Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/53d0f5-7c16-400f-8e2e-52018b45fad1/1/oJ46_nAZoOX1F8HY2ZylyEB8E-s.roa
File:                     oJ46_nAZoOX1F8HY2ZylyEB8E-s.roa (raw, json)
Hash identifier:          G3mdmsL/38Ej6qwDHxJzaEgMYnbcSKTwxAoR1PHeGUM=
Subject key identifier:   A0:9E:3A:FE:70:19:A0:E5:F5:17:C1:D8:D9:9C:A5:C8:40:7C:13:EB
Certificate issuer:       /CN=f95ac4b2472748ceb27bf8c543e16db7bb369586
Certificate serial:       018CFE295FFB0AAFFCA81F963EFF06598CB0
Authority key identifier: F9:5A:C4:B2:47:27:48:CE:B2:7B:F8:C5:43:E1:6D:B7:BB:36:95:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-VrEskcnSM6ye_jFQ-Ftt7s2lYY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/53d0f5-7c16-400f-8e2e-52018b45fad1/1/oJ46_nAZoOX1F8HY2ZylyEB8E-s.roa
Signing time:             Fri 12 Jan 2024 14:52:53 +0000
ROA not before:           Fri 12 Jan 2024 14:52:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44472
IP address blocks:        93.187.68.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/53d0f5-7c16-400f-8e2e-52018b45fad1/1/1-VrEskcnSM6ye_jFQ-Ftt7s2lYY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/53d0f5-7c16-400f-8e2e-52018b45fad1/1/1-VrEskcnSM6ye_jFQ-Ftt7s2lYY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-VrEskcnSM6ye_jFQ-Ftt7s2lYY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:fe:29:5f:fb:0a:af:fc:a8:1f:96:3e:ff:06:59:8c:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f95ac4b2472748ceb27bf8c543e16db7bb369586
        Validity
            Not Before: Jan 12 14:52:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a09e3afe7019a0e5f517c1d8d99ca5c8407c13eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:e0:94:c8:0f:ae:ae:16:4b:3e:1d:87:21:97:
                    18:b0:42:41:d1:ea:23:61:69:da:bd:0f:e9:6f:9f:
                    3a:e8:98:84:be:d4:a2:ef:69:3e:84:bc:73:98:37:
                    a1:e1:bc:7c:54:74:c9:d0:37:9c:1c:82:83:8e:e8:
                    e5:49:0b:b8:1a:a5:16:6b:2b:41:fa:01:7d:a5:9c:
                    e7:8c:d3:bf:48:32:22:f6:c8:ba:c5:5d:34:e1:16:
                    35:6b:4d:d0:bc:db:e7:97:ac:7a:5a:f7:1d:c8:99:
                    75:33:da:ef:64:65:fb:73:37:b2:87:4d:9b:66:44:
                    44:82:c1:82:b2:0c:bb:77:8e:37:14:19:85:14:46:
                    ea:2a:ae:2a:dc:36:ca:3e:2e:c4:f3:e0:3b:b2:07:
                    37:7a:b6:20:4f:17:23:a6:d9:7a:06:93:5a:7b:ec:
                    ee:5c:9b:63:65:f7:13:5d:80:78:9a:62:1e:ee:38:
                    7e:25:6a:18:e9:00:82:92:01:dd:42:0b:fc:83:47:
                    ec:a8:6b:92:1b:54:71:ec:8e:18:56:0b:49:28:cf:
                    9d:ae:36:df:be:58:fe:94:3c:51:33:23:f9:3d:2c:
                    3f:cd:2e:dc:d8:62:d4:6a:48:61:d1:9e:5d:84:12:
                    e9:3f:c8:43:97:de:9e:da:01:93:04:54:3d:38:ec:
                    20:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:9E:3A:FE:70:19:A0:E5:F5:17:C1:D8:D9:9C:A5:C8:40:7C:13:EB
            X509v3 Authority Key Identifier:
