Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/6b547f-cebd-48b5-bdcb-83ae2f214121/1/Jseuk-opRJo-NsNtV3RpZNtpaYU.roa
File:                     Jseuk-opRJo-NsNtV3RpZNtpaYU.roa (raw, json)
Hash identifier:          fDzmqtmRo2J0oaOtp0QwHMX9ofOfqTAINm2p33uCElc=
Subject key identifier:   26:C7:AE:93:EA:29:44:9A:3E:36:C3:6D:57:74:69:64:DB:69:69:85
Certificate issuer:       /CN=5690efa23c778ef7470f3ac0a905619bc7c277e4
Certificate serial:       018CC8DF13E128C0927F055A04FABF07C221
Authority key identifier: 56:90:EF:A2:3C:77:8E:F7:47:0F:3A:C0:A9:05:61:9B:C7:C2:77:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VpDvojx3jvdHDzrAqQVhm8fCd-Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/6b547f-cebd-48b5-bdcb-83ae2f214121/1/Jseuk-opRJo-NsNtV3RpZNtpaYU.roa
Signing time:             Tue 02 Jan 2024 06:31:51 +0000
ROA not before:           Tue 02 Jan 2024 06:31:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137
IP address blocks:        141.250.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/6b547f-cebd-48b5-bdcb-83ae2f214121/1/VpDvojx3jvdHDzrAqQVhm8fCd-Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/6b547f-cebd-48b5-bdcb-83ae2f214121/1/VpDvojx3jvdHDzrAqQVhm8fCd-Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VpDvojx3jvdHDzrAqQVhm8fCd-Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:13:e1:28:c0:92:7f:05:5a:04:fa:bf:07:c2:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5690efa23c778ef7470f3ac0a905619bc7c277e4
        Validity
            Not Before: Jan  2 06:31:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26c7ae93ea29449a3e36c36d57746964db696985
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:b0:2b:2c:db:7c:a3:15:c2:7f:97:97:49:06:
                    de:c3:19:4e:63:e9:2c:0f:26:6f:6b:57:54:34:eb:
                    82:67:76:87:3a:0b:18:b3:85:1f:37:8b:dd:60:8c:
                    76:7c:a3:9e:04:13:83:03:1b:0d:5e:df:1c:05:63:
                    4d:27:54:28:11:2d:4e:40:4e:61:ce:a3:fe:e8:b8:
                    da:18:d4:2a:db:8b:2b:52:c2:8f:0e:24:d0:e5:58:
                    35:6e:ab:1c:89:5d:bc:7d:2f:cf:0b:e9:2b:12:b4:
                    c5:a2:24:f9:be:2d:2b:77:62:43:5f:cc:54:63:31:
                    79:79:b3:cd:9f:14:59:d5:9a:78:d5:09:30:e6:33:
                    86:6a:c9:45:d5:16:3e:fe:d8:f0:b9:41:b4:be:a2:
                    26:7a:0a:0b:0f:9c:61:be:39:71:e1:74:36:88:81:
                    bf:35:5a:09:79:9f:34:c1:42:8e:16:07:02:aa:8a:
                    6b:ed:e7:cd:99:8a:ea:e1:eb:dd:30:a4:2b:97:3e:
                    c1:0e:85:ec:e8:89:28:09:56:f7:01:7f:29:70:03:
                    62:a7:16:39:dc:54:63:cd:f6:3a:86:b5:e5:38:51:
                    55:b2:d4:72:55:6f:7b:ce:c8:a8:ec:72:c8:c6:39:
                    2d:7b:f3:c4:bd:e9:45:49:42:8d:d0:60:24:ec:b1:
                    b0:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:C7:AE:93:EA:29:44:9A:3E:36:C3:6D:57:74:69:64:DB:69:69:85
            X509v3 Authority Key Identifier:
