Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/501e8f-c7e1-4aa4-8583-66d74e73f254/1/rjLVZRHNtkLIBcJ6fT9vKyMJkzk.roa
File:                     rjLVZRHNtkLIBcJ6fT9vKyMJkzk.roa (raw, json)
Hash identifier:          7xsGB7CL7tRnYWSx1VEJzY2t/ba4kFpj6HSRrAvIZSI=
Subject key identifier:   AE:32:D5:65:11:CD:B6:42:C8:05:C2:7A:7D:3F:6F:2B:23:09:93:39
Certificate issuer:       /CN=93c244be6b3affb6d4e547f2e1e3c5eac1b26ab2
Certificate serial:       018CC86F324377562FA03FCBDDF4C1456775
Authority key identifier: 93:C2:44:BE:6B:3A:FF:B6:D4:E5:47:F2:E1:E3:C5:EA:C1:B2:6A:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k8JEvms6_7bU5Ufy4ePF6sGyarI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/501e8f-c7e1-4aa4-8583-66d74e73f254/1/rjLVZRHNtkLIBcJ6fT9vKyMJkzk.roa
Signing time:             Tue 02 Jan 2024 04:29:39 +0000
ROA not before:           Tue 02 Jan 2024 04:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        193.134.98.0/24 maxlen: 24
                          193.134.96.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/501e8f-c7e1-4aa4-8583-66d74e73f254/1/k8JEvms6_7bU5Ufy4ePF6sGyarI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/501e8f-c7e1-4aa4-8583-66d74e73f254/1/k8JEvms6_7bU5Ufy4ePF6sGyarI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k8JEvms6_7bU5Ufy4ePF6sGyarI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:32:43:77:56:2f:a0:3f:cb:dd:f4:c1:45:67:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93c244be6b3affb6d4e547f2e1e3c5eac1b26ab2
        Validity
            Not Before: Jan  2 04:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae32d56511cdb642c805c27a7d3f6f2b23099339
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:20:b0:b3:36:1f:d6:ad:ac:0f:ef:f2:17:f6:
                    eb:0a:58:55:be:27:46:41:22:e8:f2:08:78:a4:00:
                    18:81:59:d2:23:cb:d9:fe:47:3c:82:ab:eb:69:7c:
                    9f:3e:b0:8b:c9:6f:92:d0:2a:ea:bd:fc:74:d7:54:
                    7a:b7:e1:b0:38:a8:f1:bf:3f:84:9c:cd:93:27:69:
                    25:d7:dc:89:a5:9c:64:8f:7a:88:b0:be:42:27:eb:
                    d5:75:4e:64:14:4c:ba:52:eb:d0:fd:55:7e:e0:b7:
                    32:e1:87:aa:86:cb:eb:1a:84:96:1a:62:a9:4b:52:
                    f5:af:e4:54:dd:62:03:59:f4:41:95:0a:8a:dc:de:
                    88:0c:3c:f8:be:10:58:67:7e:45:7a:8d:a0:69:8d:
                    c5:ff:bf:28:ff:1a:6f:37:25:11:cc:8e:a0:c8:bc:
                    3e:5b:65:82:87:eb:60:3a:6a:fc:8a:8c:f6:12:2a:
                    77:bb:f9:94:0c:ec:79:4e:df:eb:14:bf:fe:cf:b3:
                    32:77:98:c9:2f:30:fb:39:3a:7b:9b:ee:ce:e2:dd:
                    1c:fa:fc:0a:db:9b:aa:23:c5:85:2f:d0:0e:31:64:
                    c3:fc:89:e3:17:33:ac:c7:4d:21:92:7a:33:dc:ba:
                    47:e6:9c:9b:ff:b6:93:fe:dd:4e:ce:4a:cc:dd:ef:
                    9c:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:32:D5:65:11:CD:B6:42:C8:05:C2:7A:7D:3F:6F:2B:23:09:93:39
            X509v3 Authority Key Identifier:
                keyid:93:C2:44:BE:6B:3A:FF:B6:D4:E5:47:F2:E1:E3:C5:EA:C1:B2:6A:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k8JEvms6_7bU5Ufy4ePF6sGyarI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/501e8f-c7e1-4aa4-8583-66d74e73f254/1/rjLVZRHNtkLIBcJ6fT9vKyMJkzk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/501e8f-c7e1-4aa4-8583-66d74e73f254/1/k8JEvms6_7bU5Ufy4ePF6sGyarI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.134.96.0/24
                  193.134.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:4e:80:18:80:21:a8:e5:51:d3:96:97:89:87:5a:aa:8d:ab:
         ce:ee:9d:40:18:34:b1:10:ee:50:27:62:43:1f:83:50:2a:fb:
         0b:cf:96:ee:d5:17:b6:53:26:09:28:d8:53:64:46:7c:f5:59:
         ef:a4:52:7c:5f:83:83:29:d8:fa:64:19:75:98:f8:67:61:75:
         60:4d:ed:c3:c9:6a:fa:06:7b:14:fb:fe:b1:b3:0a:31:bd:bc:
         3f:70:d1:f0:a3:13:3d:d7:fb:b4:8f:fd:c9:cf:24:df:3d:36:
         71:58:37:f0:21:bd:49:99:03:a4:0e:2b:91:92:9c:5a:9c:b3:
         2e:5b:36:07:9e:78:af:dc:71:b4:75:61:51:ca:fd:73:1c:ec:
         e9:36:c0:4e:f3:fb:57:06:cd:31:f4:96:22:ba:f9:61:16:af:
         63:b4:eb:89:69:a1:02:0f:10:07:a4:bb:57:5f:7b:88:10:73:
         5e:04:96:da:36:95:b4:e0:6d:4b:f2:7d:5a:28:63:e9:8a:8c:
         04:5d:6c:c7:d0:e3:bd:46:36:68:82:a9:0d:13:df:0b:5b:fc:
         c5:6d:bf:47:b4:58:7d:f5:79:05:69:d9:35:33:63:3b:69:77:
         11:3e:e4:c7:5c:9c:6b:b6:a9:b4:51:47:e9:fe:d3:6d:f9:26:
         81:72:2a:00
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIbzJDd1YvoD/L3fTBRWd1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzYzI0NGJlNmIzYWZmYjZkNGU1NDdmMmUxZTNjNWVhYzFi
MjZhYjIwHhcNMjQwMTAyMDQyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTMyZDU2NTExY2RiNjQyYzgwNWMyN2E3ZDNmNmYyYjIzMDk5MzM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyCwszYf1q2sD+/yF/brClhVvidG
QSLo8gh4pAAYgVnSI8vZ/kc8gqvraXyfPrCLyW+S0Crqvfx011R6t+GwOKjxvz+E
nM2TJ2kl19yJpZxkj3qIsL5CJ+vVdU5kFEy6UuvQ/VV+4Lcy4YeqhsvrGoSWGmKp
S1L1r+RU3WIDWfRBlQqK3N6IDDz4vhBYZ35Feo2gaY3F/78o/xpvNyURzI6gyLw+
W2WCh+tgOmr8ioz2Eip3u/mUDOx5Tt/rFL/+z7Myd5jJLzD7OTp7m+7O4t0c+vwK
25uqI8WFL9AOMWTD/InjFzOsx00hknoz3LpH5pyb/7aT/t1OzkrM3e+czwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK4y1WURzbZCyAXCen0/bysjCZM5MB8GA1UdIwQY
MBaAFJPCRL5rOv+21OVH8uHjxerBsmqyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazhKRXZtczZfN2JVNVVmeTRlUEY2c0d5YXJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS81MDFlOGYtYzdlMS00YWE0LTg1ODMt
NjZkNzRlNzNmMjU0LzEvcmpMVlpSSE50a0xJQmNKNmZUOXZLeU1Ka3prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS81MDFlOGYtYzdlMS00YWE0LTg1ODMtNjZkNzRlNzNmMjU0
LzEvazhKRXZtczZfN2JVNVVmeTRlUEY2c0d5YXJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwYZgAwQA
wYZiMA0GCSqGSIb3DQEBCwUAA4IBAQABToAYgCGo5VHTlpeJh1qqjavO7p1AGDSx
EO5QJ2JDH4NQKvsLz5bu1Re2UyYJKNhTZEZ89VnvpFJ8X4ODKdj6ZBl1mPhnYXVg
Te3DyWr6BnsU+/6xswoxvbw/cNHwoxM91/u0j/3JzyTfPTZxWDfwIb1JmQOkDiuR
kpxanLMuWzYHnniv3HG0dWFRyv1zHOzpNsBO8/tXBs0x9JYiuvlhFq9jtOuJaaEC
DxAHpLtXX3uIEHNeBJbaNpW04G1L8n1aKGPpiowEXWzH0OO9RjZogqkNE98LW/zF
bb9HtFh99XkFadk1M2M7aXcRPuTHXJxrtqm0UUfp/tNt+SaBcioA
-----END CERTIFICATE-----