Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/HSb5xdgUSWVd82aAepSyy85iAGw.roa
File:                     HSb5xdgUSWVd82aAepSyy85iAGw.roa (raw, json)
Hash identifier:          PX7eVl8WOxN19UEm9pUk9zqCMUrALs7r/X60JRlOMBY=
Subject key identifier:   1D:26:F9:C5:D8:14:49:65:5D:F3:66:80:7A:94:B2:CB:CE:62:00:6C
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       01929532DEC44F2997AE90B74BB542C8EDAE
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/HSb5xdgUSWVd82aAepSyy85iAGw.roa
Signing time:             Wed 16 Oct 2024 11:59:51 +0000
ROA not before:           Wed 16 Oct 2024 11:59:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        93.115.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:95:32:de:c4:4f:29:97:ae:90:b7:4b:b5:42:c8:ed:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Oct 16 11:59:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d26f9c5d81449655df366807a94b2cbce62006c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:e9:33:91:9a:75:b2:a1:ca:53:23:fd:09:01:
                    b5:87:b0:3e:d4:70:d0:d0:71:32:8c:28:2b:13:bf:
                    4e:f1:a4:ea:f6:4a:76:77:34:45:56:0c:bd:42:b9:
                    7b:f8:8a:94:11:41:72:35:0d:bd:fa:7c:83:52:86:
                    f2:8f:26:8d:1f:11:1e:1b:55:2b:43:4f:da:01:bd:
                    5b:75:c9:1c:dd:86:e6:a5:39:c3:8e:9f:ce:ba:93:
                    25:ad:e8:2f:58:8e:84:d6:b6:c2:56:f8:78:b5:d5:
                    31:e1:e8:09:25:3d:67:96:dd:21:62:13:b0:17:3e:
                    69:1f:45:06:47:7d:9e:e8:78:84:9e:52:ab:c2:30:
                    e6:aa:13:28:da:48:9d:be:ce:f2:97:e0:75:e2:3e:
                    ef:2d:6d:36:71:0c:07:bc:0d:fd:b9:f0:3b:3e:56:
                    7a:e4:bd:22:b7:a9:68:8f:17:93:2d:24:3c:36:6e:
                    fa:f1:30:22:d2:eb:27:b3:aa:af:bc:59:c7:79:8c:
                    a8:21:9d:d8:76:61:12:37:7a:f7:22:f4:ec:3c:91:
                    be:63:b8:11:6b:98:9a:d7:5e:af:e8:f2:d8:8a:4c:
                    3c:91:9a:65:9a:7d:78:4c:9e:2e:bb:66:0c:94:26:
                    9d:35:15:f0:6c:7d:c9:b0:45:71:ed:9d:75:5a:5f:
                    a6:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:26:F9:C5:D8:14:49:65:5D:F3:66:80:7A:94:B2:CB:CE:62:00:6C
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/HSb5xdgUSWVd82aAepSyy85iAGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.115.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:39:78:18:13:ce:39:db:e0:26:0f:ef:d9:13:ff:5c:bf:5d:
         af:40:ce:3e:c6:b2:49:93:8b:e5:fe:5e:4b:ce:e3:2b:0c:64:
         15:ed:41:c5:a4:2d:a4:84:1e:f6:91:7c:79:b5:14:b5:e3:da:
         69:d6:32:18:ae:48:19:78:17:d1:8e:27:72:e2:0d:d7:5e:4c:
         e9:e9:89:23:23:1d:5a:19:b1:0c:95:88:a2:4c:a8:bd:b4:d0:
         5f:f8:73:fa:7b:1e:4c:d4:77:57:dd:33:e5:0c:1b:cc:51:c0:
         3d:9d:10:6a:58:d0:b6:80:97:34:c9:d5:88:a2:30:28:b7:83:
         3b:91:9d:f3:0f:4a:34:c7:35:0e:98:4e:7c:a0:18:e4:7d:76:
         58:cb:8b:ca:4e:fa:e3:c5:67:f3:fe:91:e7:2a:b2:a4:38:28:
         68:22:cf:ef:d2:79:62:ae:07:12:30:a0:12:ec:a6:81:1f:68:
         b3:5a:bb:43:10:2f:09:8f:9c:95:00:aa:a1:e5:c8:96:59:14:
         db:14:c4:5b:a1:d1:99:8f:b7:19:ed:ca:2d:ca:ec:b7:7f:9b:
         41:86:b1:05:9c:9b:d5:54:47:64:d7:b3:e7:ab:f7:6e:1a:a2:
         53:74:c4:dc:9d:c8:f0:7b:e4:bd:9a:87:84:75:34:67:b5:c9:
         c4:a6:8a:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKVMt7ETymXrpC3S7VCyO2uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjQxMDE2MTE1OTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDI2ZjljNWQ4MTQ0OTY1NWRmMzY2ODA3YTk0YjJjYmNlNjIwMDZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7OkzkZp1sqHKUyP9CQG1h7A+1HDQ
0HEyjCgrE79O8aTq9kp2dzRFVgy9Qrl7+IqUEUFyNQ29+nyDUobyjyaNHxEeG1Ur
Q0/aAb1bdckc3YbmpTnDjp/OupMlregvWI6E1rbCVvh4tdUx4egJJT1nlt0hYhOw
Fz5pH0UGR32e6HiEnlKrwjDmqhMo2kidvs7yl+B14j7vLW02cQwHvA39ufA7PlZ6
5L0it6lojxeTLSQ8Nm768TAi0usns6qvvFnHeYyoIZ3YdmESN3r3IvTsPJG+Y7gR
a5ia116v6PLYikw8kZplmn14TJ4uu2YMlCadNRXwbH3JsEVx7Z11Wl+mxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB0m+cXYFEllXfNmgHqUssvOYgBsMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvSFNiNXhkZ1VTV1ZkODJhQWVwU3l5ODVpQUd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXXPLMA0G
CSqGSIb3DQEBCwUAA4IBAQBmOXgYE8452+AmD+/ZE/9cv12vQM4+xrJJk4vl/l5L
zuMrDGQV7UHFpC2khB72kXx5tRS149pp1jIYrkgZeBfRjidy4g3XXkzp6YkjIx1a
GbEMlYiiTKi9tNBf+HP6ex5M1HdX3TPlDBvMUcA9nRBqWNC2gJc0ydWIojAot4M7
kZ3zD0o0xzUOmE58oBjkfXZYy4vKTvrjxWfz/pHnKrKkOChoIs/v0nlirgcSMKAS
7KaBH2izWrtDEC8Jj5yVAKqh5ciWWRTbFMRbodGZj7cZ7cotyuy3f5tBhrEFnJvV
VEdk17Pnq/duGqJTdMTcncjwe+S9moeEdTRntcnEporo
-----END CERTIFICATE-----