Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/le8GCJRrdqHNCNAoW_re0x8Rrw4.roa
File:                     le8GCJRrdqHNCNAoW_re0x8Rrw4.roa (raw, json)
Hash identifier:          U6ASm6Q2t/cWZLCxnIMcVeb4S15eRCPeDhlGqAOWMLk=
Subject key identifier:   95:EF:06:08:94:6B:76:A1:CD:08:D0:28:5B:FA:DE:D3:1F:11:AF:0E
Certificate issuer:       /CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
Certificate serial:       018E9E78DEE3C04F5AD9FA69401277F9E937
Authority key identifier: E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/le8GCJRrdqHNCNAoW_re0x8Rrw4.roa
Signing time:             Tue 02 Apr 2024 11:01:45 +0000
ROA not before:           Tue 02 Apr 2024 11:01:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     40676
IP address blocks:        93.177.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:9e:78:de:e3:c0:4f:5a:d9:fa:69:40:12:77:f9:e9:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
        Validity
            Not Before: Apr  2 11:01:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=95ef0608946b76a1cd08d0285bfaded31f11af0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:5e:5d:b7:2b:4a:77:58:95:fa:ee:cc:f2:84:
                    c4:02:9c:61:a6:aa:77:c5:cf:17:29:dc:cc:ec:6f:
                    60:d4:ad:d7:91:9a:66:b7:de:65:f7:a5:55:05:a8:
                    d9:40:ff:54:e1:70:f0:42:99:0a:eb:ff:ca:13:57:
                    20:4b:ad:36:6b:a5:d4:c3:4d:26:09:b1:aa:b9:d2:
                    80:44:00:c9:92:d8:93:8c:51:b4:89:db:da:77:9f:
                    d9:6b:54:c3:f8:e8:75:03:c4:16:63:c6:b6:9d:6b:
                    fa:ce:78:41:a9:a6:90:04:ed:15:93:88:18:ba:11:
                    da:55:09:e0:6c:f7:41:d1:ed:12:09:ea:32:39:66:
                    61:75:e0:38:5e:cc:b2:19:38:65:86:83:16:08:09:
                    93:8f:3e:22:ef:39:98:bd:23:c8:80:81:aa:e6:61:
                    4c:ed:b3:65:20:fb:9f:97:93:a0:ae:45:1b:dd:05:
                    4e:c5:76:80:a7:bb:84:ee:2d:10:00:90:49:62:b0:
                    b5:da:a6:7b:e1:db:a5:bf:c6:7a:de:76:15:0d:db:
                    5c:61:91:8f:d0:42:9b:6d:cb:49:be:2b:b6:73:b5:
                    19:d3:a8:9b:3b:5f:18:63:5f:79:e3:5e:d0:e9:5a:
                    30:45:de:c8:21:97:24:9d:a8:a1:c1:ba:6b:36:3d:
                    6e:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:EF:06:08:94:6B:76:A1:CD:08:D0:28:5B:FA:DE:D3:1F:11:AF:0E
            X509v3 Authority Key Identifier:
                keyid:E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/le8GCJRrdqHNCNAoW_re0x8Rrw4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.177.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:52:cf:b8:eb:f6:0d:db:35:c3:02:81:e0:2f:30:8b:99:6a:
         01:90:1c:2f:54:cd:59:66:67:e7:34:60:27:d4:12:43:72:cd:
         83:7a:3f:17:93:67:4e:75:76:7f:3c:32:38:e9:7c:6a:ef:97:
         a4:ff:10:61:e3:0a:46:28:ae:cf:5e:28:0b:f5:d9:b5:dc:7f:
         e4:83:0f:0b:98:a2:99:65:a7:f5:0a:11:0a:5e:2e:82:b1:5a:
         1d:a9:14:cc:bc:51:7a:58:ec:af:41:00:c3:c4:b2:8c:78:6d:
         71:77:73:9e:76:af:6b:05:1b:96:bd:46:96:7d:d6:7a:07:4a:
         9d:05:d3:6e:f9:44:e6:53:db:73:ed:f0:aa:96:99:e6:fb:57:
         a6:74:5d:40:59:13:36:2c:b0:0c:70:28:46:9a:e0:f6:4e:9c:
         13:c4:42:97:1f:a2:71:22:06:36:2d:16:1e:9e:93:8a:14:1c:
         e4:cc:0f:90:5d:e6:97:bf:67:a1:49:69:9f:00:fe:87:b9:10:
         07:3d:2e:4d:70:67:9b:0c:30:30:50:05:c0:0a:94:f1:36:01:
         81:63:f3:b9:30:3c:2b:d5:97:74:c1:bf:84:39:94:ed:f3:e3:
         c0:20:07:c0:52:41:ae:1b:95:37:29:80:88:01:f0:d6:93:45:
         8a:2d:3e:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6eeN7jwE9a2fppQBJ3+ek3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzJiODM0ZmJjOTFhZjBlYzZiMWQzNGZkNjQwNTRkMjI2
OWExZmQwHhcNMjQwNDAyMTEwMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWVmMDYwODk0NmI3NmExY2QwOGQwMjg1YmZhZGVkMzFmMTFhZjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAml5dtytKd1iV+u7M8oTEApxhpqp3
xc8XKdzM7G9g1K3XkZpmt95l96VVBajZQP9U4XDwQpkK6//KE1cgS602a6XUw00m
CbGqudKARADJktiTjFG0idvad5/Za1TD+Oh1A8QWY8a2nWv6znhBqaaQBO0Vk4gY
uhHaVQngbPdB0e0SCeoyOWZhdeA4XsyyGThlhoMWCAmTjz4i7zmYvSPIgIGq5mFM
7bNlIPufl5OgrkUb3QVOxXaAp7uE7i0QAJBJYrC12qZ74dulv8Z63nYVDdtcYZGP
0EKbbctJviu2c7UZ06ibO18YY195417Q6VowRd7IIZcknaihwbprNj1uFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJXvBgiUa3ahzQjQKFv63tMfEa8OMB8GA1UdIwQY
MBaAFOLCuDT7yRrw7GsdNP1kBU0iaaH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2Et
OTk0ODA2ZjA4MWYwLzEvbGU4R0NKUnJkcUhOQ05Bb1dfcmUweDhScnc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2EtOTk0ODA2ZjA4MWYw
LzEvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXbFvMA0G
CSqGSIb3DQEBCwUAA4IBAQCeUs+46/YN2zXDAoHgLzCLmWoBkBwvVM1ZZmfnNGAn
1BJDcs2Dej8Xk2dOdXZ/PDI46Xxq75ek/xBh4wpGKK7PXigL9dm13H/kgw8LmKKZ
Zaf1ChEKXi6CsVodqRTMvFF6WOyvQQDDxLKMeG1xd3Oedq9rBRuWvUaWfdZ6B0qd
BdNu+UTmU9tz7fCqlpnm+1emdF1AWRM2LLAMcChGmuD2TpwTxEKXH6JxIgY2LRYe
npOKFBzkzA+QXeaXv2ehSWmfAP6HuRAHPS5NcGebDDAwUAXACpTxNgGBY/O5MDwr
1Zd0wb+EOZTt8+PAIAfAUkGuG5U3KYCIAfDWk0WKLT4k
-----END CERTIFICATE-----