Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/76dc25-b389-4024-bf28-f4f0561b7a57/1/ne5_TbHbIjO3LGUVC8LTPRRnfok.roa
File:                     ne5_TbHbIjO3LGUVC8LTPRRnfok.roa (raw, json)
Hash identifier:          id9Obu3gkqkRvXgI4IoVvqLJgeaB/EULZj1DtOfc36Y=
Subject key identifier:   9D:EE:7F:4D:B1:DB:22:33:B7:2C:65:15:0B:C2:D3:3D:14:67:7E:89
Certificate issuer:       /CN=9c4d86afb59f1d9dd16c1125009b998382e36ed3
Certificate serial:       018CC56F00FA6471819CA8E624DDB4CCE754
Authority key identifier: 9C:4D:86:AF:B5:9F:1D:9D:D1:6C:11:25:00:9B:99:83:82:E3:6E:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nE2Gr7WfHZ3RbBElAJuZg4LjbtM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/76dc25-b389-4024-bf28-f4f0561b7a57/1/ne5_TbHbIjO3LGUVC8LTPRRnfok.roa
Signing time:             Mon 01 Jan 2024 14:30:35 +0000
ROA not before:           Mon 01 Jan 2024 14:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34763
IP address blocks:        193.84.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/76dc25-b389-4024-bf28-f4f0561b7a57/1/nE2Gr7WfHZ3RbBElAJuZg4LjbtM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/76dc25-b389-4024-bf28-f4f0561b7a57/1/nE2Gr7WfHZ3RbBElAJuZg4LjbtM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nE2Gr7WfHZ3RbBElAJuZg4LjbtM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6f:00:fa:64:71:81:9c:a8:e6:24:dd:b4:cc:e7:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c4d86afb59f1d9dd16c1125009b998382e36ed3
        Validity
            Not Before: Jan  1 14:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9dee7f4db1db2233b72c65150bc2d33d14677e89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:bd:14:a6:9c:ec:61:b8:dd:9b:73:95:53:cd:
                    8b:cd:f3:05:03:16:d7:41:5c:73:f7:d9:b4:8f:18:
                    67:39:83:ef:99:2d:fe:ae:09:92:39:c5:94:cf:bc:
                    a9:35:b1:bb:b0:5d:63:9d:21:5b:c3:0b:fe:e5:2d:
                    01:e2:46:e9:ee:1e:4b:79:9f:fa:50:9a:de:dc:0a:
                    aa:0d:03:41:d0:f5:a6:87:19:b7:5b:fd:83:8b:85:
                    46:75:fc:7b:8a:47:47:4f:88:76:38:24:99:0c:a3:
                    2a:76:bd:3f:c9:84:0e:57:e9:c5:50:58:f5:1d:4f:
                    68:d7:49:ec:51:c1:9f:ac:d0:5d:ca:ad:32:0b:01:
                    66:2d:4d:80:4a:d2:46:4d:f7:f2:d4:ca:5b:68:cd:
                    1a:7a:ab:c4:fc:8a:5a:5a:0d:85:00:ab:5c:0c:93:
                    88:a2:be:ac:d0:dc:53:d0:a5:c5:f7:5e:f7:7d:0d:
                    a8:be:be:e9:fa:26:9c:77:05:4f:d1:65:ea:55:af:
                    ed:18:38:a6:27:9b:59:e2:d7:f7:0f:12:cb:d4:4a:
                    1e:d8:bb:c9:ec:9b:d6:fd:6b:5a:61:69:37:04:54:
                    1b:c0:c3:58:3b:25:f3:28:30:35:0a:46:d9:55:dc:
                    0e:79:5a:ef:2a:e9:9d:08:48:e3:a5:ef:37:3d:ee:
                    ca:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:EE:7F:4D:B1:DB:22:33:B7:2C:65:15:0B:C2:D3:3D:14:67:7E:89
            X509v3 Authority Key Identifier:
                keyid:9C:4D:86:AF:B5:9F:1D:9D:D1:6C:11:25:00:9B:99:83:82:E3:6E:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nE2Gr7WfHZ3RbBElAJuZg4LjbtM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/76dc25-b389-4024-bf28-f4f0561b7a57/1/ne5_TbHbIjO3LGUVC8LTPRRnfok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/76dc25-b389-4024-bf28-f4f0561b7a57/1/nE2Gr7WfHZ3RbBElAJuZg4LjbtM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.84.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:d8:0e:a0:63:69:f2:f8:64:b2:3e:8d:e4:82:d1:4b:49:db:
         57:77:c7:7f:9c:4f:21:ac:9b:88:97:b0:2a:84:ea:15:4a:2e:
         fd:9c:e8:e8:52:b5:89:36:42:52:98:97:1b:ca:d8:70:d6:88:
         8b:5f:47:29:d4:05:24:17:fc:f4:a6:58:d7:56:be:6c:6f:f2:
         b0:a6:07:94:b6:ca:1a:0d:13:9f:ef:54:cc:7a:63:38:33:5f:
         b5:47:5a:96:6d:81:c5:9d:1c:50:f1:2b:06:7f:68:b9:a8:6b:
         c4:1a:f4:c5:2a:81:5f:b1:cf:df:0a:ff:bc:01:23:7d:15:c7:
         c9:83:91:a9:20:41:65:ab:fa:29:ac:cf:58:cb:09:1d:0e:39:
         dd:e0:a3:42:0c:e1:87:35:24:36:52:e5:19:a4:91:9a:0c:ee:
         ca:2e:1d:7f:a4:35:95:d0:b3:f6:12:dd:19:70:16:32:98:af:
         b2:d7:c0:15:35:95:09:da:5e:61:bd:d2:a5:9e:0c:d0:11:c2:
         a2:40:1b:72:e6:48:c0:ab:0d:ab:4f:9d:06:f9:b3:d8:0e:ce:
         80:7f:0d:23:96:5c:5c:cd:22:8d:94:b7:f9:11:d5:72:d1:1b:
         91:eb:97:94:f0:95:ad:ee:33:11:3e:a3:fa:48:ec:7c:68:8a:
         7c:93:7b:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbwD6ZHGBnKjmJN20zOdUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNGQ4NmFmYjU5ZjFkOWRkMTZjMTEyNTAwOWI5OTgzODJl
MzZlZDMwHhcNMjQwMTAxMTQzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGVlN2Y0ZGIxZGIyMjMzYjcyYzY1MTUwYmMyZDMzZDE0Njc3ZTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx70UppzsYbjdm3OVU82LzfMFAxbX
QVxz99m0jxhnOYPvmS3+rgmSOcWUz7ypNbG7sF1jnSFbwwv+5S0B4kbp7h5LeZ/6
UJre3AqqDQNB0PWmhxm3W/2Di4VGdfx7ikdHT4h2OCSZDKMqdr0/yYQOV+nFUFj1
HU9o10nsUcGfrNBdyq0yCwFmLU2AStJGTffy1MpbaM0aeqvE/IpaWg2FAKtcDJOI
or6s0NxT0KXF9173fQ2ovr7p+iacdwVP0WXqVa/tGDimJ5tZ4tf3DxLL1Eoe2LvJ
7JvW/WtaYWk3BFQbwMNYOyXzKDA1CkbZVdwOeVrvKumdCEjjpe83Pe7KlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ3uf02x2yIztyxlFQvC0z0UZ36JMB8GA1UdIwQY
MBaAFJxNhq+1nx2d0WwRJQCbmYOC427TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkUyR3I3V2ZIWjNSYkJFbEFKdVpnNExqYnRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC83NmRjMjUtYjM4OS00MDI0LWJmMjgt
ZjRmMDU2MWI3YTU3LzEvbmU1X1RiSGJJak8zTEdVVkM4TFRQUlJuZm9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC83NmRjMjUtYjM4OS00MDI0LWJmMjgtZjRmMDU2MWI3YTU3
LzEvbkUyR3I3V2ZIWjNSYkJFbEFKdVpnNExqYnRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwVR3MA0G
CSqGSIb3DQEBCwUAA4IBAQAv2A6gY2ny+GSyPo3kgtFLSdtXd8d/nE8hrJuIl7Aq
hOoVSi79nOjoUrWJNkJSmJcbythw1oiLX0cp1AUkF/z0pljXVr5sb/KwpgeUtsoa
DROf71TMemM4M1+1R1qWbYHFnRxQ8SsGf2i5qGvEGvTFKoFfsc/fCv+8ASN9FcfJ
g5GpIEFlq/oprM9YywkdDjnd4KNCDOGHNSQ2UuUZpJGaDO7KLh1/pDWV0LP2Et0Z
cBYymK+y18AVNZUJ2l5hvdKlngzQEcKiQBty5kjAqw2rT50G+bPYDs6Afw0jllxc
zSKNlLf5EdVy0RuR65eU8JWt7jMRPqP6SOx8aIp8k3v6
-----END CERTIFICATE-----