Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/0a3a0f-60f8-4a1c-bba0-7b880c063367/1/ne3FBVVm58i9nGDk5FXPkK1IVpE.roa
File:                     ne3FBVVm58i9nGDk5FXPkK1IVpE.roa (raw, json)
Hash identifier:          fQZg1MinbSHNrDIEAOuBqtFmlReiZl9VXUGCg/qng84=
Subject key identifier:   9D:ED:C5:05:55:66:E7:C8:BD:9C:60:E4:E4:55:CF:90:AD:48:56:91
Certificate issuer:       /CN=3406d2c439ccbcb78a82d5cb2b4c3ff6e9934b96
Certificate serial:       018CCA2A12937E2A4429EFBFABA99E7DBAEA
Authority key identifier: 34:06:D2:C4:39:CC:BC:B7:8A:82:D5:CB:2B:4C:3F:F6:E9:93:4B:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NAbSxDnMvLeKgtXLK0w_9umTS5Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/0a3a0f-60f8-4a1c-bba0-7b880c063367/1/ne3FBVVm58i9nGDk5FXPkK1IVpE.roa
Signing time:             Tue 02 Jan 2024 12:33:24 +0000
ROA not before:           Tue 02 Jan 2024 12:33:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     931
IP address blocks:        5.252.164.0/24 maxlen: 24
                          5.252.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/0a3a0f-60f8-4a1c-bba0-7b880c063367/1/NAbSxDnMvLeKgtXLK0w_9umTS5Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/0a3a0f-60f8-4a1c-bba0-7b880c063367/1/NAbSxDnMvLeKgtXLK0w_9umTS5Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NAbSxDnMvLeKgtXLK0w_9umTS5Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 20:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:12:93:7e:2a:44:29:ef:bf:ab:a9:9e:7d:ba:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3406d2c439ccbcb78a82d5cb2b4c3ff6e9934b96
        Validity
            Not Before: Jan  2 12:33:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9dedc5055566e7c8bd9c60e4e455cf90ad485691
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:9e:39:ac:9c:7b:71:98:fa:0b:da:3d:78:59:
                    bd:f9:c7:b9:50:d3:ed:27:95:b0:ac:8b:f8:7b:ba:
                    28:cc:5c:59:d6:57:e0:23:fa:98:67:ea:8c:ae:c5:
                    42:a4:c3:25:9e:10:6d:4d:b7:5b:c5:57:1d:97:db:
                    b3:ec:54:93:bf:32:24:93:c3:fb:eb:ee:53:25:75:
                    78:b4:39:39:ac:b5:82:ed:e8:be:ff:ca:e0:ca:23:
                    cf:d8:49:29:17:b2:84:a3:32:e5:78:35:3d:5c:f3:
                    9d:b5:14:e1:a3:f1:c6:d1:31:73:ee:e0:1a:43:07:
                    38:8a:25:ad:c6:0a:26:72:6e:b0:e4:8d:75:69:97:
                    79:76:fd:97:b6:c4:11:20:12:e1:9e:0d:fd:43:99:
                    dc:0c:66:b0:99:e3:82:1b:d0:59:17:41:20:a7:7e:
                    27:ba:1a:50:31:9d:96:6d:b8:3f:26:75:24:22:d2:
                    2b:86:29:30:0a:d1:07:3c:c9:6b:2c:82:b0:bd:9e:
                    0b:c2:ef:06:56:dc:45:d3:7e:1b:eb:a2:63:a7:5f:
                    2a:51:50:cc:93:51:8e:9f:98:36:fe:cd:d3:1b:70:
                    28:ca:3f:15:65:b3:da:7c:18:b9:e9:0e:0f:9b:49:
                    e9:dc:27:0d:b0:ff:f2:ee:c9:9d:1e:6e:63:96:f4:
                    13:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:ED:C5:05:55:66:E7:C8:BD:9C:60:E4:E4:55:CF:90:AD:48:56:91
            X509v3 Authority Key Identifier:
