Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/OR6UF6jAP5V6D1AYDl4VR7kgyT4.roa
File:                     OR6UF6jAP5V6D1AYDl4VR7kgyT4.roa (raw, json)
Hash identifier:          y4+0i8YRFsbTxWQaxbT9WAmurPkWYpqH1GA5jdq+I1w=
Subject key identifier:   39:1E:94:17:A8:C0:3F:95:7A:0F:50:18:0E:5E:15:47:B9:20:C9:3E
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018D44A1351D9FB72D245BF139967DE1BDDF
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/OR6UF6jAP5V6D1AYDl4VR7kgyT4.roa
Signing time:             Fri 26 Jan 2024 07:17:12 +0000
ROA not before:           Fri 26 Jan 2024 07:17:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400377
IP address blocks:        93.123.84.0/24 maxlen: 24
                          185.216.69.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:44:a1:35:1d:9f:b7:2d:24:5b:f1:39:96:7d:e1:bd:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan 26 07:17:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=391e9417a8c03f957a0f50180e5e1547b920c93e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:14:23:2f:01:66:9e:74:3f:45:6c:59:7a:75:
                    f9:a8:d1:ba:02:89:68:5d:3d:00:4f:0b:43:00:44:
                    00:2e:00:6a:76:c0:09:e1:01:3b:89:72:ea:b0:99:
                    2b:95:00:da:40:b4:52:71:07:9e:0c:34:d3:1a:72:
                    db:65:b3:07:af:73:0d:43:d8:5e:87:22:71:2f:f6:
                    7c:48:ff:e7:20:ce:2f:17:2b:e4:72:de:3e:d8:6a:
                    74:e8:f6:37:63:98:00:fa:1c:ea:70:b2:f5:54:a2:
                    62:4e:f5:d3:bd:11:bc:e1:1f:cc:f8:86:db:d6:97:
                    2d:01:6b:ea:75:10:d6:23:db:e0:ff:24:fa:73:04:
                    eb:c4:68:70:bf:5d:a2:13:ba:fb:d9:6a:80:e3:79:
                    b2:c6:77:03:7f:1c:df:28:7d:a6:1c:c9:5e:a7:47:
                    c1:3a:19:a0:ea:cb:4a:33:4c:85:6c:05:9c:a4:2f:
                    a2:86:30:3f:9f:60:a5:a9:59:14:af:6f:03:e3:b4:
                    04:03:6e:3e:e3:36:42:ea:e7:19:f0:a1:0d:36:66:
                    22:0a:96:9e:6f:c8:9d:60:f4:cb:06:5e:c1:75:d1:
                    33:45:93:19:65:ce:7a:a7:c1:d0:a8:f7:23:4f:ce:
                    c6:57:dd:77:27:1f:25:63:08:d5:1f:64:1e:55:a1:
                    af:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:1E:94:17:A8:C0:3F:95:7A:0F:50:18:0E:5E:15:47:B9:20:C9:3E
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/OR6UF6jAP5V6D1AYDl4VR7kgyT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.123.84.0/24
                  185.216.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:e8:ed:81:3c:57:82:ce:67:8c:21:0c:a1:43:8f:82:ff:1b:
         41:fd:d8:d7:e8:84:a8:5a:41:38:64:21:79:9f:de:73:bb:fa:
         3c:f6:94:61:04:f1:99:e6:95:65:fb:c2:46:9e:ae:dc:6f:56:
         00:d9:dc:5f:f8:84:a9:d0:80:2b:ca:a1:b9:8f:0d:28:af:04:
         d4:82:59:c9:52:97:de:3f:d5:91:4b:40:2d:c9:ff:cf:e7:b3:
         dd:6f:75:c1:b2:30:93:37:a4:1a:51:11:b9:9d:96:3d:3f:00:
         31:44:0e:0e:ea:87:d7:1b:20:d8:07:3d:c5:e0:d5:fb:70:b0:
         9a:8f:56:e7:58:ce:93:f9:60:27:d4:cb:7c:d7:0e:21:b6:52:
         3c:e0:3a:14:27:d7:cb:be:c8:f2:58:14:e2:7f:fd:87:0c:d2:
         70:3d:52:58:e6:bb:56:b5:a7:cd:e1:a7:7e:57:f5:24:c6:03:
         b8:f3:2f:09:4a:94:c9:9f:54:9a:91:ca:82:34:7b:97:de:f9:
         87:10:ba:62:f9:bd:7b:aa:f9:c3:49:33:8f:10:8a:6b:98:65:
         20:64:8b:96:76:f6:c0:b9:93:a6:8e:e3:40:3a:a2:84:73:d0:
         b9:c2:33:30:11:00:67:a0:ec:ea:b1:c8:de:0f:37:1f:80:2e:
         92:b5:d4:60
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY1EoTUdn7ctJFvxOZZ94b3fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTI2MDcxNzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTFlOTQxN2E4YzAzZjk1N2EwZjUwMTgwZTVlMTU0N2I5MjBjOTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuxQjLwFmnnQ/RWxZenX5qNG6Aolo
XT0ATwtDAEQALgBqdsAJ4QE7iXLqsJkrlQDaQLRScQeeDDTTGnLbZbMHr3MNQ9he
hyJxL/Z8SP/nIM4vFyvkct4+2Gp06PY3Y5gA+hzqcLL1VKJiTvXTvRG84R/M+Ibb
1pctAWvqdRDWI9vg/yT6cwTrxGhwv12iE7r72WqA43myxncDfxzfKH2mHMlep0fB
Ohmg6stKM0yFbAWcpC+ihjA/n2ClqVkUr28D47QEA24+4zZC6ucZ8KENNmYiCpae
b8idYPTLBl7BddEzRZMZZc56p8HQqPcjT87GV913Jx8lYwjVH2QeVaGvuQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDkelBeowD+Veg9QGA5eFUe5IMk+MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvT1I2VUY2akFQNVY2RDFBWURsNFZSN2tneVQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXXtUAwQA
udhFMA0GCSqGSIb3DQEBCwUAA4IBAQCP6O2BPFeCzmeMIQyhQ4+C/xtB/djX6ISo
WkE4ZCF5n95zu/o89pRhBPGZ5pVl+8JGnq7cb1YA2dxf+ISp0IAryqG5jw0orwTU
glnJUpfeP9WRS0Atyf/P57Pdb3XBsjCTN6QaURG5nZY9PwAxRA4O6ofXGyDYBz3F
4NX7cLCaj1bnWM6T+WAn1Mt81w4htlI84DoUJ9fLvsjyWBTif/2HDNJwPVJY5rtW
tafN4ad+V/UkxgO48y8JSpTJn1SakcqCNHuX3vmHELpi+b17qvnDSTOPEIprmGUg
ZIuWdvbAuZOmjuNAOqKEc9C5wjMwEQBnoOzqscjeDzcfgC6StdRg
-----END CERTIFICATE-----