Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/fefb40-d14a-4c58-899b-a952dea2a651/1/dypD1lAjujn4wFlso4qsG6gh4-M.roa
File:                     dypD1lAjujn4wFlso4qsG6gh4-M.roa (raw, json)
Hash identifier:          CFt6sVYU+0PMsdoyF/9rQ9URDYs/KRkZZj6GjcOYJa0=
Subject key identifier:   77:2A:43:D6:50:23:BA:39:F8:C0:59:6C:A3:8A:AC:1B:A8:21:E3:E3
Certificate issuer:       /CN=52b12ccc7ea1068c30d78c955c56b9763bcf3b4d
Certificate serial:       018CC42489292931E9910BB169E9429EB675
Authority key identifier: 52:B1:2C:CC:7E:A1:06:8C:30:D7:8C:95:5C:56:B9:76:3B:CF:3B:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UrEszH6hBoww14yVXFa5djvPO00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/fefb40-d14a-4c58-899b-a952dea2a651/1/dypD1lAjujn4wFlso4qsG6gh4-M.roa
Signing time:             Mon 01 Jan 2024 08:29:37 +0000
ROA not before:           Mon 01 Jan 2024 08:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213002
IP address blocks:        93.95.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/fefb40-d14a-4c58-899b-a952dea2a651/1/UrEszH6hBoww14yVXFa5djvPO00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/fefb40-d14a-4c58-899b-a952dea2a651/1/UrEszH6hBoww14yVXFa5djvPO00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UrEszH6hBoww14yVXFa5djvPO00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:89:29:29:31:e9:91:0b:b1:69:e9:42:9e:b6:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52b12ccc7ea1068c30d78c955c56b9763bcf3b4d
        Validity
            Not Before: Jan  1 08:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=772a43d65023ba39f8c0596ca38aac1ba821e3e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ab:0e:f1:e9:a1:df:72:0d:9c:b2:d0:78:16:
                    af:9e:71:6c:53:a5:52:51:f8:b8:00:8a:81:82:d7:
                    3f:3e:e1:f1:b8:96:e6:4e:c0:ac:b1:6b:4f:36:cb:
                    99:6e:a8:02:67:9a:dc:97:ac:b9:52:ef:0b:52:00:
                    cc:d7:f1:84:a8:03:9d:36:f8:e6:66:a6:21:f9:99:
                    64:e1:d5:92:a6:b2:d8:35:e7:44:d8:7f:69:73:7d:
                    ab:3d:d3:4d:0e:d3:e3:cf:7c:4a:01:c8:57:4b:b0:
                    cd:ff:8b:f8:05:d1:41:c7:18:d0:08:a9:ec:f1:f1:
                    0a:67:17:93:8c:5d:62:b6:98:ac:d4:ae:af:a5:b2:
                    09:06:20:6c:74:1f:27:76:d2:87:97:94:30:30:5b:
                    3c:a2:12:f7:5e:c5:42:fe:e0:99:07:2b:7f:cc:52:
                    6c:64:7f:f9:f5:8d:c9:49:17:2b:52:fc:22:09:53:
                    55:07:23:53:94:b6:d6:cc:bd:30:13:1b:b7:0d:d2:
                    0b:d2:75:af:9e:ac:b4:22:12:ed:71:c0:1c:d4:41:
                    00:09:2a:7b:04:79:5a:7e:d7:88:dd:a4:c7:47:1e:
                    eb:cd:17:98:a7:2a:28:24:af:35:8b:9c:35:cd:78:
                    67:e4:5a:0b:36:b9:12:39:72:a0:d4:af:79:77:31:
                    a2:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:2A:43:D6:50:23:BA:39:F8:C0:59:6C:A3:8A:AC:1B:A8:21:E3:E3
            X509v3 Authority Key Identifier:
                keyid:52:B1:2C:CC:7E:A1:06:8C:30:D7:8C:95:5C:56:B9:76:3B:CF:3B:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UrEszH6hBoww14yVXFa5djvPO00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/fefb40-d14a-4c58-899b-a952dea2a651/1/dypD1lAjujn4wFlso4qsG6gh4-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/fefb40-d14a-4c58-899b-a952dea2a651/1/UrEszH6hBoww14yVXFa5djvPO00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.95.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:d2:18:96:f1:fe:eb:b6:6b:ae:61:01:d6:38:8b:3b:0c:59:
         7a:ec:e5:28:b0:b8:3b:3b:2e:4f:4c:cb:c9:fa:9f:ee:ce:39:
         d4:9c:ff:32:f6:11:ea:4f:92:aa:b3:36:10:6f:bc:10:5b:17:
         fb:87:52:4e:2d:ad:d1:cc:d5:69:50:3d:2b:62:bf:81:58:c9:
         6a:01:25:f3:89:d8:8b:06:ba:64:f2:0c:34:48:55:77:f0:7f:
         9d:0c:a3:a7:c6:4d:9c:fa:1b:88:8f:cf:bf:6d:e3:f6:fa:de:
         98:4c:54:8a:73:7b:b8:cf:64:97:4f:ca:34:eb:45:7e:3b:20:
         cd:17:b3:50:b0:ad:22:4c:52:c3:7b:a9:61:6f:5b:eb:35:07:
         0d:cd:bd:39:3e:35:87:46:1d:b8:a0:58:b1:47:3d:76:a2:a7:
         96:67:48:b6:6d:9b:87:d5:70:da:3d:ac:47:fc:da:5b:46:c6:
         22:72:70:f3:b4:93:97:2f:94:45:08:7e:4f:bb:e1:4b:00:35:
         5b:e3:82:f4:49:17:2f:d9:2e:56:0f:a3:c0:95:eb:25:36:19:
         05:a9:c8:38:3f:51:a9:b7:68:c7:6b:2e:e2:12:ba:2e:ea:87:
         15:1f:d7:95:e0:84:5a:cc:67:2c:a6:87:07:a6:c7:bb:df:4d:
         ff:79:9f:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJIkpKTHpkQuxaelCnrZ1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyYjEyY2NjN2VhMTA2OGMzMGQ3OGM5NTVjNTZiOTc2M2Jj
ZjNiNGQwHhcNMjQwMTAxMDgyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzJhNDNkNjUwMjNiYTM5ZjhjMDU5NmNhMzhhYWMxYmE4MjFlM2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6sO8emh33INnLLQeBavnnFsU6VS
Ufi4AIqBgtc/PuHxuJbmTsCssWtPNsuZbqgCZ5rcl6y5Uu8LUgDM1/GEqAOdNvjm
ZqYh+Zlk4dWSprLYNedE2H9pc32rPdNNDtPjz3xKAchXS7DN/4v4BdFBxxjQCKns
8fEKZxeTjF1itpis1K6vpbIJBiBsdB8ndtKHl5QwMFs8ohL3XsVC/uCZByt/zFJs
ZH/59Y3JSRcrUvwiCVNVByNTlLbWzL0wExu3DdIL0nWvnqy0IhLtccAc1EEACSp7
BHlafteI3aTHRx7rzReYpyooJK81i5w1zXhn5FoLNrkSOXKg1K95dzGixwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHcqQ9ZQI7o5+MBZbKOKrBuoIePjMB8GA1UdIwQY
MBaAFFKxLMx+oQaMMNeMlVxWuXY7zztNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXJFc3pINmhCb3d3MTR5VlhGYTVkanZQTzAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9mZWZiNDAtZDE0YS00YzU4LTg5OWIt
YTk1MmRlYTJhNjUxLzEvZHlwRDFsQWp1am40d0Zsc280cXNHNmdoNC1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9mZWZiNDAtZDE0YS00YzU4LTg5OWItYTk1MmRlYTJhNjUx
LzEvVXJFc3pINmhCb3d3MTR5VlhGYTVkanZQTzAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXV8aMA0G
CSqGSIb3DQEBCwUAA4IBAQAb0hiW8f7rtmuuYQHWOIs7DFl67OUosLg7Oy5PTMvJ
+p/uzjnUnP8y9hHqT5KqszYQb7wQWxf7h1JOLa3RzNVpUD0rYr+BWMlqASXzidiL
Brpk8gw0SFV38H+dDKOnxk2c+huIj8+/beP2+t6YTFSKc3u4z2SXT8o060V+OyDN
F7NQsK0iTFLDe6lhb1vrNQcNzb05PjWHRh24oFixRz12oqeWZ0i2bZuH1XDaPaxH
/NpbRsYicnDztJOXL5RFCH5Pu+FLADVb44L0SRcv2S5WD6PAleslNhkFqcg4P1Gp
t2jHay7iErou6ocVH9eV4IRazGcspocHpse7303/eZ9p
-----END CERTIFICATE-----