Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/ncdpQGw8uBIIZmRlIVJIPlzea7k.roa
File:                     ncdpQGw8uBIIZmRlIVJIPlzea7k.roa (raw, json)
Hash identifier:          VGWqzmNf992IzEBHh++MqFxSpqI1LFvFYyUrSUxWu0k=
Subject key identifier:   9D:C7:69:40:6C:3C:B8:12:08:66:64:65:21:52:48:3E:5C:DE:6B:B9
Certificate issuer:       /CN=d93da2019909d9fc37829fd9ec29d948ecff7c92
Certificate serial:       018FE9FB3D5CD24AF5CBE50BFFE247DB9FE8
Authority key identifier: D9:3D:A2:01:99:09:D9:FC:37:82:9F:D9:EC:29:D9:48:EC:FF:7C:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/ncdpQGw8uBIIZmRlIVJIPlzea7k.roa
Signing time:             Wed 05 Jun 2024 19:58:27 +0000
ROA not before:           Wed 05 Jun 2024 19:58:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64267
IP address blocks:        188.209.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e9:fb:3d:5c:d2:4a:f5:cb:e5:0b:ff:e2:47:db:9f:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d93da2019909d9fc37829fd9ec29d948ecff7c92
        Validity
            Not Before: Jun  5 19:58:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9dc769406c3cb812086664652152483e5cde6bb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:37:fe:88:6f:0f:1d:38:e9:cf:27:e6:cf:4d:
                    5c:d0:3a:95:c5:46:31:ab:36:95:2c:40:15:e6:a6:
                    2f:c7:35:81:a4:0e:80:18:30:7c:a0:7d:8f:5c:da:
                    60:c3:54:13:41:a1:86:b5:1e:ea:f7:3d:4f:61:aa:
                    90:51:1f:2d:df:e7:da:6e:89:f0:f5:0e:0c:6d:a6:
                    a1:0b:51:2b:56:ef:64:b9:e3:6a:98:6a:74:ef:b9:
                    78:83:95:63:b8:c2:2c:f4:3e:99:5d:f8:6f:b2:be:
                    a0:1a:41:30:14:1f:0c:ad:a6:18:ea:a7:a1:19:37:
                    6b:b2:f6:10:bb:a2:51:5c:61:74:77:b8:35:1f:6e:
                    42:ef:7e:3f:f9:27:e7:a5:3a:1d:73:35:11:1b:12:
                    26:03:3f:08:b8:a8:e7:57:46:40:8d:a6:63:34:7d:
                    45:8f:4e:b5:52:97:52:16:bd:57:94:59:96:7f:52:
                    bd:9c:cd:8a:e7:d0:e7:3a:9d:92:56:45:4c:a5:e4:
                    e7:62:88:0a:10:9f:24:ab:8f:99:e6:64:ff:98:e2:
                    31:d7:83:8e:9a:27:a2:58:85:55:e3:9e:4b:5d:d8:
                    6c:e4:c1:b7:5d:cd:c7:c0:ed:a9:ba:2b:d8:a8:cd:
                    1f:31:bf:c3:32:07:89:16:7c:e6:99:05:d0:fa:6a:
                    8a:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:C7:69:40:6C:3C:B8:12:08:66:64:65:21:52:48:3E:5C:DE:6B:B9
            X509v3 Authority Key Identifier:
                keyid:D9:3D:A2:01:99:09:D9:FC:37:82:9F:D9:EC:29:D9:48:EC:FF:7C:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/ncdpQGw8uBIIZmRlIVJIPlzea7k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.209.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:65:5b:7a:11:b1:b2:8e:ea:21:7b:3c:75:ef:f0:b6:3b:7d:
         30:59:70:5d:c7:77:e7:f5:17:0f:74:a9:e9:5b:8f:f5:e2:8a:
         68:dd:64:83:93:f1:93:32:c5:dc:d2:ec:0e:57:02:3e:87:b7:
         95:53:e2:19:ae:82:6b:2d:3d:4c:fd:7e:b7:08:03:cb:7a:d4:
         ec:30:ef:c4:e9:8c:d6:7f:c2:62:50:2d:1c:71:a3:6c:75:9e:
         05:6a:f7:9f:37:05:a2:6d:5c:56:2e:13:74:b0:8f:1d:e3:22:
         c1:2d:ee:2d:58:51:03:56:62:83:58:f8:79:8a:c2:5d:35:a8:
         31:32:40:48:2d:d5:7f:9e:a3:4b:fd:89:b1:f6:11:0d:f0:73:
         00:69:47:ab:94:0e:61:12:a0:4a:3a:95:6c:13:61:bf:27:77:
         4b:2c:dd:73:4d:d8:63:fc:5a:ab:8f:6c:df:95:03:d7:25:d3:
         40:fc:c6:ae:f3:74:33:f9:c1:2d:71:2b:07:b8:8d:bc:2d:f6:
         32:69:31:42:6a:0c:36:e7:4d:c6:67:39:c2:56:65:7c:39:19:
         0e:4f:b0:38:40:39:c2:f3:a8:0c:23:37:0d:91:c9:8e:1c:a9:
         0c:22:2d:48:2d:f5:a9:01:94:71:bf:9a:a0:df:b7:a9:03:99:
         1a:6e:fa:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/p+z1c0kr1y+UL/+JH25/oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5M2RhMjAxOTkwOWQ5ZmMzNzgyOWZkOWVjMjlkOTQ4ZWNm
ZjdjOTIwHhcNMjQwNjA1MTk1ODI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGM3Njk0MDZjM2NiODEyMDg2NjY0NjUyMTUyNDgzZTVjZGU2YmI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtzf+iG8PHTjpzyfmz01c0DqVxUYx
qzaVLEAV5qYvxzWBpA6AGDB8oH2PXNpgw1QTQaGGtR7q9z1PYaqQUR8t3+fabonw
9Q4MbaahC1ErVu9kueNqmGp077l4g5VjuMIs9D6ZXfhvsr6gGkEwFB8MraYY6qeh
GTdrsvYQu6JRXGF0d7g1H25C734/+SfnpTodczURGxImAz8IuKjnV0ZAjaZjNH1F
j061UpdSFr1XlFmWf1K9nM2K59DnOp2SVkVMpeTnYogKEJ8kq4+Z5mT/mOIx14OO
mieiWIVV455LXdhs5MG3Xc3HwO2puivYqM0fMb/DMgeJFnzmmQXQ+mqKlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ3HaUBsPLgSCGZkZSFSSD5c3mu5MB8GA1UdIwQY
MBaAFNk9ogGZCdn8N4Kf2ewp2Ujs/3ySMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlQyaUFaa0oyZnczZ3BfWjdDblpTT3pfZkpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi80N2FmYTMtY2UzMS00MDYwLWEwNzgt
ZjVhZGRkZGYxZWM1LzEvbmNkcFFHdzh1QklJWm1SbElWSklQbHplYTdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi80N2FmYTMtY2UzMS00MDYwLWEwNzgtZjVhZGRkZGYxZWM1
LzEvMlQyaUFaa0oyZnczZ3BfWjdDblpTT3pfZkpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNGFMA0G
CSqGSIb3DQEBCwUAA4IBAQCPZVt6EbGyjuohezx17/C2O30wWXBdx3fn9RcPdKnp
W4/14opo3WSDk/GTMsXc0uwOVwI+h7eVU+IZroJrLT1M/X63CAPLetTsMO/E6YzW
f8JiUC0ccaNsdZ4FavefNwWibVxWLhN0sI8d4yLBLe4tWFEDVmKDWPh5isJdNagx
MkBILdV/nqNL/Ymx9hEN8HMAaUerlA5hEqBKOpVsE2G/J3dLLN1zTdhj/Fqrj2zf
lQPXJdNA/Mau83Qz+cEtcSsHuI28LfYyaTFCagw2503GZznCVmV8ORkOT7A4QDnC
86gMIzcNkcmOHKkMIi1ILfWpAZRxv5qg37epA5kabvrv
-----END CERTIFICATE-----