Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/dfc10c-f889-455a-82a0-b30408948cce/1/njUk32SaSB_lGi-_435uw3ajpM8.roa
File:                     njUk32SaSB_lGi-_435uw3ajpM8.roa (raw, json)
Hash identifier:          4O6GyYbMR4FcMUKFR7bvCyUxNPvp/aXyl1fQUmeWRQU=
Subject key identifier:   9E:35:24:DF:64:9A:48:1F:E5:1A:2F:BF:E3:7E:6E:C3:76:A3:A4:CF
Certificate issuer:       /CN=e37e5ff123ea7d2e83ce27520c987d037e649d03
Certificate serial:       018DC11D0892BD77232F230117273AEFFE74
Authority key identifier: E3:7E:5F:F1:23:EA:7D:2E:83:CE:27:52:0C:98:7D:03:7E:64:9D:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/435f8SPqfS6DzidSDJh9A35knQM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/dfc10c-f889-455a-82a0-b30408948cce/1/njUk32SaSB_lGi-_435uw3ajpM8.roa
Signing time:             Mon 19 Feb 2024 11:25:21 +0000
ROA not before:           Mon 19 Feb 2024 11:25:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48927
IP address blocks:        178.215.228.0/22 maxlen: 24
                          2a0d:5440::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/dfc10c-f889-455a-82a0-b30408948cce/1/435f8SPqfS6DzidSDJh9A35knQM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/dfc10c-f889-455a-82a0-b30408948cce/1/435f8SPqfS6DzidSDJh9A35knQM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/435f8SPqfS6DzidSDJh9A35knQM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:02:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c1:1d:08:92:bd:77:23:2f:23:01:17:27:3a:ef:fe:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e37e5ff123ea7d2e83ce27520c987d037e649d03
        Validity
            Not Before: Feb 19 11:25:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e3524df649a481fe51a2fbfe37e6ec376a3a4cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:e5:20:fe:bf:71:6c:a3:e8:51:29:3c:06:79:
                    ce:63:36:cc:3c:4e:a3:0d:ad:5f:dc:5f:a5:f7:9a:
                    8e:c7:ca:28:f6:8a:26:55:1a:77:46:79:2a:a4:8d:
                    15:0c:27:b5:48:dc:ab:4a:79:c7:9b:3d:4c:79:9f:
                    cf:7b:79:a6:48:ca:6c:c2:24:8d:87:d6:74:40:b5:
                    4f:0d:97:aa:fc:9d:80:d6:d0:8d:66:a8:df:e0:52:
                    f1:1b:b0:e9:5e:26:8e:f6:f5:8f:69:a9:a1:0b:81:
                    49:42:4d:e5:d6:6c:8d:93:4c:47:ce:2a:9e:42:27:
                    83:b9:6f:4f:85:97:9f:ef:a8:67:e8:75:f5:ee:0f:
                    a7:53:4d:ee:1c:48:a1:1f:b9:bd:9c:66:f3:59:a3:
                    a2:19:fc:f8:fd:2e:db:04:3e:5d:94:98:1a:fc:98:
                    9c:3d:6e:77:72:08:50:f5:28:e9:cb:42:33:ee:7b:
                    d3:93:93:35:69:44:91:2a:b8:c6:49:d5:74:8f:e3:
                    1c:99:a6:29:9e:ab:c7:c8:06:d2:da:df:7a:5b:49:
                    ab:5e:06:0f:07:1a:00:9c:53:ae:3e:84:bd:73:17:
                    6c:b4:1a:53:1e:33:3a:f6:d6:c1:d7:cb:9c:fc:6a:
                    fe:2b:7c:4c:db:9c:be:e7:44:9d:e8:a4:2c:6c:81:
                    92:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:35:24:DF:64:9A:48:1F:E5:1A:2F:BF:E3:7E:6E:C3:76:A3:A4:CF
            X509v3 Authority Key Identifier:
