Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/debc29-5b2b-4bab-b4f7-e1c9198cdd88/1/NEbsKu77gYfpibY3_TC8dQH80XA.roa
File:                     NEbsKu77gYfpibY3_TC8dQH80XA.roa (raw, json)
Hash identifier:          aeVQJbng3C7RHWncwne+AehQ3FDANQdssqp/Bjc9vag=
Subject key identifier:   34:46:EC:2A:EE:FB:81:87:E9:89:B6:37:FD:30:BC:75:01:FC:D1:70
Certificate issuer:       /CN=fde72d43f4c82b1146737b116197231830bf65d6
Certificate serial:       0194274801B3CE433DAB18B2C90E63BCD7FC
Authority key identifier: FD:E7:2D:43:F4:C8:2B:11:46:73:7B:11:61:97:23:18:30:BF:65:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_ectQ_TIKxFGc3sRYZcjGDC_ZdY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/debc29-5b2b-4bab-b4f7-e1c9198cdd88/1/NEbsKu77gYfpibY3_TC8dQH80XA.roa
Signing time:             Thu 02 Jan 2025 13:50:17 +0000
ROA not before:           Thu 02 Jan 2025 13:50:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209770
IP address blocks:        213.232.72.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/debc29-5b2b-4bab-b4f7-e1c9198cdd88/1/_ectQ_TIKxFGc3sRYZcjGDC_ZdY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/debc29-5b2b-4bab-b4f7-e1c9198cdd88/1/_ectQ_TIKxFGc3sRYZcjGDC_ZdY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_ectQ_TIKxFGc3sRYZcjGDC_ZdY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:01:b3:ce:43:3d:ab:18:b2:c9:0e:63:bc:d7:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fde72d43f4c82b1146737b116197231830bf65d6
        Validity
            Not Before: Jan  2 13:50:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3446ec2aeefb8187e989b637fd30bc7501fcd170
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:cd:59:58:ed:60:97:0e:f9:c6:19:fd:9a:62:
                    a7:6d:10:3e:a3:4b:89:a9:b1:67:a4:c2:cd:08:93:
                    de:57:30:aa:41:eb:9c:ac:38:20:29:85:ee:a7:67:
                    58:73:39:2f:10:77:ff:a5:7e:8a:53:d3:dd:fd:fd:
                    8a:79:4f:df:79:af:d3:49:e6:39:34:9d:58:ac:1b:
                    82:4d:5f:82:81:82:62:9c:7d:b9:14:01:23:3f:17:
                    0b:8a:ea:8f:f3:0a:97:82:f0:a2:3f:5f:e6:df:5e:
                    4e:5c:b8:2c:11:db:d0:4c:cc:f5:dc:3a:3c:01:98:
                    de:96:f3:54:48:bf:a1:c3:49:c8:04:1e:8a:e8:71:
                    9b:98:47:74:93:cb:96:5a:1f:7e:95:ea:3a:ef:50:
                    2a:28:ba:5b:d7:ee:e4:f1:52:a2:f5:34:93:29:cd:
                    cb:d2:9e:85:70:90:69:39:cf:4a:1b:54:56:3f:33:
                    5d:76:c0:a1:14:a9:83:ce:f5:2e:2e:67:9b:70:a3:
                    5d:46:45:70:63:ad:1a:5f:93:76:db:ad:df:42:0e:
                    85:51:86:a0:57:2c:70:d5:d0:70:86:33:a8:9a:29:
                    2a:d4:88:dd:c2:31:9f:54:d1:66:e5:50:20:6e:81:
                    75:59:2a:e0:94:c8:a1:80:94:90:6f:d7:2f:fb:ff:
                    c0:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:46:EC:2A:EE:FB:81:87:E9:89:B6:37:FD:30:BC:75:01:FC:D1:70
            X509v3 Authority Key Identifier:
