Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/aUzq57AkS8-HSxeHdhUHJVlaf4o.roa
File:                     aUzq57AkS8-HSxeHdhUHJVlaf4o.roa (raw, json)
Hash identifier:          G2uDFeK2w9CaHE3/r3PHuckYk5EoYbpkhtNiOZr50HQ=
Subject key identifier:   69:4C:EA:E7:B0:24:4B:CF:87:4B:17:87:76:15:07:25:59:5A:7F:8A
Certificate issuer:       /CN=570fb0f1d8b8c198b0dc86158afbcbc529cf16be
Certificate serial:       018DF3C9C04FF7E4223601F4867B80047658
Authority key identifier: 57:0F:B0:F1:D8:B8:C1:98:B0:DC:86:15:8A:FB:CB:C5:29:CF:16:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/aUzq57AkS8-HSxeHdhUHJVlaf4o.roa
Signing time:             Thu 29 Feb 2024 07:35:01 +0000
ROA not before:           Thu 29 Feb 2024 07:35:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        93.177.114.0/23 maxlen: 24
                          185.212.206.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f3:c9:c0:4f:f7:e4:22:36:01:f4:86:7b:80:04:76:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=570fb0f1d8b8c198b0dc86158afbcbc529cf16be
        Validity
            Not Before: Feb 29 07:35:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=694ceae7b0244bcf874b178776150725595a7f8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:58:cb:b0:25:0e:3b:1b:30:6f:f3:da:86:7a:
                    83:9d:ef:6e:3b:4b:c8:8d:81:a1:31:61:21:3b:dd:
                    0f:28:91:25:75:f6:41:c5:b7:f8:15:54:4c:7b:bd:
                    44:78:96:d8:dc:5f:96:f0:da:59:df:91:bb:64:ea:
                    9f:ff:14:6a:3e:5c:ab:13:f4:d0:a7:70:59:91:c2:
                    0b:ce:88:fb:83:2d:69:b6:74:9b:e2:a9:46:ec:27:
                    0f:2f:bf:7e:62:ee:35:14:58:c0:bf:a2:42:8a:94:
                    05:e0:7b:46:1c:3b:3c:ce:62:19:aa:aa:c0:60:47:
                    43:75:07:ae:00:ae:80:1e:c0:b7:71:3d:2f:16:6b:
                    15:4b:b8:c7:fa:e3:02:99:64:e4:be:e1:63:c6:1d:
                    5f:42:46:f1:aa:ff:94:4d:c0:3e:bd:42:a8:d8:4d:
                    32:17:de:cd:9b:23:30:d5:36:72:7a:d3:0c:37:30:
                    a0:ed:dc:32:97:30:0c:d9:4d:56:2b:c9:ab:d1:2f:
                    97:84:30:51:9c:5d:18:fa:6a:d1:b2:09:6c:aa:5f:
                    70:b4:a8:d9:54:16:d5:a5:23:f6:91:98:eb:a7:34:
                    dd:03:3c:1d:b0:7b:33:13:2d:fb:db:06:22:c1:f4:
                    77:db:c3:a1:fb:8b:b5:3f:5d:9a:54:a2:b8:91:a3:
                    8d:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:4C:EA:E7:B0:24:4B:CF:87:4B:17:87:76:15:07:25:59:5A:7F:8A
            X509v3 Authority Key Identifier:
                keyid:57:0F:B0:F1:D8:B8:C1:98:B0:DC:86:15:8A:FB:CB:C5:29:CF:16:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/aUzq57AkS8-HSxeHdhUHJVlaf4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.177.114.0/23
