Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/462ae4-fedb-4940-99d4-f38559be80e9/1/NZvb2qKNw6TNNeDvqlV_-QChDh8.roa
File:                     NZvb2qKNw6TNNeDvqlV_-QChDh8.roa (raw, json)
Hash identifier:          AvipIjBdsS0207+aK/JkUYN7M+6rcBf9DVuXv7pl1K0=
Subject key identifier:   35:9B:DB:DA:A2:8D:C3:A4:CD:35:E0:EF:AA:55:7F:F9:00:A1:0E:1F
Certificate issuer:       /CN=54bbdb2d980ac0a827c0cc6ed0f906749cb2cea1
Certificate serial:       0194236A0837C1B083407BE8A7343627FDEF
Authority key identifier: 54:BB:DB:2D:98:0A:C0:A8:27:C0:CC:6E:D0:F9:06:74:9C:B2:CE:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VLvbLZgKwKgnwMxu0PkGdJyyzqE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/462ae4-fedb-4940-99d4-f38559be80e9/1/NZvb2qKNw6TNNeDvqlV_-QChDh8.roa
Signing time:             Wed 01 Jan 2025 19:48:58 +0000
ROA not before:           Wed 01 Jan 2025 19:48:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21100
IP address blocks:        93.187.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/462ae4-fedb-4940-99d4-f38559be80e9/1/VLvbLZgKwKgnwMxu0PkGdJyyzqE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/462ae4-fedb-4940-99d4-f38559be80e9/1/VLvbLZgKwKgnwMxu0PkGdJyyzqE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VLvbLZgKwKgnwMxu0PkGdJyyzqE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:08:37:c1:b0:83:40:7b:e8:a7:34:36:27:fd:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54bbdb2d980ac0a827c0cc6ed0f906749cb2cea1
        Validity
            Not Before: Jan  1 19:48:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=359bdbdaa28dc3a4cd35e0efaa557ff900a10e1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:c4:03:20:be:8c:20:42:1f:11:b8:14:a5:dd:
                    ff:8d:56:38:c3:71:bb:3e:54:f9:1d:73:b8:ff:94:
                    d6:33:ce:fc:b3:01:7b:bc:2a:6d:40:ec:29:62:55:
                    35:4a:b4:ca:73:08:48:f6:e8:27:59:cb:8b:23:6f:
                    62:39:9a:f0:4b:b2:e3:67:2e:c0:5e:8b:85:e5:ca:
                    25:c9:b4:3a:59:0e:36:19:b3:a2:b3:2e:99:c9:19:
                    33:68:05:8b:85:07:e5:ac:c5:7b:34:e2:43:de:53:
                    fb:b8:50:90:d3:12:ac:0d:ea:e0:32:de:97:fa:5b:
                    3f:00:bd:a2:96:25:79:3c:ca:ef:a7:53:73:27:21:
                    9e:0d:83:33:17:b0:86:64:82:7b:0c:48:1c:93:5c:
                    96:4d:4d:83:c6:4f:da:2f:4e:3e:b7:89:e7:6e:15:
                    d8:fc:e5:5a:a2:70:69:4f:b4:2b:51:bf:9b:9c:0d:
                    17:ff:b0:70:83:00:5d:f3:d0:cc:57:f6:cd:21:17:
                    1c:65:ec:53:a3:ff:a4:8b:a5:88:a3:6e:c4:a4:ab:
                    67:e5:81:37:55:8b:f3:7f:00:5a:d2:94:59:b8:79:
                    a0:5c:c5:47:fb:ed:90:1e:fd:37:ab:c2:6f:89:06:
                    a1:06:41:92:d5:61:c0:af:dc:62:76:3f:3b:b4:14:
                    a0:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:9B:DB:DA:A2:8D:C3:A4:CD:35:E0:EF:AA:55:7F:F9:00:A1:0E:1F
            X509v3 Authority Key Identifier:
                keyid:54:BB:DB:2D:98:0A:C0:A8:27:C0:CC:6E:D0:F9:06:74:9C:B2:CE:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VLvbLZgKwKgnwMxu0PkGdJyyzqE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/462ae4-fedb-4940-99d4-f38559be80e9/1/NZvb2qKNw6TNNeDvqlV_-QChDh8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/462ae4-fedb-4940-99d4-f38559be80e9/1/VLvbLZgKwKgnwMxu0PkGdJyyzqE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.187.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:84:23:59:28:c1:48:e7:21:2a:9d:49:87:41:76:d2:0e:96:
         29:78:03:04:04:68:77:3b:9f:5e:6c:05:87:6d:0a:04:2d:b3:
         52:3c:86:99:00:9c:8a:e0:aa:ab:ef:ad:83:c1:a3:bc:79:67:
         8b:45:81:dc:20:b4:b4:20:c9:c0:be:02:b9:a7:e4:b0:97:b4:
         2f:4d:9f:e9:ae:77:b7:a3:2d:c1:c2:0d:72:68:f2:76:28:81:
         a1:eb:bd:88:60:5d:ac:ae:db:f6:a0:01:24:c1:23:6f:4a:05:
         09:2e:d7:04:30:e6:92:39:a8:b9:99:06:f4:de:7c:26:52:26:
         cd:10:06:76:4e:6e:d8:6a:ad:63:2f:7f:fa:22:1e:6e:1d:f9:
         c9:cd:e9:41:0f:ab:08:17:85:1a:c2:8b:f1:2d:c9:18:44:4e:
         55:7d:41:ce:6b:3a:ee:46:5f:18:0d:0e:9c:d2:cf:ad:78:dc:
         1f:85:c4:82:ed:ff:6d:ac:3c:a7:02:73:ea:8d:46:ee:27:9e:
         95:02:a5:61:25:0b:4e:e5:42:47:82:b4:bc:db:7e:53:0d:32:
         74:17:dc:2f:a3:b7:12:fa:fc:19:09:be:99:aa:e2:b7:fd:cd:
         14:9e:4e:0e:88:04:72:22:6f:b4:34:5e:8b:dc:4d:ae:76:1d:
         f8:3d:cc:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjagg3wbCDQHvopzQ2J/3vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0YmJkYjJkOTgwYWMwYTgyN2MwY2M2ZWQwZjkwNjc0OWNi
MmNlYTEwHhcNMjUwMTAxMTk0ODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTliZGJkYWEyOGRjM2E0Y2QzNWUwZWZhYTU1N2ZmOTAwYTEwZTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwsQDIL6MIEIfEbgUpd3/jVY4w3G7
PlT5HXO4/5TWM878swF7vCptQOwpYlU1SrTKcwhI9ugnWcuLI29iOZrwS7LjZy7A
XouF5colybQ6WQ42GbOisy6ZyRkzaAWLhQflrMV7NOJD3lP7uFCQ0xKsDergMt6X
+ls/AL2iliV5PMrvp1NzJyGeDYMzF7CGZIJ7DEgck1yWTU2Dxk/aL04+t4nnbhXY
/OVaonBpT7QrUb+bnA0X/7BwgwBd89DMV/bNIRccZexTo/+ki6WIo27EpKtn5YE3
VYvzfwBa0pRZuHmgXMVH++2QHv03q8JviQahBkGS1WHAr9xidj87tBSgZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDWb29qijcOkzTXg76pVf/kAoQ4fMB8GA1UdIwQY
MBaAFFS72y2YCsCoJ8DMbtD5BnScss6hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkx2YkxaZ0t3S2dud014dTBQa0dkSnl5enFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC80NjJhZTQtZmVkYi00OTQwLTk5ZDQt
ZjM4NTU5YmU4MGU5LzEvTlp2YjJxS053NlROTmVEdnFsVl8tUUNoRGg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC80NjJhZTQtZmVkYi00OTQwLTk5ZDQtZjM4NTU5YmU4MGU5
LzEvVkx2YkxaZ0t3S2dud014dTBQa0dkSnl5enFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXbtAMA0G
CSqGSIb3DQEBCwUAA4IBAQALhCNZKMFI5yEqnUmHQXbSDpYpeAMEBGh3O59ebAWH
bQoELbNSPIaZAJyK4Kqr762DwaO8eWeLRYHcILS0IMnAvgK5p+Swl7QvTZ/prne3
oy3Bwg1yaPJ2KIGh672IYF2srtv2oAEkwSNvSgUJLtcEMOaSOai5mQb03nwmUibN
EAZ2Tm7Yaq1jL3/6Ih5uHfnJzelBD6sIF4UawovxLckYRE5VfUHOazruRl8YDQ6c
0s+teNwfhcSC7f9trDynAnPqjUbuJ56VAqVhJQtO5UJHgrS8235TDTJ0F9wvo7cS
+vwZCb6ZquK3/c0Unk4OiARyIm+0NF6L3E2udh34PcxO
-----END CERTIFICATE-----