Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/i-yVKXSWj-JeMY6LPWz6xoxcPAE.roa
File:                     i-yVKXSWj-JeMY6LPWz6xoxcPAE.roa (raw, json)
Hash identifier:          h4vaNIcfYyJM9/jTM9eQrT/J8mLWNYi9elGnEIlqDZo=
Subject key identifier:   8B:EC:95:29:74:96:8F:E2:5E:31:8E:8B:3D:6C:FA:C6:8C:5C:3C:01
Certificate issuer:       /CN=4456c14cd8724f9a909627b94e006cf69d12307b
Certificate serial:       018EE60E65B68AC2CFA2E013CFDFF524BBD4
Authority key identifier: 44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/i-yVKXSWj-JeMY6LPWz6xoxcPAE.roa
Signing time:             Tue 16 Apr 2024 08:38:06 +0000
ROA not before:           Tue 16 Apr 2024 08:38:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2914
IP address blocks:        93.93.96.0/22 maxlen: 22
                          93.93.100.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 15:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e6:0e:65:b6:8a:c2:cf:a2:e0:13:cf:df:f5:24:bb:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4456c14cd8724f9a909627b94e006cf69d12307b
        Validity
            Not Before: Apr 16 08:38:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8bec952974968fe25e318e8b3d6cfac68c5c3c01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:7e:8a:4f:f2:af:e1:c9:57:09:ef:63:7e:9e:
                    86:1a:52:c6:08:50:e5:25:d1:db:b9:c7:ad:6c:fe:
                    02:a5:2a:50:d3:20:dd:8d:ce:af:67:96:fd:bd:2b:
                    98:68:07:7b:39:8a:97:6c:b7:e0:19:5b:6a:c2:c3:
                    b5:a9:3c:13:67:32:6a:0b:e1:57:d8:74:10:d5:5d:
                    0e:5c:13:89:2c:a8:62:3c:58:75:c8:d5:19:5c:7b:
                    d6:c2:bb:4b:36:6f:dd:3c:18:f7:68:c1:fa:4a:d8:
                    5f:cf:27:a0:02:6b:e6:bc:07:b2:f1:59:4a:2d:81:
                    a7:d9:f5:66:7d:47:30:a8:33:eb:4e:6b:35:03:47:
                    26:f3:7f:cf:1a:0c:6a:8d:ff:3d:7d:54:34:48:86:
                    bf:e7:c0:fa:e0:69:1c:9c:47:89:98:88:24:86:72:
                    a3:6a:b4:76:ad:ce:a3:46:db:fb:64:57:6c:d7:c1:
                    ee:52:5b:5d:a1:2d:9f:10:5f:42:b9:d8:f3:cd:8c:
                    eb:56:05:85:0c:8c:42:a4:5f:3a:20:e6:e2:89:9f:
                    f2:52:11:f2:ff:92:88:e8:7f:13:86:76:b6:a3:2e:
                    a3:e3:7b:e2:7f:30:df:d9:39:a9:bc:e3:b4:f2:a5:
                    74:ef:5d:27:b4:ee:44:23:7e:e3:9d:e7:35:6c:0c:
                    3c:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:EC:95:29:74:96:8F:E2:5E:31:8E:8B:3D:6C:FA:C6:8C:5C:3C:01
            X509v3 Authority Key Identifier:
                keyid:44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/i-yVKXSWj-JeMY6LPWz6xoxcPAE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.93.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         82:3a:f3:31:8c:9a:30:af:70:66:bc:fb:eb:c1:c5:61:d2:8e:
         3a:31:c6:63:08:89:28:d0:47:21:0f:79:1c:7a:54:fb:51:24:
         bb:c1:ae:51:de:e2:42:ea:37:da:de:c2:17:79:4f:6b:bf:48:
         a8:8a:8a:3a:29:a3:e3:ea:ce:97:3d:8b:0f:ae:25:c7:4c:1b:
         2e:80:da:af:0f:89:c0:be:5f:7b:26:9e:08:38:71:ec:64:45:
         46:f5:37:a8:0c:74:27:dc:2f:bc:32:e6:8e:82:f6:6c:10:7d:
         87:72:e8:e6:d0:b0:d0:b8:d7:1c:cf:68:63:67:9f:99:a6:40:
         f4:48:9a:b1:0d:e0:a8:ee:51:1a:53:4d:af:39:3c:f5:72:11:
         56:da:fd:12:25:7d:39:45:2c:47:7d:d6:0b:2a:89:92:a3:a6:
         ed:9d:4c:58:76:30:d2:d2:80:a4:ef:37:ff:c7:94:d5:d9:c9:
         9b:ce:77:5b:77:43:37:a0:30:ca:6f:57:04:47:2c:48:ca:cc:
         09:d6:12:9f:df:08:cf:b5:fc:89:0b:b3:9d:00:b0:5d:a2:06:
         a1:88:d5:12:e3:48:29:9b:ef:78:09:04:57:ea:59:1d:49:0d:
         12:49:ad:82:8b:4b:75:43:fc:8a:4a:60:a3:7d:26:19:19:b3:
         c4:90:8e:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7mDmW2isLPouATz9/1JLvUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTZjMTRjZDg3MjRmOWE5MDk2MjdiOTRlMDA2Y2Y2OWQx
MjMwN2IwHhcNMjQwNDE2MDgzODA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmVjOTUyOTc0OTY4ZmUyNWUzMThlOGIzZDZjZmFjNjhjNWMzYzAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkn6KT/Kv4clXCe9jfp6GGlLGCFDl
JdHbucetbP4CpSpQ0yDdjc6vZ5b9vSuYaAd7OYqXbLfgGVtqwsO1qTwTZzJqC+FX
2HQQ1V0OXBOJLKhiPFh1yNUZXHvWwrtLNm/dPBj3aMH6SthfzyegAmvmvAey8VlK
LYGn2fVmfUcwqDPrTms1A0cm83/PGgxqjf89fVQ0SIa/58D64GkcnEeJmIgkhnKj
arR2rc6jRtv7ZFds18HuUltdoS2fEF9CudjzzYzrVgWFDIxCpF86IObiiZ/yUhHy
/5KI6H8Thna2oy6j43vifzDf2TmpvOO08qV0710ntO5EI37jnec1bAw8FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIvslSl0lo/iXjGOiz1s+saMXDwBMB8GA1UdIwQY
MBaAFERWwUzYck+akJYnuU4AbPadEjB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYt
NWI4NzgyNWMwN2VlLzEvaS15VktYU1dqLUplTVk2TFBXejZ4b3hjUEFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYtNWI4NzgyNWMwN2Vl
LzEvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDXV1gMA0G
CSqGSIb3DQEBCwUAA4IBAQCCOvMxjJowr3BmvPvrwcVh0o46McZjCIko0EchD3kc
elT7USS7wa5R3uJC6jfa3sIXeU9rv0ioioo6KaPj6s6XPYsPriXHTBsugNqvD4nA
vl97Jp4IOHHsZEVG9TeoDHQn3C+8MuaOgvZsEH2Hcujm0LDQuNccz2hjZ5+ZpkD0
SJqxDeCo7lEaU02vOTz1chFW2v0SJX05RSxHfdYLKomSo6btnUxYdjDS0oCk7zf/
x5TV2cmbzndbd0M3oDDKb1cERyxIyswJ1hKf3wjPtfyJC7OdALBdogahiNUS40gp
m+94CQRX6lkdSQ0SSa2Ci0t1Q/yKSmCjfSYZGbPEkI5A
-----END CERTIFICATE-----