Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/9uw8FnRooo3KPE01_EobtMA-VRs.roa
File:                     9uw8FnRooo3KPE01_EobtMA-VRs.roa (raw, json)
Hash identifier:          7is/4Fjo7s6vilLZlNE5YAfKhKAW5q3e0aQ3TqqFrtw=
Subject key identifier:   F6:EC:3C:16:74:68:A2:8D:CA:3C:4D:35:FC:4A:1B:B4:C0:3E:55:1B
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64B86CE2DBED8E4C45F65CB10D72535
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/9uw8FnRooo3KPE01_EobtMA-VRs.roa
Signing time:             Mon 01 Jan 2024 18:31:27 +0000
ROA not before:           Mon 01 Jan 2024 18:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50408
IP address blocks:        93.159.60.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:86:ce:2d:be:d8:e4:c4:5f:65:cb:10:d7:25:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6ec3c167468a28dca3c4d35fc4a1bb4c03e551b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:46:b5:ab:26:d0:4c:a6:aa:d8:7d:9e:9f:b3:
                    31:45:e6:13:f8:62:26:9d:0e:6a:3d:9c:4f:b9:68:
                    af:ad:dd:85:15:36:0a:41:3e:70:e1:69:55:6b:ba:
                    e3:b8:71:07:42:a1:fb:4f:22:f3:83:36:20:a5:00:
                    78:37:34:70:6a:24:d6:d4:de:20:1e:32:f6:9e:4e:
                    b3:d8:8f:e3:ab:4c:52:22:a5:1c:a3:3e:b6:48:1d:
                    8f:d6:41:8a:d3:01:c6:aa:50:d4:53:ba:2b:dd:28:
                    61:b4:71:97:a7:9d:28:39:7c:39:22:27:8a:da:f4:
                    9a:5b:c1:d5:e5:b9:8d:99:12:4f:c8:00:14:05:32:
                    92:7d:8a:3a:ca:16:1b:8f:da:7d:0f:d0:3f:d1:8e:
                    6f:e9:5e:44:e3:16:c9:2c:f6:e2:e8:30:e9:6d:01:
                    5d:64:0f:21:d7:aa:77:50:ca:af:7c:64:17:bc:24:
                    e1:51:7c:1b:76:c4:7b:d8:db:01:d2:66:f2:54:23:
                    ca:c4:ab:b9:e4:ca:f7:46:b4:12:6e:a5:66:e4:de:
                    38:4a:53:fe:60:1f:ba:ae:af:80:d5:e6:7b:2f:bb:
                    99:73:6c:1a:b4:1c:df:a9:1c:5e:41:ef:0e:ea:62:
                    eb:cd:60:89:40:fc:ca:db:59:8b:c5:5d:32:64:f1:
                    0d:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:EC:3C:16:74:68:A2:8D:CA:3C:4D:35:FC:4A:1B:B4:C0:3E:55:1B
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/9uw8FnRooo3KPE01_EobtMA-VRs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.159.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3d:15:08:75:e3:04:47:77:13:7b:fe:cc:36:d0:b0:d3:46:ab:
         8f:15:96:8b:29:33:ca:12:e9:49:79:75:0c:66:ef:83:78:2b:
         75:19:f4:fb:ba:99:ce:ac:8e:c0:d6:43:08:49:ba:f9:4f:02:
         8e:55:31:fa:52:8e:24:51:18:33:9d:da:8f:9a:22:cd:ff:34:
         6d:ea:27:39:99:f5:59:c3:1d:9b:8c:dc:31:f8:8d:e8:5a:8f:
         bc:bb:83:ff:97:ea:a6:96:5e:d3:e4:16:50:0a:2a:b1:cc:2a:
         b4:0d:07:0d:86:e7:5d:f7:fc:77:13:49:94:7c:6b:f9:cf:98:
         54:d6:35:10:35:e1:b3:0b:87:1b:83:47:34:0f:66:4d:46:48:
         30:0a:63:54:49:92:56:e4:c9:24:f4:23:f3:76:e9:83:73:d7:
         35:91:3a:ff:a8:e1:09:e3:a4:3f:1c:ab:57:8e:45:6c:d7:ca:
         a3:4d:ae:ac:13:e2:b3:e8:e6:4d:3b:47:b3:85:d6:a8:fa:1f:
         62:92:95:e3:72:c3:37:3e:da:f2:ce:d9:8d:e2:db:34:50:11:
         ec:a5:4b:d4:78:e8:53:bd:62:d6:6c:76:86:77:a3:7b:16:e8:
         c7:7d:4f:ce:66:8e:09:bb:af:75:26:0e:fa:7d:9e:93:47:cb:
         94:d5:06:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS4bOLb7Y5MRfZcsQ1yU1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmVjM2MxNjc0NjhhMjhkY2EzYzRkMzVmYzRhMWJiNGMwM2U1NTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApEa1qybQTKaq2H2en7MxReYT+GIm
nQ5qPZxPuWivrd2FFTYKQT5w4WlVa7rjuHEHQqH7TyLzgzYgpQB4NzRwaiTW1N4g
HjL2nk6z2I/jq0xSIqUcoz62SB2P1kGK0wHGqlDUU7or3ShhtHGXp50oOXw5IieK
2vSaW8HV5bmNmRJPyAAUBTKSfYo6yhYbj9p9D9A/0Y5v6V5E4xbJLPbi6DDpbQFd
ZA8h16p3UMqvfGQXvCThUXwbdsR72NsB0mbyVCPKxKu55Mr3RrQSbqVm5N44SlP+
YB+6rq+A1eZ7L7uZc2watBzfqRxeQe8O6mLrzWCJQPzK21mLxV0yZPENQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPbsPBZ0aKKNyjxNNfxKG7TAPlUbMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvOXV3OEZuUm9vbzNLUEUwMV9Fb2J0TUEtVlJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXZ88MA0G
CSqGSIb3DQEBCwUAA4IBAQA9FQh14wRHdxN7/sw20LDTRquPFZaLKTPKEulJeXUM
Zu+DeCt1GfT7upnOrI7A1kMISbr5TwKOVTH6Uo4kURgzndqPmiLN/zRt6ic5mfVZ
wx2bjNwx+I3oWo+8u4P/l+qmll7T5BZQCiqxzCq0DQcNhudd9/x3E0mUfGv5z5hU
1jUQNeGzC4cbg0c0D2ZNRkgwCmNUSZJW5Mkk9CPzdumDc9c1kTr/qOEJ46Q/HKtX
jkVs18qjTa6sE+Kz6OZNO0ezhdao+h9ikpXjcsM3PtryztmN4ts0UBHspUvUeOhT
vWLWbHaGd6N7FujHfU/OZo4Ju691Jg76fZ6TR8uU1QYt
-----END CERTIFICATE-----