Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/b9ed6c-e8c5-431e-b188-f5200f549377/1/ne7u7zrQx9h3GyUCTzVtTKZz5yc.roa
File:                     ne7u7zrQx9h3GyUCTzVtTKZz5yc.roa (raw, json)
Hash identifier:          3jTE7nHCoy0u9yFZiKr5iAaof29Zj8WJDdeH8FAjGpc=
Subject key identifier:   9D:EE:EE:EF:3A:D0:C7:D8:77:1B:25:02:4F:35:6D:4C:A6:73:E7:27
Certificate issuer:       /CN=fe0c9f30e3b46d50b8d1bf79b9d1db84f25134ba
Certificate serial:       018CC49314845EB97BADAECB3AD353B3B30A
Authority key identifier: FE:0C:9F:30:E3:B4:6D:50:B8:D1:BF:79:B9:D1:DB:84:F2:51:34:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_gyfMOO0bVC40b95udHbhPJRNLo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/b9ed6c-e8c5-431e-b188-f5200f549377/1/ne7u7zrQx9h3GyUCTzVtTKZz5yc.roa
Signing time:             Mon 01 Jan 2024 10:30:22 +0000
ROA not before:           Mon 01 Jan 2024 10:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        193.26.22.0/24 maxlen: 24
                          193.26.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/b9ed6c-e8c5-431e-b188-f5200f549377/1/_gyfMOO0bVC40b95udHbhPJRNLo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/b9ed6c-e8c5-431e-b188-f5200f549377/1/_gyfMOO0bVC40b95udHbhPJRNLo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_gyfMOO0bVC40b95udHbhPJRNLo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 07:04:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:14:84:5e:b9:7b:ad:ae:cb:3a:d3:53:b3:b3:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe0c9f30e3b46d50b8d1bf79b9d1db84f25134ba
        Validity
            Not Before: Jan  1 10:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9deeeeef3ad0c7d8771b25024f356d4ca673e727
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:51:c3:93:96:6d:8e:7d:e8:ae:f0:d4:11:43:
                    0a:10:a4:4b:6d:ca:77:7a:fa:2a:43:84:16:bd:ff:
                    68:dd:af:a0:9c:af:74:f2:4c:33:57:7a:70:cf:84:
                    50:08:54:7c:95:b0:31:16:b1:20:30:71:a0:a6:d4:
                    17:7b:b2:16:35:1e:54:2c:3d:58:93:d9:4e:98:f9:
                    f9:ae:be:3b:9b:e5:34:db:78:db:cf:fc:db:55:07:
                    9c:8f:c9:bd:af:6d:56:cd:cb:ac:41:7a:ec:94:df:
                    8c:3a:f1:20:3f:ce:f6:20:5e:46:1d:db:f7:0a:27:
                    37:ea:c8:11:c6:8f:49:b5:bb:43:82:88:eb:10:c2:
                    20:eb:8d:fe:4b:6a:2d:72:36:3c:b8:a2:a8:b6:73:
                    51:07:c2:34:33:52:7e:21:93:9b:02:ea:32:da:ea:
                    66:aa:70:d5:4d:78:e8:8a:0d:c0:c8:f5:16:30:28:
                    68:bb:cf:13:36:23:30:7d:16:ee:05:3e:b4:ff:11:
                    f0:87:7d:37:99:db:2c:56:71:7b:4a:7e:66:17:41:
                    3c:fb:d2:d9:1e:6a:52:d1:d5:5a:06:c0:90:73:cd:
                    89:ec:76:60:23:f9:79:40:4d:29:1b:69:1b:2d:55:
                    04:52:6a:14:31:1d:11:e9:b7:73:6a:8d:5e:3d:71:
                    d5:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:EE:EE:EF:3A:D0:C7:D8:77:1B:25:02:4F:35:6D:4C:A6:73:E7:27
            X509v3 Authority Key Identifier:
                keyid:FE:0C:9F:30:E3:B4:6D:50:B8:D1:BF:79:B9:D1:DB:84:F2:51:34:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_gyfMOO0bVC40b95udHbhPJRNLo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/b9ed6c-e8c5-431e-b188-f5200f549377/1/ne7u7zrQx9h3GyUCTzVtTKZz5yc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/b9ed6c-e8c5-431e-b188-f5200f549377/1/_gyfMOO0bVC40b95udHbhPJRNLo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.26.21.0-193.26.22.255

    Signature Algorithm: sha256WithRSAEncryption
         41:21:ce:e8:eb:7f:ee:4b:46:e3:f9:32:24:48:16:ab:1f:06:
         53:b9:05:44:0d:27:1e:88:03:ae:5b:2d:e1:d4:1d:ab:48:dc:
         44:cc:fe:39:e2:fc:13:b5:70:5d:a3:fc:31:ef:fa:22:07:f6:
         63:87:36:54:fa:bb:66:5b:db:6f:31:13:74:42:51:36:7a:98:
         f7:e4:46:7f:e3:95:60:00:de:d3:76:d0:2e:0d:b9:29:f3:fc:
         34:2d:cc:22:a0:2d:3e:51:f2:ef:a7:1a:40:85:09:7c:52:17:
         69:39:45:65:8c:b4:c5:c6:dd:13:b5:ca:35:22:a3:ac:74:e1:
         58:ca:9b:75:18:1e:3e:e3:f3:17:79:48:39:82:04:27:43:b9:
         89:44:1e:77:ae:5b:7d:2f:f9:c9:2f:e4:83:18:5c:65:1b:a3:
         57:5f:98:90:63:6a:d9:70:d9:d9:68:80:12:2a:d6:6b:5f:d6:
         48:92:17:e6:3c:c1:56:3d:49:88:61:5c:f3:23:67:34:93:49:
         31:ec:87:49:7a:51:0b:17:b2:4f:4e:a0:3b:6b:3d:69:67:8b:
         05:1e:80:21:39:93:14:04:3e:f7:df:58:82:4c:29:1b:de:61:
         26:85:a6:12:7f:e4:49:ae:0c:a9:38:7c:fc:ca:ba:e9:f6:b9:
         e2:60:3b:d3
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzEkxSEXrl7ra7LOtNTs7MKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlMGM5ZjMwZTNiNDZkNTBiOGQxYmY3OWI5ZDFkYjg0ZjI1
MTM0YmEwHhcNMjQwMTAxMTAzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGVlZWVlZjNhZDBjN2Q4NzcxYjI1MDI0ZjM1NmQ0Y2E2NzNlNzI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoFHDk5Ztjn3orvDUEUMKEKRLbcp3
evoqQ4QWvf9o3a+gnK908kwzV3pwz4RQCFR8lbAxFrEgMHGgptQXe7IWNR5ULD1Y
k9lOmPn5rr47m+U023jbz/zbVQecj8m9r21WzcusQXrslN+MOvEgP872IF5GHdv3
Cic36sgRxo9JtbtDgojrEMIg643+S2otcjY8uKKotnNRB8I0M1J+IZObAuoy2upm
qnDVTXjoig3AyPUWMChou88TNiMwfRbuBT60/xHwh303mdssVnF7Sn5mF0E8+9LZ
HmpS0dVaBsCQc82J7HZgI/l5QE0pG2kbLVUEUmoUMR0R6bdzao1ePXHVYwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJ3u7u860MfYdxslAk81bUymc+cnMB8GA1UdIwQY
MBaAFP4MnzDjtG1QuNG/ebnR24TyUTS6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2d5Zk1PTzBiVkM0MGI5NXVkSGJoUEpSTkxvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS9iOWVkNmMtZThjNS00MzFlLWIxODgt
ZjUyMDBmNTQ5Mzc3LzEvbmU3dTd6clF4OWgzR3lVQ1R6VnRUS1p6NXljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS9iOWVkNmMtZThjNS00MzFlLWIxODgtZjUyMDBmNTQ5Mzc3
LzEvX2d5Zk1PTzBiVkM0MGI5NXVkSGJoUEpSTkxvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADBGhUD
BADBGhYwDQYJKoZIhvcNAQELBQADggEBAEEhzujrf+5LRuP5MiRIFqsfBlO5BUQN
Jx6IA65bLeHUHatI3ETM/jni/BO1cF2j/DHv+iIH9mOHNlT6u2Zb228xE3RCUTZ6
mPfkRn/jlWAA3tN20C4NuSnz/DQtzCKgLT5R8u+nGkCFCXxSF2k5RWWMtMXG3RO1
yjUio6x04VjKm3UYHj7j8xd5SDmCBCdDuYlEHneuW30v+ckv5IMYXGUbo1dfmJBj
atlw2dlogBIq1mtf1kiSF+Y8wVY9SYhhXPMjZzSTSTHsh0l6UQsXsk9OoDtrPWln
iwUegCE5kxQEPvffWIJMKRveYSaFphJ/5EmuDKk4fPzKuun2ueJgO9M=
-----END CERTIFICATE-----