Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/5a8e04-dd07-435a-b1bf-adedcaa3d26e/1/ne6EcARtBvtZXTYD-qadcFi2bIc.roa
File:                     ne6EcARtBvtZXTYD-qadcFi2bIc.roa (raw, json)
Hash identifier:          mEuxMNMn0MzB0NNc39ChMf+XZfruorfjy82w+U8ujVY=
Subject key identifier:   9D:EE:84:70:04:6D:06:FB:59:5D:36:03:FA:A6:9D:70:58:B6:6C:87
Certificate issuer:       /CN=9a7edeac0c6c20ea49d492990e4858541d190ff1
Certificate serial:       019034C3F057ECF6BD427AE5035F41318E72
Authority key identifier: 9A:7E:DE:AC:0C:6C:20:EA:49:D4:92:99:0E:48:58:54:1D:19:0F:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mn7erAxsIOpJ1JKZDkhYVB0ZD_E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/5a8e04-dd07-435a-b1bf-adedcaa3d26e/1/ne6EcARtBvtZXTYD-qadcFi2bIc.roa
Signing time:             Thu 20 Jun 2024 08:29:34 +0000
ROA not before:           Thu 20 Jun 2024 08:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56623
IP address blocks:        91.231.54.0/23 maxlen: 23
                          91.231.54.0/24 maxlen: 24
                          91.231.55.0/24 maxlen: 24
                          193.111.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/5a8e04-dd07-435a-b1bf-adedcaa3d26e/1/mn7erAxsIOpJ1JKZDkhYVB0ZD_E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/5a8e04-dd07-435a-b1bf-adedcaa3d26e/1/mn7erAxsIOpJ1JKZDkhYVB0ZD_E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mn7erAxsIOpJ1JKZDkhYVB0ZD_E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 28 Jun 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:34:c3:f0:57:ec:f6:bd:42:7a:e5:03:5f:41:31:8e:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a7edeac0c6c20ea49d492990e4858541d190ff1
        Validity
            Not Before: Jun 20 08:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9dee8470046d06fb595d3603faa69d7058b66c87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:f4:ef:fa:42:da:43:b6:b8:72:a2:cf:fc:46:
                    9c:7f:95:48:19:0a:13:08:3f:39:e9:ba:69:5f:96:
                    80:60:36:d9:fa:b4:ae:e4:02:08:61:99:00:5b:f5:
                    e7:97:53:92:62:c1:18:c3:9e:5b:ab:3a:03:23:a6:
                    29:1e:b1:7d:37:51:6d:7d:d5:91:3c:25:32:d9:f0:
                    79:4b:f1:fd:cc:ef:b3:99:7e:d5:1c:53:24:1f:18:
                    a5:15:0a:b0:68:95:50:b6:35:69:e5:22:e6:47:02:
                    15:b2:fe:ab:d4:bc:84:b2:bb:33:9a:f8:d9:e0:e6:
                    3a:0a:9d:e6:6a:7b:46:64:40:23:e2:b1:f8:bf:71:
                    6d:a5:29:1b:84:0a:29:4a:1a:3b:bd:9c:fd:67:a4:
                    36:b3:49:7b:f8:6c:3c:06:38:28:ad:25:3f:99:1f:
                    4c:50:33:58:c9:34:c7:3c:1c:9a:ef:1b:a4:84:f8:
                    e7:bb:1f:7f:13:e0:74:35:a8:bc:54:5b:c8:77:39:
                    b3:79:4c:cf:c6:a8:72:b5:99:23:70:58:33:7f:0b:
                    74:72:8f:54:5a:be:7e:f4:66:72:d8:7c:de:da:2b:
                    2b:c0:f1:74:40:9b:5e:43:12:0a:d8:91:cb:7e:b6:
                    fe:ed:4e:fb:d5:96:ed:19:42:d4:1e:c6:70:0f:7f:
                    b6:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:EE:84:70:04:6D:06:FB:59:5D:36:03:FA:A6:9D:70:58:B6:6C:87
