Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/1b90de-2b76-4d0b-9093-2fc35cd1ac2a/1/aN4RXgCqTgAh8zuYQxiHPLK4bUo.roa
File:                     aN4RXgCqTgAh8zuYQxiHPLK4bUo.roa (raw, json)
Hash identifier:          nBIqMbRr01yo02wNsHrh5qw7GSrKB8ZthP1lJMjm2a4=
Subject key identifier:   68:DE:11:5E:00:AA:4E:00:21:F3:3B:98:43:18:87:3C:B2:B8:6D:4A
Certificate issuer:       /CN=08e7d7b3bc4c0791c0cffe3f1555ab773e3ed16e
Certificate serial:       018CC3B6E3EF51B83DE5A474D02701990EFE
Authority key identifier: 08:E7:D7:B3:BC:4C:07:91:C0:CF:FE:3F:15:55:AB:77:3E:3E:D1:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/COfXs7xMB5HAz_4_FVWrdz4-0W4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/1b90de-2b76-4d0b-9093-2fc35cd1ac2a/1/aN4RXgCqTgAh8zuYQxiHPLK4bUo.roa
Signing time:             Mon 01 Jan 2024 06:29:52 +0000
ROA not before:           Mon 01 Jan 2024 06:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57043
IP address blocks:        93.189.228.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/1b90de-2b76-4d0b-9093-2fc35cd1ac2a/1/COfXs7xMB5HAz_4_FVWrdz4-0W4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/1b90de-2b76-4d0b-9093-2fc35cd1ac2a/1/COfXs7xMB5HAz_4_FVWrdz4-0W4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/COfXs7xMB5HAz_4_FVWrdz4-0W4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 28 Jun 2024 09:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:e3:ef:51:b8:3d:e5:a4:74:d0:27:01:99:0e:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08e7d7b3bc4c0791c0cffe3f1555ab773e3ed16e
        Validity
            Not Before: Jan  1 06:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68de115e00aa4e0021f33b984318873cb2b86d4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:bf:c6:1e:c4:9c:ff:07:d1:27:c5:71:53:09:
                    6f:cf:40:f7:1e:e4:65:8b:4b:d5:55:72:16:d7:16:
                    59:46:cf:e7:d7:eb:a1:7d:84:5d:c1:93:53:54:65:
                    62:14:33:d8:33:67:49:2e:de:14:50:f5:14:85:7b:
                    10:95:40:52:db:19:d3:e3:bc:d8:06:70:18:cc:ab:
                    dc:d2:3e:2a:cd:5c:2e:83:71:ec:d0:65:31:b6:6e:
                    2a:3f:2c:fd:a8:f8:34:87:ff:9f:69:ce:0d:3e:4a:
                    61:45:67:99:77:03:a4:20:68:45:af:8f:38:8d:7a:
                    59:25:f1:04:b5:fc:0a:0b:6f:8b:f2:7f:86:ed:97:
                    2c:21:80:13:a3:6a:d8:d2:1e:d8:1b:28:e1:81:b9:
                    2a:3b:8b:f0:33:69:5a:3f:ec:f8:ee:95:86:16:94:
                    52:23:9d:55:d1:45:77:3e:e7:e3:71:1d:b1:cb:c7:
                    dc:e8:59:36:11:aa:57:10:02:b2:1e:34:56:19:69:
                    7a:a5:71:af:86:be:70:64:e4:2d:fd:c6:1b:5c:eb:
                    95:fd:da:8c:a4:24:d0:a9:b8:cc:fa:f8:b4:73:f6:
                    57:8a:6b:85:60:44:5f:e4:6c:64:b2:b1:4b:3c:d6:
                    fe:8c:bc:78:e1:35:83:de:8f:ee:f3:a2:42:e2:32:
                    94:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:DE:11:5E:00:AA:4E:00:21:F3:3B:98:43:18:87:3C:B2:B8:6D:4A
            X509v3 Authority Key Identifier:
                keyid:08:E7:D7:B3:BC:4C:07:91:C0:CF:FE:3F:15:55:AB:77:3E:3E:D1:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/COfXs7xMB5HAz_4_FVWrdz4-0W4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/1b90de-2b76-4d0b-9093-2fc35cd1ac2a/1/aN4RXgCqTgAh8zuYQxiHPLK4bUo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/1b90de-2b76-4d0b-9093-2fc35cd1ac2a/1/COfXs7xMB5HAz_4_FVWrdz4-0W4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.189.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         94:4c:9c:3b:d0:b2:79:35:03:6f:fa:57:d4:6e:24:81:14:03:
         24:96:67:c5:03:a4:c2:2f:60:76:88:5c:06:6a:43:3b:b1:95:
         95:6b:de:da:77:eb:11:74:b6:ec:e2:92:13:68:ef:b0:56:f1:
         72:4c:1c:c8:2c:54:ca:44:9c:c4:df:4e:6a:e5:b6:9f:11:55:
         29:62:94:e2:a5:79:74:5f:4f:bb:98:12:de:77:4f:1d:0b:e9:
         df:fb:a2:eb:02:ac:b3:87:66:95:f0:65:f5:40:a3:c8:6f:41:
         36:5a:cd:32:70:64:17:db:df:e8:d3:46:c1:5a:da:04:88:e1:
         51:3b:b2:e1:ce:d7:41:37:57:a7:54:90:a1:be:db:f5:cd:7a:
         1c:bc:c7:42:53:c8:c8:3e:50:8d:69:41:98:a3:26:a7:6e:e5:
         92:69:10:ea:97:ae:55:0c:13:cd:ae:2b:d5:af:46:e3:ee:77:
         d3:44:d9:fa:05:dc:f5:02:05:9d:1d:1c:79:80:f7:00:8e:27:
         e9:ed:f0:b8:9a:43:f5:b3:2b:01:23:01:a5:75:b1:cf:3c:ef:
         68:25:bf:06:b3:2d:01:7d:b8:53:3f:23:c8:cb:c8:9b:1c:28:
         3f:90:d1:df:f5:fa:ce:74:c7:f0:76:e8:dc:b7:e3:19:b2:41:
         7e:03:44:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtuPvUbg95aR00CcBmQ7+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ZTdkN2IzYmM0YzA3OTFjMGNmZmUzZjE1NTVhYjc3M2Uz
ZWQxNmUwHhcNMjQwMTAxMDYyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGRlMTE1ZTAwYWE0ZTAwMjFmMzNiOTg0MzE4ODczY2IyYjg2ZDRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7/GHsSc/wfRJ8VxUwlvz0D3HuRl
i0vVVXIW1xZZRs/n1+uhfYRdwZNTVGViFDPYM2dJLt4UUPUUhXsQlUBS2xnT47zY
BnAYzKvc0j4qzVwug3Hs0GUxtm4qPyz9qPg0h/+fac4NPkphRWeZdwOkIGhFr484
jXpZJfEEtfwKC2+L8n+G7ZcsIYATo2rY0h7YGyjhgbkqO4vwM2laP+z47pWGFpRS
I51V0UV3PufjcR2xy8fc6Fk2EapXEAKyHjRWGWl6pXGvhr5wZOQt/cYbXOuV/dqM
pCTQqbjM+vi0c/ZXimuFYERf5GxksrFLPNb+jLx44TWD3o/u86JC4jKUiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGjeEV4Aqk4AIfM7mEMYhzyyuG1KMB8GA1UdIwQY
MBaAFAjn17O8TAeRwM/+PxVVq3c+PtFuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ09mWHM3eE1CNUhBel80X0ZWV3JkejQtMFc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8xYjkwZGUtMmI3Ni00ZDBiLTkwOTMt
MmZjMzVjZDFhYzJhLzEvYU40UlhnQ3FUZ0FoOHp1WVF4aUhQTEs0YlVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8xYjkwZGUtMmI3Ni00ZDBiLTkwOTMtMmZjMzVjZDFhYzJh
LzEvQ09mWHM3eE1CNUhBel80X0ZWV3JkejQtMFc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXb3kMA0G
CSqGSIb3DQEBCwUAA4IBAQCUTJw70LJ5NQNv+lfUbiSBFAMklmfFA6TCL2B2iFwG
akM7sZWVa97ad+sRdLbs4pITaO+wVvFyTBzILFTKRJzE305q5bafEVUpYpTipXl0
X0+7mBLed08dC+nf+6LrAqyzh2aV8GX1QKPIb0E2Ws0ycGQX29/o00bBWtoEiOFR
O7LhztdBN1enVJChvtv1zXocvMdCU8jIPlCNaUGYoyanbuWSaRDql65VDBPNrivV
r0bj7nfTRNn6Bdz1AgWdHRx5gPcAjifp7fC4mkP1sysBIwGldbHPPO9oJb8Gsy0B
fbhTPyPIy8ibHCg/kNHf9frOdMfwdujct+MZskF+A0Qs
-----END CERTIFICATE-----