Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/bfb817-7e2d-4458-bab1-d1750020caf5/1/JiqQ-b59vNl0MF5eVXzf0TfeO3c.roa
File:                     JiqQ-b59vNl0MF5eVXzf0TfeO3c.roa (raw, json)
Hash identifier:          OKAd29RpT9wnjVFO/8cLOZm/b/ev+jNX/rx5kLKiews=
Subject key identifier:   26:2A:90:F9:BE:7D:BC:D9:74:30:5E:5E:55:7C:DF:D1:37:DE:3B:77
Certificate issuer:       /CN=fed77339d938bef087599293c201b3b9f8223623
Certificate serial:       019424B398C7EE90708913337078CF923E2C
Authority key identifier: FE:D7:73:39:D9:38:BE:F0:87:59:92:93:C2:01:B3:B9:F8:22:36:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_tdzOdk4vvCHWZKTwgGzufgiNiM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/bfb817-7e2d-4458-bab1-d1750020caf5/1/JiqQ-b59vNl0MF5eVXzf0TfeO3c.roa
Signing time:             Thu 02 Jan 2025 01:48:57 +0000
ROA not before:           Thu 02 Jan 2025 01:48:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        141.53.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/bfb817-7e2d-4458-bab1-d1750020caf5/1/_tdzOdk4vvCHWZKTwgGzufgiNiM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/bfb817-7e2d-4458-bab1-d1750020caf5/1/_tdzOdk4vvCHWZKTwgGzufgiNiM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_tdzOdk4vvCHWZKTwgGzufgiNiM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:98:c7:ee:90:70:89:13:33:70:78:cf:92:3e:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fed77339d938bef087599293c201b3b9f8223623
        Validity
            Not Before: Jan  2 01:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=262a90f9be7dbcd974305e5e557cdfd137de3b77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:92:9a:e7:20:45:57:0f:49:48:8b:90:4a:47:
                    2d:2d:c7:8f:61:15:7f:bf:dc:2a:38:36:a6:43:10:
                    62:d4:19:cd:0c:57:da:88:4d:4b:01:75:f9:d2:f1:
                    7a:d6:cb:fa:38:3d:d2:31:1f:2a:0f:f5:00:22:25:
                    b9:5f:d7:a7:f5:43:0c:88:aa:e8:0e:0d:4c:3f:9e:
                    ec:1d:e2:20:1b:8e:86:05:9d:fe:cd:80:52:1d:27:
                    04:e0:75:22:ce:ef:83:82:59:dd:e1:81:ae:c0:80:
                    63:20:c5:89:f7:d6:e7:9c:c3:2b:66:57:3a:8e:50:
                    9a:ae:0a:d3:01:e8:16:8b:bf:4a:ec:35:3f:07:15:
                    33:15:15:50:0e:a4:ae:4e:87:46:b0:f7:8e:d1:9f:
                    4e:d2:13:7e:e0:44:6e:f9:02:77:11:5b:8c:ae:3c:
                    5c:11:47:94:e8:9e:5c:8c:30:d6:41:9c:d5:c6:6d:
                    3a:73:20:7b:26:f8:9c:a2:b0:59:f2:09:53:11:a8:
                    e4:bc:7c:9a:c8:6b:2a:7e:dd:f9:b0:e1:49:07:64:
                    8b:42:0d:1a:de:38:5a:11:bc:ec:64:14:64:cf:61:
                    87:d9:d1:3e:e3:6e:75:7e:ca:5c:8e:32:d7:10:9f:
                    02:30:bc:2b:bd:08:f4:a5:37:4c:4d:bc:a5:4d:d7:
                    40:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:2A:90:F9:BE:7D:BC:D9:74:30:5E:5E:55:7C:DF:D1:37:DE:3B:77
            X509v3 Authority Key Identifier:
