Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/S93rM8pwt25kKh-XQQKzRJzVXt0.roa
File:                     S93rM8pwt25kKh-XQQKzRJzVXt0.roa (raw, json)
Hash identifier:          LrvZEgDVCisjfDqhfBUAZfbjaUsoPhemqGv4zfohOQE=
Subject key identifier:   4B:DD:EB:33:CA:70:B7:6E:64:2A:1F:97:41:02:B3:44:9C:D5:5E:DD
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       018E65AAA1D8E62B048EEAF1087768AAE586
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/S93rM8pwt25kKh-XQQKzRJzVXt0.roa
Signing time:             Fri 22 Mar 2024 10:17:45 +0000
ROA not before:           Fri 22 Mar 2024 10:17:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211440
IP address blocks:        178.253.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 12:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:65:aa:a1:d8:e6:2b:04:8e:ea:f1:08:77:68:aa:e5:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Mar 22 10:17:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4bddeb33ca70b76e642a1f974102b3449cd55edd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:eb:9f:d7:75:4b:69:14:ae:de:d4:83:65:45:
                    61:ea:46:46:77:23:d5:5d:33:6a:83:44:12:2a:1e:
                    a9:64:0b:a8:4f:16:cf:76:7d:72:0e:2a:a7:48:54:
                    92:37:74:f4:cf:b0:69:06:94:a4:40:ed:01:52:da:
                    48:42:ef:44:a8:d4:3b:10:56:c8:38:f9:76:2d:10:
                    c7:50:5e:72:68:11:03:73:82:5f:a2:af:04:47:fa:
                    d4:73:a3:64:98:1a:df:54:75:e6:79:b8:48:2b:b7:
                    da:65:6c:9b:21:18:21:ad:28:f7:4d:69:d2:19:b2:
                    ce:de:18:16:41:05:3c:05:55:b7:2c:fc:62:17:78:
                    c4:61:fc:49:79:1c:2f:5e:3a:33:fd:c6:c2:88:10:
                    e8:2e:c0:99:a3:2f:33:6a:f3:2d:7d:ce:07:be:19:
                    57:45:93:59:d4:61:0d:a3:39:25:b3:44:31:96:af:
                    f2:e0:ad:52:8a:e1:3f:c2:71:7f:05:88:d2:9c:70:
                    d1:09:80:0f:66:88:13:90:31:32:91:1c:1b:fd:c6:
                    c2:56:d4:d5:77:14:fb:69:1e:b7:5d:35:ba:84:e6:
                    9b:a8:60:81:ac:99:ea:bc:52:78:6e:94:05:42:12:
                    77:23:8c:bc:91:ef:73:37:55:72:25:95:a2:0a:be:
                    2a:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:DD:EB:33:CA:70:B7:6E:64:2A:1F:97:41:02:B3:44:9C:D5:5E:DD
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/S93rM8pwt25kKh-XQQKzRJzVXt0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.253.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:dd:e3:dd:5d:49:e5:2c:05:26:ee:e3:5d:14:4a:07:12:84:
         b5:44:ff:60:c2:f9:df:09:1d:60:4b:97:0f:4a:5f:a7:83:ed:
         94:c2:44:d4:25:07:f4:b1:b0:a0:0d:6e:69:d3:45:b1:39:1d:
         1d:bc:24:c2:f5:b1:20:0a:f8:6c:8e:a6:f8:81:a2:7b:17:82:
         1e:a4:a3:93:df:69:02:98:91:ae:73:9c:62:01:df:3c:d4:aa:
         3b:91:2a:03:ce:9f:a8:a8:3f:76:bb:ac:1e:32:fa:a2:85:a4:
         c9:b2:c8:8d:a9:bc:b1:f4:e3:85:05:06:c1:19:ee:d9:26:e9:
         54:d5:3f:63:85:99:82:17:9b:f2:59:1c:cf:4d:43:fa:47:e4:
         6a:68:e9:7c:34:01:2e:3c:12:f3:23:8d:df:89:e2:83:d5:ef:
         cd:be:b7:7c:f1:6a:b9:02:d6:f4:42:50:0e:a3:3c:62:a4:11:
         05:2e:21:0c:fc:b5:b9:1c:37:a3:a5:fb:10:13:49:ab:2b:27:
         f7:87:22:33:7d:e9:e6:ff:a3:12:fb:1d:38:ce:f2:cf:dd:cf:
         0b:32:12:7a:37:14:88:c2:be:a4:6e:df:d7:62:23:aa:fe:a2:
         57:ff:ca:ce:b1:6d:1b:e8:1e:02:68:6d:dc:e8:a0:a1:69:f8:
         fa:f2:1c:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5lqqHY5isEjurxCHdoquWGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjQwMzIyMTAxNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmRkZWIzM2NhNzBiNzZlNjQyYTFmOTc0MTAyYjM0NDljZDU1ZWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+uf13VLaRSu3tSDZUVh6kZGdyPV
XTNqg0QSKh6pZAuoTxbPdn1yDiqnSFSSN3T0z7BpBpSkQO0BUtpIQu9EqNQ7EFbI
OPl2LRDHUF5yaBEDc4Jfoq8ER/rUc6NkmBrfVHXmebhIK7faZWybIRghrSj3TWnS
GbLO3hgWQQU8BVW3LPxiF3jEYfxJeRwvXjoz/cbCiBDoLsCZoy8zavMtfc4HvhlX
RZNZ1GENozkls0Qxlq/y4K1SiuE/wnF/BYjSnHDRCYAPZogTkDEykRwb/cbCVtTV
dxT7aR63XTW6hOabqGCBrJnqvFJ4bpQFQhJ3I4y8ke9zN1VyJZWiCr4qAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEvd6zPKcLduZCofl0ECs0Sc1V7dMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvUzkzck04cHd0MjVrS2gtWFFRS3pSSnpWWHQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv3zMA0G
CSqGSIb3DQEBCwUAA4IBAQB63ePdXUnlLAUm7uNdFEoHEoS1RP9gwvnfCR1gS5cP
Sl+ng+2UwkTUJQf0sbCgDW5p00WxOR0dvCTC9bEgCvhsjqb4gaJ7F4IepKOT32kC
mJGuc5xiAd881Ko7kSoDzp+oqD92u6weMvqihaTJssiNqbyx9OOFBQbBGe7ZJulU
1T9jhZmCF5vyWRzPTUP6R+RqaOl8NAEuPBLzI43fieKD1e/Nvrd88Wq5Atb0QlAO
ozxipBEFLiEM/LW5HDejpfsQE0mrKyf3hyIzfenm/6MS+x04zvLP3c8LMhJ6NxSI
wr6kbt/XYiOq/qJX/8rOsW0b6B4CaG3c6KChafj68hwD
-----END CERTIFICATE-----