Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/DTQiwkcntQ0-txJSsczm1npul-A.roa
File:                     DTQiwkcntQ0-txJSsczm1npul-A.roa (raw, json)
Hash identifier:          QWCspNVgTirKnfJOpI/o+h4B/ap4qwHigQOer6PHRYc=
Subject key identifier:   0D:34:22:C2:47:27:B5:0D:3E:B7:12:52:B1:CC:E6:D6:7A:6E:97:E0
Certificate issuer:       /CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
Certificate serial:       018CC6B8C94FA08B5EA30A5081BBF3816E9B
Authority key identifier: 4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/DTQiwkcntQ0-txJSsczm1npul-A.roa
Signing time:             Mon 01 Jan 2024 20:30:48 +0000
ROA not before:           Mon 01 Jan 2024 20:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209371
IP address blocks:        93.190.11.0/24 maxlen: 24
                          93.190.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:c9:4f:a0:8b:5e:a3:0a:50:81:bb:f3:81:6e:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
        Validity
            Not Before: Jan  1 20:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d3422c24727b50d3eb71252b1cce6d67a6e97e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:79:a7:77:68:c4:40:ef:35:18:95:fa:ab:97:
                    ed:de:45:0e:e4:18:fb:33:0b:df:81:c2:d7:18:8b:
                    23:7f:98:c2:70:3a:6d:95:cf:2d:f3:40:45:db:c7:
                    37:84:cc:50:59:29:e1:47:46:3a:6e:7f:31:4c:ae:
                    5f:0a:e8:f7:ab:1f:7f:0d:0d:30:e2:63:98:0c:0f:
                    18:2d:eb:41:d5:c7:d6:71:30:64:d2:ef:3b:d7:7a:
                    ba:7d:b5:f8:ee:38:5d:6e:f9:ba:cb:d3:32:58:06:
                    c4:c9:fd:00:17:2a:19:53:61:43:cb:e5:06:37:94:
                    2f:d2:7b:fa:25:d3:42:5b:e3:ea:cd:c0:66:28:45:
                    23:5c:2a:0e:28:f8:ea:6f:c0:26:b6:cb:8c:67:21:
                    2d:22:7f:4e:e6:e4:f7:a1:7b:2b:b3:f4:83:88:70:
                    6c:6b:53:be:3c:c1:db:8d:e2:f7:8c:47:17:24:0e:
                    fa:cd:a1:f3:50:9f:27:00:ba:52:8d:37:99:e6:13:
                    48:77:cc:01:9b:08:2e:cc:cb:c3:5a:8e:ce:4d:98:
                    50:fd:0e:b4:1d:dc:89:d5:58:e1:d2:dc:a9:d9:be:
                    46:81:bd:6b:4e:7c:b3:ff:05:f4:99:b7:b8:e6:de:
                    07:5b:ed:a6:a8:e7:53:33:7c:21:bb:80:4e:e3:b3:
                    72:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:34:22:C2:47:27:B5:0D:3E:B7:12:52:B1:CC:E6:D6:7A:6E:97:E0
            X509v3 Authority Key Identifier:
                keyid:4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/DTQiwkcntQ0-txJSsczm1npul-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.190.9.0/24
                  93.190.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:6d:ed:53:25:7a:f0:44:ee:28:27:c2:d7:2d:b7:bf:36:02:
         53:a4:92:45:cc:65:d1:49:45:9b:b5:e5:1b:9a:8b:11:d6:bd:
         ab:fd:d6:1c:8e:14:8f:c4:ab:05:2d:60:bb:c3:24:25:7c:21:
         76:51:fa:cf:90:56:1f:37:82:cc:bf:8e:b2:13:35:70:02:a0:
         17:d6:d4:6f:a6:24:a2:02:8b:94:71:c9:47:48:ef:92:e2:87:
         c9:26:4f:1c:a0:d8:52:52:2c:ec:b2:73:a6:4a:c2:ff:de:f9:
         b0:ac:38:d6:23:9d:87:59:af:41:36:6a:db:ec:3d:09:e7:29:
         b4:78:5d:37:9b:39:54:c4:dd:8e:ac:da:b8:e5:db:4b:53:f7:
         ae:b2:81:31:23:e9:dd:bb:88:ed:7e:5c:46:91:3e:de:d8:03:
         73:1b:89:a6:32:d6:e2:23:fb:b4:f0:00:bf:fd:7f:65:5b:ea:
         85:16:92:c1:d2:13:ac:3e:d1:24:de:a2:d4:ab:93:56:fa:d3:
         63:7c:2d:43:5e:eb:de:f1:48:4e:e8:4b:88:53:ac:ef:a0:4a:
         77:65:e8:82:48:08:37:ff:b0:3d:47:0d:61:6f:24:8e:e3:36:
         1b:2e:c6:8c:ec:52:62:fb:cf:62:de:6b:a6:8d:0d:65:8b:bd:
         aa:9c:6f:e7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGuMlPoIteowpQgbvzgW6bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOTUwOWIzM2RhNTVmM2U1ZDUyODNlYjYyMWQwZDM1ZDdh
ZWVkNWMwHhcNMjQwMTAxMjAzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDM0MjJjMjQ3MjdiNTBkM2ViNzEyNTJiMWNjZTZkNjdhNmU5N2UwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApHmnd2jEQO81GJX6q5ft3kUO5Bj7
MwvfgcLXGIsjf5jCcDptlc8t80BF28c3hMxQWSnhR0Y6bn8xTK5fCuj3qx9/DQ0w
4mOYDA8YLetB1cfWcTBk0u8713q6fbX47jhdbvm6y9MyWAbEyf0AFyoZU2FDy+UG
N5Qv0nv6JdNCW+PqzcBmKEUjXCoOKPjqb8AmtsuMZyEtIn9O5uT3oXsrs/SDiHBs
a1O+PMHbjeL3jEcXJA76zaHzUJ8nALpSjTeZ5hNId8wBmwguzMvDWo7OTZhQ/Q60
HdyJ1Vjh0typ2b5Ggb1rTnyz/wX0mbe45t4HW+2mqOdTM3whu4BO47NynQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA00IsJHJ7UNPrcSUrHM5tZ6bpfgMB8GA1UdIwQY
MBaAFE+VCbM9pV8+XVKD62IdDTXXru1cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQt
NjAxMDdlMmI1MTA5LzEvRFRRaXdrY250UTAtdHhKU3Njem0xbnB1bC1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQtNjAxMDdlMmI1MTA5
LzEvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXb4JAwQA
Xb4LMA0GCSqGSIb3DQEBCwUAA4IBAQC2be1TJXrwRO4oJ8LXLbe/NgJTpJJFzGXR
SUWbteUbmosR1r2r/dYcjhSPxKsFLWC7wyQlfCF2UfrPkFYfN4LMv46yEzVwAqAX
1tRvpiSiAouUcclHSO+S4ofJJk8coNhSUizssnOmSsL/3vmwrDjWI52HWa9BNmrb
7D0J5ym0eF03mzlUxN2OrNq45dtLU/eusoExI+ndu4jtflxGkT7e2ANzG4mmMtbi
I/u08AC//X9lW+qFFpLB0hOsPtEk3qLUq5NW+tNjfC1DXuve8UhO6EuIU6zvoEp3
ZeiCSAg3/7A9Rw1hbySO4zYbLsaM7FJi+89i3mumjQ1li72qnG/n
-----END CERTIFICATE-----