Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/e5cf00-55b8-4359-ac1e-aa0c4dc03222/1/7ktsksHJ883dTe10CVIKhpoSlkg.roa
File:                     7ktsksHJ883dTe10CVIKhpoSlkg.roa (raw, json)
Hash identifier:          g2LakS3hnRqW7gzs+Q9/qzmeX2ZZit14sXZkBAVQkBM=
Subject key identifier:   EE:4B:6C:92:C1:C9:F3:CD:DD:4D:ED:74:09:52:0A:86:9A:12:96:48
Certificate issuer:       /CN=e2d73ffc3f37c4fec4bd35ad1c595cd056baecfd
Certificate serial:       01935382EECB2EDD9BD634F393A758B5CC9D
Authority key identifier: E2:D7:3F:FC:3F:37:C4:FE:C4:BD:35:AD:1C:59:5C:D0:56:BA:EC:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4tc__D83xP7EvTWtHFlc0Fa67P0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/e5cf00-55b8-4359-ac1e-aa0c4dc03222/1/7ktsksHJ883dTe10CVIKhpoSlkg.roa
Signing time:             Fri 22 Nov 2024 10:55:09 +0000
ROA not before:           Fri 22 Nov 2024 10:55:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207388
IP address blocks:        185.93.89.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/e5cf00-55b8-4359-ac1e-aa0c4dc03222/1/4tc__D83xP7EvTWtHFlc0Fa67P0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/e5cf00-55b8-4359-ac1e-aa0c4dc03222/1/4tc__D83xP7EvTWtHFlc0Fa67P0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4tc__D83xP7EvTWtHFlc0Fa67P0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:53:82:ee:cb:2e:dd:9b:d6:34:f3:93:a7:58:b5:cc:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2d73ffc3f37c4fec4bd35ad1c595cd056baecfd
        Validity
            Not Before: Nov 22 10:55:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee4b6c92c1c9f3cddd4ded7409520a869a129648
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:c5:8e:ac:dd:65:5a:b5:9c:e4:1a:5b:a8:52:
                    08:17:89:36:b0:a6:95:75:fb:77:de:e5:af:50:38:
                    6f:e7:a6:d0:84:4c:93:ca:33:90:c0:28:2d:0f:46:
                    19:56:eb:26:8a:2e:3d:92:fb:e9:8f:6d:7f:a1:45:
                    55:2b:8d:cd:36:cc:68:d6:49:fd:91:71:b0:45:32:
                    57:3e:c5:41:19:1f:07:4d:5e:e0:e0:05:c1:18:2e:
                    c1:bf:59:6f:35:63:cd:3e:d7:c3:e8:01:bf:9d:5d:
                    ca:a6:02:4d:d8:ce:10:26:16:13:d9:95:c6:e2:3c:
                    d3:3a:e8:d5:6b:ed:fd:e7:40:1e:09:09:5b:b7:9e:
                    9b:2e:59:d3:52:5c:76:b6:81:aa:a9:90:f1:a2:24:
                    cc:d6:9b:37:6d:e4:21:f7:34:e5:27:85:7e:c8:3f:
                    be:8b:d6:b4:04:c7:a4:29:ac:89:8f:1d:4c:50:ab:
                    19:89:2e:d4:d0:a1:bb:af:de:3d:59:2e:58:3e:b1:
                    eb:b3:d9:8d:a7:57:b7:94:94:d0:de:f8:fb:af:b3:
                    b3:72:ef:71:99:1b:4c:c3:9e:86:b5:23:3a:38:18:
                    ed:18:87:bc:d6:e9:37:df:c4:09:a2:8d:73:b2:9e:
                    dc:4c:62:2f:54:a6:18:8c:be:6b:94:f9:cf:25:02:
                    ca:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:4B:6C:92:C1:C9:F3:CD:DD:4D:ED:74:09:52:0A:86:9A:12:96:48
            X509v3 Authority Key Identifier:
                keyid:E2:D7:3F:FC:3F:37:C4:FE:C4:BD:35:AD:1C:59:5C:D0:56:BA:EC:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4tc__D83xP7EvTWtHFlc0Fa67P0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/e5cf00-55b8-4359-ac1e-aa0c4dc03222/1/7ktsksHJ883dTe10CVIKhpoSlkg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/e5cf00-55b8-4359-ac1e-aa0c4dc03222/1/4tc__D83xP7EvTWtHFlc0Fa67P0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.93.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:1a:70:f9:ea:44:22:3a:6d:ca:6e:cf:40:60:f2:dc:86:10:
         9d:c8:0c:20:86:29:52:31:8d:83:89:ee:51:ea:b8:48:ab:d3:
         d6:24:c1:7f:fd:01:44:ac:59:b9:5e:4e:3c:30:24:f6:38:35:
         73:71:e2:9b:3f:a5:4b:6c:33:66:42:dc:0b:ce:35:8c:67:41:
         bd:7a:54:78:3e:85:3a:67:47:73:d7:20:c7:88:50:b0:52:f5:
         10:b4:68:03:65:6a:1d:b7:9b:4b:8d:f5:2d:bc:2d:55:c8:7d:
         54:95:ff:5c:23:f2:0f:c1:9c:9c:fe:ef:d6:a7:05:61:39:fd:
         0f:77:f0:26:4c:d5:b3:47:d3:d0:2c:42:e9:cc:86:92:0a:8b:
         b4:24:2a:2d:e0:9e:ff:08:05:65:5a:07:79:23:60:52:31:4b:
         60:39:05:0b:90:53:52:b3:10:37:72:67:a9:71:77:db:2c:18:
         ad:61:83:44:25:f7:ad:38:0f:59:94:42:b5:1b:bb:b6:af:32:
         dd:0d:37:82:44:fd:1e:ef:46:ed:a0:db:a7:0d:62:05:89:ad:
         6c:bf:a2:da:f8:03:94:05:af:37:cc:40:2e:03:25:63:eb:85:
         aa:46:75:ca:36:f5:6a:b6:59:2a:81:93:45:31:e4:92:2d:58:
         31:a9:1b:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNTgu7LLt2b1jTzk6dYtcydMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZDczZmZjM2YzN2M0ZmVjNGJkMzVhZDFjNTk1Y2QwNTZi
YWVjZmQwHhcNMjQxMTIyMTA1NTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTRiNmM5MmMxYzlmM2NkZGQ0ZGVkNzQwOTUyMGE4NjlhMTI5NjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjcWOrN1lWrWc5BpbqFIIF4k2sKaV
dft33uWvUDhv56bQhEyTyjOQwCgtD0YZVusmii49kvvpj21/oUVVK43NNsxo1kn9
kXGwRTJXPsVBGR8HTV7g4AXBGC7Bv1lvNWPNPtfD6AG/nV3KpgJN2M4QJhYT2ZXG
4jzTOujVa+3950AeCQlbt56bLlnTUlx2toGqqZDxoiTM1ps3beQh9zTlJ4V+yD++
i9a0BMekKayJjx1MUKsZiS7U0KG7r949WS5YPrHrs9mNp1e3lJTQ3vj7r7Ozcu9x
mRtMw56GtSM6OBjtGIe81uk338QJoo1zsp7cTGIvVKYYjL5rlPnPJQLKtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO5LbJLByfPN3U3tdAlSCoaaEpZIMB8GA1UdIwQY
MBaAFOLXP/w/N8T+xL01rRxZXNBWuuz9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHRjX19EODN4UDdFdlRXdEhGbGMwRmE2N1AwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9lNWNmMDAtNTViOC00MzU5LWFjMWUt
YWEwYzRkYzAzMjIyLzEvN2t0c2tzSEo4ODNkVGUxMENWSUtocG9TbGtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9lNWNmMDAtNTViOC00MzU5LWFjMWUtYWEwYzRkYzAzMjIy
LzEvNHRjX19EODN4UDdFdlRXdEhGbGMwRmE2N1AwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuV1ZMA0G
CSqGSIb3DQEBCwUAA4IBAQBtGnD56kQiOm3Kbs9AYPLchhCdyAwghilSMY2Die5R
6rhIq9PWJMF//QFErFm5Xk48MCT2ODVzceKbP6VLbDNmQtwLzjWMZ0G9elR4PoU6
Z0dz1yDHiFCwUvUQtGgDZWodt5tLjfUtvC1VyH1Ulf9cI/IPwZyc/u/WpwVhOf0P
d/AmTNWzR9PQLELpzIaSCou0JCot4J7/CAVlWgd5I2BSMUtgOQULkFNSsxA3cmep
cXfbLBitYYNEJfetOA9ZlEK1G7u2rzLdDTeCRP0e70btoNunDWIFia1sv6La+AOU
Ba83zEAuAyVj64WqRnXKNvVqtlkqgZNFMeSSLVgxqRuK
-----END CERTIFICATE-----