Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/a19d51-07e5-4db5-9d0e-66d3198bf1a2/1/9NE76IikFTwAkTyDCCKrSeG9Pfk.roa
File:                     9NE76IikFTwAkTyDCCKrSeG9Pfk.roa (raw, json)
Hash identifier:          7c8fDsuY1fGey1bF9sm0j3DM8bkDcr2ESfsaRPP7P5A=
Subject key identifier:   F4:D1:3B:E8:88:A4:15:3C:00:91:3C:83:08:22:AB:49:E1:BD:3D:F9
Certificate issuer:       /CN=3d4276373b040fa9ac77e566c5b6cdf35b53b937
Certificate serial:       018EE628F2AEE3AC2EDF1042FDF81402BD36
Authority key identifier: 3D:42:76:37:3B:04:0F:A9:AC:77:E5:66:C5:B6:CD:F3:5B:53:B9:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PUJ2NzsED6msd-VmxbbN81tTuTc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/a19d51-07e5-4db5-9d0e-66d3198bf1a2/1/9NE76IikFTwAkTyDCCKrSeG9Pfk.roa
Signing time:             Tue 16 Apr 2024 09:07:07 +0000
ROA not before:           Tue 16 Apr 2024 09:07:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5089
IP address blocks:        193.238.234.0/24 maxlen: 24
                          193.238.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/a19d51-07e5-4db5-9d0e-66d3198bf1a2/1/PUJ2NzsED6msd-VmxbbN81tTuTc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/a19d51-07e5-4db5-9d0e-66d3198bf1a2/1/PUJ2NzsED6msd-VmxbbN81tTuTc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PUJ2NzsED6msd-VmxbbN81tTuTc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 17:36:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e6:28:f2:ae:e3:ac:2e:df:10:42:fd:f8:14:02:bd:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d4276373b040fa9ac77e566c5b6cdf35b53b937
        Validity
            Not Before: Apr 16 09:07:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4d13be888a4153c00913c830822ab49e1bd3df9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:7b:0c:d2:cd:86:96:b1:a3:3d:ff:c4:7e:16:
                    43:f2:27:36:ae:32:cd:2e:d3:15:09:69:b9:a7:30:
                    51:23:5d:c9:0c:a8:19:04:90:f4:67:c9:4d:6d:74:
                    80:5b:a3:04:93:54:26:8b:7f:75:ad:f8:14:ca:37:
                    d9:b2:41:ed:f2:d9:6c:84:a5:22:97:e4:d9:33:bb:
                    8d:01:1d:89:78:f2:bd:98:96:22:37:7d:76:3f:d6:
                    5d:c0:e0:06:8c:eb:49:68:f8:68:c8:3c:aa:d7:51:
                    ea:2c:1d:1a:df:16:da:c0:6c:bf:78:7c:74:67:55:
                    91:23:a6:83:cb:e5:18:1a:82:4d:90:37:2f:d4:97:
                    b7:9f:d8:85:b8:04:d7:25:1a:95:0c:1e:96:1f:f3:
                    9c:c9:c0:73:d8:f3:46:be:f4:4d:80:ec:8e:bc:bf:
                    50:d1:5c:d3:1b:fa:bf:c8:c6:ad:b4:4d:95:66:32:
                    80:14:dc:f2:1e:d6:1d:51:52:00:cb:7b:a2:93:10:
                    9c:9b:97:f8:37:bd:77:14:45:a5:e2:36:db:a3:01:
                    cf:8f:5e:03:f4:88:8d:5c:3f:54:22:e9:c0:36:c7:
                    00:30:17:9e:32:77:54:c8:be:71:08:4c:b2:d5:16:
                    16:8b:d3:9c:24:6b:36:b3:16:f5:4f:4a:11:41:a1:
                    e6:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:D1:3B:E8:88:A4:15:3C:00:91:3C:83:08:22:AB:49:E1:BD:3D:F9
            X509v3 Authority Key Identifier:
                keyid:3D:42:76:37:3B:04:0F:A9:AC:77:E5:66:C5:B6:CD:F3:5B:53:B9:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PUJ2NzsED6msd-VmxbbN81tTuTc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/a19d51-07e5-4db5-9d0e-66d3198bf1a2/1/9NE76IikFTwAkTyDCCKrSeG9Pfk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/a19d51-07e5-4db5-9d0e-66d3198bf1a2/1/PUJ2NzsED6msd-VmxbbN81tTuTc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.238.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         82:b4:0f:ee:20:f0:96:c7:70:d4:d4:1b:3d:70:e3:c8:e8:0d:
         cd:cf:d0:9f:3f:bc:0b:3f:93:6b:e8:50:74:d0:59:da:f6:ea:
         7d:d3:e6:f3:0f:eb:5e:92:0b:27:af:de:8f:6c:15:f8:1f:cc:
         e6:a0:86:ce:03:38:da:c2:a0:05:7b:30:19:4a:6f:0e:e6:04:
         e5:95:79:52:65:3c:48:2d:81:82:6d:23:93:66:8e:34:d5:96:
         64:6f:26:ab:d3:3f:db:73:ee:ef:29:b1:f6:d6:e5:d5:be:c9:
         1a:24:d2:c1:a5:e4:78:29:b2:42:8a:2a:97:22:88:b8:80:c2:
         99:8d:9b:61:28:5b:dc:86:dd:65:26:61:7f:37:0d:e1:5c:5f:
         49:af:4e:4e:e4:a3:b2:69:e1:79:d9:77:c6:75:e5:0d:39:d8:
         f6:cc:3f:f9:a5:f0:9e:8c:45:a9:42:6f:6a:65:2b:98:92:2d:
         94:3e:e6:78:d7:fe:b8:39:82:07:bb:93:ea:9c:a5:fd:90:6e:
         e7:d2:2f:26:df:44:cb:b8:f4:c5:ff:18:8d:aa:f5:bd:fb:2a:
         8d:2b:02:ca:2d:ff:ed:a8:10:39:06:e6:2a:6b:75:66:9e:ca:
         11:b7:a1:1e:32:80:25:ac:3c:1c:d6:77:d1:e4:c2:bd:4a:2f:
         d0:02:42:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7mKPKu46wu3xBC/fgUAr02MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkNDI3NjM3M2IwNDBmYTlhYzc3ZTU2NmM1YjZjZGYzNWI1
M2I5MzcwHhcNMjQwNDE2MDkwNzA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGQxM2JlODg4YTQxNTNjMDA5MTNjODMwODIyYWI0OWUxYmQzZGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3sM0s2GlrGjPf/EfhZD8ic2rjLN
LtMVCWm5pzBRI13JDKgZBJD0Z8lNbXSAW6MEk1Qmi391rfgUyjfZskHt8tlshKUi
l+TZM7uNAR2JePK9mJYiN312P9ZdwOAGjOtJaPhoyDyq11HqLB0a3xbawGy/eHx0
Z1WRI6aDy+UYGoJNkDcv1Je3n9iFuATXJRqVDB6WH/OcycBz2PNGvvRNgOyOvL9Q
0VzTG/q/yMattE2VZjKAFNzyHtYdUVIAy3uikxCcm5f4N713FEWl4jbbowHPj14D
9IiNXD9UIunANscAMBeeMndUyL5xCEyy1RYWi9OcJGs2sxb1T0oRQaHmjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPTRO+iIpBU8AJE8gwgiq0nhvT35MB8GA1UdIwQY
MBaAFD1Cdjc7BA+prHflZsW2zfNbU7k3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFVKMk56c0VENm1zZC1WbXhiYk44MXRUdVRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My9hMTlkNTEtMDdlNS00ZGI1LTlkMGUt
NjZkMzE5OGJmMWEyLzEvOU5FNzZJaWtGVHdBa1R5RENDS3JTZUc5UGZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My9hMTlkNTEtMDdlNS00ZGI1LTlkMGUtNjZkMzE5OGJmMWEy
LzEvUFVKMk56c0VENm1zZC1WbXhiYk44MXRUdVRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwe7qMA0G
CSqGSIb3DQEBCwUAA4IBAQCCtA/uIPCWx3DU1Bs9cOPI6A3Nz9CfP7wLP5Nr6FB0
0Fna9up90+bzD+tekgsnr96PbBX4H8zmoIbOAzjawqAFezAZSm8O5gTllXlSZTxI
LYGCbSOTZo401ZZkbyar0z/bc+7vKbH21uXVvskaJNLBpeR4KbJCiiqXIoi4gMKZ
jZthKFvcht1lJmF/Nw3hXF9Jr05O5KOyaeF52XfGdeUNOdj2zD/5pfCejEWpQm9q
ZSuYki2UPuZ41/64OYIHu5PqnKX9kG7n0i8m30TLuPTF/xiNqvW9+yqNKwLKLf/t
qBA5BuYqa3VmnsoRt6EeMoAlrDwc1nfR5MK9Si/QAkIO
-----END CERTIFICATE-----