Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/2b5e0d-19a9-4036-98b6-ca65a9723c59/1/ND0yi0KgzojvcPursAbtBaCem48.roa
File:                     ND0yi0KgzojvcPursAbtBaCem48.roa (raw, json)
Hash identifier:          F97J3Ocg8lIOZFKtOloEHgoALdf4BAO63dSyamGffAE=
Subject key identifier:   34:3D:32:8B:42:A0:CE:88:EF:70:FB:AB:B0:06:ED:05:A0:9E:9B:8F
Certificate issuer:       /CN=9c46c1d7762005384ed8526cfa1c7496564f50d3
Certificate serial:       018F6E58FD56EA47D6270845C3BB309833A9
Authority key identifier: 9C:46:C1:D7:76:20:05:38:4E:D8:52:6C:FA:1C:74:96:56:4F:50:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nEbB13YgBThO2FJs-hx0llZPUNM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/2b5e0d-19a9-4036-98b6-ca65a9723c59/1/ND0yi0KgzojvcPursAbtBaCem48.roa
Signing time:             Sun 12 May 2024 19:47:56 +0000
ROA not before:           Sun 12 May 2024 19:47:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197390
IP address blocks:        176.28.77.0/24 maxlen: 24
                          176.28.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/2b5e0d-19a9-4036-98b6-ca65a9723c59/1/nEbB13YgBThO2FJs-hx0llZPUNM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/2b5e0d-19a9-4036-98b6-ca65a9723c59/1/nEbB13YgBThO2FJs-hx0llZPUNM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nEbB13YgBThO2FJs-hx0llZPUNM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 19:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:6e:58:fd:56:ea:47:d6:27:08:45:c3:bb:30:98:33:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c46c1d7762005384ed8526cfa1c7496564f50d3
        Validity
            Not Before: May 12 19:47:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=343d328b42a0ce88ef70fbabb006ed05a09e9b8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:d8:a7:89:65:61:ef:f5:fd:8c:2f:43:c4:91:
                    da:ee:f5:a0:0b:4d:56:4b:df:e3:a3:fb:e3:1e:c1:
                    02:51:80:09:24:1d:8c:ca:1f:09:55:91:5f:4a:f2:
                    5f:ee:52:92:73:51:8e:fc:bf:37:06:93:f6:e3:c2:
                    ee:2c:e3:f8:59:b2:5a:77:a0:b5:53:69:85:3a:d5:
                    cf:2b:01:fb:1b:81:e1:a4:24:90:22:ef:e0:8d:af:
                    7b:2d:d0:4c:de:17:9a:20:cb:14:60:58:07:44:7a:
                    7b:d0:34:d2:92:1a:ec:e5:18:44:c3:37:a6:0e:ed:
                    29:2e:b8:bb:94:1e:58:79:a0:04:1f:d1:1e:4d:31:
                    22:80:64:9a:96:a5:15:d2:67:65:6d:b3:06:90:62:
                    d2:33:bd:22:55:e8:71:c3:b6:e9:aa:df:ea:d4:f0:
                    f7:e0:aa:26:02:36:64:c8:e2:8b:2d:c9:cb:c7:0b:
                    ce:5b:66:8d:be:1d:6e:a5:47:4e:11:ba:b6:a9:51:
                    2e:52:42:23:85:e6:0a:44:e3:d7:32:0b:59:f2:c4:
                    7b:30:e7:5f:c5:7e:98:ed:2e:56:a8:1b:d9:e7:c9:
                    c7:2c:26:d2:e9:f6:6c:b6:a0:80:75:93:51:51:cb:
                    09:a4:16:ca:99:c6:78:60:72:de:1b:20:9d:45:4f:
                    b2:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:3D:32:8B:42:A0:CE:88:EF:70:FB:AB:B0:06:ED:05:A0:9E:9B:8F
            X509v3 Authority Key Identifier:
                keyid:9C:46:C1:D7:76:20:05:38:4E:D8:52:6C:FA:1C:74:96:56:4F:50:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nEbB13YgBThO2FJs-hx0llZPUNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/2b5e0d-19a9-4036-98b6-ca65a9723c59/1/ND0yi0KgzojvcPursAbtBaCem48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/2b5e0d-19a9-4036-98b6-ca65a9723c59/1/nEbB13YgBThO2FJs-hx0llZPUNM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.28.77.0-176.28.78.255

    Signature Algorithm: sha256WithRSAEncryption
         2f:c4:c8:25:64:4c:48:85:b8:7e:b0:95:86:7d:55:de:5f:a9:
         5f:ff:11:07:e6:9a:28:89:be:0d:f4:19:b2:c7:16:4e:77:1c:
         94:8d:25:86:b0:62:b9:0b:21:e5:c7:20:5a:5f:54:fc:48:d9:
         c6:d4:71:e7:93:2b:a6:e3:92:14:c4:bc:9f:40:3b:60:be:9c:
         b4:80:22:68:10:f5:77:47:5a:e7:fe:dd:57:da:2d:65:66:24:
         89:31:ba:13:39:5f:1f:d9:81:68:b0:d7:7f:07:07:75:1f:18:
         fd:8a:28:b6:61:b8:6a:b8:f0:81:57:2b:69:bc:ff:b9:3d:e8:
         8a:38:fd:81:20:86:4c:34:ef:40:0c:0c:d5:6b:5f:c5:2d:3f:
         61:e7:72:6e:42:19:86:81:a0:81:be:bd:13:f1:d9:ba:cd:38:
         c6:18:e2:c8:45:ac:5f:f1:d9:ca:6e:94:39:20:93:60:7b:ca:
         06:a9:fe:dc:e6:b6:d3:fc:9c:d8:b1:d0:1e:95:ed:84:42:2c:
         48:17:3f:90:55:23:6e:19:56:7c:34:e9:5d:a5:43:70:22:7b:
         c1:14:85:14:65:ee:d1:66:96:57:d7:bc:78:cf:5c:48:23:4f:
         0a:98:c3:a5:ea:c6:ac:39:a5:d6:a8:d9:3d:03:37:b5:f5:7b:
         82:35:c9:7c
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY9uWP1W6kfWJwhFw7swmDOpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNDZjMWQ3NzYyMDA1Mzg0ZWQ4NTI2Y2ZhMWM3NDk2NTY0
ZjUwZDMwHhcNMjQwNTEyMTk0NzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDNkMzI4YjQyYTBjZTg4ZWY3MGZiYWJiMDA2ZWQwNWEwOWU5YjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9iniWVh7/X9jC9DxJHa7vWgC01W
S9/jo/vjHsECUYAJJB2Myh8JVZFfSvJf7lKSc1GO/L83BpP248LuLOP4WbJad6C1
U2mFOtXPKwH7G4HhpCSQIu/gja97LdBM3heaIMsUYFgHRHp70DTSkhrs5RhEwzem
Du0pLri7lB5YeaAEH9EeTTEigGSalqUV0mdlbbMGkGLSM70iVehxw7bpqt/q1PD3
4KomAjZkyOKLLcnLxwvOW2aNvh1upUdOEbq2qVEuUkIjheYKROPXMgtZ8sR7MOdf
xX6Y7S5WqBvZ58nHLCbS6fZstqCAdZNRUcsJpBbKmcZ4YHLeGyCdRU+y+wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDQ9MotCoM6I73D7q7AG7QWgnpuPMB8GA1UdIwQY
MBaAFJxGwdd2IAU4TthSbPocdJZWT1DTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkViQjEzWWdCVGhPMkZKcy1oeDBsbFpQVU5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC8yYjVlMGQtMTlhOS00MDM2LTk4YjYt
Y2E2NWE5NzIzYzU5LzEvTkQweWkwS2d6b2p2Y1B1cnNBYnRCYUNlbTQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC8yYjVlMGQtMTlhOS00MDM2LTk4YjYtY2E2NWE5NzIzYzU5
LzEvbkViQjEzWWdCVGhPMkZKcy1oeDBsbFpQVU5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBACwHE0D
BACwHE4wDQYJKoZIhvcNAQELBQADggEBAC/EyCVkTEiFuH6wlYZ9Vd5fqV//EQfm
miiJvg30GbLHFk53HJSNJYawYrkLIeXHIFpfVPxI2cbUceeTK6bjkhTEvJ9AO2C+
nLSAImgQ9XdHWuf+3VfaLWVmJIkxuhM5Xx/ZgWiw138HB3UfGP2KKLZhuGq48IFX
K2m8/7k96Io4/YEghkw070AMDNVrX8UtP2Hncm5CGYaBoIG+vRPx2brNOMYY4shF
rF/x2cpulDkgk2B7ygap/tzmttP8nNix0B6V7YRCLEgXP5BVI24ZVnw06V2lQ3Ai
e8EUhRRl7tFmllfXvHjPXEgjTwqYw6Xqxqw5pdao2T0DN7X1e4I1yXw=
-----END CERTIFICATE-----