Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/51ba27-25e2-4727-a4b5-3fbc9759eb6a/1/tRhe-hYMpxPhXw5Ksjo52U4YbEk.roa
File:                     tRhe-hYMpxPhXw5Ksjo52U4YbEk.roa (raw, json)
Hash identifier:          e7gaKGnC7CQW8aoSpG0FA1lKlnY/8KNGKqvOJRg0yE8=
Subject key identifier:   B5:18:5E:FA:16:0C:A7:13:E1:5F:0E:4A:B2:3A:39:D9:4E:18:6C:49
Certificate issuer:       /CN=6c32dc9e5249fb41c47df4914121a9b1a6aef1ff
Certificate serial:       018CC26D363F1CBB16E893DD7EC7290EC7E6
Authority key identifier: 6C:32:DC:9E:52:49:FB:41:C4:7D:F4:91:41:21:A9:B1:A6:AE:F1:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bDLcnlJJ-0HEffSRQSGpsaau8f8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/51ba27-25e2-4727-a4b5-3fbc9759eb6a/1/tRhe-hYMpxPhXw5Ksjo52U4YbEk.roa
Signing time:             Mon 01 Jan 2024 00:29:46 +0000
ROA not before:           Mon 01 Jan 2024 00:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8426
IP address blocks:        93.93.224.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/51ba27-25e2-4727-a4b5-3fbc9759eb6a/1/bDLcnlJJ-0HEffSRQSGpsaau8f8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/51ba27-25e2-4727-a4b5-3fbc9759eb6a/1/bDLcnlJJ-0HEffSRQSGpsaau8f8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bDLcnlJJ-0HEffSRQSGpsaau8f8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 19:03:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:36:3f:1c:bb:16:e8:93:dd:7e:c7:29:0e:c7:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c32dc9e5249fb41c47df4914121a9b1a6aef1ff
        Validity
            Not Before: Jan  1 00:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5185efa160ca713e15f0e4ab23a39d94e186c49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:f4:2a:61:16:b6:57:16:71:b5:30:be:34:b9:
                    56:5c:06:4a:f9:87:1e:41:20:5a:ec:71:d7:e7:86:
                    91:66:fd:54:57:18:db:c0:05:29:a0:27:c9:86:55:
                    ae:01:75:dc:97:30:66:98:3b:ed:e8:12:7d:2b:97:
                    93:c5:3c:d1:c9:5c:c8:70:0e:9d:72:59:4c:48:4d:
                    01:58:09:7d:51:4b:35:ed:07:94:ba:64:3a:f3:a0:
                    be:14:a8:32:ff:ad:8b:8a:ee:1f:27:e9:76:76:46:
                    3f:dd:bb:08:25:7d:ce:53:55:41:c9:a9:2e:2f:6b:
                    f1:f1:04:31:53:f0:44:db:89:b5:fa:6c:61:9b:9f:
                    0c:64:7d:97:3b:0b:8a:47:88:99:8e:c4:06:97:e5:
                    29:46:15:68:d6:e7:7e:f5:d9:86:51:e0:6a:78:2e:
                    a5:b2:6a:5d:e0:35:65:89:d4:05:54:c4:38:ab:79:
                    fd:c7:b5:e6:30:d3:ac:a6:02:71:87:6b:36:ce:dc:
                    d9:0b:80:67:9f:f5:81:e2:a1:73:0e:af:3e:86:a8:
                    c9:48:df:39:27:d2:2c:ba:6f:53:e0:e2:02:c9:0c:
                    4c:1d:83:32:89:5b:2c:ea:71:4c:24:cb:10:a4:0a:
                    59:31:bb:1a:c2:19:24:36:82:50:dd:ec:19:34:7c:
                    69:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:18:5E:FA:16:0C:A7:13:E1:5F:0E:4A:B2:3A:39:D9:4E:18:6C:49
            X509v3 Authority Key Identifier:
                keyid:6C:32:DC:9E:52:49:FB:41:C4:7D:F4:91:41:21:A9:B1:A6:AE:F1:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bDLcnlJJ-0HEffSRQSGpsaau8f8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/51ba27-25e2-4727-a4b5-3fbc9759eb6a/1/tRhe-hYMpxPhXw5Ksjo52U4YbEk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/51ba27-25e2-4727-a4b5-3fbc9759eb6a/1/bDLcnlJJ-0HEffSRQSGpsaau8f8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.93.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2c:06:02:bb:70:6f:19:84:13:1c:eb:1d:eb:b0:cb:79:29:b5:
         af:33:39:bf:29:8f:d6:b1:a7:4c:98:e2:d7:5a:3e:5d:a9:c1:
         e9:07:93:e8:88:5b:97:19:47:03:38:5f:21:23:f5:86:62:97:
         1f:ca:39:10:d6:f2:46:31:d1:be:ad:82:8c:9f:e9:6d:ec:23:
         3c:e4:1f:21:34:68:f6:9a:d0:18:ae:73:7d:c5:2a:68:e6:27:
         97:2f:d2:e5:00:05:a5:c1:b6:74:f4:29:22:3a:cd:55:ba:84:
         76:a3:0f:40:99:ac:02:4d:f8:bc:c3:e9:2e:b3:40:6a:25:e9:
         4c:25:de:f7:b7:e1:7f:89:d8:2e:3e:43:d1:4e:f2:32:0f:dd:
         c9:33:91:f1:4a:0f:6a:9f:07:a2:af:12:dd:63:19:0e:f9:45:
         37:4e:94:44:17:24:b8:df:d0:59:e5:ca:2d:c3:c4:be:32:b0:
         7a:fa:98:83:af:81:17:47:c6:bb:7f:df:10:76:4c:8e:6a:ff:
         79:67:92:54:29:8d:99:03:77:de:37:d7:bb:89:df:f8:62:09:
         6b:49:08:42:30:d6:13:af:51:14:89:2c:48:45:60:46:0d:94:
         6c:2e:4c:50:3e:bc:82:6a:a9:f0:21:3c:6a:ea:0d:d4:e0:fe:
         30:4e:66:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbTY/HLsW6JPdfscpDsfmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMzJkYzllNTI0OWZiNDFjNDdkZjQ5MTQxMjFhOWIxYTZh
ZWYxZmYwHhcNMjQwMTAxMDAyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTE4NWVmYTE2MGNhNzEzZTE1ZjBlNGFiMjNhMzlkOTRlMTg2YzQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiPQqYRa2VxZxtTC+NLlWXAZK+Yce
QSBa7HHX54aRZv1UVxjbwAUpoCfJhlWuAXXclzBmmDvt6BJ9K5eTxTzRyVzIcA6d
cllMSE0BWAl9UUs17QeUumQ686C+FKgy/62Liu4fJ+l2dkY/3bsIJX3OU1VByaku
L2vx8QQxU/BE24m1+mxhm58MZH2XOwuKR4iZjsQGl+UpRhVo1ud+9dmGUeBqeC6l
smpd4DVlidQFVMQ4q3n9x7XmMNOspgJxh2s2ztzZC4Bnn/WB4qFzDq8+hqjJSN85
J9Isum9T4OICyQxMHYMyiVss6nFMJMsQpApZMbsawhkkNoJQ3ewZNHxprQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLUYXvoWDKcT4V8OSrI6OdlOGGxJMB8GA1UdIwQY
MBaAFGwy3J5SSftBxH30kUEhqbGmrvH/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkRMY25sSkotMEhFZmZTUlFTR3BzYWF1OGY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS81MWJhMjctMjVlMi00NzI3LWE0YjUt
M2ZiYzk3NTllYjZhLzEvdFJoZS1oWU1weFBoWHc1S3NqbzUyVTRZYkVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS81MWJhMjctMjVlMi00NzI3LWE0YjUtM2ZiYzk3NTllYjZh
LzEvYkRMY25sSkotMEhFZmZTUlFTR3BzYWF1OGY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDXV3gMA0G
CSqGSIb3DQEBCwUAA4IBAQAsBgK7cG8ZhBMc6x3rsMt5KbWvMzm/KY/WsadMmOLX
Wj5dqcHpB5PoiFuXGUcDOF8hI/WGYpcfyjkQ1vJGMdG+rYKMn+lt7CM85B8hNGj2
mtAYrnN9xSpo5ieXL9LlAAWlwbZ09CkiOs1VuoR2ow9AmawCTfi8w+kus0BqJelM
Jd73t+F/idguPkPRTvIyD93JM5HxSg9qnweirxLdYxkO+UU3TpREFyS439BZ5cot
w8S+MrB6+piDr4EXR8a7f98QdkyOav95Z5JUKY2ZA3feN9e7id/4YglrSQhCMNYT
r1EUiSxIRWBGDZRsLkxQPryCaqnwITxq6g3U4P4wTmaD
-----END CERTIFICATE-----