Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/REyCHDOq8L8yNUQW_Qq90ZUUHQQ.roa
File:                     REyCHDOq8L8yNUQW_Qq90ZUUHQQ.roa (raw, json)
Hash identifier:          3ffHrHisv0yxi/F8BsfGWGF1TRBboJnxaB9AkMHY/xM=
Subject key identifier:   44:4C:82:1C:33:AA:F0:BF:32:35:44:16:FD:0A:BD:D1:95:14:1D:04
Certificate issuer:       /CN=c84d61cd17ed92e54bb3397f1e5a6b3904ac6f05
Certificate serial:       018CC424D72477A61BF916E3831066EA3EC8
Authority key identifier: C8:4D:61:CD:17:ED:92:E5:4B:B3:39:7F:1E:5A:6B:39:04:AC:6F:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yE1hzRftkuVLszl_HlprOQSsbwU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/REyCHDOq8L8yNUQW_Qq90ZUUHQQ.roa
Signing time:             Mon 01 Jan 2024 08:29:57 +0000
ROA not before:           Mon 01 Jan 2024 08:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203425
IP address blocks:        93.95.8.0/21 maxlen: 24
                          151.236.208.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/yE1hzRftkuVLszl_HlprOQSsbwU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/yE1hzRftkuVLszl_HlprOQSsbwU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yE1hzRftkuVLszl_HlprOQSsbwU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:d7:24:77:a6:1b:f9:16:e3:83:10:66:ea:3e:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c84d61cd17ed92e54bb3397f1e5a6b3904ac6f05
        Validity
            Not Before: Jan  1 08:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=444c821c33aaf0bf32354416fd0abdd195141d04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:e4:14:c8:1f:8e:e8:47:1a:78:3e:29:5c:81:
                    03:aa:56:39:0e:6e:9a:bb:f5:46:23:25:fd:e7:a5:
                    cf:7e:8b:ee:90:df:17:b7:56:cf:f3:a5:70:7c:18:
                    f9:8d:47:3e:e1:e6:be:6c:b8:bd:1d:d6:59:c8:96:
                    d9:bc:b0:34:1d:06:29:9d:29:be:59:fc:78:d8:4f:
                    be:d2:50:22:78:99:9e:6f:ce:e8:91:f1:64:f5:d1:
                    ac:b6:75:ad:90:6a:a7:43:7c:03:e7:dc:2d:ef:37:
                    fc:2f:c3:e8:88:42:b3:46:73:f7:96:0c:a1:3c:f3:
                    ec:14:68:a8:2d:25:4b:68:23:5f:6f:e6:cd:93:33:
                    a1:67:ac:a6:b6:1d:b3:07:5b:b6:7f:28:46:0c:58:
                    21:dd:33:66:ba:b3:cd:55:24:3f:67:bb:fe:ad:fe:
                    72:1a:45:13:4f:dc:b3:5d:77:8d:7d:25:72:72:6d:
                    df:b4:b8:9d:d3:33:72:f5:2b:ff:51:6c:d8:4a:8a:
                    60:14:ac:26:42:61:6d:59:c5:48:c8:c7:7c:83:36:
                    e8:52:be:8c:ea:d4:06:60:dd:c7:a8:c3:da:ab:1c:
                    48:34:65:83:f1:44:d9:ac:4d:15:96:8e:29:de:a1:
                    e1:cb:ed:49:a8:15:58:7f:a3:0f:fb:7d:b9:28:d9:
                    c3:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:4C:82:1C:33:AA:F0:BF:32:35:44:16:FD:0A:BD:D1:95:14:1D:04
            X509v3 Authority Key Identifier:
