Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/1c9469-16fe-4e7b-8823-5db439b4ccee/1/Ne1TB9S-5uF_c8_g_w_KYnk754o.roa
File:                     Ne1TB9S-5uF_c8_g_w_KYnk754o.roa (raw, json)
Hash identifier:          WbPLYoJJQiFLa/dSyHi2adb+cFQ0PLhDL4I1Kzefmbk=
Subject key identifier:   35:ED:53:07:D4:BE:E6:E1:7F:73:CF:E0:FF:0F:CA:62:79:3B:E7:8A
Certificate issuer:       /CN=3cbdce45c4882c8a3a257110c6b1f0d49b182a9c
Certificate serial:       018E13E81739432A1B8C942981A56F8238AE
Authority key identifier: 3C:BD:CE:45:C4:88:2C:8A:3A:25:71:10:C6:B1:F0:D4:9B:18:2A:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PL3ORcSILIo6JXEQxrHw1JsYKpw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/1c9469-16fe-4e7b-8823-5db439b4ccee/1/Ne1TB9S-5uF_c8_g_w_KYnk754o.roa
Signing time:             Wed 06 Mar 2024 13:16:01 +0000
ROA not before:           Wed 06 Mar 2024 13:16:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211533
IP address blocks:        185.154.189.0/24 maxlen: 24
                          2a12:dac0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/1c9469-16fe-4e7b-8823-5db439b4ccee/1/PL3ORcSILIo6JXEQxrHw1JsYKpw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/1c9469-16fe-4e7b-8823-5db439b4ccee/1/PL3ORcSILIo6JXEQxrHw1JsYKpw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PL3ORcSILIo6JXEQxrHw1JsYKpw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 04:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:13:e8:17:39:43:2a:1b:8c:94:29:81:a5:6f:82:38:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3cbdce45c4882c8a3a257110c6b1f0d49b182a9c
        Validity
            Not Before: Mar  6 13:16:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=35ed5307d4bee6e17f73cfe0ff0fca62793be78a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:61:b5:4a:67:3a:f9:28:08:83:7a:84:8b:cb:
                    7c:47:47:10:5b:63:73:c8:a2:48:17:14:5e:f8:0e:
                    83:a1:06:cc:6d:ff:8c:d5:69:18:d7:6f:03:0a:cd:
                    91:37:56:1d:08:e2:0b:d7:9a:f3:9f:ae:01:09:72:
                    d8:16:1f:4b:b4:38:0c:08:73:77:43:6e:2b:ed:ed:
                    89:3f:83:92:af:ad:02:4b:aa:61:76:da:6c:66:0a:
                    b3:8c:f1:47:e9:ec:75:56:6a:19:bd:09:34:23:fd:
                    ec:ea:3f:48:c6:94:a9:a0:ff:d7:f8:39:d1:43:f2:
                    44:07:16:40:69:37:a2:6a:5c:a7:d1:be:e3:dc:67:
                    fc:d8:45:54:6d:0e:bd:a6:aa:f8:ac:6a:be:15:37:
                    78:b3:b7:65:f2:1f:9e:be:19:91:12:75:91:64:9c:
                    0f:df:ba:3a:69:a7:3f:80:2b:2f:b8:f5:97:0e:5d:
                    71:d6:d1:2c:30:10:20:8b:f0:07:6a:1e:26:b9:eb:
                    8b:2a:9b:be:03:06:7c:8c:51:f4:02:4e:6c:70:f2:
                    d6:82:a5:5f:97:8a:f3:54:51:83:c2:9e:bb:db:d8:
                    91:0e:e1:9a:3a:e9:0c:c2:dc:c9:0c:bb:9f:a6:e7:
                    5f:09:33:4a:a6:8b:39:91:cf:02:a5:22:ca:81:3c:
                    05:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:ED:53:07:D4:BE:E6:E1:7F:73:CF:E0:FF:0F:CA:62:79:3B:E7:8A
            X509v3 Authority Key Identifier:
