Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/o_0_DNKDHvXyvE56dyI94h8-cWE.roa
File:                     o_0_DNKDHvXyvE56dyI94h8-cWE.roa (raw, json)
Hash identifier:          yh4uWf2k31tnxXGPZH3tO9ryTzq7JMT5vpXXC0SPJXM=
Subject key identifier:   A3:FD:3F:0C:D2:83:1E:F5:F2:BC:4E:7A:77:22:3D:E2:1F:3E:71:61
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64B8037AC6ACD9C187D5DF915FE555E
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/o_0_DNKDHvXyvE56dyI94h8-cWE.roa
Signing time:             Mon 01 Jan 2024 18:31:25 +0000
ROA not before:           Mon 01 Jan 2024 18:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15587
IP address blocks:        93.159.62.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:80:37:ac:6a:cd:9c:18:7d:5d:f9:15:fe:55:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3fd3f0cd2831ef5f2bc4e7a77223de21f3e7161
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:b3:bf:bc:a8:8c:29:d3:38:35:66:a2:fd:7c:
                    a9:eb:27:82:20:96:d1:db:e8:d1:0a:0a:d8:41:4e:
                    68:82:63:63:12:1b:77:61:9a:c6:70:17:f2:d4:0c:
                    04:6a:f4:96:3b:ed:c8:57:75:88:0c:b0:cb:c2:fc:
                    7b:30:ba:51:72:78:29:6c:a1:af:a4:8e:1e:00:8c:
                    87:6e:cc:d5:b8:74:ac:c0:c5:7a:04:bd:f8:c8:53:
                    73:a9:7b:59:4c:72:ad:bb:c2:24:6c:0f:56:30:6d:
                    40:9b:dc:4b:86:c7:09:6c:05:f9:5b:f8:45:26:24:
                    70:d8:4b:af:66:04:8c:14:70:d7:75:5c:c5:b2:35:
                    85:93:80:18:f8:c7:13:da:54:93:9c:da:67:2c:4a:
                    ee:79:5c:d4:b9:64:d6:e6:50:aa:e5:ae:b8:f6:65:
                    f7:c1:38:a0:3a:e1:17:9c:ca:6b:71:59:f5:1f:63:
                    d8:c0:27:e1:61:2d:45:e9:e2:4d:32:5f:69:36:c4:
                    b8:92:02:46:05:8e:e7:aa:47:6d:c6:8f:53:35:b0:
                    35:7b:29:90:9a:97:1e:21:26:0d:da:92:f5:0d:e4:
                    8b:e4:9d:f6:a9:dd:01:fc:0c:66:37:35:32:26:aa:
                    c8:15:12:6a:d8:b1:c8:b4:7e:87:ed:1f:d8:ff:f1:
                    55:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:FD:3F:0C:D2:83:1E:F5:F2:BC:4E:7A:77:22:3D:E2:1F:3E:71:61
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/o_0_DNKDHvXyvE56dyI94h8-cWE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.159.62.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2e:b6:ed:3d:39:70:a5:b4:cb:6b:f6:cf:2b:f3:c0:3e:4b:ec:
         6b:b3:f3:e8:8b:ab:34:3f:be:b3:7f:5f:fc:90:fc:98:59:c0:
         c4:ff:50:69:62:b0:41:1d:f4:02:7e:5e:fc:6d:fc:ef:3e:af:
         a3:f9:e2:36:cc:e1:fb:78:43:de:e7:b1:6b:b8:32:fb:9f:37:
         d3:40:82:d2:42:7c:11:4d:2a:16:db:2f:c1:f5:d7:1b:a3:c1:
         ed:b7:6f:5a:ff:22:0e:52:09:da:b1:3d:cd:e7:4a:3e:a4:c5:
         7f:2b:1a:ec:d2:6a:65:84:27:c9:ab:8c:a3:a3:37:c6:7e:22:
         9e:a8:76:29:09:ec:41:05:3d:6b:d3:3f:12:2f:ee:16:8f:49:
         40:17:65:17:38:bb:03:61:86:ff:dd:75:f7:1b:ed:a4:9c:09:
         8c:0b:49:92:41:ce:8e:a6:5f:ef:e5:d1:b2:c7:6e:4f:80:d4:
         81:6d:e1:bc:85:b6:6e:d6:2d:ef:f9:6d:b7:6e:be:2e:2e:ba:
         85:05:a9:e6:62:ba:c9:86:a9:78:e7:d5:64:a6:c2:51:3c:54:
         9e:0d:0b:bd:ab:1e:65:3e:f3:11:d8:79:5d:7d:80:f1:63:bf:
         01:da:7a:1e:9a:55:62:4d:66:fc:f2:a7:35:f4:f7:07:bd:4b:
         19:ae:db:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS4A3rGrNnBh9XfkV/lVeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2ZkM2YwY2QyODMxZWY1ZjJiYzRlN2E3NzIyM2RlMjFmM2U3MTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoLO/vKiMKdM4NWai/Xyp6yeCIJbR
2+jRCgrYQU5ogmNjEht3YZrGcBfy1AwEavSWO+3IV3WIDLDLwvx7MLpRcngpbKGv
pI4eAIyHbszVuHSswMV6BL34yFNzqXtZTHKtu8IkbA9WMG1Am9xLhscJbAX5W/hF
JiRw2EuvZgSMFHDXdVzFsjWFk4AY+McT2lSTnNpnLErueVzUuWTW5lCq5a649mX3
wTigOuEXnMprcVn1H2PYwCfhYS1F6eJNMl9pNsS4kgJGBY7nqkdtxo9TNbA1eymQ
mpceISYN2pL1DeSL5J32qd0B/AxmNzUyJqrIFRJq2LHItH6H7R/Y//FVxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKP9PwzSgx718rxOenciPeIfPnFhMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvb18wX0ROS0RIdlh5dkU1NmR5STk0aDgtY1dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXZ8+MA0G
CSqGSIb3DQEBCwUAA4IBAQAutu09OXCltMtr9s8r88A+S+xrs/Poi6s0P76zf1/8
kPyYWcDE/1BpYrBBHfQCfl78bfzvPq+j+eI2zOH7eEPe57FruDL7nzfTQILSQnwR
TSoW2y/B9dcbo8Htt29a/yIOUgnasT3N50o+pMV/Kxrs0mplhCfJq4yjozfGfiKe
qHYpCexBBT1r0z8SL+4Wj0lAF2UXOLsDYYb/3XX3G+2knAmMC0mSQc6Opl/v5dGy
x25PgNSBbeG8hbZu1i3v+W23br4uLrqFBanmYrrJhql459VkpsJRPFSeDQu9qx5l
PvMR2HldfYDxY78B2noemlViTWb88qc19PcHvUsZrtsG
-----END CERTIFICATE-----