Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/fc1fcf-2c75-41a6-81f9-5fe8afa35df6/1/Fz4WNnLJH7F0RXtlgf28eR5WkAY.roa
File:                     Fz4WNnLJH7F0RXtlgf28eR5WkAY.roa (raw, json)
Hash identifier:          z6U/37OURTXiep+4bK9zbWaz5s8wKpshEA6zM/xxVoM=
Subject key identifier:   17:3E:16:36:72:C9:1F:B1:74:45:7B:65:81:FD:BC:79:1E:56:90:06
Certificate issuer:       /CN=4999010bbb1f48709aeac02e84338a49b7774611
Certificate serial:       019034B375129273D672C767454308E0A7C1
Authority key identifier: 49:99:01:0B:BB:1F:48:70:9A:EA:C0:2E:84:33:8A:49:B7:77:46:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SZkBC7sfSHCa6sAuhDOKSbd3RhE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/fc1fcf-2c75-41a6-81f9-5fe8afa35df6/1/Fz4WNnLJH7F0RXtlgf28eR5WkAY.roa
Signing time:             Thu 20 Jun 2024 08:11:34 +0000
ROA not before:           Thu 20 Jun 2024 08:11:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29050
IP address blocks:        93.187.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/fc1fcf-2c75-41a6-81f9-5fe8afa35df6/1/SZkBC7sfSHCa6sAuhDOKSbd3RhE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/fc1fcf-2c75-41a6-81f9-5fe8afa35df6/1/SZkBC7sfSHCa6sAuhDOKSbd3RhE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SZkBC7sfSHCa6sAuhDOKSbd3RhE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 28 Jun 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:34:b3:75:12:92:73:d6:72:c7:67:45:43:08:e0:a7:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4999010bbb1f48709aeac02e84338a49b7774611
        Validity
            Not Before: Jun 20 08:11:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=173e163672c91fb174457b6581fdbc791e569006
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:fa:47:31:7b:e1:a6:72:fd:0c:e9:b0:ec:fc:
                    f3:6b:04:3d:4a:67:03:89:be:60:19:13:c1:03:ba:
                    18:10:5c:06:bd:7f:05:5e:23:33:9f:aa:75:0f:34:
                    38:6d:b0:9e:c1:9e:9a:c6:05:8f:47:13:15:51:5d:
                    f5:fb:2f:4f:06:ad:e2:a3:9e:26:28:1c:61:83:ab:
                    65:3d:a1:40:ac:b8:03:bc:86:11:99:d3:97:a6:f9:
                    82:c5:6d:cd:a6:64:41:48:90:7f:99:6b:7a:ea:09:
                    0e:1f:0a:ef:74:c6:2c:9d:65:99:6b:53:ec:c2:d3:
                    b6:aa:fa:89:ab:89:61:9d:12:03:a0:a9:ad:65:e9:
                    9b:72:4d:c0:c4:a1:a8:f7:ba:b7:dd:ce:ee:ae:8f:
                    a4:a4:3c:dd:c6:6c:30:62:02:e1:54:af:e0:e8:65:
                    68:ca:dd:c2:9c:85:45:30:d7:07:15:3b:8b:22:12:
                    4b:c8:46:70:e9:c6:77:4f:87:6d:3b:e2:f7:13:92:
                    2b:6a:d9:9b:ee:96:a0:47:33:a8:5c:a8:0e:92:12:
                    45:65:8a:d4:75:3c:cc:dd:fb:ec:75:c3:fa:d3:6a:
                    5f:1a:2f:93:16:3a:be:4c:0b:de:2a:c0:ab:8a:ed:
                    0b:7e:70:9e:17:e5:62:d7:ce:06:bf:6c:8f:2a:06:
                    1e:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:3E:16:36:72:C9:1F:B1:74:45:7B:65:81:FD:BC:79:1E:56:90:06
            X509v3 Authority Key Identifier:
                keyid:49:99:01:0B:BB:1F:48:70:9A:EA:C0:2E:84:33:8A:49:B7:77:46:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SZkBC7sfSHCa6sAuhDOKSbd3RhE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fc1fcf-2c75-41a6-81f9-5fe8afa35df6/1/Fz4WNnLJH7F0RXtlgf28eR5WkAY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fc1fcf-2c75-41a6-81f9-5fe8afa35df6/1/SZkBC7sfSHCa6sAuhDOKSbd3RhE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.187.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:41:71:a1:ed:55:44:19:bc:34:51:17:33:dc:fe:05:03:b6:
         99:85:60:b6:fc:ff:42:c5:15:12:a5:df:1b:5e:01:96:0a:eb:
         82:e5:11:85:42:c0:c3:c7:bd:00:c0:5b:fb:a4:79:58:cd:39:
         3a:05:cb:dc:de:70:ee:46:59:38:a1:f5:64:bd:ea:dd:ea:ec:
         95:7a:d2:77:7b:24:6c:b1:cf:ad:3b:47:b6:37:2e:ba:26:65:
         ff:42:78:c5:ee:52:b3:eb:3d:f4:ac:76:72:27:90:79:87:06:
         c7:67:f9:37:70:c8:93:15:d2:2d:f9:eb:53:eb:39:a6:b2:46:
         8c:b2:b3:c6:18:0c:4a:49:74:70:6a:25:6d:d3:1d:a8:f2:94:
         49:29:2b:75:68:e9:be:d1:79:af:2c:5f:14:eb:8c:0b:b6:5a:
         51:70:20:2a:6a:65:b2:e5:4a:4a:dc:04:b8:4e:0d:ea:00:e5:
         da:a6:2e:f4:c4:87:e1:c9:11:7e:c1:c1:14:fc:b0:25:93:04:
         b6:b5:8f:03:97:b2:4b:ae:92:be:36:95:1b:79:df:a3:b1:07:
         ff:0c:8d:61:cf:fb:e2:66:54:e4:f5:a5:ad:42:04:f6:0b:1b:
         91:7a:4d:0b:a0:34:de:9e:8f:39:45:c2:a7:e1:48:6a:c4:39:
         45:f9:3a:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZA0s3USknPWcsdnRUMI4KfBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5OTkwMTBiYmIxZjQ4NzA5YWVhYzAyZTg0MzM4YTQ5Yjc3
NzQ2MTEwHhcNMjQwNjIwMDgxMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzNlMTYzNjcyYzkxZmIxNzQ0NTdiNjU4MWZkYmM3OTFlNTY5MDA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqPpHMXvhpnL9DOmw7PzzawQ9SmcD
ib5gGRPBA7oYEFwGvX8FXiMzn6p1DzQ4bbCewZ6axgWPRxMVUV31+y9PBq3io54m
KBxhg6tlPaFArLgDvIYRmdOXpvmCxW3NpmRBSJB/mWt66gkOHwrvdMYsnWWZa1Ps
wtO2qvqJq4lhnRIDoKmtZembck3AxKGo97q33c7uro+kpDzdxmwwYgLhVK/g6GVo
yt3CnIVFMNcHFTuLIhJLyEZw6cZ3T4dtO+L3E5Iratmb7pagRzOoXKgOkhJFZYrU
dTzM3fvsdcP602pfGi+TFjq+TAveKsCriu0LfnCeF+Vi184Gv2yPKgYeVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBc+FjZyyR+xdEV7ZYH9vHkeVpAGMB8GA1UdIwQY
MBaAFEmZAQu7H0hwmurALoQzikm3d0YRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1prQkM3c2ZTSENhNnNBdWhET0tTYmQzUmhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mYzFmY2YtMmM3NS00MWE2LTgxZjkt
NWZlOGFmYTM1ZGY2LzEvRno0V05uTEpIN0YwUlh0bGdmMjhlUjVXa0FZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mYzFmY2YtMmM3NS00MWE2LTgxZjktNWZlOGFmYTM1ZGY2
LzEvU1prQkM3c2ZTSENhNnNBdWhET0tTYmQzUmhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXbscMA0G
CSqGSIb3DQEBCwUAA4IBAQB/QXGh7VVEGbw0URcz3P4FA7aZhWC2/P9CxRUSpd8b
XgGWCuuC5RGFQsDDx70AwFv7pHlYzTk6Bcvc3nDuRlk4ofVkverd6uyVetJ3eyRs
sc+tO0e2Ny66JmX/QnjF7lKz6z30rHZyJ5B5hwbHZ/k3cMiTFdIt+etT6zmmskaM
srPGGAxKSXRwaiVt0x2o8pRJKSt1aOm+0XmvLF8U64wLtlpRcCAqamWy5UpK3AS4
Tg3qAOXapi70xIfhyRF+wcEU/LAlkwS2tY8Dl7JLrpK+NpUbed+jsQf/DI1hz/vi
ZlTk9aWtQgT2CxuRek0LoDTeno85RcKn4UhqxDlF+Tr5
-----END CERTIFICATE-----