Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/1c718d-e7a0-40ac-a181-cbaa42a62727/1/nj-KYHgk-BCweKny_1XDjWvbM_Q.roa
File:                     nj-KYHgk-BCweKny_1XDjWvbM_Q.roa (raw, json)
Hash identifier:          gX8WL540uksZhkT6OTgt15hq9BVQhctJqr1MNoOdv08=
Subject key identifier:   9E:3F:8A:60:78:24:F8:10:B0:78:A9:F2:FF:55:C3:8D:6B:DB:33:F4
Certificate issuer:       /CN=d07dc35ebcd88dd0e2a8db3a5a08654bc3be0262
Certificate serial:       018CC64B11093F1691AA06E7BD3E801BB632
Authority key identifier: D0:7D:C3:5E:BC:D8:8D:D0:E2:A8:DB:3A:5A:08:65:4B:C3:BE:02:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0H3DXrzYjdDiqNs6WghlS8O-AmI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/1c718d-e7a0-40ac-a181-cbaa42a62727/1/nj-KYHgk-BCweKny_1XDjWvbM_Q.roa
Signing time:             Mon 01 Jan 2024 18:30:57 +0000
ROA not before:           Mon 01 Jan 2024 18:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51088
IP address blocks:        5.44.72.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/1c718d-e7a0-40ac-a181-cbaa42a62727/1/0H3DXrzYjdDiqNs6WghlS8O-AmI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/1c718d-e7a0-40ac-a181-cbaa42a62727/1/0H3DXrzYjdDiqNs6WghlS8O-AmI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0H3DXrzYjdDiqNs6WghlS8O-AmI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:11:09:3f:16:91:aa:06:e7:bd:3e:80:1b:b6:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d07dc35ebcd88dd0e2a8db3a5a08654bc3be0262
        Validity
            Not Before: Jan  1 18:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e3f8a607824f810b078a9f2ff55c38d6bdb33f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:29:b3:24:c4:6b:d0:27:bd:07:c0:48:c5:2e:
                    a0:8d:51:79:a0:1b:1c:0b:f3:5f:d6:dd:1e:46:ec:
                    3f:33:f9:88:7e:82:f6:96:4d:a7:a2:01:7b:52:4e:
                    22:03:29:a1:c8:3f:29:a4:a6:a7:c1:ea:c6:fb:20:
                    f2:86:56:e1:50:40:be:4c:d5:e4:a2:72:bf:75:97:
                    ed:61:27:20:9a:ee:43:2c:d9:05:3a:6f:36:f2:e7:
                    57:d0:5c:88:0a:ad:34:63:1d:3b:db:67:f7:d8:57:
                    28:05:79:de:d8:f1:62:8e:af:40:8c:1e:0a:db:ee:
                    aa:c1:4c:2d:eb:10:9a:eb:35:7e:a2:e2:80:73:f9:
                    e6:8f:77:14:31:2d:b9:98:58:43:b9:01:8d:9c:cb:
                    a7:0a:e7:1e:30:fa:37:ea:c4:a3:bf:5b:e3:9c:41:
                    51:96:c0:fd:60:1f:46:c3:8d:eb:10:b7:5a:08:de:
                    1b:6b:74:7d:3c:9e:56:64:23:2a:cd:e0:1b:2c:b9:
                    a5:16:c3:26:0d:ca:ac:75:02:b0:df:8b:06:ce:6f:
                    3b:6c:10:14:f4:08:a6:04:1e:77:a5:39:21:7b:5a:
                    fd:49:05:21:6f:39:18:ee:77:a7:a5:83:66:3f:50:
                    86:55:e6:62:96:96:8f:a1:ec:b7:88:38:59:9a:54:
                    93:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:3F:8A:60:78:24:F8:10:B0:78:A9:F2:FF:55:C3:8D:6B:DB:33:F4
            X509v3 Authority Key Identifier:
                keyid:D0:7D:C3:5E:BC:D8:8D:D0:E2:A8:DB:3A:5A:08:65:4B:C3:BE:02:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0H3DXrzYjdDiqNs6WghlS8O-AmI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/1c718d-e7a0-40ac-a181-cbaa42a62727/1/nj-KYHgk-BCweKny_1XDjWvbM_Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/1c718d-e7a0-40ac-a181-cbaa42a62727/1/0H3DXrzYjdDiqNs6WghlS8O-AmI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.44.72.0/21

    Signature Algorithm: sha256WithRSAEncryption
         ad:43:cc:d8:8f:28:32:d2:94:8f:71:65:47:34:7e:98:aa:ac:
         11:d5:aa:b8:10:05:40:a6:92:a7:fe:d7:20:8b:09:9c:f3:14:
         8a:95:f8:5b:3b:d9:a9:40:c1:4d:37:c7:bd:fa:d3:f5:b0:8e:
         7d:78:9d:a6:47:9c:2e:20:aa:87:90:7d:1d:62:65:98:7d:ab:
         b7:b9:88:53:cc:65:7b:fd:47:59:4e:17:7f:c9:de:47:d8:b8:
         8a:c4:5c:c1:cd:47:fa:4d:0f:be:22:91:58:5d:58:4b:09:21:
         74:0e:19:9d:01:21:98:ec:8a:b7:66:f1:db:44:f4:43:50:4b:
         b3:0c:c4:48:fc:bf:04:9e:21:5b:12:ef:0a:47:00:71:76:3e:
         74:b1:e7:61:3a:be:f5:ab:bc:96:77:43:bc:47:74:cc:43:04:
         5d:f8:c4:76:85:01:49:d5:c7:a2:00:4b:6b:b5:95:09:8d:20:
         73:ac:21:b0:83:4e:3a:1b:ad:00:b3:89:a6:e8:77:55:5f:a7:
         77:95:f8:11:15:31:7f:06:24:19:a4:b7:d7:9f:4f:da:6d:f5:
         91:a7:73:ba:a5:28:9d:48:92:65:c7:13:0f:88:a8:7d:e9:d1:
         b2:e8:20:42:cd:4e:1c:27:72:83:69:7d:b1:4a:63:6a:94:ba:
         cb:cb:8e:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSxEJPxaRqgbnvT6AG7YyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwN2RjMzVlYmNkODhkZDBlMmE4ZGIzYTVhMDg2NTRiYzNi
ZTAyNjIwHhcNMjQwMTAxMTgzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTNmOGE2MDc4MjRmODEwYjA3OGE5ZjJmZjU1YzM4ZDZiZGIzM2Y0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjymzJMRr0Ce9B8BIxS6gjVF5oBsc
C/Nf1t0eRuw/M/mIfoL2lk2nogF7Uk4iAymhyD8ppKanwerG+yDyhlbhUEC+TNXk
onK/dZftYScgmu5DLNkFOm828udX0FyICq00Yx0722f32FcoBXne2PFijq9AjB4K
2+6qwUwt6xCa6zV+ouKAc/nmj3cUMS25mFhDuQGNnMunCuceMPo36sSjv1vjnEFR
lsD9YB9Gw43rELdaCN4ba3R9PJ5WZCMqzeAbLLmlFsMmDcqsdQKw34sGzm87bBAU
9AimBB53pTkhe1r9SQUhbzkY7nenpYNmP1CGVeZilpaPoey3iDhZmlSTVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ4/imB4JPgQsHip8v9Vw41r2zP0MB8GA1UdIwQY
MBaAFNB9w1682I3Q4qjbOloIZUvDvgJiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEgzRFhyellqZERpcU5zNldnaGxTOE8tQW1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS8xYzcxOGQtZTdhMC00MGFjLWExODEt
Y2JhYTQyYTYyNzI3LzEvbmotS1lIZ2stQkN3ZUtueV8xWERqV3ZiTV9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS8xYzcxOGQtZTdhMC00MGFjLWExODEtY2JhYTQyYTYyNzI3
LzEvMEgzRFhyellqZERpcU5zNldnaGxTOE8tQW1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDBSxIMA0G
CSqGSIb3DQEBCwUAA4IBAQCtQ8zYjygy0pSPcWVHNH6YqqwR1aq4EAVAppKn/tcg
iwmc8xSKlfhbO9mpQMFNN8e9+tP1sI59eJ2mR5wuIKqHkH0dYmWYfau3uYhTzGV7
/UdZThd/yd5H2LiKxFzBzUf6TQ++IpFYXVhLCSF0DhmdASGY7Iq3ZvHbRPRDUEuz
DMRI/L8EniFbEu8KRwBxdj50sedhOr71q7yWd0O8R3TMQwRd+MR2hQFJ1ceiAEtr
tZUJjSBzrCGwg046G60As4mm6HdVX6d3lfgRFTF/BiQZpLfXn0/abfWRp3O6pSid
SJJlxxMPiKh96dGy6CBCzU4cJ3KDaX2xSmNqlLrLy46O
-----END CERTIFICATE-----