Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/nevZ6euM76WMVvW6gwVEf5P2BW4.roa
File:                     nevZ6euM76WMVvW6gwVEf5P2BW4.roa (raw, json)
Hash identifier:          SieEc8r9ZNxd7n2oeA+DFz5OR5VkyV28urJmNXP7muU=
Subject key identifier:   9D:EB:D9:E9:EB:8C:EF:A5:8C:56:F5:BA:83:05:44:7F:93:F6:05:6E
Certificate issuer:       /CN=3919f2ad91584baff0467447bac8fb978d1f9dd3
Certificate serial:       018CC34906740425543797F514D710F90F5E
Authority key identifier: 39:19:F2:AD:91:58:4B:AF:F0:46:74:47:BA:C8:FB:97:8D:1F:9D:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ORnyrZFYS6_wRnRHusj7l40fndM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/nevZ6euM76WMVvW6gwVEf5P2BW4.roa
Signing time:             Mon 01 Jan 2024 04:29:52 +0000
ROA not before:           Mon 01 Jan 2024 04:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28781
IP address blocks:        213.161.131.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/ORnyrZFYS6_wRnRHusj7l40fndM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/ORnyrZFYS6_wRnRHusj7l40fndM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ORnyrZFYS6_wRnRHusj7l40fndM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:06:74:04:25:54:37:97:f5:14:d7:10:f9:0f:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3919f2ad91584baff0467447bac8fb978d1f9dd3
        Validity
            Not Before: Jan  1 04:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9debd9e9eb8cefa58c56f5ba8305447f93f6056e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:71:e1:2f:b4:05:00:de:db:54:f0:62:58:31:
                    bf:b2:a7:78:98:51:57:e6:67:d9:26:ab:98:aa:81:
                    a2:66:42:cd:87:56:4f:44:e2:f8:7b:ff:05:72:c1:
                    98:4c:50:d4:12:ab:a2:9d:c8:03:71:32:91:c8:54:
                    c0:4b:ce:8a:d1:eb:f6:9d:00:6e:7d:c3:2e:8a:6f:
                    43:a8:54:e5:e9:25:4d:84:ce:8c:f6:0b:f7:84:ce:
                    9f:ce:e7:46:9f:c0:cf:c9:75:a4:f6:60:64:6b:b5:
                    2a:9c:48:91:0a:fb:bc:78:cb:ba:5e:f8:7a:a0:6b:
                    bc:f9:3b:94:44:3f:6e:14:80:3d:48:d3:cc:90:ac:
                    26:8b:7c:90:d8:3c:43:20:f0:d6:26:cf:72:21:f2:
                    96:9a:05:b5:2a:40:a0:30:9a:bc:18:d0:78:53:3e:
                    c7:f8:6e:bd:b5:9c:e7:bb:4c:28:76:2b:65:a5:39:
                    9a:41:3c:02:49:99:71:7a:d3:4d:1e:21:80:1a:6e:
                    5c:5d:23:2e:32:34:3b:af:2f:b9:c9:d7:7e:7f:e1:
                    26:a1:2a:11:ee:8f:16:6c:cb:3a:66:eb:d7:6f:30:
                    df:bd:87:fc:47:7c:d0:39:c2:1e:71:d5:24:fc:0a:
                    af:9d:1e:a6:7c:55:00:b3:16:bc:34:b2:84:ac:08:
                    54:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:EB:D9:E9:EB:8C:EF:A5:8C:56:F5:BA:83:05:44:7F:93:F6:05:6E
            X509v3 Authority Key Identifier:
