Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/Najl_-94Uy9H5I0mC8-rKld706Y.roa
File:                     Najl_-94Uy9H5I0mC8-rKld706Y.roa (raw, json)
Hash identifier:          BCAN7KlMGnxS4yfe4tLMtgNNpxpEbtkCM65s0qqpFuk=
Subject key identifier:   35:A8:E5:FF:EF:78:53:2F:47:E4:8D:26:0B:CF:AB:2A:57:7B:D3:A6
Certificate issuer:       /CN=30f1ba6111c8f1d3f37c1b7c1a5ed737402192f2
Certificate serial:       018CC94DA95255B7400378FB4E87BD2D9E96
Authority key identifier: 30:F1:BA:61:11:C8:F1:D3:F3:7C:1B:7C:1A:5E:D7:37:40:21:92:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/Najl_-94Uy9H5I0mC8-rKld706Y.roa
Signing time:             Tue 02 Jan 2024 08:32:39 +0000
ROA not before:           Tue 02 Jan 2024 08:32:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31221
IP address blocks:        185.145.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:a9:52:55:b7:40:03:78:fb:4e:87:bd:2d:9e:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30f1ba6111c8f1d3f37c1b7c1a5ed737402192f2
        Validity
            Not Before: Jan  2 08:32:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=35a8e5ffef78532f47e48d260bcfab2a577bd3a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:83:ee:a2:26:9d:2f:0f:e4:ee:93:3a:31:ca:
                    da:82:5a:e4:57:1b:07:7f:9b:09:48:0b:00:ac:43:
                    46:9a:ce:87:51:96:29:f7:6f:48:27:08:0c:03:cf:
                    66:34:3d:61:ab:f4:22:e4:8d:88:c4:48:17:11:ec:
                    f2:1c:ee:75:01:bc:ab:24:23:15:d4:a1:fa:c5:36:
                    ab:d6:e3:e7:35:45:9b:6c:63:8d:c9:8b:e4:29:dc:
                    17:2c:d3:c8:11:82:01:86:3d:ca:fe:fe:b3:58:d5:
                    be:16:b1:a1:8a:2c:f3:6c:13:7c:24:24:da:f1:8f:
                    8f:39:86:ca:2e:31:b3:a4:e7:72:b9:a8:96:e1:3c:
                    4a:4d:16:9b:df:d3:aa:37:09:73:0e:da:68:38:34:
                    79:32:01:ee:b7:04:9a:ae:15:08:e9:86:74:df:60:
                    c3:ea:60:2a:19:0b:1a:07:b0:3e:9a:ef:78:7f:c7:
                    d9:7f:40:dd:f6:aa:7e:ff:71:8c:30:a2:3a:84:7c:
                    75:1b:4c:d6:a3:b1:38:0c:a2:8b:5c:64:66:99:e2:
                    e9:3b:13:2f:b9:9b:be:ad:15:8d:fd:6f:a5:39:c0:
                    4c:7b:08:a5:8c:44:d7:e1:17:9a:d8:80:5d:e4:dc:
                    94:ab:2e:2d:53:fe:45:93:55:f9:83:09:f2:d3:29:
                    ae:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:A8:E5:FF:EF:78:53:2F:47:E4:8D:26:0B:CF:AB:2A:57:7B:D3:A6
            X509v3 Authority Key Identifier:
                keyid:30:F1:BA:61:11:C8:F1:D3:F3:7C:1B:7C:1A:5E:D7:37:40:21:92:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/Najl_-94Uy9H5I0mC8-rKld706Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.145.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:6b:10:c1:45:1c:aa:ff:af:8b:81:6c:8f:8d:20:ad:ee:d7:
         33:4a:96:e1:0a:f4:5f:f0:01:1a:6b:5e:ac:80:2d:e6:d0:02:
         17:a7:a8:05:77:eb:2a:23:63:76:7d:27:bd:ad:02:3e:8c:7d:
         11:39:be:9e:e3:7b:f6:ee:1e:86:a8:fa:de:47:58:3a:19:8b:
         7a:c4:6c:f4:c1:97:b3:21:12:31:af:ce:d9:1a:94:e6:1b:c9:
         05:9f:58:df:77:3e:e2:02:c8:e4:8e:41:40:aa:8f:f8:bb:e2:
         2f:23:32:d0:e8:ba:fb:e8:15:e9:68:e6:fc:8d:e7:24:2b:de:
         52:ef:68:69:87:4b:ff:fc:a8:ac:ca:a9:e5:b1:a0:82:28:30:
         24:94:ee:ed:99:1c:a9:8a:a7:e5:4c:50:c9:3a:de:88:97:5f:
         2c:70:ea:1c:4a:81:d8:18:49:7d:73:1d:0b:3a:e2:e0:3a:12:
         73:1f:9a:c2:49:a3:75:48:a9:0f:c5:99:fa:e1:cc:07:17:8c:
         2f:13:80:60:b8:d4:96:bb:e6:45:5f:86:37:74:7a:5e:ea:de:
         28:02:cb:4e:6c:bf:0a:24:4a:fe:c2:bc:bb:b7:8c:f3:87:de:
         9b:7e:17:b7:e9:e1:4b:fe:75:25:ab:20:be:d5:15:1d:43:eb:
         9f:61:0a:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTalSVbdAA3j7Toe9LZ6WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwZjFiYTYxMTFjOGYxZDNmMzdjMWI3YzFhNWVkNzM3NDAy
MTkyZjIwHhcNMjQwMTAyMDgzMjM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWE4ZTVmZmVmNzg1MzJmNDdlNDhkMjYwYmNmYWIyYTU3N2JkM2E2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuYPuoiadLw/k7pM6McraglrkVxsH
f5sJSAsArENGms6HUZYp929IJwgMA89mND1hq/Qi5I2IxEgXEezyHO51AbyrJCMV
1KH6xTar1uPnNUWbbGONyYvkKdwXLNPIEYIBhj3K/v6zWNW+FrGhiizzbBN8JCTa
8Y+POYbKLjGzpOdyuaiW4TxKTRab39OqNwlzDtpoODR5MgHutwSarhUI6YZ032DD
6mAqGQsaB7A+mu94f8fZf0Dd9qp+/3GMMKI6hHx1G0zWo7E4DKKLXGRmmeLpOxMv
uZu+rRWN/W+lOcBMewiljETX4Rea2IBd5NyUqy4tU/5Fk1X5gwny0ymugwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDWo5f/veFMvR+SNJgvPqypXe9OmMB8GA1UdIwQY
MBaAFDDxumERyPHT83wbfBpe1zdAIZLyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVBHNllSSEk4ZFB6ZkJ0OEdsN1hOMEFoa3ZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy84ZDdjNTctYmE2NS00N2ZjLWJjYzQt
YzMzMDE4NjMzZDMzLzEvTmFqbF8tOTRVeTlINUkwbUM4LXJLbGQ3MDZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy84ZDdjNTctYmE2NS00N2ZjLWJjYzQtYzMzMDE4NjMzZDMz
LzEvTVBHNllSSEk4ZFB6ZkJ0OEdsN1hOMEFoa3ZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZFNMA0G
CSqGSIb3DQEBCwUAA4IBAQA6axDBRRyq/6+LgWyPjSCt7tczSpbhCvRf8AEaa16s
gC3m0AIXp6gFd+sqI2N2fSe9rQI+jH0ROb6e43v27h6GqPreR1g6GYt6xGz0wZez
IRIxr87ZGpTmG8kFn1jfdz7iAsjkjkFAqo/4u+IvIzLQ6Lr76BXpaOb8jeckK95S
72hph0v//KisyqnlsaCCKDAklO7tmRypiqflTFDJOt6Il18scOocSoHYGEl9cx0L
OuLgOhJzH5rCSaN1SKkPxZn64cwHF4wvE4BguNSWu+ZFX4Y3dHpe6t4oAstObL8K
JEr+wry7t4zzh96bfhe36eFL/nUlqyC+1RUdQ+ufYQrc
-----END CERTIFICATE-----