Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/ey13m_diGuo-MIFbVOlHoHUqE_M.roa
File:                     ey13m_diGuo-MIFbVOlHoHUqE_M.roa (raw, json)
Hash identifier:          GdcwSzzAMNmbEcKEQLh9lPKX2STW09i62cRJKRnHDaw=
Subject key identifier:   7B:2D:77:9B:F7:62:1A:EA:3E:30:81:5B:54:E9:47:A0:75:2A:13:F3
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       018CC795296A35A7E190725F6AFA64CEFFE3
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/ey13m_diGuo-MIFbVOlHoHUqE_M.roa
Signing time:             Tue 02 Jan 2024 00:31:30 +0000
ROA not before:           Tue 02 Jan 2024 00:31:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202273
IP address blocks:        93.92.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:29:6a:35:a7:e1:90:72:5f:6a:fa:64:ce:ff:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 00:31:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b2d779bf7621aea3e30815b54e947a0752a13f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:6d:59:fc:a5:5a:20:e9:62:8b:ea:47:fd:28:
                    9f:9b:ff:c0:34:cb:f0:ae:10:07:8c:97:b3:28:e6:
                    be:b5:25:b0:2f:23:6b:31:4b:ac:c4:98:38:04:70:
                    29:7c:7f:74:87:7c:43:44:fc:4e:d9:9f:f5:8d:e1:
                    6a:21:bc:3c:45:63:29:1e:8a:58:f9:d3:11:bf:3b:
                    b6:3b:12:8d:1f:9f:83:8d:88:b4:c9:8c:c5:ef:3d:
                    3f:20:b2:9a:d2:d0:5b:8f:1c:c1:41:ec:c2:df:b0:
                    27:06:63:ce:b5:d9:71:67:e0:6e:3f:70:f8:6a:d6:
                    5c:8f:ec:74:e8:fa:de:7b:57:9d:0b:ce:e5:c7:58:
                    55:6e:ac:82:be:ce:e4:f6:ad:be:ed:7e:c9:4a:81:
                    12:0c:a2:55:34:c7:8e:f3:ab:0f:a4:c6:85:f9:ae:
                    2c:c7:a4:b0:ed:c5:7c:6d:9e:80:fc:d1:3b:53:0e:
                    c3:df:7f:95:5a:af:0a:1d:33:24:b9:13:37:e0:9c:
                    d7:12:f0:88:1d:12:63:8c:9c:5d:bd:25:d7:66:af:
                    e1:ad:a5:a0:6e:cb:14:c9:44:95:3c:2e:f5:cc:fd:
                    7d:34:5b:ae:63:92:0d:ab:8d:b5:69:7b:1e:dd:14:
                    3c:e2:f3:91:e3:33:ef:0b:c3:ae:be:9a:34:ec:30:
                    fd:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:2D:77:9B:F7:62:1A:EA:3E:30:81:5B:54:E9:47:A0:75:2A:13:F3
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/ey13m_diGuo-MIFbVOlHoHUqE_M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.92.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:e7:7a:94:bf:a6:c6:5c:ef:26:e8:b2:b2:d4:1d:22:fc:cd:
         9f:dd:ca:d4:4d:9d:f0:8e:3b:3e:1d:bb:29:6c:bc:b2:d9:e7:
         2b:3e:55:19:6e:a5:29:b8:c4:21:7e:ed:e9:aa:b9:f7:be:4f:
         b2:f8:61:ee:49:9f:09:41:5e:af:3a:82:10:17:c2:b6:c6:2e:
         10:4a:dd:21:f8:8b:b8:82:9c:77:44:88:18:5a:9a:d9:38:20:
         1a:c2:15:2f:a9:2a:82:af:23:c2:ea:71:da:3d:cf:53:ee:13:
         a6:f9:f8:73:bd:3e:34:e7:e2:fc:0e:57:65:dc:94:c6:57:3d:
         ca:34:8e:75:c6:67:b3:35:47:fd:40:7a:7c:40:98:ef:04:04:
         b4:be:f3:d0:b9:e2:7c:cd:f3:2c:2d:9e:59:57:0b:a5:07:db:
         8b:02:e6:67:8c:c4:46:ba:38:2a:79:4f:79:e3:08:a0:3c:59:
         10:13:c8:1f:3b:72:f8:5f:24:97:9b:65:7a:e8:18:a6:61:4d:
         65:55:59:dd:a3:89:0a:3a:e4:7a:59:5d:1d:3a:fe:22:42:f1:
         3a:dd:58:f2:05:3f:d5:8e:95:0e:37:95:1d:db:b1:52:9b:16:
         34:ff:68:32:b7:4e:b1:48:a8:28:ba:da:c1:32:9d:6a:77:a3:
         29:71:9a:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlSlqNafhkHJfavpkzv/jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjQwMTAyMDAzMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjJkNzc5YmY3NjIxYWVhM2UzMDgxNWI1NGU5NDdhMDc1MmExM2YzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhG1Z/KVaIOlii+pH/Sifm//ANMvw
rhAHjJezKOa+tSWwLyNrMUusxJg4BHApfH90h3xDRPxO2Z/1jeFqIbw8RWMpHopY
+dMRvzu2OxKNH5+DjYi0yYzF7z0/ILKa0tBbjxzBQezC37AnBmPOtdlxZ+BuP3D4
atZcj+x06Pree1edC87lx1hVbqyCvs7k9q2+7X7JSoESDKJVNMeO86sPpMaF+a4s
x6Sw7cV8bZ6A/NE7Uw7D33+VWq8KHTMkuRM34JzXEvCIHRJjjJxdvSXXZq/hraWg
bssUyUSVPC71zP19NFuuY5INq421aXse3RQ84vOR4zPvC8Ouvpo07DD9gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHstd5v3YhrqPjCBW1TpR6B1KhPzMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvZXkxM21fZGlHdW8tTUlGYlZPbEhvSFVxRV9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXVxxMA0G
CSqGSIb3DQEBCwUAA4IBAQAb53qUv6bGXO8m6LKy1B0i/M2f3crUTZ3wjjs+Hbsp
bLyy2ecrPlUZbqUpuMQhfu3pqrn3vk+y+GHuSZ8JQV6vOoIQF8K2xi4QSt0h+Iu4
gpx3RIgYWprZOCAawhUvqSqCryPC6nHaPc9T7hOm+fhzvT405+L8Dldl3JTGVz3K
NI51xmezNUf9QHp8QJjvBAS0vvPQueJ8zfMsLZ5ZVwulB9uLAuZnjMRGujgqeU95
4wigPFkQE8gfO3L4XySXm2V66BimYU1lVVndo4kKOuR6WV0dOv4iQvE63VjyBT/V
jpUON5Ud27FSmxY0/2gyt06xSKgoutrBMp1qd6MpcZrp
-----END CERTIFICATE-----