Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/l6zmYK2PF82znFxr2mecy_CnaYg.roa
File:                     l6zmYK2PF82znFxr2mecy_CnaYg.roa (raw, json)
Hash identifier:          2N6MVon2wIOmgVoxHIIDck8D32Szl7+6hN6T0+4Rpi8=
Subject key identifier:   97:AC:E6:60:AD:8F:17:CD:B3:9C:5C:6B:DA:67:9C:CB:F0:A7:69:88
Certificate issuer:       /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial:       018CC80137DB9D2EF5C2532C5130DFF5F3AA
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/l6zmYK2PF82znFxr2mecy_CnaYg.roa
Signing time:             Tue 02 Jan 2024 02:29:32 +0000
ROA not before:           Tue 02 Jan 2024 02:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61157
IP address blocks:        85.93.66.0/24 maxlen: 24
                          85.93.65.0/24 maxlen: 24
                          85.93.67.0/24 maxlen: 24
                          85.93.80.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:02:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:37:db:9d:2e:f5:c2:53:2c:51:30:df:f5:f3:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
        Validity
            Not Before: Jan  2 02:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=97ace660ad8f17cdb39c5c6bda679ccbf0a76988
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:5b:69:68:24:b1:cd:28:8f:81:6e:63:6a:a4:
                    83:7e:cc:75:a1:2d:30:56:48:47:3b:a5:0b:9f:47:
                    c5:61:6e:63:90:16:31:80:2e:71:f8:a7:3a:02:f4:
                    3d:e8:bb:a8:26:67:d1:04:94:d8:17:fb:eb:e6:5f:
                    bf:9d:6c:96:9e:8c:a6:d7:51:7c:02:4d:ba:9b:83:
                    6a:dd:26:f9:8c:18:20:ed:b5:ca:fd:55:bb:2c:c3:
                    38:e5:91:18:d4:36:70:d0:d2:26:ae:bb:56:e4:85:
                    28:4f:b7:e0:29:08:83:ec:48:8e:e1:a9:39:d2:aa:
                    dc:75:bf:0d:3d:35:fb:a9:9d:b9:8a:6b:62:3f:5a:
                    45:6b:b4:43:72:f4:82:70:77:c5:dd:92:2f:fa:67:
                    f5:75:21:17:b4:bb:53:a3:94:68:4d:15:2e:6b:ef:
                    b1:8c:13:f0:db:54:2c:0d:cd:08:83:f4:26:aa:90:
                    d3:63:28:75:fd:df:92:8f:b3:07:69:c8:c7:51:0c:
                    c9:a7:31:a9:9b:fa:00:7e:4b:d1:89:bd:cc:7e:9f:
                    8a:a5:ec:14:1c:85:31:8e:44:55:6f:7e:ee:3f:8f:
                    42:d9:16:2f:f1:45:70:7a:d8:8e:8f:49:18:90:a3:
                    35:e3:2e:3e:f0:c6:4d:f4:b5:04:3b:f8:bb:fa:e2:
                    d7:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:AC:E6:60:AD:8F:17:CD:B3:9C:5C:6B:DA:67:9C:CB:F0:A7:69:88
            X509v3 Authority Key Identifier:
                keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/l6zmYK2PF82znFxr2mecy_CnaYg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.93.65.0-85.93.67.255
                  85.93.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:c0:2f:51:75:10:5d:d5:1e:f8:18:85:3a:8e:52:34:3d:a1:
         ab:58:dc:6e:7a:c8:36:09:5a:51:50:22:74:77:f9:1f:01:93:
         e6:5c:0e:23:4f:d5:ca:09:f8:42:02:b0:00:36:93:df:e4:c5:
         00:9b:06:79:07:e4:df:da:1d:4b:63:af:7a:55:b4:a5:f2:4c:
         0a:21:ca:9e:84:db:24:47:aa:12:90:69:5b:58:68:1b:71:50:
         24:2e:99:16:cc:40:07:57:49:46:2b:cc:08:58:5f:83:b3:17:
         7c:fa:f1:0f:91:b9:0b:a6:c1:d5:86:95:2f:1c:af:1a:eb:53:
         aa:1c:8d:8d:d4:b8:ab:10:fc:80:48:d5:7c:ce:ac:80:d5:65:
         da:a1:1d:a5:c0:12:7e:c8:ff:37:80:38:01:73:56:d9:3a:04:
         8d:41:de:1e:73:52:27:fe:82:7e:e0:a4:45:f4:23:97:99:28:
         f4:af:9d:17:ac:2a:44:46:55:ad:33:2d:a9:f2:ed:76:d9:60:
         d5:59:bc:39:0e:e0:9a:c3:f8:7c:e7:5a:2b:d3:9a:38:db:b7:
         10:ef:55:f0:70:3c:a0:72:56:af:9e:91:fd:90:70:63:02:89:
         b3:26:b8:13:63:48:8d:b8:a4:cd:b1:86:01:e1:e7:b6:73:dd:
         90:aa:27:64
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzIATfbnS71wlMsUTDf9fOqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmVkMGZiN2IzMjA4MzJhYzE1ODA1MzRjN2IyNjNmMzA0
ZTk4MWIwHhcNMjQwMTAyMDIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2FjZTY2MGFkOGYxN2NkYjM5YzVjNmJkYTY3OWNjYmYwYTc2OTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFtpaCSxzSiPgW5jaqSDfsx1oS0w
VkhHO6ULn0fFYW5jkBYxgC5x+Kc6AvQ96LuoJmfRBJTYF/vr5l+/nWyWnoym11F8
Ak26m4Nq3Sb5jBgg7bXK/VW7LMM45ZEY1DZw0NImrrtW5IUoT7fgKQiD7EiO4ak5
0qrcdb8NPTX7qZ25imtiP1pFa7RDcvSCcHfF3ZIv+mf1dSEXtLtTo5RoTRUua++x
jBPw21QsDc0Ig/QmqpDTYyh1/d+Sj7MHacjHUQzJpzGpm/oAfkvRib3Mfp+KpewU
HIUxjkRVb37uP49C2RYv8UVwetiOj0kYkKM14y4+8MZN9LUEO/i7+uLXVwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFJes5mCtjxfNs5xca9pnnMvwp2mIMB8GA1UdIwQY
MBaAFLpu0Pt7MggyrBWAU0x7Jj8wTpgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQt
MTYxZjM0MjM4N2QxLzEvbDZ6bVlLMlBGODJ6bkZ4cjJtZWN5X0NuYVlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQtMTYxZjM0MjM4N2Qx
LzEvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBABVXUED
BAJVXUADBABVXVAwDQYJKoZIhvcNAQELBQADggEBABHAL1F1EF3VHvgYhTqOUjQ9
oatY3G56yDYJWlFQInR3+R8Bk+ZcDiNP1coJ+EICsAA2k9/kxQCbBnkH5N/aHUtj
r3pVtKXyTAohyp6E2yRHqhKQaVtYaBtxUCQumRbMQAdXSUYrzAhYX4OzF3z68Q+R
uQumwdWGlS8crxrrU6ocjY3UuKsQ/IBI1XzOrIDVZdqhHaXAEn7I/zeAOAFzVtk6
BI1B3h5zUif+gn7gpEX0I5eZKPSvnResKkRGVa0zLany7XbZYNVZvDkO4JrD+Hzn
WivTmjjbtxDvVfBwPKByVq+ekf2QcGMCibMmuBNjSI24pM2xhgHh57Zz3ZCqJ2Q=
-----END CERTIFICATE-----