Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/31431e-5a7d-4fc3-a88d-47f043fba13b/1/scazHzgFeh0ACCy2N4TihBWAd_w.roa
File:                     scazHzgFeh0ACCy2N4TihBWAd_w.roa (raw, json)
Hash identifier:          +BhuTXuaqC8tFL3TBdWofwrqAyRMFF1+/64NBDfgc3Y=
Subject key identifier:   B1:C6:B3:1F:38:05:7A:1D:00:08:2C:B6:37:84:E2:84:15:80:77:FC
Certificate issuer:       /CN=d8f1fbdbce2145a0db6900609f7c54732dfb0cd8
Certificate serial:       01933C8B6B7E0766A3132AFADC0BC13DD52D
Authority key identifier: D8:F1:FB:DB:CE:21:45:A0:DB:69:00:60:9F:7C:54:73:2D:FB:0C:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2PH7284hRaDbaQBgn3xUcy37DNg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/31431e-5a7d-4fc3-a88d-47f043fba13b/1/scazHzgFeh0ACCy2N4TihBWAd_w.roa
Signing time:             Sun 17 Nov 2024 23:53:10 +0000
ROA not before:           Sun 17 Nov 2024 23:53:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202013
IP address blocks:        93.190.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/31431e-5a7d-4fc3-a88d-47f043fba13b/1/2PH7284hRaDbaQBgn3xUcy37DNg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/31431e-5a7d-4fc3-a88d-47f043fba13b/1/2PH7284hRaDbaQBgn3xUcy37DNg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2PH7284hRaDbaQBgn3xUcy37DNg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:3c:8b:6b:7e:07:66:a3:13:2a:fa:dc:0b:c1:3d:d5:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8f1fbdbce2145a0db6900609f7c54732dfb0cd8
        Validity
            Not Before: Nov 17 23:53:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1c6b31f38057a1d00082cb63784e284158077fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:c5:c9:2e:77:49:18:14:1a:e1:1f:e2:33:28:
                    c7:83:c9:8d:23:ef:fc:61:04:3c:75:e2:78:46:74:
                    23:65:11:61:8a:0e:4d:8e:ba:c6:ba:72:7c:e6:ac:
                    65:fa:22:e5:a8:34:d9:2d:34:ec:c4:b2:dd:0a:38:
                    3d:da:e2:6d:98:98:b7:f7:e6:56:5f:2f:82:9c:4c:
                    6b:30:1a:ab:ed:56:b7:e2:06:75:35:68:95:c5:2a:
                    1b:22:7c:0d:3b:db:9b:6a:36:a9:9b:14:28:5d:7f:
                    63:4b:ce:f5:39:60:66:ea:30:f3:09:1c:c4:c4:70:
                    22:bc:50:d4:31:ec:e1:41:ad:cc:f1:69:cf:68:48:
                    98:21:6a:59:1e:19:a9:b1:7d:10:88:be:a4:61:d4:
                    7c:63:72:8e:4c:90:c8:8c:b0:1d:20:b1:97:c6:44:
                    26:37:07:b2:83:f8:0d:84:49:3c:94:f6:dd:21:8d:
                    8f:7c:da:df:e4:4a:6c:03:69:5d:a0:fb:ee:5c:b3:
                    0a:f5:09:1e:70:c9:2b:7b:53:bc:05:94:69:66:34:
                    ad:12:e9:78:f6:65:58:67:f0:8c:f6:31:12:b4:2e:
                    8e:5d:d5:e5:83:db:60:68:0d:65:00:ca:31:fb:1f:
                    68:71:72:28:25:4c:69:d8:7e:bf:7c:a2:7c:e0:2f:
                    53:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:C6:B3:1F:38:05:7A:1D:00:08:2C:B6:37:84:E2:84:15:80:77:FC
            X509v3 Authority Key Identifier:
                keyid:D8:F1:FB:DB:CE:21:45:A0:DB:69:00:60:9F:7C:54:73:2D:FB:0C:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2PH7284hRaDbaQBgn3xUcy37DNg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/31431e-5a7d-4fc3-a88d-47f043fba13b/1/scazHzgFeh0ACCy2N4TihBWAd_w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/31431e-5a7d-4fc3-a88d-47f043fba13b/1/2PH7284hRaDbaQBgn3xUcy37DNg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.190.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:54:6f:a8:ab:25:b0:3b:c8:45:2a:ce:3d:4f:1e:d9:9d:0b:
         b4:36:5c:f9:d3:54:68:7c:3e:2d:1c:9d:b9:01:c0:26:ad:1b:
         fb:4a:8e:84:fb:d3:13:63:15:b2:61:81:e2:88:fe:4d:13:e3:
         08:b9:ba:d9:81:7e:e8:5c:e6:9f:9d:d3:1b:e0:a8:97:32:74:
         ab:ad:da:eb:02:ab:2e:65:07:f4:58:06:85:e3:81:3d:81:8b:
         43:2a:f8:07:e4:72:8a:7a:2e:b5:be:43:f6:02:6b:d9:14:93:
         6b:79:b3:ba:e9:97:6d:b7:b8:82:6a:ef:b3:51:da:24:1e:a0:
         be:50:33:27:4a:96:1a:59:e4:90:9b:e5:43:dc:ed:5e:ec:22:
         35:61:c7:12:71:55:d2:ff:19:e2:8c:2e:94:e2:c9:df:55:ae:
         5f:14:a1:d3:57:10:a8:f7:2b:c8:74:be:19:0e:a7:db:83:6e:
         1f:fd:9f:35:b4:f8:8f:8d:a8:c3:34:3a:c0:42:a9:b2:8c:8d:
         77:30:e8:79:1d:62:e3:95:a0:96:86:09:5e:64:8a:cc:61:97:
         12:ed:5d:8b:c1:80:24:6b:de:cb:9d:7c:b0:5c:14:c8:9f:3d:
         bb:5b:c4:4a:c6:67:aa:13:d7:d4:d2:3b:5f:a5:af:4a:0c:4a:
         d9:d2:0e:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZM8i2t+B2ajEyr63AvBPdUtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZjFmYmRiY2UyMTQ1YTBkYjY5MDA2MDlmN2M1NDczMmRm
YjBjZDgwHhcNMjQxMTE3MjM1MzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWM2YjMxZjM4MDU3YTFkMDAwODJjYjYzNzg0ZTI4NDE1ODA3N2ZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMXJLndJGBQa4R/iMyjHg8mNI+/8
YQQ8deJ4RnQjZRFhig5NjrrGunJ85qxl+iLlqDTZLTTsxLLdCjg92uJtmJi39+ZW
Xy+CnExrMBqr7Va34gZ1NWiVxSobInwNO9ubajapmxQoXX9jS871OWBm6jDzCRzE
xHAivFDUMezhQa3M8WnPaEiYIWpZHhmpsX0QiL6kYdR8Y3KOTJDIjLAdILGXxkQm
Nweyg/gNhEk8lPbdIY2PfNrf5EpsA2ldoPvuXLMK9QkecMkre1O8BZRpZjStEul4
9mVYZ/CM9jEStC6OXdXlg9tgaA1lAMox+x9ocXIoJUxp2H6/fKJ84C9TVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLHGsx84BXodAAgstjeE4oQVgHf8MB8GA1UdIwQY
MBaAFNjx+9vOIUWg22kAYJ98VHMt+wzYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlBINzI4NGhSYURiYVFCZ24zeFVjeTM3RE5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS8zMTQzMWUtNWE3ZC00ZmMzLWE4OGQt
NDdmMDQzZmJhMTNiLzEvc2Nhekh6Z0ZlaDBBQ0N5Mk40VGloQldBZF93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS8zMTQzMWUtNWE3ZC00ZmMzLWE4OGQtNDdmMDQzZmJhMTNi
LzEvMlBINzI4NGhSYURiYVFCZ24zeFVjeTM3RE5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXb6/MA0G
CSqGSIb3DQEBCwUAA4IBAQCnVG+oqyWwO8hFKs49Tx7ZnQu0Nlz501RofD4tHJ25
AcAmrRv7So6E+9MTYxWyYYHiiP5NE+MIubrZgX7oXOafndMb4KiXMnSrrdrrAqsu
ZQf0WAaF44E9gYtDKvgH5HKKei61vkP2AmvZFJNrebO66Zdtt7iCau+zUdokHqC+
UDMnSpYaWeSQm+VD3O1e7CI1YccScVXS/xnijC6U4snfVa5fFKHTVxCo9yvIdL4Z
Dqfbg24f/Z81tPiPjajDNDrAQqmyjI13MOh5HWLjlaCWhgleZIrMYZcS7V2LwYAk
a97LnXywXBTInz27W8RKxmeqE9fU0jtfpa9KDErZ0g67
-----END CERTIFICATE-----