                keyid:56:90:EF:A2:3C:77:8E:F7:47:0F:3A:C0:A9:05:61:9B:C7:C2:77:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VpDvojx3jvdHDzrAqQVhm8fCd-Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/6b547f-cebd-48b5-bdcb-83ae2f214121/1/Jseuk-opRJo-NsNtV3RpZNtpaYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/6b547f-cebd-48b5-bdcb-83ae2f214121/1/VpDvojx3jvdHDzrAqQVhm8fCd-Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.250.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b6:96:0f:79:41:be:d5:0f:72:25:72:82:9f:f4:99:17:82:f6:
         51:b1:d0:99:45:0c:15:df:ba:c8:e3:82:02:c7:a0:3e:6d:82:
         88:ea:0e:5e:21:69:df:6c:7c:69:9c:5c:45:f2:90:32:c8:3c:
         76:f6:ef:24:f4:e9:7e:d3:80:93:25:c4:85:e7:90:16:3a:7f:
         5d:35:55:c1:e1:bc:6e:d1:fc:45:31:eb:cc:ed:a6:34:96:6a:
         c4:c7:64:19:c9:c9:28:e6:c6:f5:11:75:13:90:08:92:79:2b:
         68:59:c0:8c:f8:f1:b6:45:b3:86:61:06:43:13:b5:0d:4c:60:
         c2:df:37:a0:82:77:51:e9:e8:54:1c:d0:c3:39:4c:b0:42:af:
         11:20:f9:c9:85:ca:8b:b2:1c:af:e4:ca:6f:94:f2:6c:57:7e:
         a7:bd:99:fc:c8:71:ec:6e:22:4e:40:b1:e3:3e:9e:b0:14:6e:
         7d:6e:24:69:b1:00:6a:d2:ad:dc:76:14:99:93:d8:90:85:e9:
         34:39:55:7e:78:01:7d:94:38:b1:fe:9b:cd:ce:5e:e0:d0:6b:
         93:09:35:40:5a:24:35:42:2c:d1:0e:cc:20:73:e7:93:bb:f0:
         48:e9:2a:c5:fc:db:f8:88:d4:d5:a7:0a:f1:3a:38:60:22:72:
         ae:14:55:38
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzI3xPhKMCSfwVaBPq/B8IhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2OTBlZmEyM2M3NzhlZjc0NzBmM2FjMGE5MDU2MTliYzdj
Mjc3ZTQwHhcNMjQwMTAyMDYzMTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmM3YWU5M2VhMjk0NDlhM2UzNmMzNmQ1Nzc0Njk2NGRiNjk2OTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh7ArLNt8oxXCf5eXSQbewxlOY+ks
DyZva1dUNOuCZ3aHOgsYs4UfN4vdYIx2fKOeBBODAxsNXt8cBWNNJ1QoES1OQE5h
zqP+6LjaGNQq24srUsKPDiTQ5Vg1bqsciV28fS/PC+krErTFoiT5vi0rd2JDX8xU
YzF5ebPNnxRZ1Zp41Qkw5jOGaslF1RY+/tjwuUG0vqImegoLD5xhvjlx4XQ2iIG/
NVoJeZ80wUKOFgcCqopr7efNmYrq4evdMKQrlz7BDoXs6IkoCVb3AX8pcANipxY5
3FRjzfY6hrXlOFFVstRyVW97zsio7HLIxjkte/PEvelFSUKN0GAk7LGwywIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFCbHrpPqKUSaPjbDbVd0aWTbaWmFMB8GA1UdIwQY
MBaAFFaQ76I8d473Rw86wKkFYZvHwnfkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnBEdm9qeDNqdmRIRHpyQXFRVmhtOGZDZC1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy82YjU0N2YtY2ViZC00OGI1LWJkY2It
ODNhZTJmMjE0MTIxLzEvSnNldWstb3BSSm8tTnNOdFYzUnBaTnRwYVlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy82YjU0N2YtY2ViZC00OGI1LWJkY2ItODNhZTJmMjE0MTIx
LzEvVnBEdm9qeDNqdmRIRHpyQXFRVmhtOGZDZC1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjfowDQYJ
KoZIhvcNAQELBQADggEBALaWD3lBvtUPciVygp/0mReC9lGx0JlFDBXfusjjggLH
oD5tgojqDl4had9sfGmcXEXykDLIPHb27yT06X7TgJMlxIXnkBY6f101VcHhvG7R
/EUx68ztpjSWasTHZBnJySjmxvURdROQCJJ5K2hZwIz48bZFs4ZhBkMTtQ1MYMLf
N6CCd1Hp6FQc0MM5TLBCrxEg+cmFyouyHK/kym+U8mxXfqe9mfzIcexuIk5AseM+
nrAUbn1uJGmxAGrSrdx2FJmT2JCF6TQ5VX54AX2UOLH+m83OXuDQa5MJNUBaJDVC
LNEOzCBz55O78EjpKsX82/iI1NWnCvE6OGAicq4UVTg=
-----END CERTIFICATE-----