Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/930caf-76ee-456c-afe0-a25255329dc0/1/BinnJbClmc_tZ2rTnPm8Xy4Iutg.roa
File:                     BinnJbClmc_tZ2rTnPm8Xy4Iutg.roa (raw, json)
Hash identifier:          Z3wePSwCBx+JM5uvW5D2eVYCW6ddKKmUTCuNzOmWWC4=
Subject key identifier:   06:29:E7:25:B0:A5:99:CF:ED:67:6A:D3:9C:F9:BC:5F:2E:08:BA:D8
Certificate issuer:       /CN=974506f3f202d86849bb4dd5c7539d22b4df5182
Certificate serial:       018E86AC085CADDCD7DDB859D8FD5459B0EF
Authority key identifier: 97:45:06:F3:F2:02:D8:68:49:BB:4D:D5:C7:53:9D:22:B4:DF:51:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l0UG8_IC2GhJu03Vx1OdIrTfUYI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/930caf-76ee-456c-afe0-a25255329dc0/1/BinnJbClmc_tZ2rTnPm8Xy4Iutg.roa
Signing time:             Thu 28 Mar 2024 20:06:45 +0000
ROA not before:           Thu 28 Mar 2024 20:06:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20967
IP address blocks:        193.108.213.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/930caf-76ee-456c-afe0-a25255329dc0/1/l0UG8_IC2GhJu03Vx1OdIrTfUYI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/930caf-76ee-456c-afe0-a25255329dc0/1/l0UG8_IC2GhJu03Vx1OdIrTfUYI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l0UG8_IC2GhJu03Vx1OdIrTfUYI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:86:ac:08:5c:ad:dc:d7:dd:b8:59:d8:fd:54:59:b0:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=974506f3f202d86849bb4dd5c7539d22b4df5182
        Validity
            Not Before: Mar 28 20:06:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0629e725b0a599cfed676ad39cf9bc5f2e08bad8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:b0:60:2d:3c:6e:81:85:2d:f5:ce:f4:05:cd:
                    fe:f5:fe:77:6b:3f:63:7c:d9:35:78:ce:e3:6a:0e:
                    39:5d:7b:73:92:0f:b9:8c:39:0c:83:02:1e:3d:5e:
                    ca:31:53:3b:1f:05:eb:e0:8f:a2:5c:1d:93:ca:60:
                    77:00:f3:38:d0:1b:1b:82:4c:82:a3:be:6e:8d:d7:
                    fd:e5:89:d4:3f:02:b0:59:e0:9d:77:a4:aa:47:3b:
                    43:88:f2:dd:9b:18:a1:00:8b:36:08:19:ae:fe:6e:
                    df:4b:4e:1a:6a:f8:e1:dd:0c:42:10:24:0e:ef:78:
                    6c:7a:33:8a:85:33:31:d4:53:26:c7:4d:de:d8:bd:
                    d6:db:a6:99:23:f7:ef:aa:ed:12:de:89:56:0e:80:
                    cb:86:46:87:01:74:b8:5d:e8:1c:09:bb:02:b5:9d:
                    00:f1:3b:76:95:aa:57:2d:ce:e8:67:cf:34:2c:31:
                    8b:39:4c:81:6e:2a:63:fe:a9:bc:a0:4b:04:66:fa:
                    7f:4e:75:d8:0e:ed:c9:de:8b:90:f9:c9:89:85:74:
                    67:0d:16:49:0b:d3:d7:6d:a8:8f:35:35:71:aa:83:
                    00:e0:ba:a0:97:da:b3:24:53:a0:4f:4c:9d:dc:1b:
                    bc:fb:ea:67:05:19:14:b5:50:8f:c2:0c:7a:d9:75:
                    71:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:29:E7:25:B0:A5:99:CF:ED:67:6A:D3:9C:F9:BC:5F:2E:08:BA:D8
            X509v3 Authority Key Identifier:
