Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/NDUUF9NekVrHtSWCIew4d3paY9s.roa
File:                     NDUUF9NekVrHtSWCIew4d3paY9s.roa (raw, json)
Hash identifier:          t8b9XWI3lkkCO/FuRqFhQATNv6FMx1wWuUDaQPf0+zQ=
Subject key identifier:   34:35:14:17:D3:5E:91:5A:C7:B5:25:82:21:EC:38:77:7A:5A:63:DB
Certificate issuer:       /CN=e760126dce78bc16e66c2e6e7635848ac46846af
Certificate serial:       018CC7937F633B7F942F771A2CC71812EFE8
Authority key identifier: E7:60:12:6D:CE:78:BC:16:E6:6C:2E:6E:76:35:84:8A:C4:68:46:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/NDUUF9NekVrHtSWCIew4d3paY9s.roa
Signing time:             Tue 02 Jan 2024 00:29:41 +0000
ROA not before:           Tue 02 Jan 2024 00:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60781
IP address blocks:        146.247.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:7f:63:3b:7f:94:2f:77:1a:2c:c7:18:12:ef:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e760126dce78bc16e66c2e6e7635848ac46846af
        Validity
            Not Before: Jan  2 00:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34351417d35e915ac7b5258221ec38777a5a63db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:54:74:90:e1:e2:2f:3c:a9:89:e8:f2:c0:2e:
                    34:7f:32:ba:40:9e:fe:da:6c:9e:02:07:ef:83:91:
                    30:55:32:2a:7b:09:25:ca:96:30:93:c2:fa:6b:58:
                    26:61:3c:4c:db:ee:cd:34:6f:1f:80:68:ff:96:ea:
                    1e:d4:13:1d:f3:4c:6c:1e:fb:23:47:a7:d9:97:99:
                    bf:20:e8:90:12:44:88:2c:a1:9e:95:89:98:10:59:
                    99:7a:1c:a1:4b:9f:7b:33:09:8b:97:d9:99:e1:d2:
                    6f:53:65:77:0f:75:fd:97:30:92:8d:0a:32:ad:12:
                    77:3a:b1:16:79:1e:16:25:0d:2e:f3:92:28:c2:a1:
                    74:86:47:fe:ca:39:66:15:5e:f9:6a:5b:22:6c:29:
                    f0:c9:90:0b:fb:5d:e5:1d:b6:53:02:f3:79:0b:74:
                    42:6e:f0:a3:49:55:05:97:ef:30:11:ab:d9:ad:ac:
                    86:dd:32:cd:41:38:dd:60:a2:5b:27:2f:7c:33:1d:
                    ff:73:5f:2e:4a:26:a3:87:d2:ea:0c:0f:b0:45:a3:
                    2f:53:17:67:16:4c:c0:4b:d7:f6:c9:fa:ed:42:e9:
                    29:00:b0:67:55:12:05:c7:be:e1:63:6b:b9:9b:ed:
                    6a:ba:9e:20:c1:a0:25:8f:fd:01:10:d7:44:85:fd:
                    7e:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:35:14:17:D3:5E:91:5A:C7:B5:25:82:21:EC:38:77:7A:5A:63:DB
            X509v3 Authority Key Identifier:
                keyid:E7:60:12:6D:CE:78:BC:16:E6:6C:2E:6E:76:35:84:8A:C4:68:46:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/NDUUF9NekVrHtSWCIew4d3paY9s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.247.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:7a:76:75:6c:d5:e3:74:05:70:e2:20:db:ca:52:28:a4:78:
         00:b1:f8:ba:59:19:fe:ba:c1:5d:c4:cb:a0:33:91:f5:1d:e6:
         8e:cf:d6:60:da:ef:2c:04:66:8b:4f:36:0c:9d:66:42:7f:b3:
         07:f4:8f:d9:ef:17:c0:e9:ef:90:ef:84:f0:28:66:05:b5:1f:
         5b:85:0d:75:f8:7b:18:b6:92:58:12:e5:f2:e3:6f:3f:ea:0c:
         5e:90:4c:21:ec:8c:a4:03:96:42:78:b1:b0:17:f0:f3:fc:0e:
         cb:32:db:4d:62:25:2a:a5:d7:5d:19:2e:31:2d:c6:e4:c2:e5:
         de:71:76:7a:02:11:f6:4f:63:4f:90:96:f1:9b:53:e4:81:fe:
         2d:e0:a9:dc:d9:f5:47:b9:1d:4a:e9:06:42:96:e8:fc:de:1a:
         a1:40:54:02:02:f5:14:3a:77:a5:f0:1f:1b:74:89:de:2d:28:
         c5:ae:ce:cf:78:58:e0:24:24:cd:77:64:b9:ef:c1:9b:42:85:
         f5:5d:46:1e:20:95:eb:b8:f7:2c:af:a8:cc:48:cf:bb:3d:ff:
         e7:bf:2c:ff:2f:bb:e5:10:f4:3c:6f:71:19:43:1d:c9:3b:17:
         f1:fa:ac:88:8a:f4:26:8e:c5:bf:37:92:98:f6:e4:df:d8:42:
         52:4d:f4:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk39jO3+UL3caLMcYEu/oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NjAxMjZkY2U3OGJjMTZlNjZjMmU2ZTc2MzU4NDhhYzQ2
ODQ2YWYwHhcNMjQwMTAyMDAyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDM1MTQxN2QzNWU5MTVhYzdiNTI1ODIyMWVjMzg3NzdhNWE2M2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1R0kOHiLzypiejywC40fzK6QJ7+
2myeAgfvg5EwVTIqewklypYwk8L6a1gmYTxM2+7NNG8fgGj/luoe1BMd80xsHvsj
R6fZl5m/IOiQEkSILKGelYmYEFmZehyhS597MwmLl9mZ4dJvU2V3D3X9lzCSjQoy
rRJ3OrEWeR4WJQ0u85IowqF0hkf+yjlmFV75alsibCnwyZAL+13lHbZTAvN5C3RC
bvCjSVUFl+8wEavZrayG3TLNQTjdYKJbJy98Mx3/c18uSiajh9LqDA+wRaMvUxdn
FkzAS9f2yfrtQukpALBnVRIFx77hY2u5m+1qup4gwaAlj/0BENdEhf1+awIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDQ1FBfTXpFax7UlgiHsOHd6WmPbMB8GA1UdIwQY
MBaAFOdgEm3OeLwW5mwubnY1hIrEaEavMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTJBU2JjNTR2QmJtYkM1dWRqV0Vpc1JvUnE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS80ODhmNjEtMmYwMC00NjM5LTk3Yjgt
ZDI0ZjU2MmRlZGQyLzEvTkRVVUY5TmVrVnJIdFNXQ0lldzRkM3BhWTlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS80ODhmNjEtMmYwMC00NjM5LTk3YjgtZDI0ZjU2MmRlZGQy
LzEvNTJBU2JjNTR2QmJtYkM1dWRqV0Vpc1JvUnE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkvdoMA0G
CSqGSIb3DQEBCwUAA4IBAQBHenZ1bNXjdAVw4iDbylIopHgAsfi6WRn+usFdxMug
M5H1HeaOz9Zg2u8sBGaLTzYMnWZCf7MH9I/Z7xfA6e+Q74TwKGYFtR9bhQ11+HsY
tpJYEuXy428/6gxekEwh7IykA5ZCeLGwF/Dz/A7LMttNYiUqpdddGS4xLcbkwuXe
cXZ6AhH2T2NPkJbxm1Pkgf4t4Knc2fVHuR1K6QZCluj83hqhQFQCAvUUOnel8B8b
dIneLSjFrs7PeFjgJCTNd2S578GbQoX1XUYeIJXruPcsr6jMSM+7Pf/nvyz/L7vl
EPQ8b3EZQx3JOxfx+qyIivQmjsW/N5KY9uTf2EJSTfQj
-----END CERTIFICATE-----