pctAGK
I1eIA7ak/PdmhrEHkuarqkR6ZMPAHvDnzUFspHORAoMk86o6SEvupJSfJNcIWDAR
bKRO7qkhH1Qpa/mCoTImPpzNn4cpnuVV68y/rId04tEOScrTR9pZvEgaaC/fo2wm
PN2QhFp12ARyxzAiQqB3sgq2YnkMXpCNtQ7pze/X4jUmNUKnHIGbYB0IpMFT7edA
0+3/L0J7he4jm5yvGPOIKwMrZKHnaezlWRjPZ0FoL8O4XitxHqDPHXlRscgINzvd
uZfihxJ5DM1BX2yRTl3oOpsNgwJr4/JITlt9tBcZCo/9
-----END CERTIFICATE-----