Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/e61caa-2500-4388-a9fa-7324913975d5/1/93Kmh0zi2QTo6XAYHzXAIsStDUs.roa
File:                     93Kmh0zi2QTo6XAYHzXAIsStDUs.roa (raw, json)
Hash identifier:          5yKXpMP9TSxXC4w97CT3xAPEZYloGEUdrh599wOGU3I=
Subject key identifier:   F7:72:A6:87:4C:E2:D9:04:E8:E9:70:18:1F:35:C0:22:C4:AD:0D:4B
Certificate issuer:       /CN=3ee6cecffd9b8bba18d474e7b3993e0a1d14dbb3
Certificate serial:       018CC5DC3D3A323296A903745CD70C7D4410
Authority key identifier: 3E:E6:CE:CF:FD:9B:8B:BA:18:D4:74:E7:B3:99:3E:0A:1D:14:DB:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PubOz_2bi7oY1HTns5k-Ch0U27M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/e61caa-2500-4388-a9fa-7324913975d5/1/93Kmh0zi2QTo6XAYHzXAIsStDUs.roa
Signing time:             Mon 01 Jan 2024 16:29:54 +0000
ROA not before:           Mon 01 Jan 2024 16:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59453
IP address blocks:        194.246.0.0/22 maxlen: 22
                          194.246.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/e61caa-2500-4388-a9fa-7324913975d5/1/PubOz_2bi7oY1HTns5k-Ch0U27M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/e61caa-2500-4388-a9fa-7324913975d5/1/PubOz_2bi7oY1HTns5k-Ch0U27M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PubOz_2bi7oY1HTns5k-Ch0U27M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 20:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:3d:3a:32:32:96:a9:03:74:5c:d7:0c:7d:44:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ee6cecffd9b8bba18d474e7b3993e0a1d14dbb3
        Validity
            Not Before: Jan  1 16:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f772a6874ce2d904e8e970181f35c022c4ad0d4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:1e:17:48:52:17:8e:17:e1:be:c6:80:34:92:
                    2b:c7:16:dc:e3:ff:bc:ff:a1:ee:5f:b1:81:82:e6:
                    9e:5a:0a:ea:4d:df:f7:d3:a4:0a:94:b4:89:75:58:
                    d1:44:6a:bd:14:f9:1a:bd:9e:44:74:b0:ee:ad:a5:
                    6b:c6:aa:06:cd:a7:c1:5f:0a:0e:98:a9:4b:44:a9:
                    4f:e9:0a:aa:47:62:b9:c8:4a:21:e1:c4:fa:a7:24:
                    af:f8:51:9a:0b:7c:58:b6:52:d2:21:84:66:13:59:
                    a8:9e:09:f5:6d:f2:fc:ae:6f:8c:9e:51:b7:c9:09:
                    90:02:ff:3b:c5:33:16:3b:b0:fb:12:49:9c:ff:c0:
                    de:40:5e:eb:d0:7f:9b:f7:c9:de:a0:3c:a9:3a:33:
                    57:6e:16:c4:5e:dd:14:39:3d:57:e1:f7:32:28:45:
                    f5:fe:9f:2d:15:2c:b3:7d:cb:9e:f8:00:0e:b4:64:
                    f8:84:b9:f5:1a:9f:6b:d3:a0:2f:c3:67:9e:ca:98:
                    88:4d:6d:71:34:42:18:b1:66:2f:64:ed:08:f9:13:
                    64:32:f8:a0:11:51:10:3d:5f:a3:d6:35:fa:88:59:
                    12:ad:38:80:5c:8e:f3:56:30:41:c5:e4:32:37:8c:
                    a0:5e:38:69:85:a6:ff:bb:7f:47:a3:95:d0:32:a0:
                    30:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:72:A6:87:4C:E2:D9:04:E8:E9:70:18:1F:35:C0:22:C4:AD:0D:4B
            X509v3 Authority Key Identifier:
                keyid:3E:E6:CE:CF:FD:9B:8B:BA:18:D4:74:E7:B3:99:3E:0A:1D:14:DB:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PubOz_2bi7oY1HTns5k-Ch0U27M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/e61caa-2500-4388-a9fa-7324913975d5/1/93Kmh0zi2QTo6XAYHzXAIsStDUs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/e61caa-2500-4388-a9fa-7324913975d5/1/PubOz_2bi7oY1HTns5k-Ch0U27M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.246.0.0/22
                  194.246.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:42:62:04:92:ef:69:7b:97:e7:cd:38:1c:dd:fe:e2:7a:22:
         a0:e3:95:c6:f1:df:b1:44:6a:a9:48:0a:e6:04:60:85:2f:16:
         82:7b:76:9a:8b:c8:29:14:a4:30:e1:cb:32:44:1e:5c:a5:9a:
         2a:9e:52:e4:36:cb:44:c6:fd:ee:05:93:31:8a:8a:7e:78:cb:
         b7:b5:cb:58:23:e0:27:5d:d2:54:88:5a:c7:20:2f:c9:e8:e1:
         b2:7b:6a:52:0e:32:e4:5f:22:38:1c:18:8a:d5:3e:5b:07:c9:
         47:e9:ab:e7:76:c1:f8:3d:86:85:7e:6b:1f:db:8b:8a:10:9f:
         e5:f3:f5:0e:0d:95:b8:98:8d:37:51:41:04:26:ca:1d:e9:ba:
         7e:b9:48:b7:73:fe:d4:90:da:c6:61:d3:fc:02:91:21:5c:02:
         b5:fe:55:c7:e3:4d:47:6f:fb:8a:5b:d8:53:c2:dc:00:ed:cd:
         c9:37:cc:00:76:e2:a3:67:2f:ab:72:45:42:61:75:c7:33:36:
         e2:96:b0:c7:6d:50:83:b0:af:43:f5:6a:dc:f4:90:5d:ea:fe:
         fb:3a:bc:07:76:7b:af:bb:24:e7:2d:72:5d:1a:5c:f8:64:2d:
         22:4a:83:64:55:e9:40:aa:7f:3a:b5:91:32:45:20:56:68:43:
         48:76:e4:67
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzF3D06MjKWqQN0XNcMfUQQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlZTZjZWNmZmQ5YjhiYmExOGQ0NzRlN2IzOTkzZTBhMWQx
NGRiYjMwHhcNMjQwMTAxMTYyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzcyYTY4NzRjZTJkOTA0ZThlOTcwMTgxZjM1YzAyMmM0YWQwZDRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAph4XSFIXjhfhvsaANJIrxxbc4/+8
/6HuX7GBguaeWgrqTd/306QKlLSJdVjRRGq9FPkavZ5EdLDuraVrxqoGzafBXwoO
mKlLRKlP6QqqR2K5yEoh4cT6pySv+FGaC3xYtlLSIYRmE1mongn1bfL8rm+MnlG3
yQmQAv87xTMWO7D7Ekmc/8DeQF7r0H+b98neoDypOjNXbhbEXt0UOT1X4fcyKEX1
/p8tFSyzfcue+AAOtGT4hLn1Gp9r06Avw2eeypiITW1xNEIYsWYvZO0I+RNkMvig
EVEQPV+j1jX6iFkSrTiAXI7zVjBBxeQyN4ygXjhphab/u39Ho5XQMqAwTQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPdypodM4tkE6OlwGB81wCLErQ1LMB8GA1UdIwQY
MBaAFD7mzs/9m4u6GNR057OZPgodFNuzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHViT3pfMmJpN29ZMUhUbnM1ay1DaDBVMjdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS9lNjFjYWEtMjUwMC00Mzg4LWE5ZmEt
NzMyNDkxMzk3NWQ1LzEvOTNLbWgwemkyUVRvNlhBWUh6WEFJc1N0RFVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS9lNjFjYWEtMjUwMC00Mzg4LWE5ZmEtNzMyNDkxMzk3NWQ1
LzEvUHViT3pfMmJpN29ZMUhUbnM1ay1DaDBVMjdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCwvYAAwQA
wvYVMA0GCSqGSIb3DQEBCwUAA4IBAQByQmIEku9pe5fnzTgc3f7ieiKg45XG8d+x
RGqpSArmBGCFLxaCe3aai8gpFKQw4csyRB5cpZoqnlLkNstExv3uBZMxiop+eMu3
tctYI+AnXdJUiFrHIC/J6OGye2pSDjLkXyI4HBiK1T5bB8lH6avndsH4PYaFfmsf
24uKEJ/l8/UODZW4mI03UUEEJsod6bp+uUi3c/7UkNrGYdP8ApEhXAK1/lXH401H
b/uKW9hTwtwA7c3JN8wAduKjZy+rckVCYXXHMzbilrDHbVCDsK9D9Wrc9JBd6v77
OrwHdnuvuyTnLXJdGlz4ZC0iSoNkVelAqn86tZEyRSBWaENIduRn
-----END CERTIFICATE-----