Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/IcFuQIouJCuWuHO_yiXsv9D-BsM.roa
File:                     IcFuQIouJCuWuHO_yiXsv9D-BsM.roa (raw, json)
Hash identifier:          85qJOiM2ad9ExmakxtoyKPLzM0B0skhvz9w/Rt90g4E=
Subject key identifier:   21:C1:6E:40:8A:2E:24:2B:96:B8:73:BF:CA:25:EC:BF:D0:FE:06:C3
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       019427B68366E22B4A66FC5F3A96A482E365
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/IcFuQIouJCuWuHO_yiXsv9D-BsM.roa
Signing time:             Thu 02 Jan 2025 15:51:00 +0000
ROA not before:           Thu 02 Jan 2025 15:51:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49846
IP address blocks:        93.191.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:83:66:e2:2b:4a:66:fc:5f:3a:96:a4:82:e3:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Jan  2 15:51:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=21c16e408a2e242b96b873bfca25ecbfd0fe06c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:48:18:31:8d:33:4c:0b:b4:3b:b0:5d:5d:e6:
                    e9:45:3a:a0:69:16:6d:2a:4e:d6:d5:6e:61:af:c4:
                    e0:ba:b1:3e:ba:26:4b:84:74:0b:58:bb:e6:af:b9:
                    c4:f3:dc:eb:6a:91:45:69:2b:8e:82:0c:aa:8a:64:
                    3c:78:52:93:82:f7:13:58:e0:aa:6c:88:d6:7d:45:
                    fd:a8:e4:5a:ba:0c:4e:9a:1e:f4:d3:7e:fd:e7:95:
                    68:2c:ab:45:14:b0:98:39:ee:7b:20:cf:a0:6f:e9:
                    cf:c9:f0:64:35:29:55:b4:91:e7:b3:6f:5f:a3:6b:
                    e7:cf:df:ce:67:28:cb:90:2a:2b:98:2d:44:fc:b1:
                    d2:8b:35:b2:4c:fb:48:84:1b:46:e4:a3:1f:8f:07:
                    62:0f:05:e8:fe:f1:d1:b7:b1:58:a7:4e:32:e3:95:
                    61:db:b2:15:d2:19:f9:13:37:4f:ef:32:88:e0:cf:
                    87:bb:cd:a9:d8:7f:07:73:5e:17:f3:63:6e:3a:89:
                    eb:da:28:31:34:03:5c:94:c5:ed:7f:ff:65:bb:45:
                    aa:0a:35:5f:f8:72:56:e8:b2:54:f3:a6:e5:54:d0:
                    38:c4:8a:83:92:f8:5a:e9:d2:4c:ed:c3:ac:1d:b1:
                    98:ea:28:ec:95:e3:54:fe:23:fc:d0:9d:b9:d4:11:
                    f3:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:C1:6E:40:8A:2E:24:2B:96:B8:73:BF:CA:25:EC:BF:D0:FE:06:C3
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/IcFuQIouJCuWuHO_yiXsv9D-BsM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.191.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:b3:6a:58:90:e8:6e:db:7b:7a:cd:05:68:8c:0f:0d:ee:84:
         15:14:08:eb:f9:92:4c:9c:64:cd:81:1a:78:39:1d:b3:72:ea:
         62:37:b3:52:df:46:10:99:e2:06:28:e2:f8:af:31:e1:67:02:
         c0:67:3b:3c:d7:69:7c:63:38:9b:89:c4:75:d5:ae:0b:62:c0:
         31:8a:d6:88:f2:b2:fd:e1:a0:91:d6:ce:74:56:38:7e:37:6d:
         9a:1e:ef:4a:84:3e:4e:68:55:4e:b0:4d:8a:30:68:17:b8:15:
         35:52:c5:4f:5f:7b:ad:de:44:dd:04:ab:17:10:df:f5:0a:ba:
         94:26:da:1d:34:87:f4:7d:cf:04:a6:05:ec:c6:9f:76:23:2e:
         81:f6:7f:56:ca:49:5e:9b:dd:89:ba:41:b3:6f:f5:37:34:74:
         42:6c:63:50:d6:30:a8:05:4c:0d:7c:02:17:4c:09:70:bc:f6:
         eb:c8:73:82:4a:d1:4d:dc:aa:a1:0e:ab:84:cb:74:7a:c9:52:
         e8:d9:de:6b:f8:8b:bb:5f:e6:ce:03:a9:76:6c:0f:7f:e1:47:
         74:20:72:e3:19:0c:84:a0:b5:21:85:ee:d0:ec:75:ff:df:06:
         56:d2:ed:84:f9:8f:c4:e8:12:6e:12:6a:fd:d3:65:b8:24:fb:
         c2:d5:31:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntoNm4itKZvxfOpakguNlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjUwMTAyMTU1MTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWMxNmU0MDhhMmUyNDJiOTZiODczYmZjYTI1ZWNiZmQwZmUwNmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiEgYMY0zTAu0O7BdXebpRTqgaRZt
Kk7W1W5hr8TgurE+uiZLhHQLWLvmr7nE89zrapFFaSuOggyqimQ8eFKTgvcTWOCq
bIjWfUX9qORaugxOmh70037955VoLKtFFLCYOe57IM+gb+nPyfBkNSlVtJHns29f
o2vnz9/OZyjLkCormC1E/LHSizWyTPtIhBtG5KMfjwdiDwXo/vHRt7FYp04y45Vh
27IV0hn5EzdP7zKI4M+Hu82p2H8Hc14X82NuOonr2igxNANclMXtf/9lu0WqCjVf
+HJW6LJU86blVNA4xIqDkvha6dJM7cOsHbGY6ijsleNU/iP80J251BHzAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCHBbkCKLiQrlrhzv8ol7L/Q/gbDMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvSWNGdVFJb3VKQ3VXdUhPX3lpWHN2OUQtQnNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXb+vMA0G
CSqGSIb3DQEBCwUAA4IBAQA+s2pYkOhu23t6zQVojA8N7oQVFAjr+ZJMnGTNgRp4
OR2zcupiN7NS30YQmeIGKOL4rzHhZwLAZzs812l8YzibicR11a4LYsAxitaI8rL9
4aCR1s50Vjh+N22aHu9KhD5OaFVOsE2KMGgXuBU1UsVPX3ut3kTdBKsXEN/1CrqU
JtodNIf0fc8EpgXsxp92Iy6B9n9Wyklem92JukGzb/U3NHRCbGNQ1jCoBUwNfAIX
TAlwvPbryHOCStFN3KqhDquEy3R6yVLo2d5r+Iu7X+bOA6l2bA9/4Ud0IHLjGQyE
oLUhhe7Q7HX/3wZW0u2E+Y/E6BJuEmr902W4JPvC1TG6
-----END CERTIFICATE-----