Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/343379-f8e1-4be6-be01-f83946c2c82e/1/l0kAn8ApI2SNAoJbZCIEyIXuAX4.roa
File:                     l0kAn8ApI2SNAoJbZCIEyIXuAX4.roa (raw, json)
Hash identifier:          B0SI0CCL7BAZvHBp4fUMaxE46b5MHfw4w3OsX4XuXk4=
Subject key identifier:   97:49:00:9F:C0:29:23:64:8D:02:82:5B:64:22:04:C8:85:EE:01:7E
Certificate issuer:       /CN=8c2289ae0b10629350da0a50e87b389109f16c2e
Certificate serial:       019426D94CF88ED5E5D4A78C68BBA046C754
Authority key identifier: 8C:22:89:AE:0B:10:62:93:50:DA:0A:50:E8:7B:38:91:09:F1:6C:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jCKJrgsQYpNQ2gpQ6Hs4kQnxbC4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/343379-f8e1-4be6-be01-f83946c2c82e/1/l0kAn8ApI2SNAoJbZCIEyIXuAX4.roa
Signing time:             Thu 02 Jan 2025 11:49:22 +0000
ROA not before:           Thu 02 Jan 2025 11:49:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44542
IP address blocks:        93.92.136.0/21 maxlen: 24
                          93.92.136.0/22 maxlen: 22
                          93.92.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/343379-f8e1-4be6-be01-f83946c2c82e/1/jCKJrgsQYpNQ2gpQ6Hs4kQnxbC4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/343379-f8e1-4be6-be01-f83946c2c82e/1/jCKJrgsQYpNQ2gpQ6Hs4kQnxbC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jCKJrgsQYpNQ2gpQ6Hs4kQnxbC4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:4c:f8:8e:d5:e5:d4:a7:8c:68:bb:a0:46:c7:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c2289ae0b10629350da0a50e87b389109f16c2e
        Validity
            Not Before: Jan  2 11:49:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9749009fc02923648d02825b642204c885ee017e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:1c:53:ab:09:d3:b2:f4:21:89:aa:c7:a3:cb:
                    88:81:dd:12:b5:a2:1f:6b:9e:57:26:0e:14:1f:d2:
                    c2:bf:e7:6a:8d:ba:f7:86:5c:ba:73:12:34:a5:e6:
                    4a:58:9e:c2:dd:30:10:88:4e:81:54:6e:b9:1e:ef:
                    84:5c:bb:74:f3:47:f4:22:97:b1:27:64:dd:25:14:
                    17:bc:8e:d7:1e:7e:1a:9e:52:87:53:2d:a1:ab:0b:
                    d3:b2:db:c5:9f:a6:6e:92:c2:77:83:fd:ab:ce:c4:
                    54:74:c3:bc:0e:9b:8e:0f:54:6b:75:d4:f7:18:14:
                    01:12:34:28:ad:1f:73:32:60:82:91:d8:0b:a9:6e:
                    e9:b1:7c:ba:58:b1:cd:20:bb:a1:b7:f7:33:a7:c5:
                    73:62:69:89:75:ad:74:1a:1f:22:76:11:ef:8b:32:
                    0c:2a:87:55:3d:78:99:5f:ee:68:17:ea:57:f2:22:
                    b8:cf:ac:e7:59:f1:96:64:9b:0b:d1:bc:2b:9a:ac:
                    f6:27:c6:e9:c9:37:de:38:1f:2a:ef:4e:80:aa:33:
                    9e:b4:57:e4:7d:6b:e0:3e:6c:6d:10:b8:57:3f:0b:
                    28:9c:47:53:b0:53:bf:75:cc:57:28:83:7c:15:db:
                    60:f4:5f:fd:92:d3:37:8f:6d:7e:e5:38:46:0a:7a:
                    f3:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:49:00:9F:C0:29:23:64:8D:02:82:5B:64:22:04:C8:85:EE:01:7E
            X509v3 Authority Key Identifier:
                keyid:8C:22:89:AE:0B:10:62:93:50:DA:0A:50:E8:7B:38:91:09:F1:6C:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jCKJrgsQYpNQ2gpQ6Hs4kQnxbC4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/343379-f8e1-4be6-be01-f83946c2c82e/1/l0kAn8ApI2SNAoJbZCIEyIXuAX4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/343379-f8e1-4be6-be01-f83946c2c82e/1/jCKJrgsQYpNQ2gpQ6Hs4kQnxbC4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.92.136.0/21

    Signature Algorithm: sha256WithRSAEncryption
         45:07:05:bf:7d:b3:c8:3d:ec:43:e3:ae:f2:dd:eb:4c:13:4b:
         2a:fd:c7:07:f6:c1:d7:e2:b9:f0:e8:b0:18:b1:61:47:aa:29:
         3a:79:7b:6a:0e:78:63:5a:c8:88:76:1e:92:db:a2:44:f0:c6:
         f6:ab:79:a2:ec:df:82:c9:c4:5e:2d:2c:2d:85:18:68:17:8e:
         cd:25:9f:0d:a1:2a:2b:97:00:da:df:45:c4:69:5d:67:6c:1d:
         af:19:19:dc:99:03:15:4e:b7:aa:34:20:70:31:92:4a:6b:b8:
         29:aa:06:22:e0:1e:52:04:d3:e5:7c:da:28:42:f8:28:81:c4:
         47:35:2f:00:a0:68:39:71:10:2e:3a:91:1e:ab:6c:78:3c:23:
         74:ef:ab:cc:94:47:aa:4e:91:51:8a:83:9e:71:be:7f:88:58:
         f5:58:c2:04:67:c6:2a:94:b3:ce:77:6a:7c:e8:95:dc:7b:62:
         38:92:84:7b:ad:be:96:1c:d7:cf:5e:82:0b:71:74:b8:72:bd:
         7a:b4:d7:0c:17:48:12:c9:ee:15:08:2d:a8:69:16:08:84:59:
         90:17:78:72:60:a0:97:4e:b1:ea:eb:4b:a2:86:47:b5:50:e4:
         22:48:fe:79:5d:55:76:ba:d3:ad:e0:67:c1:81:a8:77:13:e2:
         5c:2f:89:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2Uz4jtXl1KeMaLugRsdUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjMjI4OWFlMGIxMDYyOTM1MGRhMGE1MGU4N2IzODkxMDlm
MTZjMmUwHhcNMjUwMTAyMTE0OTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzQ5MDA5ZmMwMjkyMzY0OGQwMjgyNWI2NDIyMDRjODg1ZWUwMTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjhxTqwnTsvQhiarHo8uIgd0StaIf
a55XJg4UH9LCv+dqjbr3hly6cxI0peZKWJ7C3TAQiE6BVG65Hu+EXLt080f0Ipex
J2TdJRQXvI7XHn4anlKHUy2hqwvTstvFn6ZuksJ3g/2rzsRUdMO8DpuOD1RrddT3
GBQBEjQorR9zMmCCkdgLqW7psXy6WLHNILuht/czp8VzYmmJda10Gh8idhHvizIM
KodVPXiZX+5oF+pX8iK4z6znWfGWZJsL0bwrmqz2J8bpyTfeOB8q706AqjOetFfk
fWvgPmxtELhXPwsonEdTsFO/dcxXKIN8Fdtg9F/9ktM3j21+5ThGCnrzCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJdJAJ/AKSNkjQKCW2QiBMiF7gF+MB8GA1UdIwQY
MBaAFIwiia4LEGKTUNoKUOh7OJEJ8WwuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakNLSnJnc1FZcE5RMmdwUTZIczRrUW54YkM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC8zNDMzNzktZjhlMS00YmU2LWJlMDEt
ZjgzOTQ2YzJjODJlLzEvbDBrQW44QXBJMlNOQW9KYlpDSUV5SVh1QVg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC8zNDMzNzktZjhlMS00YmU2LWJlMDEtZjgzOTQ2YzJjODJl
LzEvakNLSnJnc1FZcE5RMmdwUTZIczRrUW54YkM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDXVyIMA0G
CSqGSIb3DQEBCwUAA4IBAQBFBwW/fbPIPexD467y3etME0sq/ccH9sHX4rnw6LAY
sWFHqik6eXtqDnhjWsiIdh6S26JE8Mb2q3mi7N+CycReLSwthRhoF47NJZ8NoSor
lwDa30XEaV1nbB2vGRncmQMVTreqNCBwMZJKa7gpqgYi4B5SBNPlfNooQvgogcRH
NS8AoGg5cRAuOpEeq2x4PCN076vMlEeqTpFRioOecb5/iFj1WMIEZ8YqlLPOd2p8
6JXce2I4koR7rb6WHNfPXoILcXS4cr16tNcMF0gSye4VCC2oaRYIhFmQF3hyYKCX
TrHq60uihke1UOQiSP55XVV2utOt4GfBgah3E+JcL4lI
-----END CERTIFICATE-----