Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/_JMelac771YKyBzqn6lXZZoHtno.roa
File:                     _JMelac771YKyBzqn6lXZZoHtno.roa (raw, json)
Hash identifier:          8kTUBcTn+sttN3RkSV+Ej34jDIlAK9GRpRHlPEaQWvs=
Subject key identifier:   FC:93:1E:95:A7:3B:EF:56:0A:C8:1C:EA:9F:A9:57:65:9A:07:B6:7A
Certificate issuer:       /CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
Certificate serial:       0191DB3D3AB5EB694FAA818D4AAA3695F02D
Authority key identifier: 89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/_JMelac771YKyBzqn6lXZZoHtno.roa
Signing time:             Tue 10 Sep 2024 09:21:48 +0000
ROA not before:           Tue 10 Sep 2024 09:21:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12679
IP address blocks:        94.137.72.0/24 maxlen: 24
                          94.137.89.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:db:3d:3a:b5:eb:69:4f:aa:81:8d:4a:aa:36:95:f0:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
        Validity
            Not Before: Sep 10 09:21:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc931e95a73bef560ac81cea9fa957659a07b67a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:c9:81:8d:93:eb:37:14:f1:3e:4d:b9:81:3b:
                    25:f6:02:10:fc:4e:5d:1c:1a:eb:9f:94:76:50:ed:
                    ba:4c:8f:ee:74:a9:39:d3:ff:20:ba:a4:99:08:45:
                    b8:fe:a5:fe:3e:e8:ec:ed:06:5c:2f:99:70:2c:38:
                    9d:e8:f1:80:7a:0b:06:56:c5:9a:81:18:ff:66:d2:
                    38:ff:bd:d8:af:d3:e0:8e:a5:f8:d7:a4:c1:24:9c:
                    15:35:3a:bc:bc:8c:13:de:03:c2:5c:16:3d:5c:c0:
                    2c:74:2c:3d:d7:3c:11:b8:22:07:85:5a:10:5d:b1:
                    81:6d:3a:c9:3e:59:ce:72:6e:a8:f4:6c:86:41:85:
                    50:d4:04:7b:6e:34:78:c5:94:11:5b:99:d7:ce:b4:
                    d5:71:f3:0e:21:d5:d2:01:e8:97:4b:4a:fb:44:07:
                    97:4f:31:8e:79:ca:36:0e:3e:6b:fe:ad:86:67:04:
                    82:61:3e:d7:d5:71:53:ed:7d:11:01:67:e7:07:9d:
                    14:c3:45:a6:a2:57:d4:64:10:b8:cc:df:4d:d7:81:
                    77:eb:36:c4:14:57:ee:c7:d5:95:d0:b5:f5:97:03:
                    33:23:24:36:1c:9a:77:f5:a4:ca:d3:f0:18:06:c8:
                    da:3e:51:bd:45:b7:84:56:58:2f:63:38:82:9d:13:
                    2b:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:93:1E:95:A7:3B:EF:56:0A:C8:1C:EA:9F:A9:57:65:9A:07:B6:7A
            X509v3 Authority Key Identifier:
                keyid:89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/_JMelac771YKyBzqn6lXZZoHtno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.137.72.0/24
                  94.137.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:c4:cb:47:e9:91:18:e9:41:8d:7e:4a:22:62:e0:6f:cb:c2:
         41:b9:19:d7:f7:24:72:78:d7:54:25:23:45:6d:ec:bd:bf:b4:
         25:1f:68:05:93:02:2f:50:ac:cf:4c:fe:52:ff:3c:8b:17:e9:
         32:70:60:be:6c:da:5f:98:67:c6:24:a8:15:d9:88:f2:7c:5f:
         0c:c3:64:64:1f:f5:e3:a5:55:cf:ca:b7:21:4e:fd:c5:79:fe:
         dc:2a:52:88:b6:4c:ee:24:08:81:f7:c9:d7:b8:6c:4a:1d:c6:
         d0:6f:0d:a9:1f:52:80:df:fb:13:7a:4f:96:2c:df:2d:11:b5:
         e9:1a:21:8f:e8:ce:63:54:5d:39:42:ea:ef:67:b3:f8:19:ba:
         f4:20:9d:ab:af:41:44:a2:d6:65:d0:c2:ef:bf:b7:b5:c9:fb:
         46:95:c7:30:95:ae:f7:7b:c3:7f:0f:b9:21:d1:7a:fd:37:93:
         db:8b:61:07:bd:2c:62:0d:79:f0:f4:73:4f:76:d9:cf:3d:0a:
         3b:7b:00:27:8e:ea:83:bd:74:b0:50:5a:38:94:dd:83:ee:92:
         6b:e8:54:1a:de:42:2f:f3:21:af:2d:dc:87:23:59:0b:31:30:
         11:61:bd:b1:9c:7b:e7:55:0b:b5:51:f3:9f:45:9f:2e:c7:17:
         ac:64:91:45
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZHbPTq162lPqoGNSqo2lfAtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YWMwYWNiZmRiN2EyNzRlZjM2YzE2ZjU4NjBhZGEyYTI0
NzA2OTcwHhcNMjQwOTEwMDkyMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzkzMWU5NWE3M2JlZjU2MGFjODFjZWE5ZmE5NTc2NTlhMDdiNjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6MmBjZPrNxTxPk25gTsl9gIQ/E5d
HBrrn5R2UO26TI/udKk50/8guqSZCEW4/qX+Pujs7QZcL5lwLDid6PGAegsGVsWa
gRj/ZtI4/73Yr9PgjqX416TBJJwVNTq8vIwT3gPCXBY9XMAsdCw91zwRuCIHhVoQ
XbGBbTrJPlnOcm6o9GyGQYVQ1AR7bjR4xZQRW5nXzrTVcfMOIdXSAeiXS0r7RAeX
TzGOeco2Dj5r/q2GZwSCYT7X1XFT7X0RAWfnB50Uw0WmolfUZBC4zN9N14F36zbE
FFfux9WV0LX1lwMzIyQ2HJp39aTK0/AYBsjaPlG9RbeEVlgvYziCnRMrawIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPyTHpWnO+9WCsgc6p+pV2WaB7Z6MB8GA1UdIwQY
MBaAFImsCsv9t6J07zbBb1hgraKiRwaXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMt
ZDRkYmY3MDY2ZmQzLzEvX0pNZWxhYzc3MVlLeUJ6cW42bFhaWm9IdG5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMtZDRkYmY3MDY2ZmQz
LzEvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXolIAwQA
XolZMA0GCSqGSIb3DQEBCwUAA4IBAQCUxMtH6ZEY6UGNfkoiYuBvy8JBuRnX9yRy
eNdUJSNFbey9v7QlH2gFkwIvUKzPTP5S/zyLF+kycGC+bNpfmGfGJKgV2YjyfF8M
w2RkH/XjpVXPyrchTv3Fef7cKlKItkzuJAiB98nXuGxKHcbQbw2pH1KA3/sTek+W
LN8tEbXpGiGP6M5jVF05QurvZ7P4Gbr0IJ2rr0FEotZl0MLvv7e1yftGlccwla73
e8N/D7kh0Xr9N5Pbi2EHvSxiDXnw9HNPdtnPPQo7ewAnjuqDvXSwUFo4lN2D7pJr
6FQa3kIv8yGvLdyHI1kLMTARYb2xnHvnVQu1UfOfRZ8uxxesZJFF
-----END CERTIFICATE-----