Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/fdb641-d1a3-4dda-bf91-be7c828c3693/1/Ne6N-hwSPPCXOB8vueVyXlAfWd8.roa
File:                     Ne6N-hwSPPCXOB8vueVyXlAfWd8.roa (raw, json)
Hash identifier:          kDuKUnFulvMmoG+X1Cr4d107zp848NrW0Eyb0wzF7+4=
Subject key identifier:   35:EE:8D:FA:1C:12:3C:F0:97:38:1F:2F:B9:E5:72:5E:50:1F:59:DF
Certificate issuer:       /CN=c9e0e4c9acbf701f930149b325ce042cf9f92a59
Certificate serial:       018CC5014612EBE3220111B7CCE3D28EF378
Authority key identifier: C9:E0:E4:C9:AC:BF:70:1F:93:01:49:B3:25:CE:04:2C:F9:F9:2A:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yeDkyay_cB-TAUmzJc4ELPn5Klk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/fdb641-d1a3-4dda-bf91-be7c828c3693/1/Ne6N-hwSPPCXOB8vueVyXlAfWd8.roa
Signing time:             Mon 01 Jan 2024 12:30:44 +0000
ROA not before:           Mon 01 Jan 2024 12:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        91.213.126.0/24 maxlen: 24
                          2a12:7280::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/fdb641-d1a3-4dda-bf91-be7c828c3693/1/yeDkyay_cB-TAUmzJc4ELPn5Klk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/fdb641-d1a3-4dda-bf91-be7c828c3693/1/yeDkyay_cB-TAUmzJc4ELPn5Klk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yeDkyay_cB-TAUmzJc4ELPn5Klk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:46:12:eb:e3:22:01:11:b7:cc:e3:d2:8e:f3:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9e0e4c9acbf701f930149b325ce042cf9f92a59
        Validity
            Not Before: Jan  1 12:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=35ee8dfa1c123cf097381f2fb9e5725e501f59df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:22:31:5e:19:eb:3a:17:7e:02:1f:e2:23:39:
                    bc:c3:9e:19:04:3b:37:33:1d:ef:ab:f6:bd:dc:0c:
                    f4:d0:83:0e:d2:4c:39:4f:4d:77:49:6d:15:98:09:
                    36:2d:f3:3c:de:b8:fd:df:95:f1:c5:dc:58:f5:dc:
                    a1:2a:1d:58:31:0b:1d:b1:ea:b8:2d:1f:83:00:ef:
                    27:00:69:85:bd:29:1b:63:a3:01:3d:6f:29:4f:07:
                    7f:85:d7:d6:c3:89:14:32:a5:55:f4:57:38:f2:ca:
                    c8:9a:46:a5:32:50:ac:51:1e:44:11:07:a5:3e:b3:
                    0b:6d:69:2b:e8:15:7e:36:9f:13:5d:ef:72:e3:27:
                    90:29:39:65:16:c2:ee:e3:79:80:93:a2:49:b1:73:
                    9c:b7:03:61:87:6f:cb:17:a8:a3:76:d4:3c:42:d4:
                    8c:d5:04:f3:17:01:ed:0b:f3:a3:08:f4:5d:c0:a6:
                    d5:69:81:1b:f0:76:50:93:4d:70:81:31:6d:9f:e6:
                    19:e8:23:44:e4:88:03:d7:39:96:73:2d:f3:71:26:
                    b2:69:51:9a:a7:65:18:f5:1d:37:7c:5e:7a:55:d6:
                    3b:de:52:00:7d:57:9f:c2:0a:e6:18:a6:05:8e:c3:
                    be:66:33:02:10:ae:4e:c2:7e:96:26:fa:93:fe:e3:
                    35:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:EE:8D:FA:1C:12:3C:F0:97:38:1F:2F:B9:E5:72:5E:50:1F:59:DF
            X509v3 Authority Key Identifier:
                keyid:C9:E0:E4:C9:AC:BF:70:1F:93:01:49:B3:25:CE:04:2C:F9:F9:2A:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yeDkyay_cB-TAUmzJc4ELPn5Klk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fdb641-d1a3-4dda-bf91-be7c828c3693/1/Ne6N-hwSPPCXOB8vueVyXlAfWd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fdb641-d1a3-4dda-bf91-be7c828c3693/1/yeDkyay_cB-TAUmzJc4ELPn5Klk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.126.0/24
                IPv6:
                  2a12:7280::/29

    Signature Algorithm: sha256WithRSAEncryption
         14:32:73:8a:9f:a5:ab:5e:37:72:18:a2:7a:1e:dc:7c:d5:24:
         de:97:42:e9:39:d9:38:77:03:9c:ee:5f:14:25:dd:68:14:a0:
         98:7e:dd:5b:a6:f2:fb:c4:20:4d:17:ee:ef:ce:f1:60:5d:ce:
         4c:b2:ac:d4:6f:36:99:86:e7:d5:46:94:34:22:8e:f2:c4:df:
         50:64:da:9c:73:b1:0a:d9:d8:c0:bd:2a:db:c2:76:81:d4:07:
         b1:21:fd:82:44:20:c2:6c:88:a0:be:07:d4:f4:f5:f9:a2:33:
         a1:89:45:ac:1a:c3:9a:0a:ea:9c:22:a6:a2:8c:e5:3b:27:da:
         31:6e:50:21:e4:cc:da:36:33:ad:66:cd:f0:3b:07:c6:af:f7:
         86:fc:ac:36:d5:05:e3:2d:51:bb:f9:a4:de:cb:45:9c:bc:d7:
         f9:ed:e8:01:ba:b4:d2:6b:48:d5:98:71:ad:3b:27:c3:61:cf:
         db:c6:42:37:6e:d6:46:89:d6:dd:53:cf:92:5a:f5:c4:3f:cf:
         c5:6c:5b:86:51:48:38:71:c6:fe:29:0f:03:ca:62:83:0d:c0:
         1c:8b:95:f9:5c:64:e7:36:a9:89:a0:eb:27:ac:b4:3f:e5:8a:
         ae:9d:ad:bf:eb:d0:d7:28:c2:50:4d:ad:0e:6b:09:20:c9:52:
         82:3e:f3:47
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAUYS6+MiARG3zOPSjvN4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZTBlNGM5YWNiZjcwMWY5MzAxNDliMzI1Y2UwNDJjZjlm
OTJhNTkwHhcNMjQwMTAxMTIzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWVlOGRmYTFjMTIzY2YwOTczODFmMmZiOWU1NzI1ZTUwMWY1OWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgCIxXhnrOhd+Ah/iIzm8w54ZBDs3
Mx3vq/a93Az00IMO0kw5T013SW0VmAk2LfM83rj935XxxdxY9dyhKh1YMQsdseq4
LR+DAO8nAGmFvSkbY6MBPW8pTwd/hdfWw4kUMqVV9Fc48srImkalMlCsUR5EEQel
PrMLbWkr6BV+Np8TXe9y4yeQKTllFsLu43mAk6JJsXOctwNhh2/LF6ijdtQ8QtSM
1QTzFwHtC/OjCPRdwKbVaYEb8HZQk01wgTFtn+YZ6CNE5IgD1zmWcy3zcSayaVGa
p2UY9R03fF56VdY73lIAfVefwgrmGKYFjsO+ZjMCEK5Own6WJvqT/uM1XwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDXujfocEjzwlzgfL7nlcl5QH1nfMB8GA1UdIwQY
MBaAFMng5Mmsv3AfkwFJsyXOBCz5+SpZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWVEa3lheV9jQi1UQVVtekpjNEVMUG41S2xrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mZGI2NDEtZDFhMy00ZGRhLWJmOTEt
YmU3YzgyOGMzNjkzLzEvTmU2Ti1od1NQUENYT0I4dnVlVnlYbEFmV2Q4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mZGI2NDEtZDFhMy00ZGRhLWJmOTEtYmU3YzgyOGMzNjkz
LzEveWVEa3lheV9jQi1UQVVtekpjNEVMUG41S2xrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW9V+MA0E
AgACMAcDBQMqEnKAMA0GCSqGSIb3DQEBCwUAA4IBAQAUMnOKn6WrXjdyGKJ6Htx8
1STel0LpOdk4dwOc7l8UJd1oFKCYft1bpvL7xCBNF+7vzvFgXc5MsqzUbzaZhufV
RpQ0Io7yxN9QZNqcc7EK2djAvSrbwnaB1AexIf2CRCDCbIigvgfU9PX5ojOhiUWs
GsOaCuqcIqaijOU7J9oxblAh5MzaNjOtZs3wOwfGr/eG/Kw21QXjLVG7+aTey0Wc
vNf57egBurTSa0jVmHGtOyfDYc/bxkI3btZGidbdU8+SWvXEP8/FbFuGUUg4ccb+
KQ8DymKDDcAci5X5XGTnNqmJoOsnrLQ/5Yquna2/69DXKMJQTa0OawkgyVKCPvNH
-----END CERTIFICATE-----