            X509v3 Authority Key Identifier:
                keyid:9A:7E:DE:AC:0C:6C:20:EA:49:D4:92:99:0E:48:58:54:1D:19:0F:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mn7erAxsIOpJ1JKZDkhYVB0ZD_E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/5a8e04-dd07-435a-b1bf-adedcaa3d26e/1/ne6EcARtBvtZXTYD-qadcFi2bIc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/5a8e04-dd07-435a-b1bf-adedcaa3d26e/1/mn7erAxsIOpJ1JKZDkhYVB0ZD_E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.54.0/23
                  193.111.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:a4:33:5e:07:59:bc:9a:0e:a1:7f:e6:c7:5f:0e:f5:84:47:
         55:2d:84:1d:2d:d5:1f:6a:65:62:0a:ba:31:86:4b:ad:c2:8d:
         69:dc:ec:98:4b:d0:7d:11:a6:15:08:2e:93:54:2f:b3:29:37:
         f0:b1:25:9d:10:37:64:86:b7:77:76:c4:e6:b9:cd:83:9a:a5:
         d3:2e:b8:2b:e5:fd:bc:dd:28:16:cc:fe:70:41:dd:61:a1:4f:
         47:47:9b:3c:96:c3:de:9f:02:55:58:fd:0c:8a:a7:31:c5:e2:
         fb:4a:6c:65:52:98:b8:29:e3:5c:0f:77:1f:82:9a:5c:09:ed:
         9f:06:1f:0c:df:5b:38:42:93:e4:87:c7:19:d7:1a:99:e1:d4:
         ef:75:6e:eb:9e:db:31:d9:2e:b4:e0:12:66:14:aa:93:5b:7a:
         e3:aa:81:30:93:ac:fc:b8:59:09:30:4d:c7:07:7e:cb:30:30:
         84:79:44:2e:43:a8:63:af:4e:0e:05:16:96:d5:c3:c0:25:47:
         30:dd:58:f8:89:61:6a:56:c7:8b:b6:8e:b7:f7:aa:8d:02:be:
         b9:b0:aa:ea:f7:06:9e:b6:ff:df:6a:49:d5:a5:7e:7d:63:a5:
         db:da:f9:07:1e:6f:79:42:67:2a:6c:b6:c7:e6:ef:31:c9:29:
         3d:22:8d:56
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZA0w/BX7Pa9QnrlA19BMY5yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhN2VkZWFjMGM2YzIwZWE0OWQ0OTI5OTBlNDg1ODU0MWQx
OTBmZjEwHhcNMjQwNjIwMDgyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGVlODQ3MDA0NmQwNmZiNTk1ZDM2MDNmYWE2OWQ3MDU4YjY2Yzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqfTv+kLaQ7a4cqLP/Eacf5VIGQoT
CD856bppX5aAYDbZ+rSu5AIIYZkAW/Xnl1OSYsEYw55bqzoDI6YpHrF9N1FtfdWR
PCUy2fB5S/H9zO+zmX7VHFMkHxilFQqwaJVQtjVp5SLmRwIVsv6r1LyEsrszmvjZ
4OY6Cp3mantGZEAj4rH4v3FtpSkbhAopSho7vZz9Z6Q2s0l7+Gw8BjgorSU/mR9M
UDNYyTTHPBya7xukhPjnux9/E+B0Nai8VFvIdzmzeUzPxqhytZkjcFgzfwt0co9U
Wr5+9GZy2Hze2isrwPF0QJteQxIK2JHLfrb+7U771ZbtGULUHsZwD3+2PwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ3uhHAEbQb7WV02A/qmnXBYtmyHMB8GA1UdIwQY
MBaAFJp+3qwMbCDqSdSSmQ5IWFQdGQ/xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbW43ZXJBeHNJT3BKMUpLWkRraFlWQjBaRF9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My81YThlMDQtZGQwNy00MzVhLWIxYmYt
YWRlZGNhYTNkMjZlLzEvbmU2RWNBUnRCdnRaWFRZRC1xYWRjRmkyYkljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My81YThlMDQtZGQwNy00MzVhLWIxYmYtYWRlZGNhYTNkMjZl
LzEvbW43ZXJBeHNJT3BKMUpLWkRraFlWQjBaRF9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW+c2AwQA
wW9TMA0GCSqGSIb3DQEBCwUAA4IBAQBYpDNeB1m8mg6hf+bHXw71hEdVLYQdLdUf
amViCroxhkutwo1p3OyYS9B9EaYVCC6TVC+zKTfwsSWdEDdkhrd3dsTmuc2DmqXT
Lrgr5f283SgWzP5wQd1hoU9HR5s8lsPenwJVWP0MiqcxxeL7SmxlUpi4KeNcD3cf
gppcCe2fBh8M31s4QpPkh8cZ1xqZ4dTvdW7rntsx2S604BJmFKqTW3rjqoEwk6z8
uFkJME3HB37LMDCEeUQuQ6hjr04OBRaW1cPAJUcw3Vj4iWFqVseLto6396qNAr65
sKrq9waetv/faknVpX59Y6Xb2vkHHm95QmcqbLbH5u8xySk9Io1W
-----END CERTIFICATE-----