Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/rNJg8rMdXwsE_FEZ-6DjjbmEJQY.roa
File:                     rNJg8rMdXwsE_FEZ-6DjjbmEJQY.roa (raw, json)
Hash identifier:          A2NoCY1wO1d56JByIJNMwBKgNyVZCCyCcaqDTN19A/g=
Subject key identifier:   AC:D2:60:F2:B3:1D:5F:0B:04:FC:51:19:FB:A0:E3:8D:B9:84:25:06
Certificate issuer:       /CN=9e3533d662c3f0d6bb1e692f3fab6d7ba3824c28
Certificate serial:       018DB211693B89CFABB73BAE398902BEEF07
Authority key identifier: 9E:35:33:D6:62:C3:F0:D6:BB:1E:69:2F:3F:AB:6D:7B:A3:82:4C:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/njUz1mLD8Na7HmkvP6tte6OCTCg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/rNJg8rMdXwsE_FEZ-6DjjbmEJQY.roa
Signing time:             Fri 16 Feb 2024 13:18:21 +0000
ROA not before:           Fri 16 Feb 2024 13:18:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        193.34.48.0/24 maxlen: 24
                          193.34.51.0/24 maxlen: 24
                          195.13.62.0/24 maxlen: 24
                          195.13.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/njUz1mLD8Na7HmkvP6tte6OCTCg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/njUz1mLD8Na7HmkvP6tte6OCTCg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/njUz1mLD8Na7HmkvP6tte6OCTCg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 04:03:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:b2:11:69:3b:89:cf:ab:b7:3b:ae:39:89:02:be:ef:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e3533d662c3f0d6bb1e692f3fab6d7ba3824c28
        Validity
            Not Before: Feb 16 13:18:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=acd260f2b31d5f0b04fc5119fba0e38db9842506
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:35:79:37:4f:94:22:b8:1a:84:27:db:b9:c2:
                    40:af:47:f9:5a:30:b2:c3:50:d8:f5:ec:91:8d:3e:
                    ef:72:67:30:43:ec:b9:f6:e1:9d:c9:29:2a:7b:d3:
                    92:32:a2:ce:e9:e3:6a:5d:8e:4c:69:59:5a:e6:ce:
                    f3:4b:47:d1:f6:6e:99:74:38:99:ab:77:33:e8:99:
                    ec:58:eb:5d:59:3e:35:08:4a:11:6a:86:1a:aa:cf:
                    0b:75:b5:10:6f:68:ce:77:21:70:fd:f5:28:e4:94:
                    ad:2e:af:da:2a:ec:cd:fe:a3:74:1b:51:af:f3:c6:
                    c7:c2:75:73:85:4e:0f:12:4f:52:e5:b7:c1:9a:19:
                    4f:23:be:ad:4a:bf:bd:45:09:c4:62:ac:8c:52:4f:
                    99:be:24:93:b0:a8:73:58:33:5e:45:7e:82:72:c9:
                    4d:30:c3:66:58:f3:eb:7f:d0:61:3e:1e:80:da:6b:
                    92:39:84:ce:a1:56:60:07:5f:b7:ce:f6:6b:56:5b:
                    f5:05:70:d3:8d:17:6c:70:b4:29:f9:3e:8e:62:45:
                    34:1f:3c:da:ea:49:e7:43:3a:13:bf:62:13:a6:a2:
                    79:9b:ce:d3:aa:35:a3:51:6c:98:47:bf:61:4e:8b:
                    46:cd:27:83:b9:3a:6b:66:19:48:e4:14:2b:6c:eb:
                    b4:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:D2:60:F2:B3:1D:5F:0B:04:FC:51:19:FB:A0:E3:8D:B9:84:25:06
            X509v3 Authority Key Identifier:
                keyid:9E:35:33:D6:62:C3:F0:D6:BB:1E:69:2F:3F:AB:6D:7B:A3:82:4C:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/njUz1mLD8Na7HmkvP6tte6OCTCg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/rNJg8rMdXwsE_FEZ-6DjjbmEJQY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/njUz1mLD8Na7HmkvP6tte6OCTCg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.34.48.0/24
                  193.34.51.0/24
                  195.13.62.0/23

    Signature Algorithm: sha256WithRSAEncryption
         33:f5:a1:3d:fb:3e:59:0a:8c:ec:5e:d2:c0:06:69:0f:f8:b3:
         2f:1b:10:ce:3d:b2:1b:63:c3:c2:0b:74:4d:17:f9:54:d5:0e:
         5e:d0:30:cf:02:60:24:eb:c5:a8:b3:b2:03:51:20:e1:97:4d:
         e2:cf:d1:64:52:0a:b4:b4:f8:6a:65:1a:c3:31:5b:f3:46:e8:
         e6:b7:a0:a1:b5:81:c3:40:62:b1:89:aa:cb:d4:49:2d:88:cd:
         76:e6:ed:1b:82:e1:32:7c:73:89:8b:61:ae:48:e9:3b:5d:6a:
         d8:b7:a2:9b:2f:55:86:0c:40:76:d8:9a:88:de:fc:9a:60:8a:
         43:d2:4a:98:1c:94:d7:79:60:45:7d:06:ee:56:79:b1:a7:6f:
         ee:70:41:5e:94:f4:69:9f:a9:13:3e:ba:08:c3:05:6a:17:16:
         30:a4:bc:eb:da:2a:3e:23:85:43:c3:92:4e:d7:85:9a:55:b2:
         50:90:20:50:8a:97:c0:0a:2a:eb:c0:f8:90:b7:cb:23:31:58:
         56:72:90:f4:05:04:1a:79:f2:96:b2:e4:c3:be:29:d1:94:a7:
         17:a5:65:e2:d3:12:70:49:8a:e9:32:7c:11:10:4f:8a:c5:04:
         1d:aa:d9:eb:b6:f2:32:41:da:ea:0f:b0:02:54:75:61:c7:d3:
         cb:41:2c:fd
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY2yEWk7ic+rtzuuOYkCvu8HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMzUzM2Q2NjJjM2YwZDZiYjFlNjkyZjNmYWI2ZDdiYTM4
MjRjMjgwHhcNMjQwMjE2MTMxODIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2QyNjBmMmIzMWQ1ZjBiMDRmYzUxMTlmYmEwZTM4ZGI5ODQyNTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAojV5N0+UIrgahCfbucJAr0f5WjCy
w1DY9eyRjT7vcmcwQ+y59uGdySkqe9OSMqLO6eNqXY5MaVla5s7zS0fR9m6ZdDiZ
q3cz6JnsWOtdWT41CEoRaoYaqs8LdbUQb2jOdyFw/fUo5JStLq/aKuzN/qN0G1Gv
88bHwnVzhU4PEk9S5bfBmhlPI76tSr+9RQnEYqyMUk+ZviSTsKhzWDNeRX6CcslN
MMNmWPPrf9BhPh6A2muSOYTOoVZgB1+3zvZrVlv1BXDTjRdscLQp+T6OYkU0Hzza
6knnQzoTv2ITpqJ5m87TqjWjUWyYR79hTotGzSeDuTprZhlI5BQrbOu0RwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKzSYPKzHV8LBPxRGfug4425hCUGMB8GA1UdIwQY
MBaAFJ41M9Ziw/DWux5pLz+rbXujgkwoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmpVejFtTEQ4TmE3SG1rdlA2dHRlNk9DVENnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9iZWJlNmQtMTZiMy00YjAyLWIyMDUt
YTc4MzQxMzA5OWQzLzEvck5KZzhyTWRYd3NFX0ZFWi02RGpqYm1FSlFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9iZWJlNmQtMTZiMy00YjAyLWIyMDUtYTc4MzQxMzA5OWQz
LzEvbmpVejFtTEQ4TmE3SG1rdlA2dHRlNk9DVENnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwSIwAwQA
wSIzAwQBww0+MA0GCSqGSIb3DQEBCwUAA4IBAQAz9aE9+z5ZCozsXtLABmkP+LMv
GxDOPbIbY8PCC3RNF/lU1Q5e0DDPAmAk68Wos7IDUSDhl03iz9FkUgq0tPhqZRrD
MVvzRujmt6ChtYHDQGKxiarL1EktiM125u0bguEyfHOJi2GuSOk7XWrYt6KbL1WG
DEB22JqI3vyaYIpD0kqYHJTXeWBFfQbuVnmxp2/ucEFelPRpn6kTProIwwVqFxYw
pLzr2io+I4VDw5JO14WaVbJQkCBQipfACirrwPiQt8sjMVhWcpD0BQQaefKWsuTD
vinRlKcXpWXi0xJwSYrpMnwREE+KxQQdqtnrtvIyQdrqD7ACVHVhx9PLQSz9
-----END CERTIFICATE-----