                keyid:FE:D7:73:39:D9:38:BE:F0:87:59:92:93:C2:01:B3:B9:F8:22:36:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_tdzOdk4vvCHWZKTwgGzufgiNiM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/bfb817-7e2d-4458-bab1-d1750020caf5/1/JiqQ-b59vNl0MF5eVXzf0TfeO3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/bfb817-7e2d-4458-bab1-d1750020caf5/1/_tdzOdk4vvCHWZKTwgGzufgiNiM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.53.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         44:fb:fc:45:b9:c3:29:e8:7a:62:f6:85:d4:14:ea:3b:62:d1:
         9b:4a:8a:c6:18:ac:a8:51:e5:35:13:07:ef:9c:d8:3a:62:a3:
         d7:76:5f:3e:ba:6a:5a:73:0a:50:e3:e6:90:94:ca:d6:5c:dc:
         7f:db:7e:44:3e:af:d1:49:d6:a8:63:c8:af:6d:42:f0:a3:a4:
         ca:55:bf:27:1e:e7:43:1e:66:e2:d6:6c:52:8c:6e:09:ee:dd:
         e9:5c:13:c3:fd:67:5a:98:76:3a:d3:ac:00:4f:7f:6c:fa:f5:
         30:c0:25:c7:c3:54:db:77:c4:f8:20:8b:d7:05:34:41:e7:da:
         2d:e8:cc:ae:e8:e3:8c:88:04:ba:ed:5e:f3:15:2a:39:4e:32:
         6f:43:41:fc:7b:ea:ac:81:b7:a1:45:2a:23:00:63:d3:d1:a7:
         cf:4b:35:04:be:ee:a4:2c:d0:63:1f:9f:de:ad:aa:89:be:5b:
         db:ed:42:df:4d:f2:8b:37:0c:e9:57:7c:d7:7a:f4:41:d7:ff:
         a9:04:b6:9e:3e:df:07:87:f6:35:4a:54:1b:85:41:64:d8:11:
         f8:72:65:7d:09:e0:a8:7f:87:4e:e6:92:91:3a:b5:01:70:b0:
         bc:f1:95:35:d7:a0:da:74:6d:c5:3b:2e:e7:7e:3d:21:c6:95:
         67:2d:94:ce
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQks5jH7pBwiRMzcHjPkj4sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlZDc3MzM5ZDkzOGJlZjA4NzU5OTI5M2MyMDFiM2I5Zjgy
MjM2MjMwHhcNMjUwMTAyMDE0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjJhOTBmOWJlN2RiY2Q5NzQzMDVlNWU1NTdjZGZkMTM3ZGUzYjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlJKa5yBFVw9JSIuQSkctLcePYRV/
v9wqODamQxBi1BnNDFfaiE1LAXX50vF61sv6OD3SMR8qD/UAIiW5X9en9UMMiKro
Dg1MP57sHeIgG46GBZ3+zYBSHScE4HUizu+Dglnd4YGuwIBjIMWJ99bnnMMrZlc6
jlCargrTAegWi79K7DU/BxUzFRVQDqSuTodGsPeO0Z9O0hN+4ERu+QJ3EVuMrjxc
EUeU6J5cjDDWQZzVxm06cyB7JvicorBZ8glTEajkvHyayGsqft35sOFJB2SLQg0a
3jhaEbzsZBRkz2GH2dE+4251fspcjjLXEJ8CMLwrvQj0pTdMTbylTddAYwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFCYqkPm+fbzZdDBeXlV839E33jt3MB8GA1UdIwQY
MBaAFP7XcznZOL7wh1mSk8IBs7n4IjYjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3Rkek9kazR2dkNIV1pLVHdnR3p1ZmdpTmlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS9iZmI4MTctN2UyZC00NDU4LWJhYjEt
ZDE3NTAwMjBjYWY1LzEvSmlxUS1iNTl2TmwwTUY1ZVZYemYwVGZlTzNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS9iZmI4MTctN2UyZC00NDU4LWJhYjEtZDE3NTAwMjBjYWY1
LzEvX3Rkek9kazR2dkNIV1pLVHdnR3p1ZmdpTmlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjTUwDQYJ
KoZIhvcNAQELBQADggEBAET7/EW5wynoemL2hdQU6jti0ZtKisYYrKhR5TUTB++c
2Dpio9d2Xz66alpzClDj5pCUytZc3H/bfkQ+r9FJ1qhjyK9tQvCjpMpVvyce50Me
ZuLWbFKMbgnu3elcE8P9Z1qYdjrTrABPf2z69TDAJcfDVNt3xPggi9cFNEHn2i3o
zK7o44yIBLrtXvMVKjlOMm9DQfx76qyBt6FFKiMAY9PRp89LNQS+7qQs0GMfn96t
qom+W9vtQt9N8os3DOlXfNd69EHX/6kEtp4+3weH9jVKVBuFQWTYEfhyZX0J4Kh/
h07mkpE6tQFwsLzxlTXXoNp0bcU7Lud+PSHGlWctlM4=
-----END CERTIFICATE-----