Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/44dd9f-4891-45ae-9030-8da8317de3f6/1/njmdu_4smylLxVn5QGUmEUZNcOo.roa
File:                     njmdu_4smylLxVn5QGUmEUZNcOo.roa (raw, json)
Hash identifier:          rA6csdgXi2Bw1ZAj3s6rsIC5DHRH/iOqnWqTE+SZgCI=
Subject key identifier:   9E:39:9D:BB:FE:2C:9B:29:4B:C5:59:F9:40:65:26:11:46:4D:70:EA
Certificate issuer:       /CN=5dc87309876cec404f007bf6da0434c0bdc62d8b
Certificate serial:       018CC8DECF485F01A2DA373636131E2935D6
Authority key identifier: 5D:C8:73:09:87:6C:EC:40:4F:00:7B:F6:DA:04:34:C0:BD:C6:2D:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XchzCYds7EBPAHv22gQ0wL3GLYs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/44dd9f-4891-45ae-9030-8da8317de3f6/1/njmdu_4smylLxVn5QGUmEUZNcOo.roa
Signing time:             Tue 02 Jan 2024 06:31:34 +0000
ROA not before:           Tue 02 Jan 2024 06:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41821
IP address blocks:        185.210.80.0/22 maxlen: 24
                          2a0b:6040::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/44dd9f-4891-45ae-9030-8da8317de3f6/1/XchzCYds7EBPAHv22gQ0wL3GLYs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/44dd9f-4891-45ae-9030-8da8317de3f6/1/XchzCYds7EBPAHv22gQ0wL3GLYs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XchzCYds7EBPAHv22gQ0wL3GLYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:cf:48:5f:01:a2:da:37:36:36:13:1e:29:35:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dc87309876cec404f007bf6da0434c0bdc62d8b
        Validity
            Not Before: Jan  2 06:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e399dbbfe2c9b294bc559f940652611464d70ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:22:8d:b4:f5:b9:6d:b1:99:4e:3a:b9:be:f1:
                    88:a4:b4:71:3f:d2:f8:db:54:df:4a:d3:6b:fc:4e:
                    a8:00:7f:7c:59:02:9c:76:1e:e9:4e:6c:ca:9e:a5:
                    07:d2:a3:5c:cd:f0:c5:75:c5:05:ce:34:e3:32:a1:
                    69:ca:a1:82:9f:1a:e4:a3:07:5a:32:aa:e6:21:a3:
                    83:76:15:e5:71:7a:fa:77:3e:87:a8:3d:b3:e3:6e:
                    1a:63:59:aa:4d:13:aa:03:6a:0c:37:bb:02:7c:23:
                    64:91:dd:15:d8:24:92:48:8c:35:37:ca:bf:59:9c:
                    c7:62:ab:f6:e3:44:fb:c8:13:a9:79:be:f2:ed:83:
                    b8:d0:60:a7:09:c2:35:c9:cc:42:b6:63:f9:57:a2:
                    f6:87:46:42:86:7c:98:14:54:c0:03:9c:74:07:95:
                    3b:ea:1a:96:b0:22:cd:be:46:d6:f7:ed:00:ce:b9:
                    f2:d9:52:ab:53:6a:bb:c6:dc:69:3f:40:8f:90:54:
                    21:5c:3d:65:77:06:07:78:8c:06:05:d9:ce:3f:8b:
                    07:6a:0e:16:65:26:e7:91:42:62:fa:57:26:1f:a2:
                    b8:34:31:90:85:33:e9:13:b1:d9:fa:44:1b:c6:d5:
                    4c:bc:13:00:f0:84:2b:7c:c4:31:8f:09:d7:85:2b:
                    15:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:39:9D:BB:FE:2C:9B:29:4B:C5:59:F9:40:65:26:11:46:4D:70:EA
            X509v3 Authority Key Identifier:
                keyid:5D:C8:73:09:87:6C:EC:40:4F:00:7B:F6:DA:04:34:C0:BD:C6:2D:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XchzCYds7EBPAHv22gQ0wL3GLYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/44dd9f-4891-45ae-9030-8da8317de3f6/1/njmdu_4smylLxVn5QGUmEUZNcOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/44dd9f-4891-45ae-9030-8da8317de3f6/1/XchzCYds7EBPAHv22gQ0wL3GLYs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.210.80.0/22
                IPv6:
                  2a0b:6040::/32

    Signature Algorithm: sha256WithRSAEncryption
         b5:b2:ef:3b:8d:83:9e:e7:4c:2a:c9:d4:ca:5d:e0:7e:c4:1e:
         24:42:75:33:10:06:85:ca:5c:26:f7:09:7c:2b:d6:91:cb:17:
         6e:9e:41:80:5d:4a:92:00:8c:94:3f:81:7e:e4:0d:df:5c:26:
         0b:42:43:f8:90:d7:a0:95:89:99:de:dc:83:1e:f2:64:32:c0:
         cf:f7:2c:22:05:8c:84:85:09:24:54:64:97:05:26:d9:09:d3:
         77:5c:a3:b1:ff:07:dd:64:40:f4:0b:aa:3f:b1:68:18:da:26:
         a8:85:42:20:32:e1:ff:55:b6:97:5f:00:33:12:68:fc:f4:66:
         c7:3f:f7:37:c9:e3:91:ad:08:f1:4a:d7:07:56:5c:0d:f4:db:
         9e:de:4a:01:de:23:ab:54:9c:d1:eb:9a:28:4d:fa:ef:ad:bc:
         81:66:cb:d6:a7:59:35:f2:9c:a1:73:cd:e7:3a:fe:ab:21:e4:
         4f:95:3a:35:6b:43:9e:8b:56:ce:76:28:bf:c7:ed:ee:af:f6:
         62:86:b2:ac:37:30:f1:37:c4:a1:57:54:62:df:25:54:23:9a:
         74:05:34:5f:7b:67:e8:3b:b0:4c:89:d5:97:da:a3:94:b7:fb:
         43:80:9e:35:15:78:00:da:c5:72:f3:6f:77:f6:e5:8c:46:92:
         ca:39:b2:04
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3s9IXwGi2jc2NhMeKTXWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYzg3MzA5ODc2Y2VjNDA0ZjAwN2JmNmRhMDQzNGMwYmRj
NjJkOGIwHhcNMjQwMTAyMDYzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTM5OWRiYmZlMmM5YjI5NGJjNTU5Zjk0MDY1MjYxMTQ2NGQ3MGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoiKNtPW5bbGZTjq5vvGIpLRxP9L4
21TfStNr/E6oAH98WQKcdh7pTmzKnqUH0qNczfDFdcUFzjTjMqFpyqGCnxrkowda
MqrmIaODdhXlcXr6dz6HqD2z424aY1mqTROqA2oMN7sCfCNkkd0V2CSSSIw1N8q/
WZzHYqv240T7yBOpeb7y7YO40GCnCcI1ycxCtmP5V6L2h0ZChnyYFFTAA5x0B5U7
6hqWsCLNvkbW9+0Azrny2VKrU2q7xtxpP0CPkFQhXD1ldwYHeIwGBdnOP4sHag4W
ZSbnkUJi+lcmH6K4NDGQhTPpE7HZ+kQbxtVMvBMA8IQrfMQxjwnXhSsVaQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJ45nbv+LJspS8VZ+UBlJhFGTXDqMB8GA1UdIwQY
MBaAFF3IcwmHbOxATwB79toENMC9xi2LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGNoekNZZHM3RUJQQUh2MjJnUTB3TDNHTFlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi80NGRkOWYtNDg5MS00NWFlLTkwMzAt
OGRhODMxN2RlM2Y2LzEvbmptZHVfNHNteWxMeFZuNVFHVW1FVVpOY09vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi80NGRkOWYtNDg5MS00NWFlLTkwMzAtOGRhODMxN2RlM2Y2
LzEvWGNoekNZZHM3RUJQQUh2MjJnUTB3TDNHTFlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudJQMA0E
AgACMAcDBQAqC2BAMA0GCSqGSIb3DQEBCwUAA4IBAQC1su87jYOe50wqydTKXeB+
xB4kQnUzEAaFylwm9wl8K9aRyxdunkGAXUqSAIyUP4F+5A3fXCYLQkP4kNeglYmZ
3tyDHvJkMsDP9ywiBYyEhQkkVGSXBSbZCdN3XKOx/wfdZED0C6o/sWgY2iaohUIg
MuH/VbaXXwAzEmj89GbHP/c3yeORrQjxStcHVlwN9Nue3koB3iOrVJzR65ooTfrv
rbyBZsvWp1k18pyhc83nOv6rIeRPlTo1a0Oei1bOdii/x+3ur/ZihrKsNzDxN8Sh
V1Ri3yVUI5p0BTRfe2foO7BMidWX2qOUt/tDgJ41FXgA2sVy82939uWMRpLKObIE
-----END CERTIFICATE-----