Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/Ejn1M3FPcV6KvG0rsiCB23C7u9w.roa
File:                     Ejn1M3FPcV6KvG0rsiCB23C7u9w.roa (raw, json)
Hash identifier:          VtCxBSw4MY3BbYZZlH/vWGsb36IjVfcUyawYAXeJv3g=
Subject key identifier:   12:39:F5:33:71:4F:71:5E:8A:BC:6D:2B:B2:20:81:DB:70:BB:BB:DC
Certificate issuer:       /CN=979f5ca8c33f134c3c157d48b9c2ae4e91b630bf
Certificate serial:       018E4221098E14FE5F0F145A9CEDFDC581D0
Authority key identifier: 97:9F:5C:A8:C3:3F:13:4C:3C:15:7D:48:B9:C2:AE:4E:91:B6:30:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l59cqMM_E0w8FX1IucKuTpG2ML8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/Ejn1M3FPcV6KvG0rsiCB23C7u9w.roa
Signing time:             Fri 15 Mar 2024 12:40:45 +0000
ROA not before:           Fri 15 Mar 2024 12:40:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215446
IP address blocks:        188.93.192.0/22 maxlen: 24
                          2a0e:5f07::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/l59cqMM_E0w8FX1IucKuTpG2ML8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/l59cqMM_E0w8FX1IucKuTpG2ML8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l59cqMM_E0w8FX1IucKuTpG2ML8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:42:21:09:8e:14:fe:5f:0f:14:5a:9c:ed:fd:c5:81:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=979f5ca8c33f134c3c157d48b9c2ae4e91b630bf
        Validity
            Not Before: Mar 15 12:40:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1239f533714f715e8abc6d2bb22081db70bbbbdc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:88:f6:cf:54:85:d9:8e:48:d5:40:07:78:dd:
                    bf:a9:79:0f:a7:3f:62:cd:23:b9:1d:e1:9d:60:57:
                    7c:43:3e:a4:05:c8:90:e7:fd:e2:9f:d4:6e:8c:4e:
                    cf:dd:b0:8f:e3:24:d3:b5:e2:43:9d:31:82:24:bb:
                    e6:b1:db:a0:1b:c4:a7:bf:39:0a:dc:f7:91:0f:a8:
                    15:70:cb:b4:f0:7b:25:fc:6c:04:33:7c:2e:ed:8d:
                    11:a7:03:89:9c:9a:f1:f1:51:0c:f7:94:24:74:2b:
                    16:64:f9:d4:14:9b:e4:b6:59:32:9f:4b:63:7a:ac:
                    12:f7:ea:43:6d:46:4f:f1:9d:a2:d1:39:25:cf:87:
                    c5:95:ee:29:28:3e:7e:c5:ae:a6:4a:86:37:f6:e1:
                    e4:a2:75:b5:db:51:03:f6:13:62:13:3c:60:8c:ff:
                    df:59:e0:80:4b:64:53:ec:91:53:d5:ef:63:bb:3e:
                    3d:15:e6:c9:b3:f5:02:5e:4e:4f:0a:da:fb:7e:88:
                    b5:5a:29:14:5c:b0:6c:ad:fc:c9:24:a3:45:3f:39:
                    f1:c0:79:74:f1:95:0e:6e:72:4c:50:b3:92:77:c1:
                    82:84:34:2e:1c:8e:46:f8:4a:af:c0:9f:28:d6:2b:
                    b4:03:5b:c5:ba:92:21:5f:57:35:11:09:b3:a8:04:
                    5f:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:39:F5:33:71:4F:71:5E:8A:BC:6D:2B:B2:20:81:DB:70:BB:BB:DC
            X509v3 Authority Key Identifier:
