Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/Y6vQpPznG2PH5LzqcwC1OV-yd7s.roa
File:                     Y6vQpPznG2PH5LzqcwC1OV-yd7s.roa (raw, json)
Hash identifier:          hFC5WxrKdWMCDM10uUR+fOHz2K7qz2XWBduoW4X/ANs=
Subject key identifier:   63:AB:D0:A4:FC:E7:1B:63:C7:E4:BC:EA:73:00:B5:39:5F:B2:77:BB
Certificate issuer:       /CN=62a15cc88659f578cc159c52b3a7e9ec5819fb20
Certificate serial:       018CD5912497F2BAE6EC74782328CBDF786D
Authority key identifier: 62:A1:5C:C8:86:59:F5:78:CC:15:9C:52:B3:A7:E9:EC:58:19:FB:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/Y6vQpPznG2PH5LzqcwC1OV-yd7s.roa
Signing time:             Thu 04 Jan 2024 17:41:48 +0000
ROA not before:           Thu 04 Jan 2024 17:41:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2914
IP address blocks:        93.89.216.0/24 maxlen: 24
                          93.89.218.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 01:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d5:91:24:97:f2:ba:e6:ec:74:78:23:28:cb:df:78:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62a15cc88659f578cc159c52b3a7e9ec5819fb20
        Validity
            Not Before: Jan  4 17:41:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63abd0a4fce71b63c7e4bcea7300b5395fb277bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:48:45:a9:45:51:50:cb:6a:c4:e2:bf:55:85:
                    52:45:e2:1e:4a:8f:5d:ef:93:03:6e:ca:a7:18:aa:
                    3b:fe:b6:98:0b:2d:7e:70:2d:8c:d6:b5:09:93:0c:
                    81:e9:3e:29:a0:0a:95:c3:03:ca:b8:c5:4e:05:5c:
                    d0:4e:30:b8:0b:51:ac:0a:ef:b8:8d:3c:8f:c2:89:
                    ee:de:af:5a:e9:d8:24:44:ee:b2:e4:a2:97:0a:f2:
                    80:c1:61:e8:e0:c5:88:f7:67:6e:58:32:2a:0e:c9:
                    a9:73:b8:f4:71:92:6b:bf:6f:9c:d2:bc:a6:50:a1:
                    0e:af:75:af:1a:53:c4:ba:96:fd:6d:a9:20:8b:69:
                    1c:46:49:2c:88:53:3e:65:0a:52:6d:c1:f5:b5:eb:
                    94:da:00:e3:6b:3d:7d:5a:93:8d:9e:c5:0c:62:bc:
                    3b:b3:50:67:60:9c:37:78:44:10:10:b0:de:2f:f0:
                    84:08:0f:05:12:f8:2b:c4:5e:51:5a:d1:d6:a9:59:
                    c0:d4:7b:6f:41:ff:86:8c:b4:ed:17:5b:c3:02:0c:
                    1a:7b:64:a0:c4:a0:1c:7c:c0:23:e7:e6:a1:e1:38:
                    22:21:31:77:c6:3b:ff:49:3a:d3:88:a8:55:65:4e:
                    03:3f:fe:95:5c:cc:ad:85:0b:18:1a:c1:d0:89:b8:
                    52:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:AB:D0:A4:FC:E7:1B:63:C7:E4:BC:EA:73:00:B5:39:5F:B2:77:BB
            X509v3 Authority Key Identifier:
                keyid:62:A1:5C:C8:86:59:F5:78:CC:15:9C:52:B3:A7:E9:EC:58:19:FB:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/Y6vQpPznG2PH5LzqcwC1OV-yd7s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.89.216.0/24
