Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/73e504-b7bb-4ff8-bad8-b79552e700c5/1/ne8HBNVoATDljetUi-5G3PBefpA.roa
File:                     ne8HBNVoATDljetUi-5G3PBefpA.roa (raw, json)
Hash identifier:          FF93uF9gi/kANPdrul+5GXwTes/lCANLK25A5Oreiro=
Subject key identifier:   9D:EF:07:04:D5:68:01:30:E5:8D:EB:54:8B:EE:46:DC:F0:5E:7E:90
Certificate issuer:       /CN=67b3b58b452239001eac2e221ba56c3afed7a790
Certificate serial:       018CC79514E5BF842E978FB4697912B11127
Authority key identifier: 67:B3:B5:8B:45:22:39:00:1E:AC:2E:22:1B:A5:6C:3A:FE:D7:A7:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z7O1i0UiOQAerC4iG6VsOv7Xp5A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/73e504-b7bb-4ff8-bad8-b79552e700c5/1/ne8HBNVoATDljetUi-5G3PBefpA.roa
Signing time:             Tue 02 Jan 2024 00:31:25 +0000
ROA not before:           Tue 02 Jan 2024 00:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35597
IP address blocks:        194.117.242.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/73e504-b7bb-4ff8-bad8-b79552e700c5/1/Z7O1i0UiOQAerC4iG6VsOv7Xp5A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/73e504-b7bb-4ff8-bad8-b79552e700c5/1/Z7O1i0UiOQAerC4iG6VsOv7Xp5A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z7O1i0UiOQAerC4iG6VsOv7Xp5A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:14:e5:bf:84:2e:97:8f:b4:69:79:12:b1:11:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67b3b58b452239001eac2e221ba56c3afed7a790
        Validity
            Not Before: Jan  2 00:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9def0704d5680130e58deb548bee46dcf05e7e90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:0a:23:7d:8b:bb:29:fb:02:d5:f5:39:f1:13:
                    92:59:8b:45:ec:b1:ec:16:53:58:8c:18:5e:aa:41:
                    5b:bc:07:09:5d:79:47:75:f6:25:fc:44:4f:6b:ac:
                    49:a4:37:ab:b9:d1:18:ed:76:ec:8a:5b:8f:a5:73:
                    c4:2c:63:db:50:74:c6:1b:93:86:84:79:52:ea:fd:
                    02:af:0b:4e:8a:13:35:a0:83:57:0f:06:42:9b:ee:
                    e4:eb:70:42:be:35:ab:ae:5f:8a:e8:f0:71:1f:11:
                    0e:38:68:ba:85:42:22:7b:8a:a0:d2:d1:92:bf:20:
                    26:f1:ba:4e:84:31:7e:72:f3:4d:0f:4c:a3:96:33:
                    91:c3:03:e3:7b:e6:b2:31:59:c1:5d:35:2b:8a:56:
                    49:92:36:e4:da:99:27:4a:d9:8f:fd:e4:23:20:73:
                    f1:aa:4e:f2:e3:8e:a4:12:8d:08:8b:8e:4f:dc:03:
                    f4:16:68:8d:58:9d:7f:43:9b:b4:9b:cf:6c:b6:46:
                    7b:60:1b:ad:4f:72:95:78:14:94:7f:11:a4:1d:cc:
                    a1:7e:65:7b:96:38:71:28:45:fe:57:26:ba:84:27:
                    53:f8:2f:23:2c:f9:37:cf:59:1d:5d:55:6b:ee:71:
                    a5:0f:3d:bf:1b:f0:78:e6:54:50:d8:a1:a8:60:4d:
                    ab:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:EF:07:04:D5:68:01:30:E5:8D:EB:54:8B:EE:46:DC:F0:5E:7E:90
            X509v3 Authority Key Identifier:
                keyid:67:B3:B5:8B:45:22:39:00:1E:AC:2E:22:1B:A5:6C:3A:FE:D7:A7:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z7O1i0UiOQAerC4iG6VsOv7Xp5A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/73e504-b7bb-4ff8-bad8-b79552e700c5/1/ne8HBNVoATDljetUi-5G3PBefpA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/73e504-b7bb-4ff8-bad8-b79552e700c5/1/Z7O1i0UiOQAerC4iG6VsOv7Xp5A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.117.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2d:56:26:f0:63:d8:97:5b:04:88:93:b0:44:0f:b2:73:fe:b4:
         d9:2a:5c:7b:82:a8:b4:ef:b2:0c:c4:e0:c8:eb:c8:69:6e:88:
         92:a4:ef:79:1a:ac:89:74:db:4e:f8:c6:9f:8f:5c:0e:cd:dc:
         31:bb:56:ca:75:2c:d1:1a:dd:53:12:32:9c:32:c7:09:d1:31:
         65:f1:e6:23:42:3e:5e:de:3d:7a:d3:60:21:84:51:14:c9:63:
         d3:2f:20:ab:81:ef:6b:23:3b:3c:06:4f:88:52:a4:e8:8d:13:
         e4:3f:09:d1:e5:70:0a:78:c8:9b:04:6b:24:44:fe:23:d6:d2:
         e7:64:8b:15:f5:6c:29:35:46:2e:e6:79:65:a1:b9:e3:4c:a6:
         70:11:39:73:cc:66:15:5f:cc:b7:6a:49:a1:06:56:f8:5b:fc:
         55:b2:8b:91:0f:a9:cf:fd:42:8a:8c:8d:3e:0d:b6:08:30:4e:
         57:f6:99:3a:80:69:0b:da:8a:0c:c0:64:30:80:6d:95:4a:54:
         ea:5c:50:e3:f2:37:19:d4:a7:dd:48:b1:83:30:cd:af:54:c2:
         c9:c3:5d:b2:c6:a7:d8:45:ae:a3:81:65:da:98:8f:66:0d:1f:
         58:55:f5:d0:bd:63:31:bb:66:d9:6e:50:b8:43:6a:be:35:ab:
         02:9d:48:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlRTlv4Qul4+0aXkSsREnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YjNiNThiNDUyMjM5MDAxZWFjMmUyMjFiYTU2YzNhZmVk
N2E3OTAwHhcNMjQwMTAyMDAzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGVmMDcwNGQ1NjgwMTMwZTU4ZGViNTQ4YmVlNDZkY2YwNWU3ZTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoAojfYu7KfsC1fU58ROSWYtF7LHs
FlNYjBheqkFbvAcJXXlHdfYl/ERPa6xJpDerudEY7XbsiluPpXPELGPbUHTGG5OG
hHlS6v0CrwtOihM1oINXDwZCm+7k63BCvjWrrl+K6PBxHxEOOGi6hUIie4qg0tGS
vyAm8bpOhDF+cvNND0yjljORwwPje+ayMVnBXTUrilZJkjbk2pknStmP/eQjIHPx
qk7y446kEo0Ii45P3AP0FmiNWJ1/Q5u0m89stkZ7YButT3KVeBSUfxGkHcyhfmV7
ljhxKEX+Vya6hCdT+C8jLPk3z1kdXVVr7nGlDz2/G/B45lRQ2KGoYE2rtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ3vBwTVaAEw5Y3rVIvuRtzwXn6QMB8GA1UdIwQY
MBaAFGeztYtFIjkAHqwuIhulbDr+16eQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjdPMWkwVWlPUUFlckM0aUc2VnNPdjdYcDVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy83M2U1MDQtYjdiYi00ZmY4LWJhZDgt
Yjc5NTUyZTcwMGM1LzEvbmU4SEJOVm9BVERsamV0VWktNUczUEJlZnBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy83M2U1MDQtYjdiYi00ZmY4LWJhZDgtYjc5NTUyZTcwMGM1
LzEvWjdPMWkwVWlPUUFlckM0aUc2VnNPdjdYcDVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwnXyMA0G
CSqGSIb3DQEBCwUAA4IBAQAtVibwY9iXWwSIk7BED7Jz/rTZKlx7gqi077IMxODI
68hpboiSpO95GqyJdNtO+Mafj1wOzdwxu1bKdSzRGt1TEjKcMscJ0TFl8eYjQj5e
3j1602AhhFEUyWPTLyCrge9rIzs8Bk+IUqTojRPkPwnR5XAKeMibBGskRP4j1tLn
ZIsV9WwpNUYu5nllobnjTKZwETlzzGYVX8y3akmhBlb4W/xVsouRD6nP/UKKjI0+
DbYIME5X9pk6gGkL2ooMwGQwgG2VSlTqXFDj8jcZ1KfdSLGDMM2vVMLJw12yxqfY
Ra6jgWXamI9mDR9YVfXQvWMxu2bZblC4Q2q+NasCnUhD
-----END CERTIFICATE-----