Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/8062a9-7f47-44ea-abb7-91dbc9f0e8db/1/4nPlXTtlnQ2TRNYb8ey3sLn3uvM.roa
File:                     4nPlXTtlnQ2TRNYb8ey3sLn3uvM.roa (raw, json)
Hash identifier:          EyVgi7wHA23MLz8xy0BwY7zX6425HJ9bvaIkzafLXB0=
Subject key identifier:   E2:73:E5:5D:3B:65:9D:0D:93:44:D6:1B:F1:EC:B7:B0:B9:F7:BA:F3
Certificate issuer:       /CN=a1655282be419d21222b506fb7a368c3fe5db23d
Certificate serial:       018CC6B8CD428E48C6F1DE3A58A45EF02833
Authority key identifier: A1:65:52:82:BE:41:9D:21:22:2B:50:6F:B7:A3:68:C3:FE:5D:B2:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oWVSgr5BnSEiK1Bvt6Now_5dsj0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/8062a9-7f47-44ea-abb7-91dbc9f0e8db/1/4nPlXTtlnQ2TRNYb8ey3sLn3uvM.roa
Signing time:             Mon 01 Jan 2024 20:30:49 +0000
ROA not before:           Mon 01 Jan 2024 20:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29329
IP address blocks:        109.197.8.0/21 maxlen: 32
                          93.157.120.0/21 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/8062a9-7f47-44ea-abb7-91dbc9f0e8db/1/oWVSgr5BnSEiK1Bvt6Now_5dsj0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/8062a9-7f47-44ea-abb7-91dbc9f0e8db/1/oWVSgr5BnSEiK1Bvt6Now_5dsj0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oWVSgr5BnSEiK1Bvt6Now_5dsj0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:02:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:cd:42:8e:48:c6:f1:de:3a:58:a4:5e:f0:28:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1655282be419d21222b506fb7a368c3fe5db23d
        Validity
            Not Before: Jan  1 20:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e273e55d3b659d0d9344d61bf1ecb7b0b9f7baf3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:c3:4b:24:88:5d:b9:61:17:38:d9:7e:72:d1:
                    7d:3d:ec:56:40:d7:65:64:6f:27:78:a6:93:e4:39:
                    87:21:bd:34:c7:b0:fd:28:54:2a:39:c4:6e:2e:3f:
                    cb:36:98:94:c1:91:6f:1b:9d:1a:ff:a6:49:4c:24:
                    c6:03:a6:01:ff:4c:cb:46:ba:48:8c:82:fb:23:22:
                    d7:95:a7:d2:b8:35:a9:b5:98:44:77:8c:f5:0d:c4:
                    70:ee:0d:e0:55:01:d7:65:9a:41:19:a2:f5:30:ca:
                    c4:f0:22:8d:47:20:2b:4f:b4:95:d8:29:0c:f2:9a:
                    1d:13:22:a1:53:06:3f:32:91:9d:8b:b0:9b:2b:11:
                    0b:40:0d:f2:3f:eb:82:1f:0e:2b:95:8f:fe:b7:b5:
                    9d:4c:8a:3a:59:80:85:b7:bc:cb:02:27:d6:04:2b:
                    af:cd:5c:c6:03:32:3c:56:2a:20:a7:96:9c:ed:4a:
                    2d:02:c3:2b:ae:84:67:b2:34:4e:2e:53:c7:45:4d:
                    77:7f:4b:5a:d0:a4:51:bb:94:a1:35:22:34:f9:06:
                    86:a3:b4:83:4f:59:9c:45:d7:a9:c3:48:06:fd:1a:
                    b7:7f:ee:08:e2:f4:9b:6e:21:b8:2b:4a:1a:12:c5:
                    b0:09:60:ed:4f:46:87:5c:20:e2:11:80:81:5e:44:
                    61:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:73:E5:5D:3B:65:9D:0D:93:44:D6:1B:F1:EC:B7:B0:B9:F7:BA:F3
            X509v3 Authority Key Identifier:
                keyid:A1:65:52:82:BE:41:9D:21:22:2B:50:6F:B7:A3:68:C3:FE:5D:B2:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oWVSgr5BnSEiK1Bvt6Now_5dsj0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/8062a9-7f47-44ea-abb7-91dbc9f0e8db/1/4nPlXTtlnQ2TRNYb8ey3sLn3uvM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/8062a9-7f47-44ea-abb7-91dbc9f0e8db/1/oWVSgr5BnSEiK1Bvt6Now_5dsj0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.157.120.0/21
                  109.197.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         cd:84:8e:4c:1d:5e:06:29:58:85:ec:a1:28:04:2e:64:4a:b3:
         76:02:64:58:93:49:71:1c:1f:23:50:1c:44:24:5e:dc:4e:14:
         34:17:28:a6:42:6c:eb:93:a9:5a:32:14:08:ad:f7:89:d2:ec:
         87:f2:64:e4:c7:43:66:3b:c0:a4:3c:0c:63:9a:0d:cd:26:7c:
         24:c1:32:e7:95:b4:34:5d:8c:a2:62:e1:d8:51:ea:bd:8f:87:
         fc:72:bb:89:59:ba:96:97:f6:f5:c4:e9:c2:34:fd:7b:40:0b:
         45:22:46:5e:85:26:f7:5b:71:df:e1:f4:b8:eb:91:8c:86:62:
         52:fa:6d:07:df:b9:bb:3b:81:61:c8:e4:2b:05:03:79:d8:66:
         bd:17:49:56:ee:d2:b7:0a:f4:e3:58:b1:af:61:3b:aa:ab:88:
         42:fc:d8:44:a8:97:fe:02:4a:85:09:1d:b3:56:12:ba:38:77:
         99:5e:96:fc:9b:82:b9:52:63:fa:a8:9f:f9:01:c3:30:42:8e:
         40:ca:35:ed:e0:f8:93:89:17:3b:16:29:11:db:81:73:ea:0d:
         4a:94:c1:3b:51:5e:0e:e3:ba:63:9b:00:31:35:65:45:83:ce:
         e0:54:63:a1:d2:c2:08:ad:ae:d2:fe:3d:25:37:e4:b7:f8:07:
         5a:6f:39:5b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGuM1CjkjG8d46WKRe8CgzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExNjU1MjgyYmU0MTlkMjEyMjJiNTA2ZmI3YTM2OGMzZmU1
ZGIyM2QwHhcNMjQwMTAxMjAzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjczZTU1ZDNiNjU5ZDBkOTM0NGQ2MWJmMWVjYjdiMGI5ZjdiYWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzcNLJIhduWEXONl+ctF9PexWQNdl
ZG8neKaT5DmHIb00x7D9KFQqOcRuLj/LNpiUwZFvG50a/6ZJTCTGA6YB/0zLRrpI
jIL7IyLXlafSuDWptZhEd4z1DcRw7g3gVQHXZZpBGaL1MMrE8CKNRyArT7SV2CkM
8podEyKhUwY/MpGdi7CbKxELQA3yP+uCHw4rlY/+t7WdTIo6WYCFt7zLAifWBCuv
zVzGAzI8Viogp5ac7UotAsMrroRnsjROLlPHRU13f0ta0KRRu5ShNSI0+QaGo7SD
T1mcRdepw0gG/Rq3f+4I4vSbbiG4K0oaEsWwCWDtT0aHXCDiEYCBXkRh5QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOJz5V07ZZ0Nk0TWG/Hst7C597rzMB8GA1UdIwQY
MBaAFKFlUoK+QZ0hIitQb7ejaMP+XbI9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1dWU2dyNUJuU0VpSzFCdnQ2Tm93XzVkc2owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS84MDYyYTktN2Y0Ny00NGVhLWFiYjct
OTFkYmM5ZjBlOGRiLzEvNG5QbFhUdGxuUTJUUk5ZYjhleTNzTG4zdXZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS84MDYyYTktN2Y0Ny00NGVhLWFiYjctOTFkYmM5ZjBlOGRi
LzEvb1dWU2dyNUJuU0VpSzFCdnQ2Tm93XzVkc2owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDXZ14AwQD
bcUIMA0GCSqGSIb3DQEBCwUAA4IBAQDNhI5MHV4GKViF7KEoBC5kSrN2AmRYk0lx
HB8jUBxEJF7cThQ0FyimQmzrk6laMhQIrfeJ0uyH8mTkx0NmO8CkPAxjmg3NJnwk
wTLnlbQ0XYyiYuHYUeq9j4f8cruJWbqWl/b1xOnCNP17QAtFIkZehSb3W3Hf4fS4
65GMhmJS+m0H37m7O4FhyOQrBQN52Ga9F0lW7tK3CvTjWLGvYTuqq4hC/NhEqJf+
AkqFCR2zVhK6OHeZXpb8m4K5UmP6qJ/5AcMwQo5AyjXt4PiTiRc7FikR24Fz6g1K
lME7UV4O47pjmwAxNWVFg87gVGOh0sIIra7S/j0lN+S3+Adabzlb
-----END CERTIFICATE-----