                keyid:3C:BD:CE:45:C4:88:2C:8A:3A:25:71:10:C6:B1:F0:D4:9B:18:2A:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PL3ORcSILIo6JXEQxrHw1JsYKpw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/1c9469-16fe-4e7b-8823-5db439b4ccee/1/Ne1TB9S-5uF_c8_g_w_KYnk754o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/1c9469-16fe-4e7b-8823-5db439b4ccee/1/PL3ORcSILIo6JXEQxrHw1JsYKpw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.154.189.0/24
                IPv6:
                  2a12:dac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         81:cd:ce:de:de:bf:cf:e0:56:f9:3a:ec:e1:19:a9:c9:be:a5:
         f8:4e:ef:7a:dd:7e:5a:fd:24:b2:de:ae:da:2c:ef:3c:b1:d3:
         90:99:05:a3:50:1b:80:bf:8e:9e:f9:ea:6f:7b:b3:30:ff:4b:
         a5:b0:8a:a7:64:42:f1:fe:2c:d3:e1:2b:74:43:7e:b1:33:a8:
         2f:ab:4c:df:ba:f2:45:2e:95:fd:7c:30:b3:07:62:52:0f:1f:
         7a:31:64:18:a5:5b:14:20:9e:09:f4:52:fb:d9:6a:36:d2:44:
         54:d9:e6:54:7e:ef:16:a0:57:6f:da:a8:32:67:b3:1c:0d:94:
         11:18:18:0e:fb:91:3f:4d:31:27:30:ea:c0:06:a3:e1:73:88:
         e8:12:84:2c:95:4e:98:d9:13:a6:6d:31:a6:18:5b:c0:97:9d:
         c6:d4:cc:e8:e0:2e:3f:a0:b9:ca:9e:5f:e8:ef:6b:5a:fd:a6:
         9d:1d:d8:44:8d:e4:ef:88:bb:0d:e4:b9:36:1f:a8:0c:36:e1:
         36:4e:1b:07:97:b7:b5:75:38:57:d4:c7:85:75:51:74:97:9a:
         2d:64:7e:4e:43:ff:c6:c7:b4:b1:ef:95:be:a0:7f:5a:11:b4:
         43:3b:e3:9d:c5:74:d5:29:1e:53:ec:2f:9a:a0:98:87:b8:a6:
         94:05:9e:0b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY4T6Bc5QyobjJQpgaVvgjiuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjYmRjZTQ1YzQ4ODJjOGEzYTI1NzExMGM2YjFmMGQ0OWIx
ODJhOWMwHhcNMjQwMzA2MTMxNjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWVkNTMwN2Q0YmVlNmUxN2Y3M2NmZTBmZjBmY2E2Mjc5M2JlNzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsmG1Smc6+SgIg3qEi8t8R0cQW2Nz
yKJIFxRe+A6DoQbMbf+M1WkY128DCs2RN1YdCOIL15rzn64BCXLYFh9LtDgMCHN3
Q24r7e2JP4OSr60CS6phdtpsZgqzjPFH6ex1VmoZvQk0I/3s6j9IxpSpoP/X+DnR
Q/JEBxZAaTeialyn0b7j3Gf82EVUbQ69pqr4rGq+FTd4s7dl8h+evhmREnWRZJwP
37o6aac/gCsvuPWXDl1x1tEsMBAgi/AHah4mueuLKpu+AwZ8jFH0Ak5scPLWgqVf
l4rzVFGDwp6729iRDuGaOukMwtzJDLufpudfCTNKpos5kc8CpSLKgTwFlwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDXtUwfUvubhf3PP4P8PymJ5O+eKMB8GA1UdIwQY
MBaAFDy9zkXEiCyKOiVxEMax8NSbGCqcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEwzT1JjU0lMSW82SlhFUXhySHcxSnNZS3B3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS8xYzk0NjktMTZmZS00ZTdiLTg4MjMt
NWRiNDM5YjRjY2VlLzEvTmUxVEI5Uy01dUZfYzhfZ193X0tZbms3NTRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS8xYzk0NjktMTZmZS00ZTdiLTg4MjMtNWRiNDM5YjRjY2Vl
LzEvUEwzT1JjU0lMSW82SlhFUXhySHcxSnNZS3B3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuZq9MA0E
AgACMAcDBQMqEtrAMA0GCSqGSIb3DQEBCwUAA4IBAQCBzc7e3r/P4Fb5OuzhGanJ
vqX4Tu963X5a/SSy3q7aLO88sdOQmQWjUBuAv46e+epve7Mw/0ulsIqnZELx/izT
4St0Q36xM6gvq0zfuvJFLpX9fDCzB2JSDx96MWQYpVsUIJ4J9FL72Wo20kRU2eZU
fu8WoFdv2qgyZ7McDZQRGBgO+5E/TTEnMOrABqPhc4joEoQslU6Y2ROmbTGmGFvA
l53G1Mzo4C4/oLnKnl/o72ta/aadHdhEjeTviLsN5Lk2H6gMNuE2ThsHl7e1dThX
1MeFdVF0l5otZH5OQ//Gx7Sx75W+oH9aEbRDO+OdxXTVKR5T7C+aoJiHuKaUBZ4L
-----END CERTIFICATE-----