                keyid:97:9F:5C:A8:C3:3F:13:4C:3C:15:7D:48:B9:C2:AE:4E:91:B6:30:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l59cqMM_E0w8FX1IucKuTpG2ML8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/Ejn1M3FPcV6KvG0rsiCB23C7u9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/l59cqMM_E0w8FX1IucKuTpG2ML8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.93.192.0/22
                IPv6:
                  2a0e:5f07::/32

    Signature Algorithm: sha256WithRSAEncryption
         45:89:6b:9d:bb:06:6c:72:d5:c4:53:b9:c7:b6:41:a8:e3:2f:
         cb:4c:f2:a2:1d:ef:f1:8f:07:54:d0:17:a4:50:41:b1:38:c1:
         1d:82:d5:b6:f2:d5:df:55:a0:d8:86:44:dc:72:f4:6e:2c:db:
         77:59:9d:86:d2:19:c4:4f:88:05:c9:97:d6:53:90:89:8c:28:
         ef:e3:ab:63:65:5f:b5:49:32:69:48:22:4c:68:7c:20:04:68:
         52:7b:67:a0:ed:8f:62:70:a2:8b:e6:6f:b9:5f:94:68:e3:ac:
         74:66:9f:66:ec:ec:6c:ef:92:a3:b3:30:cb:63:82:31:21:ce:
         7c:a8:dc:ec:16:6b:8a:cb:31:9d:ff:59:8a:7b:81:75:49:03:
         30:62:9b:2a:62:cf:00:d0:00:cb:d5:87:8c:5b:88:fe:5d:3c:
         cf:bc:b4:5e:c8:4b:f4:19:b1:71:97:c5:78:7d:53:8a:2e:b7:
         7d:b7:7a:28:2c:4a:46:e8:9a:ac:80:19:fc:fd:4b:1f:88:a8:
         81:8d:dd:f4:b0:c0:4f:1f:d8:17:ff:b4:fd:5d:fd:e2:a8:2a:
         46:88:c4:89:01:ae:43:f5:e7:08:fc:f7:ea:f3:e6:d5:8b:18:
         73:96:30:dc:f4:d9:1e:75:da:bc:4a:d0:10:af:78:8c:9d:83:
         f5:50:45:46
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY5CIQmOFP5fDxRanO39xYHQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3OWY1Y2E4YzMzZjEzNGMzYzE1N2Q0OGI5YzJhZTRlOTFi
NjMwYmYwHhcNMjQwMzE1MTI0MDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjM5ZjUzMzcxNGY3MTVlOGFiYzZkMmJiMjIwODFkYjcwYmJiYmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjIj2z1SF2Y5I1UAHeN2/qXkPpz9i
zSO5HeGdYFd8Qz6kBciQ5/3in9RujE7P3bCP4yTTteJDnTGCJLvmsdugG8SnvzkK
3PeRD6gVcMu08Hsl/GwEM3wu7Y0RpwOJnJrx8VEM95QkdCsWZPnUFJvktlkyn0tj
eqwS9+pDbUZP8Z2i0Tklz4fFle4pKD5+xa6mSoY39uHkonW121ED9hNiEzxgjP/f
WeCAS2RT7JFT1e9juz49FebJs/UCXk5PCtr7foi1WikUXLBsrfzJJKNFPznxwHl0
8ZUObnJMULOSd8GChDQuHI5G+EqvwJ8o1iu0A1vFupIhX1c1EQmzqARf4wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBI59TNxT3FeirxtK7Iggdtwu7vcMB8GA1UdIwQY
MBaAFJefXKjDPxNMPBV9SLnCrk6RtjC/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDU5Y3FNTV9FMHc4RlgxSXVjS3VUcEcyTUw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9mNjU2MTAtNTlmNi00YWQ2LWE5ZDgt
MTQ3MGFjMzY0ZGQyLzEvRWpuMU0zRlBjVjZLdkcwcnNpQ0IyM0M3dTl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9mNjU2MTAtNTlmNi00YWQ2LWE5ZDgtMTQ3MGFjMzY0ZGQy
LzEvbDU5Y3FNTV9FMHc4RlgxSXVjS3VUcEcyTUw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCvF3AMA0E
AgACMAcDBQAqDl8HMA0GCSqGSIb3DQEBCwUAA4IBAQBFiWuduwZsctXEU7nHtkGo
4y/LTPKiHe/xjwdU0BekUEGxOMEdgtW28tXfVaDYhkTccvRuLNt3WZ2G0hnET4gF
yZfWU5CJjCjv46tjZV+1STJpSCJMaHwgBGhSe2eg7Y9icKKL5m+5X5Ro46x0Zp9m
7Oxs75KjszDLY4IxIc58qNzsFmuKyzGd/1mKe4F1SQMwYpsqYs8A0ADL1YeMW4j+
XTzPvLReyEv0GbFxl8V4fVOKLrd9t3ooLEpG6JqsgBn8/UsfiKiBjd30sMBPH9gX
/7T9Xf3iqCpGiMSJAa5D9ecI/Pfq8+bVixhzljDc9Nkeddq8StAQr3iMnYP1UEVG
-----END CERTIFICATE-----