Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/hRBYhUnBzKJhsk4C9b-06Mfs5pM.roa
File:                     hRBYhUnBzKJhsk4C9b-06Mfs5pM.roa (raw, json)
Hash identifier:          EJA1if26YKQA0Y2HGyU4bzMPn6/C4/lFpgRHOHzT5K0=
Subject key identifier:   85:10:58:85:49:C1:CC:A2:61:B2:4E:02:F5:BF:B4:E8:C7:EC:E6:93
Certificate issuer:       /CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Certificate serial:       0191E18226FF2C2D88CB03D2C3437674419C
Authority key identifier: 11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/hRBYhUnBzKJhsk4C9b-06Mfs5pM.roa
Signing time:             Wed 11 Sep 2024 14:34:48 +0000
ROA not before:           Wed 11 Sep 2024 14:34:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201670
IP address blocks:        93.185.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e1:82:26:ff:2c:2d:88:cb:03:d2:c3:43:76:74:41:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
        Validity
            Not Before: Sep 11 14:34:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8510588549c1cca261b24e02f5bfb4e8c7ece693
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:0f:2e:ef:6d:8c:40:ef:f0:64:c2:7c:c5:57:
                    dc:1d:22:07:f9:ea:02:62:19:58:8c:aa:52:c0:06:
                    d9:d6:44:63:9e:21:26:ae:ca:14:37:01:70:ec:56:
                    17:86:40:fd:49:6b:25:c1:54:35:62:d7:d2:88:4b:
                    1b:3a:b2:b9:e8:d2:ac:50:d5:2a:4b:bf:e3:cb:37:
                    0a:5c:ca:e9:62:9f:04:f1:71:86:38:16:21:80:82:
                    76:bf:9b:dd:ef:5e:23:17:51:6b:85:7a:1d:78:39:
                    d5:5b:7a:00:ad:7e:f1:40:a5:62:87:3b:49:b1:d0:
                    a2:fa:d4:c4:97:19:ca:a1:c4:09:ef:73:e6:c6:c3:
                    b0:cb:16:af:d6:ed:81:74:81:bc:5e:64:ee:37:54:
                    02:44:36:2e:3f:a3:2c:a7:71:8c:9f:7a:2e:39:51:
                    ec:cb:02:0e:5e:3d:bd:5d:42:f1:02:f6:b2:29:76:
                    3c:2a:54:d8:ed:32:1d:7d:24:cc:5d:40:29:e7:d8:
                    ea:28:bd:bc:b6:21:34:34:43:01:7a:f2:1f:c3:90:
                    b1:ed:98:05:65:3e:c5:0e:64:c7:00:c9:7b:8e:ae:
                    4b:1d:d2:b3:2d:ad:23:6f:c5:cb:44:f0:0f:9d:8c:
                    a7:bc:c4:36:15:9a:32:9f:e2:42:02:f3:62:f5:40:
                    71:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:10:58:85:49:C1:CC:A2:61:B2:4E:02:F5:BF:B4:E8:C7:EC:E6:93
            X509v3 Authority Key Identifier:
                keyid:11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/hRBYhUnBzKJhsk4C9b-06Mfs5pM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.185.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:e2:05:60:9d:3c:38:11:19:f9:bc:7f:4b:58:42:1e:7a:f1:
         29:e1:17:ff:f8:91:8d:a7:83:2c:73:f8:c5:66:da:19:68:82:
         57:d9:54:51:39:8c:45:8a:4e:92:2d:ca:32:d6:84:20:8a:e4:
         9b:b5:f6:fa:d9:c2:90:31:e6:c8:9b:6b:ff:28:55:80:41:44:
         3c:ed:dd:3c:81:3b:32:fa:be:e7:92:a8:d0:66:75:06:b9:3b:
         27:72:b6:8e:7c:dd:6e:68:13:7a:70:52:0b:8e:1a:2b:83:79:
         e4:ae:51:94:e0:c9:b5:83:89:dc:a3:af:db:ff:56:5b:13:c2:
         88:82:41:b3:68:ff:58:18:2d:2e:a9:b4:b8:e7:b9:d6:24:37:
         3f:6d:a3:d9:bc:a8:2c:b3:bd:b3:48:95:da:a1:73:60:42:8e:
         01:70:8a:e0:94:0d:da:4c:98:eb:6e:be:21:cc:d2:a3:6b:86:
         b1:fd:45:d2:6f:be:78:6b:bb:39:f7:29:c9:d7:aa:44:0f:9f:
         40:b8:e2:37:ec:0c:76:62:9e:86:c3:82:c3:68:d1:35:00:23:
         18:27:47:d1:10:ae:80:a4:89:66:d3:54:e2:e2:7c:4e:a2:81:
         b4:0a:7b:ad:81:b4:f8:33:b4:47:d9:d9:eb:31:c2:e8:fa:2c:
         45:f1:33:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHhgib/LC2IywPSw0N2dEGcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTAxMGY4N2EwNDliNmUyMWFiZWQ5YjQwOTgzYjA0ZjNm
MWM3ZTgwHhcNMjQwOTExMTQzNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTEwNTg4NTQ5YzFjY2EyNjFiMjRlMDJmNWJmYjRlOGM3ZWNlNjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsg8u722MQO/wZMJ8xVfcHSIH+eoC
YhlYjKpSwAbZ1kRjniEmrsoUNwFw7FYXhkD9SWslwVQ1YtfSiEsbOrK56NKsUNUq
S7/jyzcKXMrpYp8E8XGGOBYhgIJ2v5vd714jF1FrhXodeDnVW3oArX7xQKVihztJ
sdCi+tTElxnKocQJ73PmxsOwyxav1u2BdIG8XmTuN1QCRDYuP6Msp3GMn3ouOVHs
ywIOXj29XULxAvayKXY8KlTY7TIdfSTMXUAp59jqKL28tiE0NEMBevIfw5Cx7ZgF
ZT7FDmTHAMl7jq5LHdKzLa0jb8XLRPAPnYynvMQ2FZoyn+JCAvNi9UBxAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIUQWIVJwcyiYbJOAvW/tOjH7OaTMB8GA1UdIwQY
MBaAFBGgEPh6BJtuIavtm0CYOwTz8cfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUt
ZWU3NDY1NzU0ZmY2LzEvaFJCWWhVbkJ6S0poc2s0QzliLTA2TWZzNXBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUtZWU3NDY1NzU0ZmY2
LzEvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXbmlMA0G
CSqGSIb3DQEBCwUAA4IBAQAE4gVgnTw4ERn5vH9LWEIeevEp4Rf/+JGNp4Msc/jF
ZtoZaIJX2VRROYxFik6SLcoy1oQgiuSbtfb62cKQMebIm2v/KFWAQUQ87d08gTsy
+r7nkqjQZnUGuTsncraOfN1uaBN6cFILjhorg3nkrlGU4Mm1g4nco6/b/1ZbE8KI
gkGzaP9YGC0uqbS457nWJDc/baPZvKgss72zSJXaoXNgQo4BcIrglA3aTJjrbr4h
zNKja4ax/UXSb754a7s59ynJ16pED59AuOI37Ax2Yp6Gw4LDaNE1ACMYJ0fREK6A
pIlm01Ti4nxOooG0CnutgbT4M7RH2dnrMcLo+ixF8TNi
-----END CERTIFICATE-----