Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/20ff0f-618f-4cb6-bc7f-6541977f65f9/1/39PnlTv-ufzaTaQO3jcIjDoZL9s.roa
File:                     39PnlTv-ufzaTaQO3jcIjDoZL9s.roa (raw, json)
Hash identifier:          jIqZ3XlnulOcPcvTMFONbZKqQHPVPvra/fKYH0OiBCk=
Subject key identifier:   DF:D3:E7:95:3B:FE:B9:FC:DA:4D:A4:0E:DE:37:08:8C:3A:19:2F:DB
Certificate issuer:       /CN=0962dc6940760b7fbc2ea4367cc53bc230a64f9b
Certificate serial:       018CC9BCA798466510F422A2BFA5A1AAAA01
Authority key identifier: 09:62:DC:69:40:76:0B:7F:BC:2E:A4:36:7C:C5:3B:C2:30:A6:4F:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CWLcaUB2C3-8LqQ2fMU7wjCmT5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/20ff0f-618f-4cb6-bc7f-6541977f65f9/1/39PnlTv-ufzaTaQO3jcIjDoZL9s.roa
Signing time:             Tue 02 Jan 2024 10:33:53 +0000
ROA not before:           Tue 02 Jan 2024 10:33:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205773
IP address blocks:        93.93.172.0/22 maxlen: 22
                          2a06:68c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/20ff0f-618f-4cb6-bc7f-6541977f65f9/1/CWLcaUB2C3-8LqQ2fMU7wjCmT5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/20ff0f-618f-4cb6-bc7f-6541977f65f9/1/CWLcaUB2C3-8LqQ2fMU7wjCmT5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CWLcaUB2C3-8LqQ2fMU7wjCmT5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:a7:98:46:65:10:f4:22:a2:bf:a5:a1:aa:aa:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0962dc6940760b7fbc2ea4367cc53bc230a64f9b
        Validity
            Not Before: Jan  2 10:33:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dfd3e7953bfeb9fcda4da40ede37088c3a192fdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:2f:a5:a1:d2:48:9f:7a:aa:b5:26:e0:e1:3b:
                    3d:9b:16:cd:c4:ba:e9:f8:12:fe:ae:42:68:17:70:
                    24:ed:37:84:4a:8d:78:50:03:f8:bc:0d:2e:0d:7d:
                    4e:15:72:88:72:08:55:14:57:9c:ef:a6:aa:c3:c2:
                    11:02:98:e3:b0:5b:28:b5:97:ad:bc:2e:2e:85:d3:
                    60:2e:86:3a:1a:a9:a3:e0:05:75:03:db:22:04:31:
                    91:e5:b4:be:c5:63:bb:1c:6c:67:fb:cd:fc:19:d2:
                    32:b1:5c:41:a4:52:bc:b5:be:e5:a6:e1:26:80:2e:
                    ab:8f:82:4c:6f:e5:b1:5c:40:85:fd:01:5b:3f:ba:
                    07:e5:de:06:49:dd:e3:a1:6e:66:54:19:6c:a2:c5:
                    5f:aa:ef:7c:4a:72:fc:43:66:64:85:67:35:33:83:
                    2d:dd:31:5c:e4:e5:12:da:0a:53:f5:58:20:7b:30:
                    67:38:63:c6:cc:be:4a:d0:75:35:c5:80:40:af:cc:
                    41:8c:28:66:66:d5:61:98:1d:c7:60:a3:4d:d6:1f:
                    b4:3e:5c:80:64:3f:04:32:33:47:69:f0:05:de:77:
                    f3:46:09:16:eb:b8:bd:2e:86:a0:26:ee:99:94:b4:
                    7b:09:cc:8b:8c:1b:cc:05:d9:ed:ec:0c:61:20:6a:
                    04:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:D3:E7:95:3B:FE:B9:FC:DA:4D:A4:0E:DE:37:08:8C:3A:19:2F:DB
            X509v3 Authority Key Identifier:
                keyid:09:62:DC:69:40:76:0B:7F:BC:2E:A4:36:7C:C5:3B:C2:30:A6:4F:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CWLcaUB2C3-8LqQ2fMU7wjCmT5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/20ff0f-618f-4cb6-bc7f-6541977f65f9/1/39PnlTv-ufzaTaQO3jcIjDoZL9s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/20ff0f-618f-4cb6-bc7f-6541977f65f9/1/CWLcaUB2C3-8LqQ2fMU7wjCmT5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.93.172.0/22
                IPv6:
                  2a06:68c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         ba:ab:b1:ac:3a:3e:a8:34:4f:30:18:50:2b:5d:bb:1e:c2:15:
         7c:5e:f2:d3:c2:09:75:96:61:b6:ba:8a:54:92:9c:ab:d8:07:
         93:17:68:d2:24:55:aa:ba:9f:86:3c:f2:8a:fd:9c:fc:dd:4b:
         79:11:86:68:45:5c:26:b8:c1:6e:2b:fe:01:cd:f3:87:f8:aa:
         52:a7:cf:55:3f:3d:fd:c0:e7:b5:cd:73:21:2e:f8:c1:f1:04:
         e2:98:93:8f:a7:f1:56:77:c3:c0:da:2a:99:ed:ae:c6:a5:cb:
         71:40:f0:e1:cf:f6:33:1b:3c:c6:8e:b0:f0:0a:95:39:79:42:
         ed:0b:c2:59:5c:d7:98:92:43:53:99:35:9d:30:17:34:4b:af:
         a1:7f:f2:93:79:9c:e5:78:51:c4:40:39:8e:f1:34:90:6d:84:
         b3:49:8f:ca:7d:16:6e:16:17:5c:f5:02:14:8d:74:09:65:e3:
         58:56:0a:d2:05:26:23:9e:1d:90:2b:68:92:78:dd:3e:cc:0c:
         a3:51:0b:09:79:1c:88:ef:27:43:d0:86:89:67:cd:97:37:c8:
         50:7f:be:bb:58:99:3f:d9:dc:7e:09:28:d6:9e:3d:51:11:95:
         73:23:ae:30:7e:38:d7:5c:5c:e5:e3:4e:51:7b:ea:a6:54:7b:
         cf:12:52:41
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJvKeYRmUQ9CKiv6WhqqoBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5NjJkYzY5NDA3NjBiN2ZiYzJlYTQzNjdjYzUzYmMyMzBh
NjRmOWIwHhcNMjQwMTAyMTAzMzUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmQzZTc5NTNiZmViOWZjZGE0ZGE0MGVkZTM3MDg4YzNhMTkyZmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiC+lodJIn3qqtSbg4Ts9mxbNxLrp
+BL+rkJoF3Ak7TeESo14UAP4vA0uDX1OFXKIcghVFFec76aqw8IRApjjsFsotZet
vC4uhdNgLoY6Gqmj4AV1A9siBDGR5bS+xWO7HGxn+838GdIysVxBpFK8tb7lpuEm
gC6rj4JMb+WxXECF/QFbP7oH5d4GSd3joW5mVBlsosVfqu98SnL8Q2ZkhWc1M4Mt
3TFc5OUS2gpT9VggezBnOGPGzL5K0HU1xYBAr8xBjChmZtVhmB3HYKNN1h+0PlyA
ZD8EMjNHafAF3nfzRgkW67i9LoagJu6ZlLR7CcyLjBvMBdnt7AxhIGoEiQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFN/T55U7/rn82k2kDt43CIw6GS/bMB8GA1UdIwQY
MBaAFAli3GlAdgt/vC6kNnzFO8Iwpk+bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1dMY2FVQjJDMy04THFRMmZNVTd3akNtVDVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yMGZmMGYtNjE4Zi00Y2I2LWJjN2Yt
NjU0MTk3N2Y2NWY5LzEvMzlQbmxUdi11ZnphVGFRTzNqY0lqRG9aTDlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yMGZmMGYtNjE4Zi00Y2I2LWJjN2YtNjU0MTk3N2Y2NWY5
LzEvQ1dMY2FVQjJDMy04THFRMmZNVTd3akNtVDVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCXV2sMA0E
AgACMAcDBQMqBmjAMA0GCSqGSIb3DQEBCwUAA4IBAQC6q7GsOj6oNE8wGFArXbse
whV8XvLTwgl1lmG2uopUkpyr2AeTF2jSJFWqup+GPPKK/Zz83Ut5EYZoRVwmuMFu
K/4BzfOH+KpSp89VPz39wOe1zXMhLvjB8QTimJOPp/FWd8PA2iqZ7a7GpctxQPDh
z/YzGzzGjrDwCpU5eULtC8JZXNeYkkNTmTWdMBc0S6+hf/KTeZzleFHEQDmO8TSQ
bYSzSY/KfRZuFhdc9QIUjXQJZeNYVgrSBSYjnh2QK2iSeN0+zAyjUQsJeRyI7ydD
0IaJZ82XN8hQf767WJk/2dx+CSjWnj1REZVzI64wfjjXXFzl405Re+qmVHvPElJB
-----END CERTIFICATE-----