Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/iSjKDaY4PMW8nzIwlVjBAKhlTu0.roa
File:                     iSjKDaY4PMW8nzIwlVjBAKhlTu0.roa (raw, json)
Hash identifier:          rQaZ1JiSO6L46UOC5kHRygGwbM1F7pLyZ3uuttOKEP4=
Subject key identifier:   89:28:CA:0D:A6:38:3C:C5:BC:9F:32:30:95:58:C1:00:A8:65:4E:ED
Certificate issuer:       /CN=7df132df13e4be53d8250c8c48420264eef6c14c
Certificate serial:       018CC802C20F5D332F2D362075D0C8DAC6EB
Authority key identifier: 7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/iSjKDaY4PMW8nzIwlVjBAKhlTu0.roa
Signing time:             Tue 02 Jan 2024 02:31:13 +0000
ROA not before:           Tue 02 Jan 2024 02:31:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5483
IP address blocks:        93.114.97.0/24 maxlen: 24
                          86.104.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 22:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:c2:0f:5d:33:2f:2d:36:20:75:d0:c8:da:c6:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7df132df13e4be53d8250c8c48420264eef6c14c
        Validity
            Not Before: Jan  2 02:31:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8928ca0da6383cc5bc9f32309558c100a8654eed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:fc:97:50:a5:c4:c2:38:d3:92:ed:87:09:ec:
                    62:bf:f6:06:29:63:79:20:d7:be:99:3c:f2:4f:50:
                    1b:32:01:55:51:2e:77:d3:88:73:36:a7:fc:26:cc:
                    7d:0e:9a:d6:bf:c3:ed:8c:e9:76:0a:bf:e6:75:d8:
                    fa:b9:05:2d:30:8c:e8:54:23:90:d7:d8:61:33:9d:
                    da:e4:5d:d1:5f:f3:b5:36:dc:b8:f5:8f:d3:92:c5:
                    72:30:f9:73:10:49:39:58:7f:ba:bc:3c:72:ec:20:
                    99:34:b9:74:d7:19:b6:2e:cb:fe:dd:74:5b:28:77:
                    a1:d1:ee:c9:4c:e0:32:90:9d:10:d0:09:4d:41:70:
                    23:73:d3:a6:f7:ee:44:71:a0:a5:2e:14:34:b3:64:
                    e2:39:b4:72:1c:75:56:f8:b0:1f:7a:03:a0:03:b1:
                    80:af:2f:e0:fd:f5:74:ce:0d:a4:6f:4d:f3:3e:f4:
                    74:87:21:b3:ed:e7:a4:aa:d9:70:ad:6d:d1:d7:3f:
                    6f:6e:5c:1b:7b:2e:0c:ec:83:b4:a0:b2:fb:5b:a7:
                    04:3b:f7:58:a9:b7:38:67:df:03:95:23:f2:b2:e6:
                    80:38:44:32:56:04:04:d3:27:cc:d7:97:fb:81:e8:
                    62:d8:14:bf:d5:7b:6b:d4:ae:ba:52:0c:3e:15:10:
                    a6:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:28:CA:0D:A6:38:3C:C5:BC:9F:32:30:95:58:C1:00:A8:65:4E:ED
            X509v3 Authority Key Identifier:
                keyid:7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/iSjKDaY4PMW8nzIwlVjBAKhlTu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.104.9.0/24
                  93.114.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:67:ce:7e:c6:db:8d:07:61:48:22:19:34:d9:ec:9d:9d:78:
         b9:05:41:97:ff:13:f5:0d:96:a0:12:33:42:1d:5f:cf:a2:0d:
         26:aa:7d:fa:de:db:b6:01:a2:8a:55:f6:fd:09:f6:cc:83:8d:
         7c:b8:d9:e4:eb:f3:73:2d:fa:0f:76:da:7d:78:e5:d8:f6:11:
         da:21:e2:6f:b2:f4:c5:51:b7:43:f6:17:07:55:fa:b4:fd:e9:
         95:ea:f0:14:87:e4:98:16:44:df:36:b5:30:27:70:5d:8d:61:
         8a:31:14:23:6b:97:36:d9:9e:88:6d:23:50:f4:4b:1c:49:46:
         9d:53:c9:78:4e:ec:03:6a:53:0e:87:54:fd:8e:ee:2c:34:e9:
         e9:5f:a4:57:db:14:14:a2:20:6a:af:42:f7:1b:16:9a:84:04:
         c1:8d:78:7d:b8:83:5e:dc:f3:b5:a1:8b:80:70:2c:14:e6:0d:
         29:b3:9a:28:eb:9d:e6:82:37:62:9c:2a:bd:af:1c:d3:57:aa:
         cc:0f:fd:16:78:46:3d:c1:c4:03:61:e0:a5:11:6c:ec:77:68:
         f0:1e:71:a5:5c:a6:5e:d9:f3:72:7f:9d:80:86:1a:fd:85:a5:
         d6:39:e1:f1:2d:9b:7b:bf:57:5a:ba:37:5c:85:b9:88:c4:90:
         af:a9:9a:db
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAsIPXTMvLTYgddDI2sbrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZjEzMmRmMTNlNGJlNTNkODI1MGM4YzQ4NDIwMjY0ZWVm
NmMxNGMwHhcNMjQwMTAyMDIzMTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTI4Y2EwZGE2MzgzY2M1YmM5ZjMyMzA5NTU4YzEwMGE4NjU0ZWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjfyXUKXEwjjTku2HCexiv/YGKWN5
INe+mTzyT1AbMgFVUS5304hzNqf8Jsx9DprWv8PtjOl2Cr/mddj6uQUtMIzoVCOQ
19hhM53a5F3RX/O1Nty49Y/TksVyMPlzEEk5WH+6vDxy7CCZNLl01xm2Lsv+3XRb
KHeh0e7JTOAykJ0Q0AlNQXAjc9Om9+5EcaClLhQ0s2TiObRyHHVW+LAfegOgA7GA
ry/g/fV0zg2kb03zPvR0hyGz7eekqtlwrW3R1z9vblwbey4M7IO0oLL7W6cEO/dY
qbc4Z98DlSPysuaAOEQyVgQE0yfM15f7gehi2BS/1Xtr1K66Ugw+FRCmHQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIkoyg2mODzFvJ8yMJVYwQCoZU7tMB8GA1UdIwQY
MBaAFH3xMt8T5L5T2CUMjEhCAmTu9sFMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYt
OTc3ODY3NGVkYzk3LzEvaVNqS0RhWTRQTVc4bnpJd2xWakJBS2hsVHUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYtOTc3ODY3NGVkYzk3
LzEvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVmgJAwQA
XXJhMA0GCSqGSIb3DQEBCwUAA4IBAQArZ85+xtuNB2FIIhk02eydnXi5BUGX/xP1
DZagEjNCHV/Pog0mqn363tu2AaKKVfb9CfbMg418uNnk6/NzLfoPdtp9eOXY9hHa
IeJvsvTFUbdD9hcHVfq0/emV6vAUh+SYFkTfNrUwJ3BdjWGKMRQja5c22Z6IbSNQ
9EscSUadU8l4TuwDalMOh1T9ju4sNOnpX6RX2xQUoiBqr0L3GxaahATBjXh9uINe
3PO1oYuAcCwU5g0ps5oo653mgjdinCq9rxzTV6rMD/0WeEY9wcQDYeClEWzsd2jw
HnGlXKZe2fNyf52Ahhr9haXWOeHxLZt7v1daujdchbmIxJCvqZrb
-----END CERTIFICATE-----