                keyid:C8:4D:61:CD:17:ED:92:E5:4B:B3:39:7F:1E:5A:6B:39:04:AC:6F:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yE1hzRftkuVLszl_HlprOQSsbwU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/REyCHDOq8L8yNUQW_Qq90ZUUHQQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/yE1hzRftkuVLszl_HlprOQSsbwU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.95.8.0/21
                  151.236.208.0/21

    Signature Algorithm: sha256WithRSAEncryption
         18:14:fa:4d:40:07:a5:b1:1b:7d:25:e7:07:2f:7a:0a:04:a7:
         69:5c:c9:1d:3b:6a:f9:ae:92:b3:12:7f:14:2b:93:39:de:1f:
         04:bb:2d:1c:f0:7c:9d:b3:23:4d:2f:42:b6:a7:16:a3:5f:ae:
         00:0e:fa:ca:07:8e:b5:69:16:54:fa:7b:b6:65:59:53:52:d8:
         5b:12:04:9e:1a:34:0f:75:9b:86:72:1d:6c:50:43:c9:31:ed:
         6f:7d:a1:07:f5:93:96:16:d0:4a:2c:ec:6a:68:14:4b:b2:db:
         ae:26:d6:47:02:ca:2f:c5:f1:66:40:dd:27:5b:56:c5:6c:25:
         b2:97:99:54:03:e6:6a:90:6b:b0:c1:84:5f:84:39:49:91:c4:
         6e:84:41:a5:4c:b6:e4:f6:05:b6:18:06:6b:f4:cc:ee:db:39:
         aa:34:93:7c:88:cc:04:78:49:f6:e6:20:19:30:f6:52:97:de:
         7e:ff:b1:fd:aa:1f:f5:00:45:43:28:d5:0e:d4:3b:06:88:2b:
         4f:ab:3e:a9:b8:36:54:d6:60:bb:c6:df:1e:5d:19:6b:6d:cd:
         4c:32:a4:a2:00:77:f8:0c:be:5c:15:d1:53:cc:79:89:bb:dd:
         01:d8:db:8f:d0:0c:e3:9f:93:87:55:f6:ec:e6:f0:3d:73:66:
         31:b1:25:0d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJNckd6Yb+RbjgxBm6j7IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4NGQ2MWNkMTdlZDkyZTU0YmIzMzk3ZjFlNWE2YjM5MDRh
YzZmMDUwHhcNMjQwMTAxMDgyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDRjODIxYzMzYWFmMGJmMzIzNTQ0MTZmZDBhYmRkMTk1MTQxZDA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAluQUyB+O6EcaeD4pXIEDqlY5Dm6a
u/VGIyX956XPfovukN8Xt1bP86VwfBj5jUc+4ea+bLi9HdZZyJbZvLA0HQYpnSm+
Wfx42E++0lAieJmeb87okfFk9dGstnWtkGqnQ3wD59wt7zf8L8PoiEKzRnP3lgyh
PPPsFGioLSVLaCNfb+bNkzOhZ6ymth2zB1u2fyhGDFgh3TNmurPNVSQ/Z7v+rf5y
GkUTT9yzXXeNfSVycm3ftLid0zNy9Sv/UWzYSopgFKwmQmFtWcVIyMd8gzboUr6M
6tQGYN3HqMPaqxxINGWD8UTZrE0Vlo4p3qHhy+1JqBVYf6MP+325KNnDCwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFERMghwzqvC/MjVEFv0KvdGVFB0EMB8GA1UdIwQY
MBaAFMhNYc0X7ZLlS7M5fx5aazkErG8FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUUxaHpSZnRrdVZMc3psX0hscHJPUVNzYndVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS84OGVhZTgtNGI4Ni00Mzg5LWFhZGIt
YzI1Nzc5MmRhZGM0LzEvUkV5Q0hET3E4TDh5TlVRV19RcTkwWlVVSFFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS84OGVhZTgtNGI4Ni00Mzg5LWFhZGItYzI1Nzc5MmRhZGM0
LzEveUUxaHpSZnRrdVZMc3psX0hscHJPUVNzYndVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDXV8IAwQD
l+zQMA0GCSqGSIb3DQEBCwUAA4IBAQAYFPpNQAelsRt9JecHL3oKBKdpXMkdO2r5
rpKzEn8UK5M53h8Euy0c8HydsyNNL0K2pxajX64ADvrKB461aRZU+nu2ZVlTUthb
EgSeGjQPdZuGch1sUEPJMe1vfaEH9ZOWFtBKLOxqaBRLstuuJtZHAsovxfFmQN0n
W1bFbCWyl5lUA+ZqkGuwwYRfhDlJkcRuhEGlTLbk9gW2GAZr9Mzu2zmqNJN8iMwE
eEn25iAZMPZSl95+/7H9qh/1AEVDKNUO1DsGiCtPqz6puDZU1mC7xt8eXRlrbc1M
MqSiAHf4DL5cFdFTzHmJu90B2NuP0Azjn5OHVfbs5vA9c2YxsSUN
-----END CERTIFICATE-----