                keyid:97:45:06:F3:F2:02:D8:68:49:BB:4D:D5:C7:53:9D:22:B4:DF:51:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l0UG8_IC2GhJu03Vx1OdIrTfUYI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/930caf-76ee-456c-afe0-a25255329dc0/1/BinnJbClmc_tZ2rTnPm8Xy4Iutg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/930caf-76ee-456c-afe0-a25255329dc0/1/l0UG8_IC2GhJu03Vx1OdIrTfUYI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:23:8b:0e:c2:e0:e8:4f:7d:3f:69:52:eb:7e:9b:af:ce:c5:
         18:43:99:31:53:06:a2:d5:4f:85:93:1f:12:57:ba:96:66:02:
         b9:a2:0c:7d:48:45:e8:0d:4d:b4:f8:82:11:c0:45:86:50:7b:
         fc:dc:59:b8:d4:75:8f:11:47:b4:57:dc:7d:3e:90:82:84:9c:
         ad:c0:07:5c:ea:5c:b4:54:ec:25:23:da:da:b1:cf:ff:57:9f:
         b5:b8:c2:0b:fe:f7:a5:36:d1:cb:8a:a5:2a:35:5b:c9:38:42:
         8f:68:86:db:98:03:3a:9a:1e:63:2a:2e:cf:4a:b7:51:71:4c:
         09:d4:ec:d0:de:41:c5:eb:0f:7c:8c:1c:d4:86:75:d9:fa:54:
         3a:bc:1b:70:91:d8:73:f8:03:c9:9c:29:2c:87:7b:61:49:b8:
         7b:2d:96:67:6d:24:3c:0c:3b:78:2f:f5:98:95:91:2e:8c:e2:
         fd:dc:c0:c0:40:8e:58:c8:51:bd:7e:60:ef:31:92:3f:68:e0:
         a3:cf:66:6a:86:6f:25:95:bc:a5:89:93:01:fb:25:da:bd:49:
         81:9b:85:4a:55:e8:80:83:cc:08:19:38:b5:ab:2e:31:7c:58:
         9a:77:b1:7c:f1:2c:64:f4:7b:54:bb:31:2b:d9:9c:59:c2:fd:
         ca:f9:e7:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6GrAhcrdzX3bhZ2P1UWbDvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3NDUwNmYzZjIwMmQ4Njg0OWJiNGRkNWM3NTM5ZDIyYjRk
ZjUxODIwHhcNMjQwMzI4MjAwNjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjI5ZTcyNWIwYTU5OWNmZWQ2NzZhZDM5Y2Y5YmM1ZjJlMDhiYWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8LBgLTxugYUt9c70Bc3+9f53az9j
fNk1eM7jag45XXtzkg+5jDkMgwIePV7KMVM7HwXr4I+iXB2TymB3APM40BsbgkyC
o75ujdf95YnUPwKwWeCdd6SqRztDiPLdmxihAIs2CBmu/m7fS04aavjh3QxCECQO
73hsejOKhTMx1FMmx03e2L3W26aZI/fvqu0S3olWDoDLhkaHAXS4XegcCbsCtZ0A
8Tt2lapXLc7oZ880LDGLOUyBbipj/qm8oEsEZvp/TnXYDu3J3ouQ+cmJhXRnDRZJ
C9PXbaiPNTVxqoMA4Lqgl9qzJFOgT0yd3Bu8++pnBRkUtVCPwgx62XVxCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAYp5yWwpZnP7Wdq05z5vF8uCLrYMB8GA1UdIwQY
MBaAFJdFBvPyAthoSbtN1cdTnSK031GCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDBVRzhfSUMyR2hKdTAzVngxT2RJclRmVVlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi85MzBjYWYtNzZlZS00NTZjLWFmZTAt
YTI1MjU1MzI5ZGMwLzEvQmlubkpiQ2xtY190WjJyVG5QbThYeTRJdXRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi85MzBjYWYtNzZlZS00NTZjLWFmZTAtYTI1MjU1MzI5ZGMw
LzEvbDBVRzhfSUMyR2hKdTAzVngxT2RJclRmVVlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWzVMA0G
CSqGSIb3DQEBCwUAA4IBAQB5I4sOwuDoT30/aVLrfpuvzsUYQ5kxUwai1U+Fkx8S
V7qWZgK5ogx9SEXoDU20+IIRwEWGUHv83Fm41HWPEUe0V9x9PpCChJytwAdc6ly0
VOwlI9rasc//V5+1uMIL/velNtHLiqUqNVvJOEKPaIbbmAM6mh5jKi7PSrdRcUwJ
1OzQ3kHF6w98jBzUhnXZ+lQ6vBtwkdhz+APJnCksh3thSbh7LZZnbSQ8DDt4L/WY
lZEujOL93MDAQI5YyFG9fmDvMZI/aOCjz2Zqhm8llbyliZMB+yXavUmBm4VKVeiA
g8wIGTi1qy4xfFiad7F88Sxk9HtUuzEr2ZxZwv3K+ecI
-----END CERTIFICATE-----