Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/5cfc47-2210-4739-a964-cef01362c4a8/1/NusJh_P0McPkZcD12dDvwISr_bI.roa
File:                     NusJh_P0McPkZcD12dDvwISr_bI.roa (raw, json)
Hash identifier:          p/sMdJIsf8ujrci2lDdoGRjNkM8yZuVKyeo2UzyJxrc=
Subject key identifier:   36:EB:09:87:F3:F4:31:C3:E4:65:C0:F5:D9:D0:EF:C0:84:AB:FD:B2
Certificate issuer:       /CN=87ae0af282dd4e9bc1b82194aed3b19693d87298
Certificate serial:       018CC5DC4B17F966D30C326C9F3AD6B9423E
Authority key identifier: 87:AE:0A:F2:82:DD:4E:9B:C1:B8:21:94:AE:D3:B1:96:93:D8:72:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h64K8oLdTpvBuCGUrtOxlpPYcpg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/5cfc47-2210-4739-a964-cef01362c4a8/1/NusJh_P0McPkZcD12dDvwISr_bI.roa
Signing time:             Mon 01 Jan 2024 16:29:57 +0000
ROA not before:           Mon 01 Jan 2024 16:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43204
IP address blocks:        78.108.122.0/24 maxlen: 24
                          185.36.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/5cfc47-2210-4739-a964-cef01362c4a8/1/h64K8oLdTpvBuCGUrtOxlpPYcpg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/5cfc47-2210-4739-a964-cef01362c4a8/1/h64K8oLdTpvBuCGUrtOxlpPYcpg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h64K8oLdTpvBuCGUrtOxlpPYcpg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:4b:17:f9:66:d3:0c:32:6c:9f:3a:d6:b9:42:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87ae0af282dd4e9bc1b82194aed3b19693d87298
        Validity
            Not Before: Jan  1 16:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36eb0987f3f431c3e465c0f5d9d0efc084abfdb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:9f:9f:e6:c8:f8:c9:99:e7:5b:96:cd:48:41:
                    97:2e:06:10:55:5a:b6:09:ac:4e:da:e9:2d:f7:45:
                    c2:6d:4e:59:cd:8e:a3:ac:cd:9b:92:36:3e:fa:5e:
                    e3:79:22:a7:f0:82:97:ab:e1:bc:bd:77:58:05:fe:
                    e7:8b:96:43:88:62:10:50:0d:fa:fc:1f:ec:49:c8:
                    e0:e0:4c:47:f1:6a:a8:70:67:75:71:d8:02:6f:d6:
                    ce:bd:fe:6e:cc:d3:43:79:60:75:d4:b1:ea:5b:5a:
                    ac:eb:3a:3e:c5:b2:a6:88:73:c8:9c:86:c5:cf:75:
                    4c:b4:37:ed:5c:21:34:76:ae:06:80:db:5f:ab:64:
                    bf:52:92:3c:4c:0f:f0:5f:ad:ae:76:59:be:43:20:
                    a0:3d:39:bb:15:a0:ce:a7:12:02:51:5d:6e:ef:04:
                    46:ed:dc:0e:51:6a:04:50:f5:e2:a2:d7:32:d8:14:
                    99:4a:33:f2:09:af:2b:b3:02:12:48:c2:de:6e:92:
                    ef:1a:fe:fb:56:70:c1:7d:58:56:09:cc:18:e6:0c:
                    a3:20:d0:2d:2b:25:c3:7d:ed:fd:d7:ef:3b:d0:65:
                    94:ab:9e:56:30:94:4f:93:8d:69:5e:c0:84:e2:d4:
                    35:be:71:78:a7:7e:fd:44:59:98:8d:99:0e:2a:78:
                    a4:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:EB:09:87:F3:F4:31:C3:E4:65:C0:F5:D9:D0:EF:C0:84:AB:FD:B2
            X509v3 Authority Key Identifier:
                keyid:87:AE:0A:F2:82:DD:4E:9B:C1:B8:21:94:AE:D3:B1:96:93:D8:72:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h64K8oLdTpvBuCGUrtOxlpPYcpg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/5cfc47-2210-4739-a964-cef01362c4a8/1/NusJh_P0McPkZcD12dDvwISr_bI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/5cfc47-2210-4739-a964-cef01362c4a8/1/h64K8oLdTpvBuCGUrtOxlpPYcpg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.108.122.0/24
                  185.36.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:14:a4:31:9e:7e:aa:0c:b5:e0:f2:0e:1f:5f:3d:29:55:a7:
         9f:fb:60:aa:91:79:32:aa:e9:0f:92:8c:a4:b0:82:70:8a:a5:
         b8:ca:2b:e8:ba:5b:42:85:38:5a:4b:e2:4c:b9:56:3a:3c:e1:
         c0:1c:94:53:74:dc:86:24:c7:d6:aa:12:47:99:00:93:c6:03:
         c0:86:6d:48:14:e3:99:7f:ed:96:20:2e:0d:81:c5:27:dd:bb:
         b6:7a:ee:ec:8e:9e:90:1f:a1:3b:27:78:ec:e6:b5:b7:c7:f5:
         54:84:2c:3a:4d:d4:d9:45:bf:8b:83:2d:99:88:8e:5b:f0:d3:
         41:42:e8:55:1c:a9:42:10:76:44:1e:87:7b:74:4a:a6:a4:88:
         66:e0:07:1c:51:35:e4:fd:5b:e3:39:d5:72:53:82:ca:9c:b9:
         3d:6a:d4:90:cd:0b:7c:9f:48:c5:a1:24:d3:33:c5:2c:b5:07:
         1f:20:71:76:4c:a7:05:d3:4f:e1:18:0e:bf:93:4a:f7:7d:49:
         d8:ac:68:4f:ed:ec:9b:6f:d8:e0:fe:fb:2e:24:5b:c4:28:22:
         a2:f0:1c:1b:1a:50:4e:97:85:41:9d:72:a8:58:11:9e:a9:57:
         2a:c5:02:e3:99:7c:ed:e1:b7:4c:70:1b:fd:8e:81:a3:74:ac:
         76:34:5c:4a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzF3EsX+WbTDDJsnzrWuUI+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3YWUwYWYyODJkZDRlOWJjMWI4MjE5NGFlZDNiMTk2OTNk
ODcyOTgwHhcNMjQwMTAxMTYyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmViMDk4N2YzZjQzMWMzZTQ2NWMwZjVkOWQwZWZjMDg0YWJmZGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmp+f5sj4yZnnW5bNSEGXLgYQVVq2
CaxO2ukt90XCbU5ZzY6jrM2bkjY++l7jeSKn8IKXq+G8vXdYBf7ni5ZDiGIQUA36
/B/sScjg4ExH8WqocGd1cdgCb9bOvf5uzNNDeWB11LHqW1qs6zo+xbKmiHPInIbF
z3VMtDftXCE0dq4GgNtfq2S/UpI8TA/wX62udlm+QyCgPTm7FaDOpxICUV1u7wRG
7dwOUWoEUPXiotcy2BSZSjPyCa8rswISSMLebpLvGv77VnDBfVhWCcwY5gyjINAt
KyXDfe391+870GWUq55WMJRPk41pXsCE4tQ1vnF4p379RFmYjZkOKnik7wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDbrCYfz9DHD5GXA9dnQ78CEq/2yMB8GA1UdIwQY
MBaAFIeuCvKC3U6bwbghlK7TsZaT2HKYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDY0SzhvTGRUcHZCdUNHVXJ0T3hscFBZY3BnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS81Y2ZjNDctMjIxMC00NzM5LWE5NjQt
Y2VmMDEzNjJjNGE4LzEvTnVzSmhfUDBNY1BrWmNEMTJkRHZ3SVNyX2JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS81Y2ZjNDctMjIxMC00NzM5LWE5NjQtY2VmMDEzNjJjNGE4
LzEvaDY0SzhvTGRUcHZCdUNHVXJ0T3hscFBZY3BnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATmx6AwQA
uSQVMA0GCSqGSIb3DQEBCwUAA4IBAQA6FKQxnn6qDLXg8g4fXz0pVaef+2CqkXky
qukPkoyksIJwiqW4yivoultChThaS+JMuVY6POHAHJRTdNyGJMfWqhJHmQCTxgPA
hm1IFOOZf+2WIC4NgcUn3bu2eu7sjp6QH6E7J3js5rW3x/VUhCw6TdTZRb+Lgy2Z
iI5b8NNBQuhVHKlCEHZEHod7dEqmpIhm4AccUTXk/VvjOdVyU4LKnLk9atSQzQt8
n0jFoSTTM8UstQcfIHF2TKcF00/hGA6/k0r3fUnYrGhP7eybb9jg/vsuJFvEKCKi
8BwbGlBOl4VBnXKoWBGeqVcqxQLjmXzt4bdMcBv9joGjdKx2NFxK
-----END CERTIFICATE-----