Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/ace373-b81b-400c-845c-9628f5266542/1/nmv4PFTI5TAtqLRa_8g33bccS-Y.roa
File:                     nmv4PFTI5TAtqLRa_8g33bccS-Y.roa (raw, json)
Hash identifier:          USrMvFmnyaEwM2JiU6oh3nIwFitFwePYfszl/Pljr3U=
Subject key identifier:   9E:6B:F8:3C:54:C8:E5:30:2D:A8:B4:5A:FF:C8:37:DD:B7:1C:4B:E6
Certificate issuer:       /CN=bd4e6edd26ef1b16d848e98130e6fc4450b32752
Certificate serial:       018CC94CBA2C9DB2C7122C53A46B6D82EF7B
Authority key identifier: BD:4E:6E:DD:26:EF:1B:16:D8:48:E9:81:30:E6:FC:44:50:B3:27:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vU5u3SbvGxbYSOmBMOb8RFCzJ1I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/ace373-b81b-400c-845c-9628f5266542/1/nmv4PFTI5TAtqLRa_8g33bccS-Y.roa
Signing time:             Tue 02 Jan 2024 08:31:37 +0000
ROA not before:           Tue 02 Jan 2024 08:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24634
IP address blocks:        194.26.4.0/22 maxlen: 24
                          80.89.176.0/20 maxlen: 24
                          2a06:b940::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/ace373-b81b-400c-845c-9628f5266542/1/vU5u3SbvGxbYSOmBMOb8RFCzJ1I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/ace373-b81b-400c-845c-9628f5266542/1/vU5u3SbvGxbYSOmBMOb8RFCzJ1I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vU5u3SbvGxbYSOmBMOb8RFCzJ1I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 02:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:ba:2c:9d:b2:c7:12:2c:53:a4:6b:6d:82:ef:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd4e6edd26ef1b16d848e98130e6fc4450b32752
        Validity
            Not Before: Jan  2 08:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e6bf83c54c8e5302da8b45affc837ddb71c4be6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:6d:93:b8:45:f8:5f:4a:00:88:46:23:67:df:
                    49:57:0f:a1:c3:78:a6:9e:bf:f3:f5:ed:92:6a:e6:
                    1f:64:15:14:92:76:2c:80:5f:7b:94:5c:d2:c9:d6:
                    5f:e5:ea:d9:21:c8:b6:7d:23:60:af:71:88:83:95:
                    ee:89:05:7f:eb:58:c2:ad:2a:83:f3:59:86:6d:37:
                    e9:81:05:a3:81:5f:3b:95:e9:47:c9:28:ae:fa:c7:
                    89:32:24:bd:41:28:34:17:96:9f:b7:6e:e3:10:d2:
                    dd:ae:bd:c4:05:53:58:2e:46:5b:10:2c:85:10:c0:
                    25:55:b9:2f:56:4c:27:32:9f:16:30:68:dd:2c:ad:
                    a9:c6:d9:63:24:15:d5:fc:59:82:9b:5d:8f:01:96:
                    fa:b4:db:3b:5e:a6:c0:5d:a8:c1:f7:4d:87:5e:27:
                    ee:41:b0:e9:d5:9b:86:17:2a:80:43:f7:41:cd:3b:
                    29:d9:2d:41:3f:0c:e9:74:09:d2:eb:df:f1:1c:89:
                    e5:bf:16:6f:0e:a8:d9:06:26:91:d0:14:45:3b:a2:
                    b4:d0:db:0b:71:e5:12:c9:5a:f1:e8:12:39:f2:ac:
                    b6:c9:d5:18:95:5a:be:15:f6:47:56:9b:67:e9:d1:
                    73:80:e3:d8:4c:60:78:97:c6:90:cb:83:cd:ee:fe:
                    4f:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:6B:F8:3C:54:C8:E5:30:2D:A8:B4:5A:FF:C8:37:DD:B7:1C:4B:E6
            X509v3 Authority Key Identifier:
                keyid:BD:4E:6E:DD:26:EF:1B:16:D8:48:E9:81:30:E6:FC:44:50:B3:27:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vU5u3SbvGxbYSOmBMOb8RFCzJ1I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/ace373-b81b-400c-845c-9628f5266542/1/nmv4PFTI5TAtqLRa_8g33bccS-Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/ace373-b81b-400c-845c-9628f5266542/1/vU5u3SbvGxbYSOmBMOb8RFCzJ1I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.89.176.0/20
                  194.26.4.0/22
                IPv6:
                  2a06:b940::/29

    Signature Algorithm: sha256WithRSAEncryption
         08:e6:79:43:ec:65:96:08:32:94:ae:16:6d:b7:c9:6a:85:bd:
         7c:40:bf:7a:c3:4e:be:4c:9a:ce:80:64:33:a6:9f:c4:41:e5:
         7f:c0:0b:4d:63:cc:6b:57:90:de:f4:7a:82:d6:0b:b9:1d:5d:
         97:c5:20:4a:f9:15:85:a5:31:61:5e:73:06:22:13:ee:e8:92:
         fa:4b:43:9a:64:11:78:67:c9:29:40:76:05:9e:0e:72:9f:6a:
         5e:bf:de:b3:c2:ff:81:b1:dc:cb:c5:55:cd:06:80:f9:70:f0:
         57:14:14:cc:ce:80:5e:2a:30:40:c7:a7:d6:bb:c7:be:13:fc:
         c0:62:ed:14:28:91:f3:cf:7f:eb:53:e8:1b:19:3d:1e:d6:15:
         ce:90:34:2e:b5:4f:79:3d:d4:1e:be:c4:e4:b2:ef:da:0b:9a:
         39:11:22:ce:27:f3:46:fd:21:0e:d8:4e:6a:40:f4:2c:ae:5c:
         fb:9f:5a:6f:cd:39:e8:eb:ef:c1:8b:ce:34:9c:c3:25:e2:ec:
         59:54:df:45:55:fa:fa:2f:ee:29:a7:ec:02:78:e9:85:ef:b3:
         8b:b9:94:7e:75:2e:8f:0f:ab:e3:bb:dc:d6:80:01:5b:84:da:
         f6:1f:94:5a:f0:15:44:bf:a9:73:96:5a:c6:a1:72:fb:f4:9b:
         80:c9:0b:6a
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzJTLosnbLHEixTpGttgu97MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkNGU2ZWRkMjZlZjFiMTZkODQ4ZTk4MTMwZTZmYzQ0NTBi
MzI3NTIwHhcNMjQwMTAyMDgzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTZiZjgzYzU0YzhlNTMwMmRhOGI0NWFmZmM4MzdkZGI3MWM0YmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnm2TuEX4X0oAiEYjZ99JVw+hw3im
nr/z9e2SauYfZBUUknYsgF97lFzSydZf5erZIci2fSNgr3GIg5XuiQV/61jCrSqD
81mGbTfpgQWjgV87lelHySiu+seJMiS9QSg0F5aft27jENLdrr3EBVNYLkZbECyF
EMAlVbkvVkwnMp8WMGjdLK2pxtljJBXV/FmCm12PAZb6tNs7XqbAXajB902HXifu
QbDp1ZuGFyqAQ/dBzTsp2S1BPwzpdAnS69/xHInlvxZvDqjZBiaR0BRFO6K00NsL
ceUSyVrx6BI58qy2ydUYlVq+FfZHVptn6dFzgOPYTGB4l8aQy4PN7v5PIQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJ5r+DxUyOUwLai0Wv/IN923HEvmMB8GA1UdIwQY
MBaAFL1Obt0m7xsW2EjpgTDm/ERQsydSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlU1dTNTYnZHeGJZU09tQk1PYjhSRkN6SjFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy9hY2UzNzMtYjgxYi00MDBjLTg0NWMt
OTYyOGY1MjY2NTQyLzEvbm12NFBGVEk1VEF0cUxSYV84ZzMzYmNjUy1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy9hY2UzNzMtYjgxYi00MDBjLTg0NWMtOTYyOGY1MjY2NTQy
LzEvdlU1dTNTYnZHeGJZU09tQk1PYjhSRkN6SjFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEUFmwAwQC
whoEMA0EAgACMAcDBQMqBrlAMA0GCSqGSIb3DQEBCwUAA4IBAQAI5nlD7GWWCDKU
rhZtt8lqhb18QL96w06+TJrOgGQzpp/EQeV/wAtNY8xrV5De9HqC1gu5HV2XxSBK
+RWFpTFhXnMGIhPu6JL6S0OaZBF4Z8kpQHYFng5yn2pev96zwv+BsdzLxVXNBoD5
cPBXFBTMzoBeKjBAx6fWu8e+E/zAYu0UKJHzz3/rU+gbGT0e1hXOkDQutU95PdQe
vsTksu/aC5o5ESLOJ/NG/SEO2E5qQPQsrlz7n1pvzTno6+/Bi840nMMl4uxZVN9F
Vfr6L+4pp+wCeOmF77OLuZR+dS6PD6vju9zWgAFbhNr2H5Ra8BVEv6lzllrGoXL7
9JuAyQtq
-----END CERTIFICATE-----