Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/6af3cd-525b-49ba-b388-2359cb60a574/1/PxONOJGiZ8MHf7FNauGVZfmAIYc.roa
File:                     PxONOJGiZ8MHf7FNauGVZfmAIYc.roa (raw, json)
Hash identifier:          43yc7rbes+USlvzW+aT2R4wapp0YKqG+rEhZxn6SudU=
Subject key identifier:   3F:13:8D:38:91:A2:67:C3:07:7F:B1:4D:6A:E1:95:65:F9:80:21:87
Certificate issuer:       /CN=ede2a122dcffc222fa9984bf16b6f9f13f78a5a5
Certificate serial:       0190CB165F6E5E570C148E7CE14C77311C53
Authority key identifier: ED:E2:A1:22:DC:FF:C2:22:FA:99:84:BF:16:B6:F9:F1:3F:78:A5:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7eKhItz_wiL6mYS_Frb58T94paU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/6af3cd-525b-49ba-b388-2359cb60a574/1/PxONOJGiZ8MHf7FNauGVZfmAIYc.roa
Signing time:             Fri 19 Jul 2024 13:02:39 +0000
ROA not before:           Fri 19 Jul 2024 13:02:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201712
IP address blocks:        93.95.214.0/24 maxlen: 24
                          2a13:e00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/6af3cd-525b-49ba-b388-2359cb60a574/1/7eKhItz_wiL6mYS_Frb58T94paU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/6af3cd-525b-49ba-b388-2359cb60a574/1/7eKhItz_wiL6mYS_Frb58T94paU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7eKhItz_wiL6mYS_Frb58T94paU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:cb:16:5f:6e:5e:57:0c:14:8e:7c:e1:4c:77:31:1c:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ede2a122dcffc222fa9984bf16b6f9f13f78a5a5
        Validity
            Not Before: Jul 19 13:02:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f138d3891a267c3077fb14d6ae19565f9802187
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:cf:65:ef:0e:f4:a9:42:dd:1d:f6:2b:1a:2c:
                    48:87:dc:c5:e9:58:43:db:9e:d2:ab:81:48:73:18:
                    c0:76:4a:b5:aa:cb:da:5d:36:40:f1:dc:1a:c0:f4:
                    f7:e3:ae:d6:10:0d:6f:ea:21:30:ad:d3:8b:b8:b0:
                    1e:7f:ba:f1:8f:95:7e:ec:1c:d5:dc:20:a7:24:0f:
                    30:fe:ae:4c:f7:4f:cd:93:36:52:f2:bf:df:d7:f6:
                    81:e5:62:99:fd:15:5b:ad:e7:eb:8d:50:b9:34:57:
                    77:e0:79:d0:4a:da:9d:01:05:2f:3d:b0:65:86:b3:
                    73:5a:e0:32:99:4d:5e:cc:98:25:21:d3:51:28:19:
                    69:f3:7b:bb:20:e6:f1:e0:81:99:1c:f7:74:30:d3:
                    32:c0:93:3f:64:bd:4b:3b:e5:37:90:44:4c:89:a7:
                    d7:a9:fb:29:32:14:59:cc:b5:f6:1c:00:52:bc:3c:
                    b6:b0:53:ca:82:4f:74:b9:c8:08:54:14:08:c4:59:
                    88:c5:bd:5c:5f:fc:22:ad:94:6c:6c:f8:69:03:7e:
                    66:44:bf:59:7e:87:b3:ba:87:69:fc:0b:96:50:a5:
                    24:70:90:22:64:aa:53:39:2b:31:18:81:c5:9e:f7:
                    0c:1b:80:18:f8:b4:3d:9b:75:57:75:5d:fb:ba:ab:
                    09:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:13:8D:38:91:A2:67:C3:07:7F:B1:4D:6A:E1:95:65:F9:80:21:87
            X509v3 Authority Key Identifier:
                keyid:ED:E2:A1:22:DC:FF:C2:22:FA:99:84:BF:16:B6:F9:F1:3F:78:A5:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7eKhItz_wiL6mYS_Frb58T94paU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/6af3cd-525b-49ba-b388-2359cb60a574/1/PxONOJGiZ8MHf7FNauGVZfmAIYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/6af3cd-525b-49ba-b388-2359cb60a574/1/7eKhItz_wiL6mYS_Frb58T94paU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.95.214.0/24
                IPv6:
                  2a13:e00::/29

    Signature Algorithm: sha256WithRSAEncryption
         c2:55:64:20:8c:d9:54:04:44:31:28:fd:d6:28:4d:91:36:06:
         88:ff:62:a0:ca:36:62:40:96:f7:e8:ff:00:ae:6d:63:d3:d6:
         59:47:79:08:f6:92:1a:0e:72:10:2d:dd:cd:51:6c:00:fd:ff:
         74:06:68:17:40:f5:89:95:a4:3b:0c:be:53:c2:c5:c9:f8:b9:
         36:9c:a3:1e:41:9c:41:c5:33:a6:66:c8:7c:e1:26:aa:e6:99:
         e9:b0:fa:5d:8f:5f:a0:77:6d:8d:b7:92:e0:e1:8b:2e:87:25:
         15:53:32:46:86:75:70:e4:db:67:7c:f8:a0:68:a5:c7:e8:a4:
         4c:74:51:00:dc:ec:87:07:17:0d:e3:ed:6d:00:f3:c5:44:a1:
         e3:8c:f7:95:cb:0a:ed:7d:9b:6a:35:f0:9e:10:54:76:4a:5c:
         7d:a2:69:4c:24:50:70:8c:44:6f:aa:e3:a1:f6:0c:47:e1:7d:
         0d:d0:d4:40:5f:e9:d0:b4:1c:aa:e7:47:cd:b6:59:c8:47:8d:
         ca:93:96:55:53:4c:24:0a:d1:5b:a3:d9:22:ea:87:ff:2a:52:
         40:8c:cb:c3:88:7e:0a:e0:38:f9:f3:67:9b:e4:64:31:85:85:
         5a:02:56:44:a7:17:e8:3f:51:ad:c3:b0:cb:14:ed:5f:4f:34:
         4b:36:c0:05
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZDLFl9uXlcMFI584Ux3MRxTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkZTJhMTIyZGNmZmMyMjJmYTk5ODRiZjE2YjZmOWYxM2Y3
OGE1YTUwHhcNMjQwNzE5MTMwMjM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjEzOGQzODkxYTI2N2MzMDc3ZmIxNGQ2YWUxOTU2NWY5ODAyMTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3c9l7w70qULdHfYrGixIh9zF6VhD
257Sq4FIcxjAdkq1qsvaXTZA8dwawPT3467WEA1v6iEwrdOLuLAef7rxj5V+7BzV
3CCnJA8w/q5M90/NkzZS8r/f1/aB5WKZ/RVbrefrjVC5NFd34HnQStqdAQUvPbBl
hrNzWuAymU1ezJglIdNRKBlp83u7IObx4IGZHPd0MNMywJM/ZL1LO+U3kERMiafX
qfspMhRZzLX2HABSvDy2sFPKgk90ucgIVBQIxFmIxb1cX/wirZRsbPhpA35mRL9Z
foezuodp/AuWUKUkcJAiZKpTOSsxGIHFnvcMG4AY+LQ9m3VXdV37uqsJrQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFD8TjTiRomfDB3+xTWrhlWX5gCGHMB8GA1UdIwQY
MBaAFO3ioSLc/8Ii+pmEvxa2+fE/eKWlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2VLaEl0el93aUw2bVlTX0ZyYjU4VDk0cGFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC82YWYzY2QtNTI1Yi00OWJhLWIzODgt
MjM1OWNiNjBhNTc0LzEvUHhPTk9KR2laOE1IZjdGTmF1R1ZaZm1BSVljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC82YWYzY2QtNTI1Yi00OWJhLWIzODgtMjM1OWNiNjBhNTc0
LzEvN2VLaEl0el93aUw2bVlTX0ZyYjU4VDk0cGFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAXV/WMA0E
AgACMAcDBQMqEw4AMA0GCSqGSIb3DQEBCwUAA4IBAQDCVWQgjNlUBEQxKP3WKE2R
NgaI/2KgyjZiQJb36P8Arm1j09ZZR3kI9pIaDnIQLd3NUWwA/f90BmgXQPWJlaQ7
DL5TwsXJ+Lk2nKMeQZxBxTOmZsh84Saq5pnpsPpdj1+gd22Nt5Lg4YsuhyUVUzJG
hnVw5NtnfPigaKXH6KRMdFEA3OyHBxcN4+1tAPPFRKHjjPeVywrtfZtqNfCeEFR2
Slx9omlMJFBwjERvquOh9gxH4X0N0NRAX+nQtByq50fNtlnIR43Kk5ZVU0wkCtFb
o9ki6of/KlJAjMvDiH4K4Dj582eb5GQxhYVaAlZEpxfoP1Gtw7DLFO1fTzRLNsAF
-----END CERTIFICATE-----