Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/51ba27-25e2-4727-a4b5-3fbc9759eb6a/1/iTC8-eoJBSchxjWASjgkfJDQHL0.roa
File:                     iTC8-eoJBSchxjWASjgkfJDQHL0.roa (raw, json)
Hash identifier:          ObLDQOnSk1TDLa+4oUsofqjbdHooMDEnrQvVg76NYO4=
Subject key identifier:   89:30:BC:F9:EA:09:05:27:21:C6:35:80:4A:38:24:7C:90:D0:1C:BD
Certificate issuer:       /CN=6c32dc9e5249fb41c47df4914121a9b1a6aef1ff
Certificate serial:       018CC26D3756CDE7814952ADC86B801245D2
Authority key identifier: 6C:32:DC:9E:52:49:FB:41:C4:7D:F4:91:41:21:A9:B1:A6:AE:F1:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bDLcnlJJ-0HEffSRQSGpsaau8f8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/51ba27-25e2-4727-a4b5-3fbc9759eb6a/1/iTC8-eoJBSchxjWASjgkfJDQHL0.roa
Signing time:             Mon 01 Jan 2024 00:29:46 +0000
ROA not before:           Mon 01 Jan 2024 00:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        93.93.224.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/51ba27-25e2-4727-a4b5-3fbc9759eb6a/1/bDLcnlJJ-0HEffSRQSGpsaau8f8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/51ba27-25e2-4727-a4b5-3fbc9759eb6a/1/bDLcnlJJ-0HEffSRQSGpsaau8f8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bDLcnlJJ-0HEffSRQSGpsaau8f8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:37:56:cd:e7:81:49:52:ad:c8:6b:80:12:45:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c32dc9e5249fb41c47df4914121a9b1a6aef1ff
        Validity
            Not Before: Jan  1 00:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8930bcf9ea09052721c635804a38247c90d01cbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:3a:0e:5d:dd:57:7a:07:d3:cc:15:7f:12:8a:
                    e5:3b:97:1f:69:89:d8:a3:f8:d5:c6:a3:03:15:96:
                    af:15:84:e8:21:fb:80:c8:9c:b4:12:77:f8:a9:fc:
                    91:04:2e:87:f5:cc:f8:ed:19:44:88:a1:13:90:26:
                    fd:1f:49:16:6a:77:38:a1:83:f0:4f:e6:28:a6:10:
                    aa:b4:90:20:3c:bc:f8:47:e7:64:7f:31:49:46:39:
                    e0:ed:a8:5a:05:fa:0d:cd:1c:a0:c0:53:16:86:05:
                    c7:29:da:60:2a:bd:f5:e4:ce:29:90:ed:be:10:0b:
                    2a:ea:ad:f0:4e:b7:d0:64:7c:5f:dc:3a:37:59:8e:
                    d4:34:32:95:65:21:e7:a6:06:4b:0a:57:a6:59:47:
                    40:40:13:6b:74:5f:26:38:31:30:97:d9:5d:18:ad:
                    df:15:a1:f1:13:c9:73:be:0b:0a:07:41:53:e7:9a:
                    26:80:9a:fa:9c:91:e0:5e:08:17:5e:7c:fd:38:c0:
                    55:aa:b7:85:05:c7:b9:b7:97:03:d2:d7:2a:4f:2b:
                    12:b1:a2:1f:b5:a8:bc:46:13:28:7f:d2:04:22:90:
                    bb:28:bd:b4:75:43:2e:4d:0b:cb:e4:74:03:79:0a:
                    69:13:fb:49:27:ba:2f:a3:f4:e3:df:11:1b:e4:79:
                    90:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:30:BC:F9:EA:09:05:27:21:C6:35:80:4A:38:24:7C:90:D0:1C:BD
            X509v3 Authority Key Identifier:
                keyid:6C:32:DC:9E:52:49:FB:41:C4:7D:F4:91:41:21:A9:B1:A6:AE:F1:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bDLcnlJJ-0HEffSRQSGpsaau8f8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/51ba27-25e2-4727-a4b5-3fbc9759eb6a/1/iTC8-eoJBSchxjWASjgkfJDQHL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/51ba27-25e2-4727-a4b5-3fbc9759eb6a/1/bDLcnlJJ-0HEffSRQSGpsaau8f8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.93.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         07:32:69:7e:b4:4b:35:9d:5c:a1:35:5f:98:88:e1:87:bb:5f:
         a9:48:e2:19:d0:d6:86:a1:a1:d8:63:d8:7b:2c:3f:27:51:71:
         63:1c:47:60:11:da:22:c1:29:2e:14:78:ab:f4:b4:ac:27:53:
         8d:85:42:7a:81:37:6c:e5:46:70:99:60:c6:81:6a:7d:33:f6:
         4b:73:8e:23:2c:92:61:bf:01:0f:23:88:f0:54:86:0f:be:37:
         d3:fa:92:9b:70:2a:d1:17:71:36:21:61:d6:93:fd:8f:9d:fa:
         09:16:8f:47:62:4b:42:e9:90:fa:d7:12:0d:d1:61:ab:16:a6:
         0b:ef:bb:74:bd:4d:6a:d2:65:3e:c1:f1:b1:96:de:df:fd:b7:
         1d:aa:5c:1a:82:9e:8d:67:96:79:96:96:55:04:66:6e:d4:10:
         ce:66:58:69:6a:f8:d5:e6:dc:fc:ac:c9:94:b6:5d:38:02:32:
         fa:c0:ff:8f:cf:33:d1:f6:5b:cf:60:3a:15:13:93:18:da:70:
         d7:1b:fc:47:d3:94:ac:42:5e:37:0d:e7:e8:4f:76:61:6a:84:
         c6:9c:b1:c0:25:7d:96:b2:8a:75:bf:7c:25:68:f4:75:ef:ab:
         e1:2c:7c:36:82:4e:64:b6:57:04:9d:57:92:4e:69:69:c3:ee:
         b0:12:76:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbTdWzeeBSVKtyGuAEkXSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMzJkYzllNTI0OWZiNDFjNDdkZjQ5MTQxMjFhOWIxYTZh
ZWYxZmYwHhcNMjQwMTAxMDAyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTMwYmNmOWVhMDkwNTI3MjFjNjM1ODA0YTM4MjQ3YzkwZDAxY2JkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxjoOXd1XegfTzBV/EorlO5cfaYnY
o/jVxqMDFZavFYToIfuAyJy0Enf4qfyRBC6H9cz47RlEiKETkCb9H0kWanc4oYPw
T+YophCqtJAgPLz4R+dkfzFJRjng7ahaBfoNzRygwFMWhgXHKdpgKr315M4pkO2+
EAsq6q3wTrfQZHxf3Do3WY7UNDKVZSHnpgZLClemWUdAQBNrdF8mODEwl9ldGK3f
FaHxE8lzvgsKB0FT55omgJr6nJHgXggXXnz9OMBVqreFBce5t5cD0tcqTysSsaIf
tai8RhMof9IEIpC7KL20dUMuTQvL5HQDeQppE/tJJ7ovo/Tj3xEb5HmQ/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIkwvPnqCQUnIcY1gEo4JHyQ0By9MB8GA1UdIwQY
MBaAFGwy3J5SSftBxH30kUEhqbGmrvH/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkRMY25sSkotMEhFZmZTUlFTR3BzYWF1OGY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS81MWJhMjctMjVlMi00NzI3LWE0YjUt
M2ZiYzk3NTllYjZhLzEvaVRDOC1lb0pCU2NoeGpXQVNqZ2tmSkRRSEwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS81MWJhMjctMjVlMi00NzI3LWE0YjUtM2ZiYzk3NTllYjZh
LzEvYkRMY25sSkotMEhFZmZTUlFTR3BzYWF1OGY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDXV3gMA0G
CSqGSIb3DQEBCwUAA4IBAQAHMml+tEs1nVyhNV+YiOGHu1+pSOIZ0NaGoaHYY9h7
LD8nUXFjHEdgEdoiwSkuFHir9LSsJ1ONhUJ6gTds5UZwmWDGgWp9M/ZLc44jLJJh
vwEPI4jwVIYPvjfT+pKbcCrRF3E2IWHWk/2PnfoJFo9HYktC6ZD61xIN0WGrFqYL
77t0vU1q0mU+wfGxlt7f/bcdqlwagp6NZ5Z5lpZVBGZu1BDOZlhpavjV5tz8rMmU
tl04AjL6wP+PzzPR9lvPYDoVE5MY2nDXG/xH05SsQl43DefoT3ZhaoTGnLHAJX2W
sop1v3wlaPR176vhLHw2gk5ktlcEnVeSTmlpw+6wEnZm
-----END CERTIFICATE-----