                  93.89.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:22:d3:96:9f:07:f7:8c:ab:5b:d7:af:31:c3:c2:68:ae:29:
         71:9b:e3:4b:e0:fd:b5:e1:e3:fa:e8:42:57:62:dc:e4:2f:ff:
         68:cd:c3:8d:b8:16:ea:85:45:5b:3e:2f:ff:fa:61:7a:0d:31:
         2b:b9:eb:09:d9:f2:fd:b9:66:90:27:59:d0:bf:26:e4:9f:7b:
         4d:a2:38:bd:fe:a1:1d:ad:4d:6e:f1:67:05:15:ca:50:fe:83:
         9d:55:b1:c4:11:30:ea:d2:41:75:e0:76:c6:c6:31:16:7b:5a:
         ea:0f:8a:03:9c:13:06:ec:a7:3f:4d:9a:cd:ac:1c:54:cb:97:
         c3:31:b7:bb:1e:c5:56:64:71:a9:ee:8f:19:db:18:b9:12:b6:
         9d:ae:7a:8e:c5:c5:ba:52:a3:0d:23:d7:2d:c8:f1:2a:97:c8:
         f3:cd:ef:9e:23:11:58:24:5a:da:b9:dc:78:69:e4:eb:4c:7a:
         4f:76:9f:69:f9:cc:9a:eb:a9:ce:35:d3:7b:dc:68:de:24:00:
         a4:df:78:36:50:a6:d6:2f:da:fb:ae:d0:53:64:9a:3c:a4:f8:
         f4:21:61:c4:49:c6:02:0e:78:e9:fd:f3:fb:46:29:56:bb:e6:
         6a:b1:90:56:42:9d:f7:87:77:86:00:17:87:8f:60:0f:17:de:
         e2:ed:59:3e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzVkSSX8rrm7HR4IyjL33htMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyYTE1Y2M4ODY1OWY1NzhjYzE1OWM1MmIzYTdlOWVjNTgx
OWZiMjAwHhcNMjQwMTA0MTc0MTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2FiZDBhNGZjZTcxYjYzYzdlNGJjZWE3MzAwYjUzOTVmYjI3N2JiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUhFqUVRUMtqxOK/VYVSReIeSo9d
75MDbsqnGKo7/raYCy1+cC2M1rUJkwyB6T4poAqVwwPKuMVOBVzQTjC4C1GsCu+4
jTyPwonu3q9a6dgkRO6y5KKXCvKAwWHo4MWI92duWDIqDsmpc7j0cZJrv2+c0rym
UKEOr3WvGlPEupb9bakgi2kcRkksiFM+ZQpSbcH1teuU2gDjaz19WpONnsUMYrw7
s1BnYJw3eEQQELDeL/CECA8FEvgrxF5RWtHWqVnA1HtvQf+GjLTtF1vDAgwae2Sg
xKAcfMAj5+ah4TgiITF3xjv/STrTiKhVZU4DP/6VXMythQsYGsHQibhSKwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGOr0KT85xtjx+S86nMAtTlfsne7MB8GA1UdIwQY
MBaAFGKhXMiGWfV4zBWcUrOn6exYGfsgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXFGY3lJWlo5WGpNRlp4U3M2ZnA3RmdaLXlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi8yMTE3YmMtMWY5ZS00NTkwLWE1NTAt
NDI2OWI1NmJmN2Q0LzEvWTZ2UXBQem5HMlBINUx6cWN3QzFPVi15ZDdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi8yMTE3YmMtMWY5ZS00NTkwLWE1NTAtNDI2OWI1NmJmN2Q0
LzEvWXFGY3lJWlo5WGpNRlp4U3M2ZnA3RmdaLXlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXVnYAwQA
XVnaMA0GCSqGSIb3DQEBCwUAA4IBAQCgItOWnwf3jKtb168xw8Jorilxm+NL4P21
4eP66EJXYtzkL/9ozcONuBbqhUVbPi//+mF6DTEruesJ2fL9uWaQJ1nQvybkn3tN
oji9/qEdrU1u8WcFFcpQ/oOdVbHEETDq0kF14HbGxjEWe1rqD4oDnBMG7Kc/TZrN
rBxUy5fDMbe7HsVWZHGp7o8Z2xi5EradrnqOxcW6UqMNI9ctyPEql8jzze+eIxFY
JFraudx4aeTrTHpPdp9p+cya66nONdN73GjeJACk33g2UKbWL9r7rtBTZJo8pPj0
IWHEScYCDnjp/fP7RilWu+ZqsZBWQp33h3eGABeHj2APF97i7Vk+
-----END CERTIFICATE-----