Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/qTXSVWTU8wL-LtchYD96dAZna1M.roa
File:                     qTXSVWTU8wL-LtchYD96dAZna1M.roa (raw, json)
Hash identifier:          whr6apWGUcvqYoUu99TAxnFfLEWJVx+7V1setIYeu9Q=
Subject key identifier:   A9:35:D2:55:64:D4:F3:02:FE:2E:D7:21:60:3F:7A:74:06:67:6B:53
Certificate issuer:       /CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Certificate serial:       01971734F1BB5097AEEAE207DCFF22730E8D
Authority key identifier: 83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/qTXSVWTU8wL-LtchYD96dAZna1M.roa
Signing time:             Wed 28 May 2025 14:03:55 +0000
ROA not before:           Wed 28 May 2025 14:03:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208942
IP address blocks:        93.179.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Jun 2025 12:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:17:34:f1:bb:50:97:ae:ea:e2:07:dc:ff:22:73:0e:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
        Validity
            Not Before: May 28 14:03:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a935d25564d4f302fe2ed721603f7a7406676b53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:9f:71:20:03:2f:36:4a:84:36:e9:c9:58:33:
                    55:c4:d0:75:c6:19:c0:72:60:33:86:e3:4c:4d:61:
                    1c:cb:37:57:dc:73:23:5c:72:e9:74:35:d2:6c:b2:
                    22:8a:dd:fd:05:2b:5d:6b:87:ea:7f:b5:da:0d:01:
                    ea:c4:f9:30:dd:1d:fe:a2:ab:ad:87:e4:f9:16:5f:
                    5e:70:dc:a5:fc:38:f1:09:15:d8:0f:fe:8c:43:36:
                    3c:bd:0d:da:28:86:e6:eb:f0:f2:57:0c:70:ab:37:
                    3c:92:b5:0c:ef:37:47:9b:58:54:a0:56:58:29:b8:
                    86:42:ee:8f:a3:a0:1a:c1:cf:77:d6:a2:56:0d:ed:
                    da:fa:3a:32:79:94:14:c2:b4:2e:58:ad:22:bf:03:
                    8a:6e:19:b4:39:43:01:5c:c3:87:59:e8:a3:0e:b8:
                    29:d1:33:4e:6b:29:8b:63:d9:0d:17:59:53:85:09:
                    35:07:ae:69:dc:5c:bf:7e:69:ec:83:07:c0:28:71:
                    b3:a3:29:e0:07:29:4b:37:b4:77:04:c3:17:67:27:
                    3c:34:14:62:a6:30:3d:ee:73:f2:65:f7:58:19:e3:
                    74:1e:99:0d:3c:53:ea:f6:d8:a6:d0:05:93:81:ca:
                    fd:68:50:4c:c8:07:9b:f8:d9:15:29:b4:2f:e2:02:
                    e4:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:35:D2:55:64:D4:F3:02:FE:2E:D7:21:60:3F:7A:74:06:67:6B:53
            X509v3 Authority Key Identifier:
                keyid:83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/qTXSVWTU8wL-LtchYD96dAZna1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.179.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:2f:21:e3:11:27:07:aa:76:8a:d7:27:a0:d9:34:d8:cf:f6:
         60:52:3d:9d:47:ce:52:f4:4e:24:f5:b6:35:96:2b:cf:8d:9b:
         70:d1:9a:6c:de:ae:99:33:c5:41:58:58:5d:8e:5d:cf:c4:d8:
         35:33:c3:f3:58:d9:13:7c:fd:44:6f:f0:f1:e8:7d:ec:d4:3b:
         02:1f:15:63:79:e5:35:b8:56:d9:6c:14:db:f4:0a:23:c6:6c:
         dc:8f:d5:77:9a:e1:f9:bc:3f:76:95:92:e6:65:5d:32:f8:dc:
         b4:f6:e6:7e:86:89:f5:77:ea:34:49:ea:8d:f9:0b:fc:84:7a:
         24:46:98:f8:e6:04:3b:dd:8a:a1:70:7e:3d:5c:04:4d:7b:23:
         00:b8:ed:12:b6:c0:26:79:97:d0:75:2f:f3:96:61:6b:44:23:
         74:31:ae:4c:ce:87:11:3b:fe:eb:79:05:2a:fb:9c:33:bd:6b:
         eb:ca:4e:35:78:46:db:ff:a2:4d:32:97:4c:db:d0:8d:e3:d8:
         86:a1:c7:e1:90:53:ae:41:74:8a:ca:95:4b:a9:b7:b9:16:03:
         2c:e6:6a:a8:a5:db:17:3f:e8:a6:22:a1:72:64:a6:01:12:7f:
         74:ab:e8:81:00:ec:a7:a0:7c:5f:da:b0:ab:20:c8:f0:cb:2d:
         db:03:65:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcXNPG7UJeu6uIH3P8icw6NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzhlZjQxYjJjMDEwNWE5MWNjYmI5Yzg5MzM3ZmFlYjEy
OWZmODQwHhcNMjUwNTI4MTQwMzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTM1ZDI1NTY0ZDRmMzAyZmUyZWQ3MjE2MDNmN2E3NDA2Njc2YjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAip9xIAMvNkqENunJWDNVxNB1xhnA
cmAzhuNMTWEcyzdX3HMjXHLpdDXSbLIiit39BStda4fqf7XaDQHqxPkw3R3+oqut
h+T5Fl9ecNyl/DjxCRXYD/6MQzY8vQ3aKIbm6/DyVwxwqzc8krUM7zdHm1hUoFZY
KbiGQu6Po6Aawc931qJWDe3a+joyeZQUwrQuWK0ivwOKbhm0OUMBXMOHWeijDrgp
0TNOaymLY9kNF1lThQk1B65p3Fy/fmnsgwfAKHGzoyngBylLN7R3BMMXZyc8NBRi
pjA97nPyZfdYGeN0HpkNPFPq9tim0AWTgcr9aFBMyAeb+NkVKbQv4gLkIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKk10lVk1PMC/i7XIWA/enQGZ2tTMB8GA1UdIwQY
MBaAFIM470GywBBakcy7nIkzf66xKf+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3Mzgt
MjhmYzc3OTY3NzYzLzEvcVRYU1ZXVFU4d0wtTHRjaFlEOTZkQVpuYTFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3MzgtMjhmYzc3OTY3NzYz
LzEvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXbNFMA0G
CSqGSIb3DQEBCwUAA4IBAQAULyHjEScHqnaK1yeg2TTYz/ZgUj2dR85S9E4k9bY1
livPjZtw0Zps3q6ZM8VBWFhdjl3PxNg1M8PzWNkTfP1Eb/Dx6H3s1DsCHxVjeeU1
uFbZbBTb9Aojxmzcj9V3muH5vD92lZLmZV0y+Ny09uZ+hon1d+o0SeqN+Qv8hHok
Rpj45gQ73YqhcH49XARNeyMAuO0StsAmeZfQdS/zlmFrRCN0Ma5MzocRO/7reQUq
+5wzvWvryk41eEbb/6JNMpdM29CN49iGocfhkFOuQXSKypVLqbe5FgMs5mqopdsX
P+imIqFyZKYBEn90q+iBAOynoHxf2rCrIMjwyy3bA2Ww
-----END CERTIFICATE-----