                keyid:F9:5A:C4:B2:47:27:48:CE:B2:7B:F8:C5:43:E1:6D:B7:BB:36:95:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-VrEskcnSM6ye_jFQ-Ftt7s2lYY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/53d0f5-7c16-400f-8e2e-52018b45fad1/1/oJ46_nAZoOX1F8HY2ZylyEB8E-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/53d0f5-7c16-400f-8e2e-52018b45fad1/1/1-VrEskcnSM6ye_jFQ-Ftt7s2lYY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.187.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:70:8c:e3:04:18:2e:91:d2:98:5b:5a:b9:9c:5a:3e:86:1f:
         d9:e1:f0:63:0b:f5:20:30:60:8f:23:f0:91:29:4c:bc:50:b3:
         f6:3b:fb:92:bf:8b:18:67:7e:49:27:ba:ba:17:55:31:8a:64:
         5b:2f:b0:80:5d:4e:44:11:0a:c0:32:a9:74:9d:ef:05:44:fa:
         f0:6e:5b:44:aa:eb:89:d5:86:e6:f4:c1:9c:2c:86:c0:cd:c2:
         86:e1:93:cc:af:9b:2a:b4:4a:96:ad:88:f1:0e:9b:fb:31:ef:
         78:aa:7d:86:14:eb:f9:1d:1d:04:79:ba:69:cb:bc:d3:04:38:
         cc:76:98:9c:5b:19:a9:d9:88:a8:3c:fc:b7:38:85:b7:b7:a8:
         37:9b:2a:45:c4:fb:f6:de:dd:ed:b8:1e:44:47:b7:7b:06:49:
         e7:55:4e:77:5e:9e:c5:58:8b:cc:76:05:36:75:e1:58:7e:37:
         78:a6:0c:ee:44:76:a7:f5:1a:58:5d:04:cf:c8:fb:15:81:69:
         82:71:99:62:8e:1c:9a:61:91:1d:4c:ff:1d:5c:89:99:21:4f:
         c7:fd:55:15:6c:3c:f3:c6:81:7a:f5:4d:1a:c8:88:b6:03:50:
         93:d0:00:61:4c:3f:26:7c:83:e4:26:da:7c:5f:13:cd:53:2e:
         cc:5b:54:9e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYz+KV/7Cq/8qB+WPv8GWYywMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5NWFjNGIyNDcyNzQ4Y2ViMjdiZjhjNTQzZTE2ZGI3YmIz
Njk1ODYwHhcNMjQwMTEyMTQ1MjUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDllM2FmZTcwMTlhMGU1ZjUxN2MxZDhkOTljYTVjODQwN2MxM2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhuCUyA+urhZLPh2HIZcYsEJB0eoj
YWnavQ/pb5866JiEvtSi72k+hLxzmDeh4bx8VHTJ0DecHIKDjujlSQu4GqUWaytB
+gF9pZznjNO/SDIi9si6xV004RY1a03QvNvnl6x6WvcdyJl1M9rvZGX7czeyh02b
ZkREgsGCsgy7d443FBmFFEbqKq4q3DbKPi7E8+A7sgc3erYgTxcjptl6BpNae+zu
XJtjZfcTXYB4mmIe7jh+JWoY6QCCkgHdQgv8g0fsqGuSG1Rx7I4YVgtJKM+drjbf
vlj+lDxRMyP5PSw/zS7c2GLUakhh0Z5dhBLpP8hDl96e2gGTBFQ9OOwglQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKCeOv5wGaDl9RfB2NmcpchAfBPrMB8GA1UdIwQY
MBaAFPlaxLJHJ0jOsnv4xUPhbbe7NpWGMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1WckVza2NuU002eWVfakZRLUZ0dDdzMmxZWS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjYvNTNkMGY1LTdjMTYtNDAwZi04ZTJl
LTUyMDE4YjQ1ZmFkMS8xL29KNDZfbkFab09YMUY4SFkyWnlseUVCOEUtcy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjYvNTNkMGY1LTdjMTYtNDAwZi04ZTJlLTUyMDE4YjQ1ZmFk
MS8xLzEtVnJFc2tjblNNNnllX2pGUS1GdHQ3czJsWVkuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABdu0Qw
DQYJKoZIhvcNAQELBQADggEBAIdwjOMEGC6R0phbWrmcWj6GH9nh8GML9SAwYI8j
8JEpTLxQs/Y7+5K/ixhnfkknuroXVTGKZFsvsIBdTkQRCsAyqXSd7wVE+vBuW0Sq
64nVhub0wZwshsDNwobhk8yvmyq0SpatiPEOm/sx73iqfYYU6/kdHQR5umnLvNME
OMx2mJxbGanZiKg8/Lc4hbe3qDebKkXE+/be3e24HkRHt3sGSedVTndensVYi8x2
BTZ14Vh+N3imDO5Edqf1GlhdBM/I+xWBaYJxmWKOHJphkR1M/x1ciZkhT8f9VRVs
PPPGgXr1TRrIiLYDUJPQAGFMPyZ8g+Qm2nxfE81TLsxbVJ4=
-----END CERTIFICATE-----