Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/k20m0m4S8jJQRFHprxTGNKZyOF4.roa
File:                     k20m0m4S8jJQRFHprxTGNKZyOF4.roa (raw, json)
Hash identifier:          Ewz1ZbBxd+4ZE+0VRsJ0LWX+nh/r8Jy8LCU84ZU+nvI=
Subject key identifier:   93:6D:26:D2:6E:12:F2:32:50:44:51:E9:AF:14:C6:34:A6:72:38:5E
Certificate issuer:       /CN=62a15cc88659f578cc159c52b3a7e9ec5819fb20
Certificate serial:       018CC80180F41CF3A41C3F0424D2CB4AD4B2
Authority key identifier: 62:A1:5C:C8:86:59:F5:78:CC:15:9C:52:B3:A7:E9:EC:58:19:FB:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/k20m0m4S8jJQRFHprxTGNKZyOF4.roa
Signing time:             Tue 02 Jan 2024 02:29:50 +0000
ROA not before:           Tue 02 Jan 2024 02:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207967
IP address blocks:        193.109.160.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 06:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:80:f4:1c:f3:a4:1c:3f:04:24:d2:cb:4a:d4:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62a15cc88659f578cc159c52b3a7e9ec5819fb20
        Validity
            Not Before: Jan  2 02:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=936d26d26e12f232504451e9af14c634a672385e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:5e:a0:f4:8e:7b:7a:01:1d:6b:e9:8b:7a:3d:
                    7e:73:bf:59:3b:0f:71:05:76:d6:9b:66:ad:77:eb:
                    93:f3:15:b5:67:2b:eb:b5:fd:9d:1c:33:8c:c7:95:
                    74:46:ff:a4:fd:65:bc:b0:40:0b:48:94:67:1b:0d:
                    85:f1:4d:b9:68:eb:c6:0c:8d:d0:a7:e1:d9:b5:77:
                    04:f8:5d:97:3e:21:03:43:a9:db:4c:c2:bf:5f:cd:
                    9d:37:3f:a3:b4:b7:de:bf:1b:52:28:c7:34:c2:d2:
                    fb:33:f0:a0:c6:39:73:64:c7:e1:17:0f:8b:3e:e0:
                    3d:05:c9:9f:6a:98:72:2d:c8:7b:5c:64:63:02:c4:
                    08:aa:4f:e9:7f:76:a6:2c:f8:7c:cc:3f:2c:61:14:
                    46:ef:fb:ac:bd:b0:18:f9:2e:2f:34:ed:94:6f:5e:
                    f4:b8:d7:6e:01:3a:1c:94:f5:de:ed:1b:32:da:bd:
                    56:95:67:6e:db:a6:23:1c:14:19:28:f6:8b:09:63:
                    7c:14:2e:49:51:60:b3:cb:4d:f1:3e:3b:bc:0b:9d:
                    45:21:34:19:47:27:5c:d8:6d:ed:6f:32:2e:c4:5b:
                    af:f6:60:ac:f1:0e:d7:5f:43:61:4e:e4:1d:02:49:
                    27:87:a7:93:80:c6:f7:ba:b0:0d:6b:eb:7e:fe:c4:
                    36:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:6D:26:D2:6E:12:F2:32:50:44:51:E9:AF:14:C6:34:A6:72:38:5E
            X509v3 Authority Key Identifier:
                keyid:62:A1:5C:C8:86:59:F5:78:CC:15:9C:52:B3:A7:E9:EC:58:19:FB:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/k20m0m4S8jJQRFHprxTGNKZyOF4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.109.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2f:7d:50:35:7b:f1:e5:e8:f5:89:ff:53:be:a7:95:40:97:bb:
         17:de:8f:fc:65:83:d9:cb:ed:84:84:7e:06:40:e9:d2:45:87:
         43:44:5c:ff:eb:52:6c:e5:df:88:f3:86:6a:34:09:11:63:40:
         28:71:4f:8a:fe:03:24:f9:6e:3d:a7:98:9d:21:33:bd:56:2c:
         6a:a2:df:fa:bf:c3:7b:d4:c3:3a:3c:f0:e8:e1:b1:06:94:5e:
         4f:ca:8f:ff:5e:83:81:50:9c:c6:6b:17:f6:54:75:7d:87:55:
         4e:34:cc:44:48:fe:63:28:c7:20:0c:0d:11:4b:bb:3a:fe:4a:
         0e:b5:51:02:c7:66:b5:15:0f:a7:bb:f7:56:48:a3:47:da:31:
         87:0d:11:0c:4d:0a:fe:5f:c8:f5:7f:ad:e0:fe:a6:c4:43:70:
         5b:9a:43:7f:06:ff:3f:ed:19:03:02:a5:2c:c0:e8:44:1f:45:
         2d:74:d3:99:a6:54:fb:c4:aa:bf:0c:c8:eb:95:90:ef:29:8a:
         f1:ae:3c:b3:90:1c:f4:1d:df:cd:bc:0b:2f:90:d6:d5:ac:18:
         95:b3:d9:a5:87:0a:d2:f5:3e:b1:2f:24:a4:51:ca:ad:02:2b:
         17:78:c1:89:99:aa:5d:ca:b2:f8:55:5b:13:2c:95:14:03:da:
         95:30:9d:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAYD0HPOkHD8EJNLLStSyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyYTE1Y2M4ODY1OWY1NzhjYzE1OWM1MmIzYTdlOWVjNTgx
OWZiMjAwHhcNMjQwMTAyMDIyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzZkMjZkMjZlMTJmMjMyNTA0NDUxZTlhZjE0YzYzNGE2NzIzODVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF6g9I57egEda+mLej1+c79ZOw9x
BXbWm2atd+uT8xW1Zyvrtf2dHDOMx5V0Rv+k/WW8sEALSJRnGw2F8U25aOvGDI3Q
p+HZtXcE+F2XPiEDQ6nbTMK/X82dNz+jtLfevxtSKMc0wtL7M/CgxjlzZMfhFw+L
PuA9BcmfaphyLch7XGRjAsQIqk/pf3amLPh8zD8sYRRG7/usvbAY+S4vNO2Ub170
uNduAToclPXe7Rsy2r1WlWdu26YjHBQZKPaLCWN8FC5JUWCzy03xPju8C51FITQZ
Rydc2G3tbzIuxFuv9mCs8Q7XX0NhTuQdAkknh6eTgMb3urANa+t+/sQ2OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJNtJtJuEvIyUERR6a8UxjSmcjheMB8GA1UdIwQY
MBaAFGKhXMiGWfV4zBWcUrOn6exYGfsgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXFGY3lJWlo5WGpNRlp4U3M2ZnA3RmdaLXlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi8yMTE3YmMtMWY5ZS00NTkwLWE1NTAt
NDI2OWI1NmJmN2Q0LzEvazIwbTBtNFM4akpRUkZIcHJ4VEdOS1p5T0Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi8yMTE3YmMtMWY5ZS00NTkwLWE1NTAtNDI2OWI1NmJmN2Q0
LzEvWXFGY3lJWlo5WGpNRlp4U3M2ZnA3RmdaLXlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwW2gMA0G
CSqGSIb3DQEBCwUAA4IBAQAvfVA1e/Hl6PWJ/1O+p5VAl7sX3o/8ZYPZy+2EhH4G
QOnSRYdDRFz/61Js5d+I84ZqNAkRY0AocU+K/gMk+W49p5idITO9Vixqot/6v8N7
1MM6PPDo4bEGlF5Pyo//XoOBUJzGaxf2VHV9h1VONMxESP5jKMcgDA0RS7s6/koO
tVECx2a1FQ+nu/dWSKNH2jGHDREMTQr+X8j1f63g/qbEQ3BbmkN/Bv8/7RkDAqUs
wOhEH0UtdNOZplT7xKq/DMjrlZDvKYrxrjyzkBz0Hd/NvAsvkNbVrBiVs9mlhwrS
9T6xLySkUcqtAisXeMGJmapdyrL4VVsTLJUUA9qVMJ2a
-----END CERTIFICATE-----