Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/njjMlsQwqC_NbpKfJHVwTgQ6thk.roa
File:                     njjMlsQwqC_NbpKfJHVwTgQ6thk.roa (raw, json)
Hash identifier:          8y4i2BrL4sbZ9u+Q6/CaGBw2IRNoiyTRLep2NtSvrGs=
Subject key identifier:   9E:38:CC:96:C4:30:A8:2F:CD:6E:92:9F:24:75:70:4E:04:3A:B6:19
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       018D8F9C34B9E720E5AC2565CF61A554AC18
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/njjMlsQwqC_NbpKfJHVwTgQ6thk.roa
Signing time:             Fri 09 Feb 2024 20:43:15 +0000
ROA not before:           Fri 09 Feb 2024 20:43:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        178.253.38.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 08:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:8f:9c:34:b9:e7:20:e5:ac:25:65:cf:61:a5:54:ac:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Feb  9 20:43:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e38cc96c430a82fcd6e929f2475704e043ab619
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:33:b7:67:1c:20:df:ca:13:66:1a:84:aa:13:
                    84:57:f1:86:76:36:ef:b8:ae:bf:8f:08:9e:2b:c6:
                    3f:3e:fa:06:78:bd:9c:fa:cb:dd:34:d1:58:3e:e2:
                    55:5b:e3:0d:c9:62:89:53:d5:47:49:d3:d7:d0:c7:
                    23:eb:8d:70:21:93:d6:d0:29:01:1d:e5:b7:58:d5:
                    76:68:dd:9f:62:63:a4:ed:1c:63:a0:97:eb:88:fe:
                    9e:4f:25:5f:e8:24:4b:8b:b1:60:0f:fc:f1:fa:33:
                    2b:8e:8b:aa:a8:63:4e:0a:3b:ec:9e:bf:05:7b:bf:
                    b1:81:b6:67:b4:94:0d:14:97:a6:90:4f:fe:67:9d:
                    d1:83:02:16:87:9a:5b:bf:bf:30:2b:2d:e8:31:11:
                    15:63:d1:9e:fc:54:89:a1:0c:92:21:70:b8:2e:8d:
                    43:51:31:d9:36:18:d3:65:df:ba:53:5f:5b:e6:a0:
                    b9:df:e6:03:a8:8f:83:15:ae:73:69:72:7a:54:26:
                    62:46:84:74:73:05:6f:f2:74:cc:97:55:2b:be:73:
                    d3:8e:0d:6e:4a:fe:c6:30:7d:6f:72:c7:83:fb:ee:
                    c6:57:25:c4:05:78:57:dc:b6:b2:8e:17:e9:d0:da:
                    52:fb:bc:f3:65:2b:26:13:ba:48:54:9c:63:a4:2b:
                    28:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:38:CC:96:C4:30:A8:2F:CD:6E:92:9F:24:75:70:4E:04:3A:B6:19
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/njjMlsQwqC_NbpKfJHVwTgQ6thk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.253.38.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0a:3d:0a:10:ca:6b:e6:df:69:a9:8f:7f:b4:73:13:4e:97:11:
         a8:07:7e:d5:f5:38:11:4c:c9:2c:0d:67:95:09:87:10:16:4e:
         49:4a:cf:9e:37:c9:f6:63:b8:18:06:23:eb:43:d5:d4:9f:91:
         b7:ff:f5:10:94:8f:f5:c8:f8:8e:18:45:1f:a0:40:bf:90:c8:
         d4:6f:72:4d:a1:b9:3a:fb:ed:4a:1e:4f:57:f5:4f:c8:6e:ed:
         af:4a:61:60:4c:8d:9a:ae:d8:f7:bb:2b:0c:1c:49:cd:29:00:
         4c:b5:0a:02:35:49:1a:a8:99:54:b1:0c:51:7e:99:5b:cd:aa:
         b8:00:8e:55:05:ad:05:45:6f:01:91:34:a1:54:7d:83:f4:80:
         39:fe:80:ad:81:80:e5:95:9c:dc:ad:f2:df:e6:0e:9b:4f:89:
         fc:d0:67:17:3f:80:c9:21:56:cd:d8:3c:49:0e:70:3d:7f:71:
         15:06:73:79:a4:25:0a:c2:ce:04:fe:be:06:3b:25:58:71:d0:
         58:99:0e:69:a5:2e:0b:f2:29:2b:33:2c:d2:89:7d:38:a7:c2:
         a7:20:a0:65:87:9c:2b:e4:0e:65:28:b3:bd:d8:5e:fa:21:4d:
         49:30:80:46:ce:35:ae:3d:f4:89:da:b3:d4:4e:19:94:85:82:
         76:e5:fc:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2PnDS55yDlrCVlz2GlVKwYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQwMjA5MjA0MzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTM4Y2M5NmM0MzBhODJmY2Q2ZTkyOWYyNDc1NzA0ZTA0M2FiNjE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhjO3Zxwg38oTZhqEqhOEV/GGdjbv
uK6/jwieK8Y/PvoGeL2c+svdNNFYPuJVW+MNyWKJU9VHSdPX0Mcj641wIZPW0CkB
HeW3WNV2aN2fYmOk7RxjoJfriP6eTyVf6CRLi7FgD/zx+jMrjouqqGNOCjvsnr8F
e7+xgbZntJQNFJemkE/+Z53RgwIWh5pbv78wKy3oMREVY9Ge/FSJoQySIXC4Lo1D
UTHZNhjTZd+6U19b5qC53+YDqI+DFa5zaXJ6VCZiRoR0cwVv8nTMl1UrvnPTjg1u
Sv7GMH1vcseD++7GVyXEBXhX3Layjhfp0NpS+7zzZSsmE7pIVJxjpCsomQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ44zJbEMKgvzW6SnyR1cE4EOrYZMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvbmpqTWxzUXdxQ19OYnBLZkpIVndUZ1E2dGhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsv0mMA0G
CSqGSIb3DQEBCwUAA4IBAQAKPQoQymvm32mpj3+0cxNOlxGoB37V9TgRTMksDWeV
CYcQFk5JSs+eN8n2Y7gYBiPrQ9XUn5G3//UQlI/1yPiOGEUfoEC/kMjUb3JNobk6
++1KHk9X9U/Ibu2vSmFgTI2artj3uysMHEnNKQBMtQoCNUkaqJlUsQxRfplbzaq4
AI5VBa0FRW8BkTShVH2D9IA5/oCtgYDllZzcrfLf5g6bT4n80GcXP4DJIVbN2DxJ
DnA9f3EVBnN5pCUKws4E/r4GOyVYcdBYmQ5ppS4L8ikrMyzSiX04p8KnIKBlh5wr
5A5lKLO92F76IU1JMIBGzjWuPfSJ2rPUThmUhYJ25fwL
-----END CERTIFICATE-----