Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/M8dU0darXhx0iRhLHEw_a8YmlIg.roa
File:                     M8dU0darXhx0iRhLHEw_a8YmlIg.roa (raw, json)
Hash identifier:          11FQ8j9jSlpmMVTXNukD4D/l4E8jd5W6+2eeVuOh86g=
Subject key identifier:   33:C7:54:D1:D6:AB:5E:1C:74:89:18:4B:1C:4C:3F:6B:C6:26:94:88
Certificate issuer:       /CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Certificate serial:       018DAC8BD5B000A8AC67AE5701AEE6761CCF
Authority key identifier: 00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/M8dU0darXhx0iRhLHEw_a8YmlIg.roa
Signing time:             Thu 15 Feb 2024 11:34:21 +0000
ROA not before:           Thu 15 Feb 2024 11:34:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42831
IP address blocks:        93.114.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ac:8b:d5:b0:00:a8:ac:67:ae:57:01:ae:e6:76:1c:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
        Validity
            Not Before: Feb 15 11:34:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33c754d1d6ab5e1c7489184b1c4c3f6bc6269488
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:47:d9:fc:a6:f6:56:0c:9a:62:82:a1:1e:ce:
                    1f:25:17:e2:c2:7e:95:75:fb:2a:17:dd:d6:13:37:
                    d4:91:77:23:39:d7:86:d3:c1:8c:f4:58:43:99:d0:
                    42:91:54:99:39:23:db:50:72:21:12:05:81:11:94:
                    7a:91:88:9e:d7:d1:39:fa:dc:5f:22:62:08:c9:e1:
                    11:dc:1a:68:95:07:3f:3e:ab:97:ea:f9:5e:47:2b:
                    fa:c6:8a:2a:bb:5e:ef:e5:68:84:82:f3:08:84:ec:
                    70:f4:06:dd:8b:e7:af:54:7c:f6:82:40:ad:be:84:
                    c0:f4:3b:fa:df:26:b6:6b:37:f2:0b:92:0b:ae:d7:
                    e0:de:75:de:d8:a5:d5:e8:aa:b2:1d:ba:5a:2f:24:
                    91:27:ee:cd:a9:91:d9:3a:79:4e:2b:1e:e9:f4:a0:
                    60:7d:10:e8:ad:57:b6:d5:c3:c5:30:df:3b:d3:d6:
                    55:13:a9:f9:28:f9:b1:a0:e0:0a:6d:68:32:51:52:
                    e1:4d:b6:5a:9a:a8:a3:9c:26:fa:d8:35:81:c7:a0:
                    7b:ed:3f:cf:78:d2:67:a2:4d:ba:c0:2b:b5:e3:e3:
                    51:ce:05:e3:32:e7:d6:f5:20:b2:a8:18:c8:98:57:
                    e1:b5:9f:b0:c0:ef:c8:fe:15:91:cb:d9:dd:e8:95:
                    21:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:C7:54:D1:D6:AB:5E:1C:74:89:18:4B:1C:4C:3F:6B:C6:26:94:88
            X509v3 Authority Key Identifier:
                keyid:00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/M8dU0darXhx0iRhLHEw_a8YmlIg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.114.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:49:66:ae:2c:f0:4e:a9:a7:36:9b:c7:ff:7c:7a:03:b6:75:
         96:2b:3e:0c:21:b1:2e:51:df:af:15:6b:12:91:f5:05:b7:f2:
         39:2b:ef:38:ae:2d:0c:79:64:40:bc:66:87:65:a7:3a:78:3a:
         e9:da:2c:03:d2:51:15:ae:13:15:fb:9c:b6:5c:4a:66:0f:25:
         94:85:ae:41:d5:4c:c4:04:19:57:a5:15:a3:7b:0d:b3:d8:44:
         01:04:e6:19:aa:d7:9f:ab:70:6a:d1:39:97:36:53:e5:7d:0f:
         7f:b7:6b:3a:e5:53:87:70:c1:b7:9d:5d:ec:86:1b:eb:d3:67:
         a5:b2:8e:a0:3e:ce:b3:5d:89:58:97:c6:40:12:1a:3c:5f:01:
         a0:a3:12:3d:96:0f:58:89:b1:ab:e3:e3:ca:17:e1:2a:2d:d9:
         dc:ea:f3:0f:47:49:b4:35:e5:04:40:dd:55:e5:3c:69:fe:95:
         d2:b3:0b:25:e8:eb:a7:cd:e0:e0:cd:f7:4d:a6:c9:5b:ef:0f:
         73:6a:07:39:9e:ed:8d:16:de:06:1f:62:19:a7:c9:a5:49:80:
         4a:5e:35:9d:91:12:41:42:4d:7a:16:50:8f:8f:2e:26:54:97:
         74:89:88:17:f1:1e:b5:93:f6:cb:fc:38:29:0b:54:75:f7:89:
         1f:5f:b6:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2si9WwAKisZ65XAa7mdhzPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwYWZmNmI0ZWZmZTdjMzYzZWYyMDBmNmYzZTU4ODhiOTE1
YmE2ODEwHhcNMjQwMjE1MTEzNDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2M3NTRkMWQ2YWI1ZTFjNzQ4OTE4NGIxYzRjM2Y2YmM2MjY5NDg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5EfZ/Kb2VgyaYoKhHs4fJRfiwn6V
dfsqF93WEzfUkXcjOdeG08GM9FhDmdBCkVSZOSPbUHIhEgWBEZR6kYie19E5+txf
ImIIyeER3BpolQc/PquX6vleRyv6xooqu17v5WiEgvMIhOxw9Abdi+evVHz2gkCt
voTA9Dv63ya2azfyC5ILrtfg3nXe2KXV6KqyHbpaLySRJ+7NqZHZOnlOKx7p9KBg
fRDorVe21cPFMN8709ZVE6n5KPmxoOAKbWgyUVLhTbZamqijnCb62DWBx6B77T/P
eNJnok26wCu14+NRzgXjMufW9SCyqBjImFfhtZ+wwO/I/hWRy9nd6JUhqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDPHVNHWq14cdIkYSxxMP2vGJpSIMB8GA1UdIwQY
MBaAFACv9rTv/nw2PvIA9vPliIuRW6aBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMt
YTg3NzNkZTc2OGY3LzEvTThkVTBkYXJYaHgwaVJoTEhFd19hOFltbElnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMtYTg3NzNkZTc2OGY3
LzEvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXXI9MA0G
CSqGSIb3DQEBCwUAA4IBAQA/SWauLPBOqac2m8f/fHoDtnWWKz4MIbEuUd+vFWsS
kfUFt/I5K+84ri0MeWRAvGaHZac6eDrp2iwD0lEVrhMV+5y2XEpmDyWUha5B1UzE
BBlXpRWjew2z2EQBBOYZqtefq3Bq0TmXNlPlfQ9/t2s65VOHcMG3nV3shhvr02el
so6gPs6zXYlYl8ZAEho8XwGgoxI9lg9YibGr4+PKF+EqLdnc6vMPR0m0NeUEQN1V
5Txp/pXSswsl6OunzeDgzfdNpslb7w9zagc5nu2NFt4GH2IZp8mlSYBKXjWdkRJB
Qk16FlCPjy4mVJd0iYgX8R61k/bL/DgpC1R194kfX7Y7
-----END CERTIFICATE-----