Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/S0Vg2fI8gb3gpVyIPxKcm-n-ucY.roa
File:                     S0Vg2fI8gb3gpVyIPxKcm-n-ucY.roa (raw, json)
Hash identifier:          RtFSjw2hWEe1SJxWJS4nXDDZmSFL7zcL0HiqdY+IYlU=
Subject key identifier:   4B:45:60:D9:F2:3C:81:BD:E0:A5:5C:88:3F:12:9C:9B:E9:FE:B9:C6
Certificate issuer:       /CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Certificate serial:       019421B1D8695D3D460B2CAE790ACF4082F2
Authority key identifier: 83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/S0Vg2fI8gb3gpVyIPxKcm-n-ucY.roa
Signing time:             Wed 01 Jan 2025 11:48:10 +0000
ROA not before:           Wed 01 Jan 2025 11:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212093
IP address blocks:        93.179.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:d8:69:5d:3d:46:0b:2c:ae:79:0a:cf:40:82:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
        Validity
            Not Before: Jan  1 11:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4b4560d9f23c81bde0a55c883f129c9be9feb9c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:22:98:e1:36:a8:a3:de:c5:28:1a:6a:34:52:
                    76:eb:ed:1d:f4:40:09:a5:c7:cf:02:03:fa:a2:ed:
                    df:bb:5c:70:cf:93:ad:71:31:f4:0d:13:d8:ba:ef:
                    dc:b8:e1:06:59:c3:8a:d3:9d:b4:28:a5:ec:45:2f:
                    8e:d3:39:d3:fe:0d:2b:e3:82:c4:66:59:8e:15:cd:
                    f9:33:ad:0f:09:25:58:cb:f0:ed:31:0f:ed:28:36:
                    29:b5:79:9b:5e:d0:25:28:cf:e9:89:51:aa:5b:f6:
                    c2:20:06:5c:ee:5c:cd:51:78:5b:84:6b:3b:26:81:
                    fb:e8:8f:10:60:e7:a3:97:63:56:4c:4f:48:53:e6:
                    10:27:e7:44:96:bb:9a:bf:fc:99:5a:8e:5f:6e:d0:
                    22:84:fd:ae:e2:e1:f2:ad:5c:0c:12:df:7c:09:5d:
                    7b:b0:73:29:48:5a:62:9f:88:eb:93:ff:cb:35:6f:
                    d6:24:fe:bf:ff:61:3d:86:5d:aa:f2:d9:9c:31:dc:
                    60:42:71:e4:46:74:70:97:7b:ef:15:c1:43:74:0e:
                    d8:3f:36:25:9c:5f:95:23:b0:0a:53:19:06:87:07:
                    68:2f:57:17:55:5c:63:d5:bc:82:7c:b7:5f:7c:4f:
                    9e:82:9e:b0:0a:2d:01:7e:9f:b7:49:11:71:75:70:
                    bf:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:45:60:D9:F2:3C:81:BD:E0:A5:5C:88:3F:12:9C:9B:E9:FE:B9:C6
            X509v3 Authority Key Identifier:
                keyid:83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/S0Vg2fI8gb3gpVyIPxKcm-n-ucY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.179.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:66:44:81:c3:15:70:7f:b8:8e:c6:72:fb:d2:5c:58:ce:39:
         a7:42:e7:b1:60:36:1b:8c:72:5f:34:e9:7a:77:db:55:80:f5:
         ed:a0:de:d0:79:92:45:ff:61:7d:88:89:53:a8:c7:36:24:cc:
         54:4b:65:23:11:b5:0b:f7:74:51:d9:ef:a2:fc:46:a0:3b:e2:
         4f:74:e4:2a:13:c2:09:8c:3a:62:a9:87:83:14:7c:71:3d:36:
         96:88:32:1b:d2:3f:be:a0:9f:2d:a9:09:22:63:84:ea:46:52:
         eb:df:40:93:2d:b7:1b:ce:33:ad:1e:5b:d4:26:dc:19:c2:dd:
         fd:58:44:e1:21:40:50:05:bf:5e:91:d3:b7:af:26:59:39:b9:
         a6:35:bb:62:67:f4:53:30:90:64:d7:98:0f:69:97:76:60:1e:
         11:12:78:0c:d6:be:b6:3f:59:6a:1d:e8:bd:c9:4c:36:e7:b3:
         0d:4b:42:ba:b9:60:ee:50:09:05:bd:f4:3d:36:e5:7e:49:d4:
         16:cd:b1:4d:59:e8:dd:d3:c0:f7:ed:e1:55:2c:77:ad:cd:d3:
         16:a3:5b:79:bf:06:7c:9f:a8:3f:93:d8:a4:d1:6f:87:9d:6e:
         f3:db:ac:9b:90:e5:f7:42:03:e1:f7:66:2a:9d:26:83:1f:13:
         5e:c2:a6:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsdhpXT1GCyyueQrPQILyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzhlZjQxYjJjMDEwNWE5MWNjYmI5Yzg5MzM3ZmFlYjEy
OWZmODQwHhcNMjUwMTAxMTE0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjQ1NjBkOWYyM2M4MWJkZTBhNTVjODgzZjEyOWM5YmU5ZmViOWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtSKY4Taoo97FKBpqNFJ26+0d9EAJ
pcfPAgP6ou3fu1xwz5OtcTH0DRPYuu/cuOEGWcOK0520KKXsRS+O0znT/g0r44LE
ZlmOFc35M60PCSVYy/DtMQ/tKDYptXmbXtAlKM/piVGqW/bCIAZc7lzNUXhbhGs7
JoH76I8QYOejl2NWTE9IU+YQJ+dElruav/yZWo5fbtAihP2u4uHyrVwMEt98CV17
sHMpSFpin4jrk//LNW/WJP6//2E9hl2q8tmcMdxgQnHkRnRwl3vvFcFDdA7YPzYl
nF+VI7AKUxkGhwdoL1cXVVxj1byCfLdffE+egp6wCi0Bfp+3SRFxdXC/aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEtFYNnyPIG94KVciD8SnJvp/rnGMB8GA1UdIwQY
MBaAFIM470GywBBakcy7nIkzf66xKf+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3Mzgt
MjhmYzc3OTY3NzYzLzEvUzBWZzJmSThnYjNncFZ5SVB4S2NtLW4tdWNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3MzgtMjhmYzc3OTY3NzYz
LzEvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXbNCMA0G
CSqGSIb3DQEBCwUAA4IBAQCrZkSBwxVwf7iOxnL70lxYzjmnQuexYDYbjHJfNOl6
d9tVgPXtoN7QeZJF/2F9iIlTqMc2JMxUS2UjEbUL93RR2e+i/EagO+JPdOQqE8IJ
jDpiqYeDFHxxPTaWiDIb0j++oJ8tqQkiY4TqRlLr30CTLbcbzjOtHlvUJtwZwt39
WEThIUBQBb9ekdO3ryZZObmmNbtiZ/RTMJBk15gPaZd2YB4REngM1r62P1lqHei9
yUw257MNS0K6uWDuUAkFvfQ9NuV+SdQWzbFNWejd08D37eFVLHetzdMWo1t5vwZ8
n6g/k9ik0W+HnW7z26ybkOX3QgPh92YqnSaDHxNewqa5
-----END CERTIFICATE-----