Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/a7ce03-1f15-4dbc-9a8d-a81544ea5b67/1/MiNEYKSaJ1laCfiwJNbobIXOgpw.roa
File:                     MiNEYKSaJ1laCfiwJNbobIXOgpw.roa (raw, json)
Hash identifier:          JmcsS2pmzh7jsxu5s/hZu7SuGZOPIc9rBVVctD1eh9w=
Subject key identifier:   32:23:44:60:A4:9A:27:59:5A:09:F8:B0:24:D6:E8:6C:85:CE:82:9C
Certificate issuer:       /CN=62e5ec9df4dd03b9f500a6a0947d147b6ed21666
Certificate serial:       018CC4247F81635B24626C0DAEC3217800C0
Authority key identifier: 62:E5:EC:9D:F4:DD:03:B9:F5:00:A6:A0:94:7D:14:7B:6E:D2:16:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YuXsnfTdA7n1AKaglH0Ue27SFmY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/a7ce03-1f15-4dbc-9a8d-a81544ea5b67/1/MiNEYKSaJ1laCfiwJNbobIXOgpw.roa
Signing time:             Mon 01 Jan 2024 08:29:35 +0000
ROA not before:           Mon 01 Jan 2024 08:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        185.188.93.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/a7ce03-1f15-4dbc-9a8d-a81544ea5b67/1/YuXsnfTdA7n1AKaglH0Ue27SFmY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/a7ce03-1f15-4dbc-9a8d-a81544ea5b67/1/YuXsnfTdA7n1AKaglH0Ue27SFmY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YuXsnfTdA7n1AKaglH0Ue27SFmY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 01:04:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:7f:81:63:5b:24:62:6c:0d:ae:c3:21:78:00:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62e5ec9df4dd03b9f500a6a0947d147b6ed21666
        Validity
            Not Before: Jan  1 08:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=32234460a49a27595a09f8b024d6e86c85ce829c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:7d:9c:ce:93:b5:be:07:69:c2:84:51:f8:a1:
                    bd:63:8b:84:12:6c:76:e1:76:90:b3:94:78:74:b5:
                    e9:45:e8:9b:58:ee:68:2f:4d:ac:d8:74:ee:da:46:
                    53:51:e0:57:b6:82:27:83:eb:6c:b3:ac:99:02:9b:
                    68:69:5a:f4:9a:6a:24:fa:3e:7b:08:d6:6d:0c:92:
                    f8:45:83:87:7e:68:4e:c0:61:ba:ca:ab:56:e4:e4:
                    aa:fe:e5:69:98:e2:23:16:d6:8b:52:44:01:26:fd:
                    ae:9b:0b:2c:b0:8e:0b:23:a9:db:8d:2f:3f:d4:cc:
                    92:d3:6d:a7:39:d2:94:79:21:f5:d5:e3:26:27:b3:
                    dd:96:5d:29:b2:b6:2e:55:b0:43:a1:51:8f:ea:15:
                    42:e4:65:24:ba:1f:0b:a0:2d:89:23:a0:87:79:4e:
                    59:c1:6d:20:61:9a:9a:7d:f6:6b:0a:d2:c0:05:5f:
                    12:53:66:1f:f2:7f:3f:66:4e:84:22:ec:f2:0e:b7:
                    13:fe:19:de:e6:5a:fd:9d:3a:81:2d:29:06:e7:59:
                    c2:e0:01:42:61:12:2a:23:a4:08:32:fe:4a:d9:a9:
                    32:36:0c:2e:e3:dc:a4:75:9a:9d:e8:e0:50:1d:ad:
                    6e:36:86:95:35:6a:43:6a:29:e4:ef:41:02:d2:9c:
                    87:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:23:44:60:A4:9A:27:59:5A:09:F8:B0:24:D6:E8:6C:85:CE:82:9C
            X509v3 Authority Key Identifier:
                keyid:62:E5:EC:9D:F4:DD:03:B9:F5:00:A6:A0:94:7D:14:7B:6E:D2:16:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YuXsnfTdA7n1AKaglH0Ue27SFmY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/a7ce03-1f15-4dbc-9a8d-a81544ea5b67/1/MiNEYKSaJ1laCfiwJNbobIXOgpw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/a7ce03-1f15-4dbc-9a8d-a81544ea5b67/1/YuXsnfTdA7n1AKaglH0Ue27SFmY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.188.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:cf:f2:10:45:c5:44:bf:23:38:ff:c2:92:74:b3:9e:3e:77:
         23:25:bf:1d:1e:3d:99:9d:bd:80:cb:f1:68:d6:d4:20:0d:78:
         11:11:1c:7a:81:26:5f:de:7f:43:1b:0c:e5:d2:fd:48:b4:da:
         48:53:38:7b:18:a3:11:bd:c0:f5:28:68:ed:8d:50:42:44:7d:
         ce:c0:2e:ea:9c:b7:21:ae:c7:71:ab:db:0f:7f:b4:e2:e7:1d:
         77:29:eb:69:6c:e6:36:1b:74:35:f2:80:1c:45:17:14:4a:31:
         31:80:9e:ca:3c:99:37:c4:26:ab:48:96:4f:a9:19:15:cf:b2:
         d3:22:81:68:6c:95:cb:77:46:17:54:7e:79:cd:54:7a:df:d7:
         0e:12:32:3e:6d:6d:16:55:0a:b4:7d:0b:be:2d:1e:d6:e4:88:
         ed:76:75:59:ed:f0:1c:8b:dc:5d:3d:b2:0a:bf:06:70:61:58:
         6f:f1:52:0d:98:5d:5d:95:47:95:8f:83:a2:cd:96:2d:be:a1:
         e3:f4:c6:f0:52:e1:e7:2f:7a:f8:ba:d5:89:b1:72:b0:cf:a2:
         d2:de:ed:8c:cd:24:f6:a1:8c:ec:f1:c1:fb:f7:b7:3a:23:ed:
         2d:e1:92:04:63:13:5d:73:a4:b5:82:75:50:c8:f0:56:52:e8:
         a0:c1:19:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJH+BY1skYmwNrsMheADAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZTVlYzlkZjRkZDAzYjlmNTAwYTZhMDk0N2QxNDdiNmVk
MjE2NjYwHhcNMjQwMTAxMDgyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjIzNDQ2MGE0OWEyNzU5NWEwOWY4YjAyNGQ2ZTg2Yzg1Y2U4MjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhH2czpO1vgdpwoRR+KG9Y4uEEmx2
4XaQs5R4dLXpReibWO5oL02s2HTu2kZTUeBXtoIng+tss6yZAptoaVr0mmok+j57
CNZtDJL4RYOHfmhOwGG6yqtW5OSq/uVpmOIjFtaLUkQBJv2umwsssI4LI6nbjS8/
1MyS022nOdKUeSH11eMmJ7Pdll0psrYuVbBDoVGP6hVC5GUkuh8LoC2JI6CHeU5Z
wW0gYZqaffZrCtLABV8SU2Yf8n8/Zk6EIuzyDrcT/hne5lr9nTqBLSkG51nC4AFC
YRIqI6QIMv5K2akyNgwu49ykdZqd6OBQHa1uNoaVNWpDaink70EC0pyHcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDIjRGCkmidZWgn4sCTW6GyFzoKcMB8GA1UdIwQY
MBaAFGLl7J303QO59QCmoJR9FHtu0hZmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXVYc25mVGRBN24xQUthZ2xIMFVlMjdTRm1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC9hN2NlMDMtMWYxNS00ZGJjLTlhOGQt
YTgxNTQ0ZWE1YjY3LzEvTWlORVlLU2FKMWxhQ2Zpd0pOYm9iSVhPZ3B3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC9hN2NlMDMtMWYxNS00ZGJjLTlhOGQtYTgxNTQ0ZWE1YjY3
LzEvWXVYc25mVGRBN24xQUthZ2xIMFVlMjdTRm1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubxdMA0G
CSqGSIb3DQEBCwUAA4IBAQACz/IQRcVEvyM4/8KSdLOePncjJb8dHj2Znb2Ay/Fo
1tQgDXgRERx6gSZf3n9DGwzl0v1ItNpIUzh7GKMRvcD1KGjtjVBCRH3OwC7qnLch
rsdxq9sPf7Ti5x13KetpbOY2G3Q18oAcRRcUSjExgJ7KPJk3xCarSJZPqRkVz7LT
IoFobJXLd0YXVH55zVR639cOEjI+bW0WVQq0fQu+LR7W5IjtdnVZ7fAci9xdPbIK
vwZwYVhv8VINmF1dlUeVj4OizZYtvqHj9MbwUuHnL3r4utWJsXKwz6LS3u2MzST2
oYzs8cH797c6I+0t4ZIEYxNdc6S1gnVQyPBWUuigwRmG
-----END CERTIFICATE-----