Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/daccc4-36c8-4d4c-8c4e-5760b5d54df9/1/93Ew__CbIEIZb1HOtJD5MuhCl38.roa
File:                     93Ew__CbIEIZb1HOtJD5MuhCl38.roa (raw, json)
Hash identifier:          tBtpsR3YJhPdpifJYMk02041ULJnU+JX8NOsV8qoO7A=
Subject key identifier:   F7:71:30:FF:F0:9B:20:42:19:6F:51:CE:B4:90:F9:32:E8:42:97:7F
Certificate issuer:       /CN=9c72e84c52e5c4909dbc702aa1d212d478875fad
Certificate serial:       018CE48D6657B441CAB2303505857FC43EE8
Authority key identifier: 9C:72:E8:4C:52:E5:C4:90:9D:BC:70:2A:A1:D2:12:D4:78:87:5F:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nHLoTFLlxJCdvHAqodIS1HiHX60.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/daccc4-36c8-4d4c-8c4e-5760b5d54df9/1/93Ew__CbIEIZb1HOtJD5MuhCl38.roa
Signing time:             Sun 07 Jan 2024 15:32:01 +0000
ROA not before:           Sun 07 Jan 2024 15:32:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202685
IP address blocks:        2a06:be40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/daccc4-36c8-4d4c-8c4e-5760b5d54df9/1/nHLoTFLlxJCdvHAqodIS1HiHX60.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/daccc4-36c8-4d4c-8c4e-5760b5d54df9/1/nHLoTFLlxJCdvHAqodIS1HiHX60.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nHLoTFLlxJCdvHAqodIS1HiHX60.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e4:8d:66:57:b4:41:ca:b2:30:35:05:85:7f:c4:3e:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c72e84c52e5c4909dbc702aa1d212d478875fad
        Validity
            Not Before: Jan  7 15:32:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f77130fff09b2042196f51ceb490f932e842977f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:4f:ea:35:80:0a:45:c7:a0:2f:63:4a:39:4e:
                    31:fa:d9:8c:11:b8:7a:81:a0:df:f0:93:f5:4e:78:
                    88:06:63:69:f0:88:11:2a:e6:c4:c0:eb:78:b2:14:
                    bf:15:e8:d9:94:9c:66:b2:7e:6c:68:c7:8a:a1:d8:
                    7d:6c:56:2d:88:47:93:3d:bf:a3:fd:c9:f6:04:0b:
                    22:af:c4:3b:a6:f8:82:c3:e8:43:69:b5:d7:bd:4a:
                    19:a2:d8:dd:a7:cc:64:a4:f3:7e:e0:91:fc:fd:7a:
                    57:18:54:cb:81:84:fa:c5:c3:8d:eb:fc:4c:94:f7:
                    8a:5d:68:21:9c:8e:b5:d8:bb:d4:ba:43:f3:ba:46:
                    1c:3e:c7:88:4a:a5:61:38:f9:db:d9:da:80:5b:b8:
                    df:9f:ee:80:08:a3:76:b5:f6:6c:9d:26:14:19:f1:
                    dc:00:5d:e6:6a:cc:c6:c1:44:85:cd:f3:8b:fe:31:
                    64:c3:2e:2f:0c:66:60:ac:03:07:9b:1a:65:39:66:
                    3e:60:1c:79:22:ff:cf:d5:fd:f1:61:9a:64:98:9c:
                    dc:40:f2:26:cf:47:7c:4a:54:fb:91:af:92:4c:ed:
                    7e:4e:0d:85:ad:8d:69:de:22:8a:6a:48:8f:7d:c8:
                    75:06:84:39:c3:8c:1d:38:9b:33:b7:ed:45:61:a8:
                    5b:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:71:30:FF:F0:9B:20:42:19:6F:51:CE:B4:90:F9:32:E8:42:97:7F
            X509v3 Authority Key Identifier:
                keyid:9C:72:E8:4C:52:E5:C4:90:9D:BC:70:2A:A1:D2:12:D4:78:87:5F:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nHLoTFLlxJCdvHAqodIS1HiHX60.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/daccc4-36c8-4d4c-8c4e-5760b5d54df9/1/93Ew__CbIEIZb1HOtJD5MuhCl38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/daccc4-36c8-4d4c-8c4e-5760b5d54df9/1/nHLoTFLlxJCdvHAqodIS1HiHX60.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:be40::/29

    Signature Algorithm: sha256WithRSAEncryption
         14:3b:d6:fa:17:63:87:a5:f1:fc:59:bd:1e:7e:d3:76:b9:9a:
         31:63:d9:ea:41:7f:4b:31:a1:d9:69:5f:a3:30:4c:1a:33:81:
         f1:2d:ba:22:fe:f5:bd:e8:76:c6:82:f9:9a:47:3b:96:32:19:
         8a:7d:cf:49:54:e4:7f:c5:a8:7b:18:db:92:b3:30:f9:a6:0f:
         4d:6c:c2:12:c8:fb:a2:fe:66:91:d3:53:b7:ed:9e:9c:33:d3:
         2b:a7:2d:5e:9f:cb:1e:66:c7:2a:81:87:31:0d:b8:4e:5b:a3:
         1c:c8:73:67:7f:07:81:88:07:72:52:81:c7:99:88:d6:dd:cf:
         64:5c:3e:9c:c2:eb:84:1d:ce:29:ae:3f:ae:92:4b:15:54:0a:
         52:d3:cc:dc:ad:04:cf:7d:20:d9:9b:47:c7:21:0b:1f:dc:05:
         17:a6:48:77:e4:fb:38:52:08:f9:83:0a:04:25:cf:7d:39:08:
         c2:8c:5f:ad:91:39:9c:23:b9:0c:aa:72:fc:80:a5:6e:7a:78:
         75:55:e3:12:96:ef:10:45:c3:35:fe:39:b7:9a:b4:7a:09:53:
         aa:04:0a:11:a0:71:76:aa:2e:6f:78:64:e3:2c:f5:13:59:d7:
         4b:d7:c9:e6:85:c3:a1:21:7a:42:aa:20:cc:0f:09:42:4d:db:
         28:c0:54:86
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzkjWZXtEHKsjA1BYV/xD7oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNzJlODRjNTJlNWM0OTA5ZGJjNzAyYWExZDIxMmQ0Nzg4
NzVmYWQwHhcNMjQwMTA3MTUzMjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzcxMzBmZmYwOWIyMDQyMTk2ZjUxY2ViNDkwZjkzMmU4NDI5NzdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA50/qNYAKRcegL2NKOU4x+tmMEbh6
gaDf8JP1TniIBmNp8IgRKubEwOt4shS/FejZlJxmsn5saMeKodh9bFYtiEeTPb+j
/cn2BAsir8Q7pviCw+hDabXXvUoZotjdp8xkpPN+4JH8/XpXGFTLgYT6xcON6/xM
lPeKXWghnI612LvUukPzukYcPseISqVhOPnb2dqAW7jfn+6ACKN2tfZsnSYUGfHc
AF3maszGwUSFzfOL/jFkwy4vDGZgrAMHmxplOWY+YBx5Iv/P1f3xYZpkmJzcQPIm
z0d8SlT7ka+STO1+Tg2FrY1p3iKKakiPfch1BoQ5w4wdOJszt+1FYahb3QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPdxMP/wmyBCGW9RzrSQ+TLoQpd/MB8GA1UdIwQY
MBaAFJxy6ExS5cSQnbxwKqHSEtR4h1+tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkhMb1RGTGx4SkNkdkhBcW9kSVMxSGlIWDYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9kYWNjYzQtMzZjOC00ZDRjLThjNGUt
NTc2MGI1ZDU0ZGY5LzEvOTNFd19fQ2JJRUlaYjFIT3RKRDVNdWhDbDM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9kYWNjYzQtMzZjOC00ZDRjLThjNGUtNTc2MGI1ZDU0ZGY5
LzEvbkhMb1RGTGx4SkNkdkhBcW9kSVMxSGlIWDYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKga+QDAN
BgkqhkiG9w0BAQsFAAOCAQEAFDvW+hdjh6Xx/Fm9Hn7TdrmaMWPZ6kF/SzGh2Wlf
ozBMGjOB8S26Iv71veh2xoL5mkc7ljIZin3PSVTkf8WoexjbkrMw+aYPTWzCEsj7
ov5mkdNTt+2enDPTK6ctXp/LHmbHKoGHMQ24TlujHMhzZ38HgYgHclKBx5mI1t3P
ZFw+nMLrhB3OKa4/rpJLFVQKUtPM3K0Ez30g2ZtHxyELH9wFF6ZId+T7OFII+YMK
BCXPfTkIwoxfrZE5nCO5DKpy/IClbnp4dVXjEpbvEEXDNf45t5q0eglTqgQKEaBx
dqoub3hk4yz1E1nXS9fJ5oXDoSF6QqogzA8JQk3bKMBUhg==
-----END CERTIFICATE-----