                keyid:39:19:F2:AD:91:58:4B:AF:F0:46:74:47:BA:C8:FB:97:8D:1F:9D:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ORnyrZFYS6_wRnRHusj7l40fndM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/nevZ6euM76WMVvW6gwVEf5P2BW4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/ORnyrZFYS6_wRnRHusj7l40fndM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.161.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:e5:0e:73:ab:32:94:df:c2:0a:2e:f0:9d:ad:e9:5c:d3:f4:
         dd:78:be:28:08:5b:ac:79:62:f0:17:99:c3:8e:e8:18:ce:c7:
         f3:24:56:15:58:67:43:c0:12:b3:06:c3:66:7b:f0:b1:da:fc:
         be:78:66:03:0c:2f:ad:73:c2:8f:b6:c7:07:51:4e:ff:f2:93:
         56:09:b6:99:d3:f9:11:b6:bb:46:71:7e:0d:bc:2a:90:4d:a2:
         db:16:ba:8f:38:3e:ca:34:05:5c:d6:65:51:69:ac:67:b0:b7:
         03:7f:b3:61:ac:2f:17:1d:5b:77:ab:cc:5f:c3:b1:71:d5:59:
         e6:8f:9a:0e:b1:4c:e5:fc:65:bd:f7:20:49:cd:b8:41:e9:91:
         cd:2d:b1:31:01:10:69:6c:70:3c:33:e2:6e:6f:2c:39:ac:92:
         85:74:13:a3:e5:4e:e6:c1:e0:0c:79:86:6c:0d:67:f6:59:23:
         de:15:8a:cd:84:78:3e:5d:04:22:b4:61:e5:e8:bf:85:64:ab:
         65:61:a0:1e:12:9c:1d:4a:01:dc:de:63:6b:8f:4b:60:a6:5b:
         b9:ce:bd:82:f8:8a:29:06:fb:31:dd:1e:e4:c0:e2:ed:ef:db:
         8b:16:77:19:15:1a:b5:69:9f:f8:cc:10:5d:aa:f6:00:3f:02:
         84:54:03:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSQZ0BCVUN5f1FNcQ+Q9eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MTlmMmFkOTE1ODRiYWZmMDQ2NzQ0N2JhYzhmYjk3OGQx
ZjlkZDMwHhcNMjQwMTAxMDQyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGViZDllOWViOGNlZmE1OGM1NmY1YmE4MzA1NDQ3ZjkzZjYwNTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA13HhL7QFAN7bVPBiWDG/sqd4mFFX
5mfZJquYqoGiZkLNh1ZPROL4e/8FcsGYTFDUEquincgDcTKRyFTAS86K0ev2nQBu
fcMuim9DqFTl6SVNhM6M9gv3hM6fzudGn8DPyXWk9mBka7UqnEiRCvu8eMu6Xvh6
oGu8+TuURD9uFIA9SNPMkKwmi3yQ2DxDIPDWJs9yIfKWmgW1KkCgMJq8GNB4Uz7H
+G69tZznu0woditlpTmaQTwCSZlxetNNHiGAGm5cXSMuMjQ7ry+5ydd+f+EmoSoR
7o8WbMs6ZuvXbzDfvYf8R3zQOcIecdUk/AqvnR6mfFUAsxa8NLKErAhUrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ3r2enrjO+ljFb1uoMFRH+T9gVuMB8GA1UdIwQY
MBaAFDkZ8q2RWEuv8EZ0R7rI+5eNH53TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1JueXJaRllTNl93Um5SSHVzajdsNDBmbmRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85MTE4ZTItYWU3NC00YzI0LWE3NzUt
MzJhYTY3MzFjMjkxLzEvbmV2WjZldU03NldNVnZXNmd3VkVmNVAyQlc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85MTE4ZTItYWU3NC00YzI0LWE3NzUtMzJhYTY3MzFjMjkx
LzEvT1JueXJaRllTNl93Um5SSHVzajdsNDBmbmRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1aGDMA0G
CSqGSIb3DQEBCwUAA4IBAQCe5Q5zqzKU38IKLvCdrelc0/TdeL4oCFuseWLwF5nD
jugYzsfzJFYVWGdDwBKzBsNme/Cx2vy+eGYDDC+tc8KPtscHUU7/8pNWCbaZ0/kR
trtGcX4NvCqQTaLbFrqPOD7KNAVc1mVRaaxnsLcDf7NhrC8XHVt3q8xfw7Fx1Vnm
j5oOsUzl/GW99yBJzbhB6ZHNLbExARBpbHA8M+Jubyw5rJKFdBOj5U7mweAMeYZs
DWf2WSPeFYrNhHg+XQQitGHl6L+FZKtlYaAeEpwdSgHc3mNrj0tgplu5zr2C+Iop
Bvsx3R7kwOLt79uLFncZFRq1aZ/4zBBdqvYAPwKEVAN8
-----END CERTIFICATE-----