                keyid:34:06:D2:C4:39:CC:BC:B7:8A:82:D5:CB:2B:4C:3F:F6:E9:93:4B:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NAbSxDnMvLeKgtXLK0w_9umTS5Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/0a3a0f-60f8-4a1c-bba0-7b880c063367/1/ne3FBVVm58i9nGDk5FXPkK1IVpE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/0a3a0f-60f8-4a1c-bba0-7b880c063367/1/NAbSxDnMvLeKgtXLK0w_9umTS5Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.164.0/24
                  5.252.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:b3:e7:98:69:59:27:c3:e1:66:4a:48:f6:cd:5b:ab:5f:42:
         46:2b:ff:dd:08:07:a3:72:aa:d8:58:aa:9a:b5:6c:17:d6:17:
         cb:1d:bf:b8:60:88:7d:68:bf:16:bb:2d:86:88:08:b0:8d:12:
         11:4f:c0:a8:17:0e:1a:7c:e3:bb:11:4b:5d:65:64:39:a3:54:
         0b:c1:2d:03:d3:7d:84:5c:07:e6:fe:14:cd:a5:02:1c:0b:10:
         e3:11:4a:29:59:77:53:06:7f:6b:29:d7:47:c5:8c:ba:2f:86:
         70:2a:f9:6b:79:62:88:22:84:1a:70:e6:ad:81:01:2d:f8:7d:
         da:e0:70:10:6e:31:c8:04:a3:00:23:92:18:fd:68:ca:d6:d9:
         cb:05:36:d0:b1:ca:36:06:e8:58:42:a2:27:9b:a1:23:d3:eb:
         e3:ad:ed:40:b4:07:c8:78:00:28:33:88:e7:fa:87:b8:77:c4:
         63:f1:ce:d1:12:73:ad:04:11:f2:f0:98:95:ef:5c:e6:00:30:
         1c:0c:59:d6:c1:83:8d:52:ae:e4:54:c5:c6:32:4c:b5:ef:27:
         62:2a:09:0d:fd:02:07:2e:cb:ad:6c:1d:60:5d:57:d9:47:a9:
         f4:ca:69:0a:dc:6b:49:f5:65:e1:72:18:f9:18:d9:ee:a3:ca:
         78:90:f5:cd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKhKTfipEKe+/q6mefbrqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0MDZkMmM0MzljY2JjYjc4YTgyZDVjYjJiNGMzZmY2ZTk5
MzRiOTYwHhcNMjQwMTAyMTIzMzI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGVkYzUwNTU1NjZlN2M4YmQ5YzYwZTRlNDU1Y2Y5MGFkNDg1NjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq545rJx7cZj6C9o9eFm9+ce5UNPt
J5WwrIv4e7oozFxZ1lfgI/qYZ+qMrsVCpMMlnhBtTbdbxVcdl9uz7FSTvzIkk8P7
6+5TJXV4tDk5rLWC7ei+/8rgyiPP2EkpF7KEozLleDU9XPOdtRTho/HG0TFz7uAa
Qwc4iiWtxgomcm6w5I11aZd5dv2XtsQRIBLhng39Q5ncDGawmeOCG9BZF0Egp34n
uhpQMZ2Wbbg/JnUkItIrhikwCtEHPMlrLIKwvZ4Lwu8GVtxF034b66Jjp18qUVDM
k1GOn5g2/s3TG3Aoyj8VZbPafBi56Q4Pm0np3CcNsP/y7smdHm5jlvQTgwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ3txQVVZufIvZxg5ORVz5CtSFaRMB8GA1UdIwQY
MBaAFDQG0sQ5zLy3ioLVyytMP/bpk0uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkFiU3hEbk12TGVLZ3RYTEswd185dW1UUzVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS8wYTNhMGYtNjBmOC00YTFjLWJiYTAt
N2I4ODBjMDYzMzY3LzEvbmUzRkJWVm01OGk5bkdEazVGWFBrSzFJVnBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS8wYTNhMGYtNjBmOC00YTFjLWJiYTAtN2I4ODBjMDYzMzY3
LzEvTkFiU3hEbk12TGVLZ3RYTEswd185dW1UUzVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABfykAwQA
BfymMA0GCSqGSIb3DQEBCwUAA4IBAQA+s+eYaVknw+FmSkj2zVurX0JGK//dCAej
cqrYWKqatWwX1hfLHb+4YIh9aL8Wuy2GiAiwjRIRT8CoFw4afOO7EUtdZWQ5o1QL
wS0D032EXAfm/hTNpQIcCxDjEUopWXdTBn9rKddHxYy6L4ZwKvlreWKIIoQacOat
gQEt+H3a4HAQbjHIBKMAI5IY/WjK1tnLBTbQsco2BuhYQqInm6Ej0+vjre1AtAfI
eAAoM4jn+oe4d8Rj8c7REnOtBBHy8JiV71zmADAcDFnWwYONUq7kVMXGMky17ydi
KgkN/QIHLsutbB1gXVfZR6n0ymkK3GtJ9WXhchj5GNnuo8p4kPXN
-----END CERTIFICATE-----