Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/8b43b3-03eb-4867-a60e-d7d9533287c5/1/i93dNDTZUmndF-WrTwIxtqLHx3Y.roa
File:                     i93dNDTZUmndF-WrTwIxtqLHx3Y.roa (raw, json)
Hash identifier:          yCUwHnvF0Emqy9YYjXnuZJx5Irogsp7OFUEG8TMqtYU=
Subject key identifier:   8B:DD:DD:34:34:D9:52:69:DD:17:E5:AB:4F:02:31:B6:A2:C7:C7:76
Certificate issuer:       /CN=e5e70065e009ded95856e80a053b2e9edceffb8c
Certificate serial:       018CC86EFFC0CFA87044321E939EDE2CE746
Authority key identifier: E5:E7:00:65:E0:09:DE:D9:58:56:E8:0A:05:3B:2E:9E:DC:EF:FB:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5ecAZeAJ3tlYVugKBTsuntzv-4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/8b43b3-03eb-4867-a60e-d7d9533287c5/1/i93dNDTZUmndF-WrTwIxtqLHx3Y.roa
Signing time:             Tue 02 Jan 2024 04:29:26 +0000
ROA not before:           Tue 02 Jan 2024 04:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        212.46.46.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/8b43b3-03eb-4867-a60e-d7d9533287c5/1/5ecAZeAJ3tlYVugKBTsuntzv-4w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/8b43b3-03eb-4867-a60e-d7d9533287c5/1/5ecAZeAJ3tlYVugKBTsuntzv-4w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5ecAZeAJ3tlYVugKBTsuntzv-4w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 20:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:ff:c0:cf:a8:70:44:32:1e:93:9e:de:2c:e7:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5e70065e009ded95856e80a053b2e9edceffb8c
        Validity
            Not Before: Jan  2 04:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8bdddd3434d95269dd17e5ab4f0231b6a2c7c776
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c4:cc:45:ff:ac:65:25:95:2e:2f:78:b5:0c:
                    bc:cc:da:dd:18:7e:c9:7a:fd:9b:4f:86:a0:3a:fb:
                    15:2e:53:1c:9d:9c:76:a7:ec:42:3a:3f:f0:d3:e4:
                    8e:85:ed:50:c8:f5:e2:c6:a0:36:1b:88:e4:3f:4b:
                    76:fb:a1:0b:1d:62:89:52:22:0b:1c:ed:3f:15:04:
                    47:51:f5:23:3d:c9:72:0f:78:40:4b:79:8c:5b:c3:
                    95:8c:53:71:ed:00:e7:44:3a:cb:6b:fa:1e:d3:95:
                    c8:a9:a0:97:0b:fb:0d:43:e0:f2:c2:bb:58:28:f6:
                    52:82:d1:5d:68:b9:5d:fc:61:0c:17:91:b3:1b:61:
                    18:95:1f:3e:29:d0:0d:2a:30:40:74:e3:7b:a2:75:
                    9e:97:b9:c7:b2:8c:18:5b:25:ef:0e:cd:c1:12:25:
                    e4:af:ad:7c:49:f0:19:ad:40:a5:ae:5a:89:58:a1:
                    29:c9:45:ea:b2:5d:f1:b6:8b:0c:da:29:92:98:ea:
                    ca:59:97:0b:7e:c6:05:b4:52:2f:92:de:0a:f2:e5:
                    8a:c5:40:7e:97:80:bc:62:0f:d5:1a:cd:91:16:99:
                    28:26:f7:14:d4:89:0b:bb:ab:a7:15:72:2c:f2:9f:
                    9c:59:16:68:6d:81:c3:63:30:50:13:ab:fe:41:0e:
                    45:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:DD:DD:34:34:D9:52:69:DD:17:E5:AB:4F:02:31:B6:A2:C7:C7:76
            X509v3 Authority Key Identifier:
                keyid:E5:E7:00:65:E0:09:DE:D9:58:56:E8:0A:05:3B:2E:9E:DC:EF:FB:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5ecAZeAJ3tlYVugKBTsuntzv-4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/8b43b3-03eb-4867-a60e-d7d9533287c5/1/i93dNDTZUmndF-WrTwIxtqLHx3Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/8b43b3-03eb-4867-a60e-d7d9533287c5/1/5ecAZeAJ3tlYVugKBTsuntzv-4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.46.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:ad:7c:2f:90:12:8d:45:24:86:88:1a:7a:eb:f3:52:a5:c4:
         0f:18:ef:30:f9:a7:2e:4f:6d:87:9e:49:ec:27:87:be:0e:2c:
         30:4a:0e:c6:87:de:b9:17:61:ab:41:16:27:2b:7c:29:dd:55:
         b9:51:16:55:49:4a:cc:03:fd:46:1b:5c:85:fc:d7:33:89:d6:
         6b:93:80:a6:16:6b:94:d3:a1:0d:8b:30:05:db:ff:11:76:03:
         cd:09:4c:40:3c:36:69:3c:8e:54:bf:9a:32:01:67:8f:95:4e:
         56:d2:bb:3f:8c:bb:2c:81:72:64:70:49:5f:51:c6:2a:5c:84:
         b3:8a:7c:5c:57:2b:78:e7:6c:b9:ed:b3:27:0a:b2:c2:85:bc:
         e8:fb:b3:38:6d:f6:4e:a2:13:25:47:9e:7c:58:0b:72:60:3c:
         e8:81:df:53:29:5c:96:fb:6c:d1:7e:73:9b:91:d0:a0:a9:5d:
         07:ac:77:c6:ff:15:a0:80:79:2a:33:ab:ea:4b:31:f3:89:7f:
         04:49:76:3e:4b:bb:9e:09:6a:8d:e2:c9:7f:79:f0:a5:96:44:
         1c:0e:d9:13:46:49:f9:0c:ad:a1:1c:b8:21:02:f9:0d:49:9e:
         c0:ae:ca:90:1d:61:5a:a8:ca:66:bd:61:c5:66:b6:ba:df:86:
         90:5a:ba:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbv/Az6hwRDIek57eLOdGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ZTcwMDY1ZTAwOWRlZDk1ODU2ZTgwYTA1M2IyZTllZGNl
ZmZiOGMwHhcNMjQwMTAyMDQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmRkZGQzNDM0ZDk1MjY5ZGQxN2U1YWI0ZjAyMzFiNmEyYzdjNzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMTMRf+sZSWVLi94tQy8zNrdGH7J
ev2bT4agOvsVLlMcnZx2p+xCOj/w0+SOhe1QyPXixqA2G4jkP0t2+6ELHWKJUiIL
HO0/FQRHUfUjPclyD3hAS3mMW8OVjFNx7QDnRDrLa/oe05XIqaCXC/sNQ+DywrtY
KPZSgtFdaLld/GEMF5GzG2EYlR8+KdANKjBAdON7onWel7nHsowYWyXvDs3BEiXk
r618SfAZrUClrlqJWKEpyUXqsl3xtosM2imSmOrKWZcLfsYFtFIvkt4K8uWKxUB+
l4C8Yg/VGs2RFpkoJvcU1IkLu6unFXIs8p+cWRZobYHDYzBQE6v+QQ5FJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIvd3TQ02VJp3Rflq08CMbaix8d2MB8GA1UdIwQY
MBaAFOXnAGXgCd7ZWFboCgU7Lp7c7/uMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWVjQVplQUozdGxZVnVnS0JUc3VudHp2LTR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS84YjQzYjMtMDNlYi00ODY3LWE2MGUt
ZDdkOTUzMzI4N2M1LzEvaTkzZE5EVFpVbW5kRi1XclR3SXh0cUxIeDNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS84YjQzYjMtMDNlYi00ODY3LWE2MGUtZDdkOTUzMzI4N2M1
LzEvNWVjQVplQUozdGxZVnVnS0JUc3VudHp2LTR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1C4uMA0G
CSqGSIb3DQEBCwUAA4IBAQBIrXwvkBKNRSSGiBp66/NSpcQPGO8w+acuT22Hnkns
J4e+DiwwSg7Gh965F2GrQRYnK3wp3VW5URZVSUrMA/1GG1yF/NczidZrk4CmFmuU
06ENizAF2/8RdgPNCUxAPDZpPI5Uv5oyAWePlU5W0rs/jLssgXJkcElfUcYqXISz
inxcVyt452y57bMnCrLChbzo+7M4bfZOohMlR558WAtyYDzogd9TKVyW+2zRfnOb
kdCgqV0HrHfG/xWggHkqM6vqSzHziX8ESXY+S7ueCWqN4sl/efCllkQcDtkTRkn5
DK2hHLghAvkNSZ7ArsqQHWFaqMpmvWHFZra634aQWrq+
-----END CERTIFICATE-----