                keyid:FD:E7:2D:43:F4:C8:2B:11:46:73:7B:11:61:97:23:18:30:BF:65:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_ectQ_TIKxFGc3sRYZcjGDC_ZdY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/debc29-5b2b-4bab-b4f7-e1c9198cdd88/1/NEbsKu77gYfpibY3_TC8dQH80XA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/debc29-5b2b-4bab-b4f7-e1c9198cdd88/1/_ectQ_TIKxFGc3sRYZcjGDC_ZdY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.232.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8f:d7:b7:94:29:48:76:cc:a7:f5:64:28:9f:11:aa:f7:2c:6a:
         a3:49:b8:6b:66:c7:9f:d2:c3:cc:a1:46:d3:c6:7a:33:b1:54:
         d4:fe:23:3e:07:1b:1c:cb:91:c8:42:0d:12:f0:6e:14:e1:29:
         8e:c4:33:af:f5:81:bb:4f:39:ff:c5:fa:a6:83:cd:a5:9b:84:
         18:2f:9f:a3:0e:4e:ba:dd:10:f6:58:74:9d:be:e7:b3:44:84:
         16:d5:1b:98:45:51:35:55:03:ad:9a:9d:95:65:c3:47:15:60:
         49:3b:61:5a:8f:63:28:ee:48:b6:13:d7:d7:bd:b2:68:ff:45:
         48:79:9c:18:b5:4a:c3:1a:ca:3b:73:f2:09:55:24:d6:53:1c:
         db:57:fc:a1:40:2f:5a:aa:4c:3a:af:47:cb:c5:32:4b:40:a6:
         f0:1c:cc:82:d4:1a:22:4f:d4:39:f6:df:a7:92:6a:f4:68:68:
         5d:be:be:69:26:5c:a8:1e:d3:03:3b:b9:b2:b2:90:05:46:29:
         10:51:f7:63:2f:9c:a2:55:ca:67:5e:3f:95:a3:8a:3b:aa:28:
         85:ce:86:81:e2:8a:7f:b2:62:cb:82:50:2e:18:01:49:05:07:
         98:02:43:69:eb:4b:43:83:e0:c5:e1:9c:fa:7b:0c:a4:62:e0:
         cc:1c:16:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSAGzzkM9qxiyyQ5jvNf8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZTcyZDQzZjRjODJiMTE0NjczN2IxMTYxOTcyMzE4MzBi
ZjY1ZDYwHhcNMjUwMTAyMTM1MDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDQ2ZWMyYWVlZmI4MTg3ZTk4OWI2MzdmZDMwYmM3NTAxZmNkMTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA181ZWO1glw75xhn9mmKnbRA+o0uJ
qbFnpMLNCJPeVzCqQeucrDggKYXup2dYczkvEHf/pX6KU9Pd/f2KeU/fea/TSeY5
NJ1YrBuCTV+CgYJinH25FAEjPxcLiuqP8wqXgvCiP1/m315OXLgsEdvQTMz13Do8
AZjelvNUSL+hw0nIBB6K6HGbmEd0k8uWWh9+leo671AqKLpb1+7k8VKi9TSTKc3L
0p6FcJBpOc9KG1RWPzNddsChFKmDzvUuLmebcKNdRkVwY60aX5N2263fQg6FUYag
Vyxw1dBwhjOomikq1IjdwjGfVNFm5VAgboF1WSrglMihgJSQb9cv+//AtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDRG7Cru+4GH6Ym2N/0wvHUB/NFwMB8GA1UdIwQY
MBaAFP3nLUP0yCsRRnN7EWGXIxgwv2XWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2VjdFFfVElLeEZHYzNzUllaY2pHRENfWmRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC9kZWJjMjktNWIyYi00YmFiLWI0Zjct
ZTFjOTE5OGNkZDg4LzEvTkVic0t1NzdnWWZwaWJZM19UQzhkUUg4MFhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC9kZWJjMjktNWIyYi00YmFiLWI0ZjctZTFjOTE5OGNkZDg4
LzEvX2VjdFFfVElLeEZHYzNzUllaY2pHRENfWmRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1ehIMA0G
CSqGSIb3DQEBCwUAA4IBAQCP17eUKUh2zKf1ZCifEar3LGqjSbhrZsef0sPMoUbT
xnozsVTU/iM+Bxscy5HIQg0S8G4U4SmOxDOv9YG7Tzn/xfqmg82lm4QYL5+jDk66
3RD2WHSdvuezRIQW1RuYRVE1VQOtmp2VZcNHFWBJO2Faj2Mo7ki2E9fXvbJo/0VI
eZwYtUrDGso7c/IJVSTWUxzbV/yhQC9aqkw6r0fLxTJLQKbwHMyC1BoiT9Q59t+n
kmr0aGhdvr5pJlyoHtMDO7myspAFRikQUfdjL5yiVcpnXj+Vo4o7qiiFzoaB4op/
smLLglAuGAFJBQeYAkNp60tDg+DF4Zz6ewykYuDMHBaS
-----END CERTIFICATE-----