Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/31431e-5a7d-4fc3-a88d-47f043fba13b/1/tnUPA6hUZaMc3DGBbjrE2vWk7tg.roa
File:                     tnUPA6hUZaMc3DGBbjrE2vWk7tg.roa (raw, json)
Hash identifier:          mdRQc0qGhPN3lwt7z9GCtElgPkcKD7V9qQWoyWEN/8k=
Subject key identifier:   B6:75:0F:03:A8:54:65:A3:1C:DC:31:81:6E:3A:C4:DA:F5:A4:EE:D8
Certificate issuer:       /CN=d8f1fbdbce2145a0db6900609f7c54732dfb0cd8
Certificate serial:       019426D9183E8CA23361C7A016A9F487C738
Authority key identifier: D8:F1:FB:DB:CE:21:45:A0:DB:69:00:60:9F:7C:54:73:2D:FB:0C:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2PH7284hRaDbaQBgn3xUcy37DNg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/31431e-5a7d-4fc3-a88d-47f043fba13b/1/tnUPA6hUZaMc3DGBbjrE2vWk7tg.roa
Signing time:             Thu 02 Jan 2025 11:49:09 +0000
ROA not before:           Thu 02 Jan 2025 11:49:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202013
IP address blocks:        93.190.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/31431e-5a7d-4fc3-a88d-47f043fba13b/1/2PH7284hRaDbaQBgn3xUcy37DNg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/31431e-5a7d-4fc3-a88d-47f043fba13b/1/2PH7284hRaDbaQBgn3xUcy37DNg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2PH7284hRaDbaQBgn3xUcy37DNg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:18:3e:8c:a2:33:61:c7:a0:16:a9:f4:87:c7:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8f1fbdbce2145a0db6900609f7c54732dfb0cd8
        Validity
            Not Before: Jan  2 11:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b6750f03a85465a31cdc31816e3ac4daf5a4eed8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:51:0b:9f:94:b8:84:f8:97:dc:fe:c1:bf:04:
                    2d:d5:dc:7a:07:36:ed:26:c7:f0:ab:9e:fc:8a:3f:
                    16:07:84:fb:23:ed:ef:51:fb:7a:51:f1:a5:7e:6a:
                    43:8d:26:06:74:93:9a:24:49:c4:53:cf:bd:73:1b:
                    97:7d:92:5f:07:67:b3:41:84:a8:12:4c:9d:a0:6c:
                    fc:b8:f2:3b:27:ee:94:86:17:f7:53:3c:8c:98:dd:
                    59:c8:ad:f0:d1:86:2a:c0:70:1a:ea:3f:57:89:82:
                    e1:82:bb:23:fd:fd:7d:8e:fc:3b:b7:47:d9:0c:c5:
                    8f:55:cd:4e:27:90:98:21:35:78:f3:c4:34:79:50:
                    70:97:70:56:b9:49:44:35:00:bc:12:ce:01:5b:b7:
                    b7:47:94:fc:0f:7d:6c:f4:aa:0a:ef:90:83:ea:f0:
                    2a:2f:22:1b:cf:ed:25:a0:b6:06:56:00:df:be:01:
                    25:56:17:9f:a7:97:2a:57:d1:cf:c2:78:75:a6:d7:
                    89:fb:3e:20:f6:7f:20:dc:83:7d:31:3f:3f:68:bd:
                    b3:fc:99:35:40:0d:62:19:f4:cb:48:d2:1b:7f:94:
                    a7:41:01:2a:45:af:07:cf:27:ba:48:7e:80:32:61:
                    b0:64:c9:60:27:25:1e:64:ec:bb:fc:fa:ae:48:ef:
                    fe:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:75:0F:03:A8:54:65:A3:1C:DC:31:81:6E:3A:C4:DA:F5:A4:EE:D8
            X509v3 Authority Key Identifier:
                keyid:D8:F1:FB:DB:CE:21:45:A0:DB:69:00:60:9F:7C:54:73:2D:FB:0C:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2PH7284hRaDbaQBgn3xUcy37DNg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/31431e-5a7d-4fc3-a88d-47f043fba13b/1/tnUPA6hUZaMc3DGBbjrE2vWk7tg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/31431e-5a7d-4fc3-a88d-47f043fba13b/1/2PH7284hRaDbaQBgn3xUcy37DNg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.190.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:5b:92:c4:89:e5:6a:d1:5a:2d:43:21:e4:9e:7e:97:42:75:
         a9:2a:97:29:89:63:e6:1f:cb:30:7d:2e:db:6a:13:f7:14:a2:
         81:d4:97:28:04:b9:d0:17:26:61:e9:fb:a9:88:b6:f3:9f:35:
         3a:6a:b9:09:b9:63:f6:15:5f:a7:22:ce:c6:5d:23:ad:c1:d8:
         af:23:66:56:1c:1a:d3:bf:ea:2c:7c:8b:42:b7:67:b3:c8:86:
         5e:34:e1:0e:05:de:84:0d:59:56:e3:1c:b6:b1:06:ff:6d:67:
         51:4d:b0:d9:f5:51:02:e1:ac:13:74:30:dd:f1:8d:6d:8b:7e:
         4b:12:16:7b:02:ea:21:49:7b:81:d0:ad:03:97:f4:8e:8e:7a:
         c5:3d:76:db:73:7b:59:8b:72:24:8e:ae:6f:c8:37:89:97:ad:
         1a:01:68:70:23:02:63:c7:30:62:19:88:c6:e7:14:5c:ec:7e:
         8b:1e:9c:7f:62:a5:da:c4:50:7d:4b:8d:a2:1e:bc:ff:a3:8b:
         f7:4c:28:2a:73:06:20:6e:aa:80:3e:0c:69:c8:b1:c1:74:f1:
         c7:8a:e4:f4:dc:70:92:d4:87:b3:8d:dd:38:7e:7f:38:9a:ba:
         12:d2:ea:f4:03:c9:e8:f7:92:f0:ee:04:2c:cd:fc:02:68:10:
         91:4a:5b:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2Rg+jKIzYcegFqn0h8c4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZjFmYmRiY2UyMTQ1YTBkYjY5MDA2MDlmN2M1NDczMmRm
YjBjZDgwHhcNMjUwMTAyMTE0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjc1MGYwM2E4NTQ2NWEzMWNkYzMxODE2ZTNhYzRkYWY1YTRlZWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmFELn5S4hPiX3P7BvwQt1dx6Bzbt
Jsfwq578ij8WB4T7I+3vUft6UfGlfmpDjSYGdJOaJEnEU8+9cxuXfZJfB2ezQYSo
EkydoGz8uPI7J+6Uhhf3UzyMmN1ZyK3w0YYqwHAa6j9XiYLhgrsj/f19jvw7t0fZ
DMWPVc1OJ5CYITV488Q0eVBwl3BWuUlENQC8Es4BW7e3R5T8D31s9KoK75CD6vAq
LyIbz+0loLYGVgDfvgElVhefp5cqV9HPwnh1pteJ+z4g9n8g3IN9MT8/aL2z/Jk1
QA1iGfTLSNIbf5SnQQEqRa8Hzye6SH6AMmGwZMlgJyUeZOy7/PquSO/+GQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLZ1DwOoVGWjHNwxgW46xNr1pO7YMB8GA1UdIwQY
MBaAFNjx+9vOIUWg22kAYJ98VHMt+wzYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlBINzI4NGhSYURiYVFCZ24zeFVjeTM3RE5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS8zMTQzMWUtNWE3ZC00ZmMzLWE4OGQt
NDdmMDQzZmJhMTNiLzEvdG5VUEE2aFVaYU1jM0RHQmJqckUydldrN3RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS8zMTQzMWUtNWE3ZC00ZmMzLWE4OGQtNDdmMDQzZmJhMTNi
LzEvMlBINzI4NGhSYURiYVFCZ24zeFVjeTM3RE5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXb6/MA0G
CSqGSIb3DQEBCwUAA4IBAQANW5LEieVq0VotQyHknn6XQnWpKpcpiWPmH8swfS7b
ahP3FKKB1JcoBLnQFyZh6fupiLbznzU6arkJuWP2FV+nIs7GXSOtwdivI2ZWHBrT
v+osfItCt2ezyIZeNOEOBd6EDVlW4xy2sQb/bWdRTbDZ9VEC4awTdDDd8Y1ti35L
EhZ7AuohSXuB0K0Dl/SOjnrFPXbbc3tZi3Ikjq5vyDeJl60aAWhwIwJjxzBiGYjG
5xRc7H6LHpx/YqXaxFB9S42iHrz/o4v3TCgqcwYgbqqAPgxpyLHBdPHHiuT03HCS
1Iezjd04fn84mroS0ur0A8no95Lw7gQszfwCaBCRSluT
-----END CERTIFICATE-----