                  185.212.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         64:2f:e9:29:55:f8:e2:7a:a1:90:d1:e9:a5:67:72:da:1f:b1:
         96:59:e8:57:c8:e7:d6:93:c8:db:94:13:e8:08:50:e0:d1:13:
         0c:94:10:0e:57:c8:5e:bd:3e:5c:a1:b5:a3:d0:7d:91:30:a8:
         57:3e:8f:55:36:83:e7:83:98:f0:37:8c:00:2a:71:af:83:b5:
         7e:8a:ec:5e:2f:c0:4b:50:b4:60:34:77:eb:ec:fe:4b:af:b5:
         57:cd:79:01:2a:19:75:97:ee:50:90:9c:95:cf:d6:45:98:12:
         d0:de:25:61:bf:48:ae:ac:c5:cc:68:0b:48:c6:f2:b7:7e:47:
         18:9c:f7:d8:bb:a4:5e:5a:7b:7d:a5:7d:7b:6c:93:05:02:e9:
         f0:69:8a:0c:e1:b6:f5:f6:d0:1c:a7:ed:7f:f0:eb:d7:ed:ae:
         ed:94:40:e4:6b:28:91:b5:e7:b0:b6:6e:26:8b:a1:85:5d:ac:
         ac:83:e3:99:71:4b:95:1b:67:16:ac:19:ea:cc:2d:47:d7:b6:
         19:cb:28:f0:47:d2:16:b7:c1:51:f0:1f:7e:4c:d6:f9:c9:36:
         b0:fb:0e:7a:76:c1:a2:14:5a:2a:86:9d:0b:52:a2:30:ba:e9:
         49:4a:a6:ca:16:8f:d8:8c:d1:4c:10:14:ff:10:16:d0:b6:c5:
         d4:72:4d:b1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY3zycBP9+QiNgH0hnuABHZYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MGZiMGYxZDhiOGMxOThiMGRjODYxNThhZmJjYmM1Mjlj
ZjE2YmUwHhcNMjQwMjI5MDczNTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTRjZWFlN2IwMjQ0YmNmODc0YjE3ODc3NjE1MDcyNTU5NWE3ZjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuljLsCUOOxswb/PahnqDne9uO0vI
jYGhMWEhO90PKJEldfZBxbf4FVRMe71EeJbY3F+W8NpZ35G7ZOqf/xRqPlyrE/TQ
p3BZkcILzoj7gy1ptnSb4qlG7CcPL79+Yu41FFjAv6JCipQF4HtGHDs8zmIZqqrA
YEdDdQeuAK6AHsC3cT0vFmsVS7jH+uMCmWTkvuFjxh1fQkbxqv+UTcA+vUKo2E0y
F97NmyMw1TZyetMMNzCg7dwylzAM2U1WK8mr0S+XhDBRnF0Y+mrRsglsql9wtKjZ
VBbVpSP2kZjrpzTdAzwdsHszEy372wYiwfR328Oh+4u1P12aVKK4kaON3wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGlM6uewJEvPh0sXh3YVByVZWn+KMB8GA1UdIwQY
MBaAFFcPsPHYuMGYsNyGFYr7y8Upzxa+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnctdzhkaTR3Wml3M0lZVml2dkx4U25QRnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8wOTQ5ZmMtYWNjZC00NzFmLWE5Y2Qt
OTcyNDNlMzE2MjcyLzEvYVV6cTU3QWtTOC1IU3hlSGRoVUhKVmxhZjRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8wOTQ5ZmMtYWNjZC00NzFmLWE5Y2QtOTcyNDNlMzE2Mjcy
LzEvVnctdzhkaTR3Wml3M0lZVml2dkx4U25QRnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBXbFyAwQB
udTOMA0GCSqGSIb3DQEBCwUAA4IBAQBkL+kpVfjieqGQ0emlZ3LaH7GWWehXyOfW
k8jblBPoCFDg0RMMlBAOV8hevT5cobWj0H2RMKhXPo9VNoPng5jwN4wAKnGvg7V+
iuxeL8BLULRgNHfr7P5Lr7VXzXkBKhl1l+5QkJyVz9ZFmBLQ3iVhv0iurMXMaAtI
xvK3fkcYnPfYu6ReWnt9pX17bJMFAunwaYoM4bb19tAcp+1/8OvX7a7tlEDkayiR
teewtm4mi6GFXaysg+OZcUuVG2cWrBnqzC1H17YZyyjwR9IWt8FR8B9+TNb5yTaw
+w56dsGiFFoqhp0LUqIwuulJSqbKFo/YjNFMEBT/EBbQtsXUck2x
-----END CERTIFICATE-----