                keyid:E3:7E:5F:F1:23:EA:7D:2E:83:CE:27:52:0C:98:7D:03:7E:64:9D:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/435f8SPqfS6DzidSDJh9A35knQM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/dfc10c-f889-455a-82a0-b30408948cce/1/njUk32SaSB_lGi-_435uw3ajpM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/dfc10c-f889-455a-82a0-b30408948cce/1/435f8SPqfS6DzidSDJh9A35knQM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.215.228.0/22
                IPv6:
                  2a0d:5440::/29

    Signature Algorithm: sha256WithRSAEncryption
         39:a2:91:34:67:e5:67:b1:a6:6d:70:35:47:93:05:5a:39:12:
         d5:64:97:db:4e:6e:23:b6:39:8d:2d:da:da:23:0e:57:05:50:
         2e:1c:0e:ce:c8:00:0c:6c:45:b3:2f:6b:be:a1:28:a7:5e:b4:
         96:6f:d7:9a:88:07:87:5c:4f:f2:45:1d:38:23:92:79:4f:bc:
         fa:39:38:66:73:19:da:3a:ec:51:ac:1e:e1:61:b0:60:3c:7c:
         d5:f0:5b:2b:cf:1a:3e:d3:17:3c:04:23:20:b4:59:4a:39:a5:
         28:7a:1e:5f:bf:09:09:f3:ad:f7:c7:f4:4f:1c:17:09:96:d7:
         19:dc:19:11:9e:35:3e:9d:ce:33:d8:25:6e:60:88:49:58:a3:
         34:62:ec:b5:4f:8b:4d:f7:8b:a2:e3:b5:ce:0b:7d:b5:74:32:
         7a:7b:b8:c3:7f:6e:85:06:7f:11:c4:a5:25:e0:7b:0d:95:39:
         bc:db:ed:ba:84:2b:c1:8e:18:10:e4:36:8c:e5:f3:d8:76:f5:
         41:02:46:4f:50:b0:e9:94:05:2b:64:44:c6:a4:f5:47:d7:7d:
         81:43:0f:00:68:70:a9:a6:02:7f:3f:d1:86:03:bf:44:b7:08:
         d8:41:80:f1:78:c9:5d:ce:c5:8a:12:64:a0:35:fe:34:c6:2f:
         a1:bd:19:db
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY3BHQiSvXcjLyMBFyc67/50MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzN2U1ZmYxMjNlYTdkMmU4M2NlMjc1MjBjOTg3ZDAzN2U2
NDlkMDMwHhcNMjQwMjE5MTEyNTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTM1MjRkZjY0OWE0ODFmZTUxYTJmYmZlMzdlNmVjMzc2YTNhNGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+Ug/r9xbKPoUSk8BnnOYzbMPE6j
Da1f3F+l95qOx8oo9oomVRp3RnkqpI0VDCe1SNyrSnnHmz1MeZ/Pe3mmSMpswiSN
h9Z0QLVPDZeq/J2A1tCNZqjf4FLxG7DpXiaO9vWPaamhC4FJQk3l1myNk0xHziqe
QieDuW9PhZef76hn6HX17g+nU03uHEihH7m9nGbzWaOiGfz4/S7bBD5dlJga/Jic
PW53cghQ9Sjpy0Iz7nvTk5M1aUSRKrjGSdV0j+McmaYpnqvHyAbS2t96W0mrXgYP
BxoAnFOuPoS9cxdstBpTHjM69tbB18uc/Gr+K3xM25y+50Sd6KQsbIGSPwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJ41JN9kmkgf5Rovv+N+bsN2o6TPMB8GA1UdIwQY
MBaAFON+X/Ej6n0ug84nUgyYfQN+ZJ0DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDM1ZjhTUHFmUzZEemlkU0RKaDlBMzVrblFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9kZmMxMGMtZjg4OS00NTVhLTgyYTAt
YjMwNDA4OTQ4Y2NlLzEvbmpVazMyU2FTQl9sR2ktXzQzNXV3M2FqcE04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9kZmMxMGMtZjg4OS00NTVhLTgyYTAtYjMwNDA4OTQ4Y2Nl
LzEvNDM1ZjhTUHFmUzZEemlkU0RKaDlBMzVrblFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCstfkMA0E
AgACMAcDBQMqDVRAMA0GCSqGSIb3DQEBCwUAA4IBAQA5opE0Z+VnsaZtcDVHkwVa
ORLVZJfbTm4jtjmNLdraIw5XBVAuHA7OyAAMbEWzL2u+oSinXrSWb9eaiAeHXE/y
RR04I5J5T7z6OThmcxnaOuxRrB7hYbBgPHzV8Fsrzxo+0xc8BCMgtFlKOaUoeh5f
vwkJ8633x/RPHBcJltcZ3BkRnjU+nc4z2CVuYIhJWKM0Yuy1T4tN94ui47XOC321
dDJ6e7jDf26FBn8RxKUl4HsNlTm82+26hCvBjhgQ5DaM5fPYdvVBAkZPULDplAUr
ZETGpPVH132BQw8AaHCppgJ/P9GGA79EtwjYQYDxeMldzsWKEmSgNf40xi+hvRnb
-----END CERTIFICATE-----