Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/204fae-f7bd-4f70-911a-1b192371f442/1/tWzYY_xdrJ_hN7DiwXGEFAnVeAE.roa
File:                     tWzYY_xdrJ_hN7DiwXGEFAnVeAE.roa (raw, json)
Hash identifier:          8ZBbueukl10L87SqS9n4B303/x5OMuFo8ix9AFGDdbM=
Subject key identifier:   B5:6C:D8:63:FC:5D:AC:9F:E1:37:B0:E2:C1:71:84:14:09:D5:78:01
Certificate issuer:       /CN=123ad9e6ce2651d95ad18656ecbb93536189faaf
Certificate serial:       018CC26D232AD6B180201231DD23D0011C65
Authority key identifier: 12:3A:D9:E6:CE:26:51:D9:5A:D1:86:56:EC:BB:93:53:61:89:FA:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EjrZ5s4mUdla0YZW7LuTU2GJ-q8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/204fae-f7bd-4f70-911a-1b192371f442/1/tWzYY_xdrJ_hN7DiwXGEFAnVeAE.roa
Signing time:             Mon 01 Jan 2024 00:29:41 +0000
ROA not before:           Mon 01 Jan 2024 00:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62343
IP address blocks:        93.115.209.0/24 maxlen: 24
                          93.115.208.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/204fae-f7bd-4f70-911a-1b192371f442/1/EjrZ5s4mUdla0YZW7LuTU2GJ-q8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/204fae-f7bd-4f70-911a-1b192371f442/1/EjrZ5s4mUdla0YZW7LuTU2GJ-q8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EjrZ5s4mUdla0YZW7LuTU2GJ-q8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:23:2a:d6:b1:80:20:12:31:dd:23:d0:01:1c:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=123ad9e6ce2651d95ad18656ecbb93536189faaf
        Validity
            Not Before: Jan  1 00:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b56cd863fc5dac9fe137b0e2c171841409d57801
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:9b:36:4b:d9:05:48:bb:cb:c8:43:f6:16:66:
                    cb:85:af:bf:bd:72:71:3b:f1:85:1f:b3:9d:db:d7:
                    96:c8:25:ce:8c:11:1d:df:13:50:ed:72:22:76:ec:
                    cb:36:60:a9:de:4a:16:d3:fe:9c:b0:c1:5a:99:99:
                    3c:54:45:dd:ca:05:c0:8d:60:e5:42:39:7d:7e:78:
                    81:12:b3:bb:7a:d5:fb:fe:4d:45:ea:db:a5:48:aa:
                    ef:45:5b:31:37:50:2f:d9:3f:23:4e:e0:b1:4c:a1:
                    12:44:a6:b5:ac:bb:23:2a:8a:17:48:69:c7:df:4b:
                    1c:a0:a0:cb:68:67:38:50:50:72:49:3d:be:74:28:
                    1f:e0:1d:e6:d3:21:fd:05:cf:da:d8:a9:cb:18:9a:
                    73:e1:2b:e7:49:f4:3a:04:43:36:28:f4:6a:fe:e9:
                    f4:3a:9b:8c:65:14:7b:db:49:d9:dc:75:42:49:57:
                    61:cc:c9:7e:fc:12:30:6c:f5:b6:65:0e:90:dc:ad:
                    fa:90:85:6e:bd:2e:f2:39:9d:e6:89:75:f2:d2:79:
                    d9:ef:2e:82:7a:05:8a:e9:c0:fc:5d:47:33:bf:a8:
                    24:8f:3d:c4:e9:e5:78:78:db:3c:cd:9b:9e:83:42:
                    f8:6a:7b:d0:f5:fe:ce:9f:19:fb:ba:44:ca:48:9a:
                    6a:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:6C:D8:63:FC:5D:AC:9F:E1:37:B0:E2:C1:71:84:14:09:D5:78:01
            X509v3 Authority Key Identifier:
                keyid:12:3A:D9:E6:CE:26:51:D9:5A:D1:86:56:EC:BB:93:53:61:89:FA:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EjrZ5s4mUdla0YZW7LuTU2GJ-q8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/204fae-f7bd-4f70-911a-1b192371f442/1/tWzYY_xdrJ_hN7DiwXGEFAnVeAE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/204fae-f7bd-4f70-911a-1b192371f442/1/EjrZ5s4mUdla0YZW7LuTU2GJ-q8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.115.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         97:7e:79:bf:55:cc:1b:05:3a:fa:ac:b8:32:ec:9b:51:96:94:
         8e:c7:d9:08:c6:f2:8b:a9:17:d9:71:93:26:93:75:58:f1:dd:
         fa:e2:19:e3:97:5f:93:ab:2f:9a:58:4f:3e:bd:15:09:52:23:
         cb:03:8e:a4:9a:69:99:33:d2:f9:98:1f:77:52:21:73:c9:0e:
         67:b5:54:c5:19:aa:a1:4f:09:16:33:be:18:f0:eb:86:93:63:
         a8:c4:61:88:ff:03:df:61:9e:88:f2:74:f6:a3:ec:9c:f3:82:
         a5:30:2c:2b:e2:b2:51:71:b1:eb:72:46:0c:f3:85:6d:44:bb:
         26:b0:b6:b0:49:aa:39:59:c1:ec:25:57:14:e0:56:01:41:91:
         e4:13:5b:3b:ce:53:3e:ac:54:99:05:02:9b:6d:3b:18:e2:75:
         81:32:bc:96:01:ef:ac:5a:29:c6:13:d6:da:24:32:46:c6:4b:
         b9:74:01:b9:0b:c1:59:9d:31:f9:f2:9d:96:2b:f2:e7:42:71:
         3e:fd:9b:c4:7b:12:9a:95:8e:fd:f6:9f:79:6f:84:ce:37:17:
         1b:86:85:16:e0:e8:99:32:bc:d5:7a:96:0f:70:7b:18:9a:8f:
         ea:1f:b1:77:60:08:ca:ac:6d:4a:5a:e8:1b:3b:38:6f:82:8b:
         bd:d7:ea:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbSMq1rGAIBIx3SPQARxlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyM2FkOWU2Y2UyNjUxZDk1YWQxODY1NmVjYmI5MzUzNjE4
OWZhYWYwHhcNMjQwMTAxMDAyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTZjZDg2M2ZjNWRhYzlmZTEzN2IwZTJjMTcxODQxNDA5ZDU3ODAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA15s2S9kFSLvLyEP2FmbLha+/vXJx
O/GFH7Od29eWyCXOjBEd3xNQ7XIiduzLNmCp3koW0/6csMFamZk8VEXdygXAjWDl
Qjl9fniBErO7etX7/k1F6tulSKrvRVsxN1Av2T8jTuCxTKESRKa1rLsjKooXSGnH
30scoKDLaGc4UFByST2+dCgf4B3m0yH9Bc/a2KnLGJpz4SvnSfQ6BEM2KPRq/un0
OpuMZRR720nZ3HVCSVdhzMl+/BIwbPW2ZQ6Q3K36kIVuvS7yOZ3miXXy0nnZ7y6C
egWK6cD8XUczv6gkjz3E6eV4eNs8zZueg0L4anvQ9f7Onxn7ukTKSJpqAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLVs2GP8Xayf4Tew4sFxhBQJ1XgBMB8GA1UdIwQY
MBaAFBI62ebOJlHZWtGGVuy7k1NhifqvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWpyWjVzNG1VZGxhMFlaVzdMdVRVMkdKLXE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My8yMDRmYWUtZjdiZC00ZjcwLTkxMWEt
MWIxOTIzNzFmNDQyLzEvdFd6WVlfeGRySl9oTjdEaXdYR0VGQW5WZUFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My8yMDRmYWUtZjdiZC00ZjcwLTkxMWEtMWIxOTIzNzFmNDQy
LzEvRWpyWjVzNG1VZGxhMFlaVzdMdVRVMkdKLXE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXXPQMA0G
CSqGSIb3DQEBCwUAA4IBAQCXfnm/VcwbBTr6rLgy7JtRlpSOx9kIxvKLqRfZcZMm
k3VY8d364hnjl1+Tqy+aWE8+vRUJUiPLA46kmmmZM9L5mB93UiFzyQ5ntVTFGaqh
TwkWM74Y8OuGk2OoxGGI/wPfYZ6I8nT2o+yc84KlMCwr4rJRcbHrckYM84VtRLsm
sLawSao5WcHsJVcU4FYBQZHkE1s7zlM+rFSZBQKbbTsY4nWBMryWAe+sWinGE9ba
JDJGxku5dAG5C8FZnTH58p2WK/LnQnE+/ZvEexKalY799p95b4TONxcbhoUW4OiZ
MrzVepYPcHsYmo/qH7F3YAjKrG1KWugbOzhvgou91+oN
-----END CERTIFICATE-----