Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/_ynFYGfJXvqDgIeGadCmznsIlRA.roa
File:                     _ynFYGfJXvqDgIeGadCmznsIlRA.roa (raw, json)
Hash identifier:          fM7TgcCxAx7qDNnTxyWzaDPr1mahExzaO4XS+p5q+0s=
Subject key identifier:   FF:29:C5:60:67:C9:5E:FA:83:80:87:86:69:D0:A6:CE:7B:08:95:10
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       018CC2DB5B0ACE522859AB9A18FC7FC822F7
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/_ynFYGfJXvqDgIeGadCmznsIlRA.roa
Signing time:             Mon 01 Jan 2024 02:30:04 +0000
ROA not before:           Mon 01 Jan 2024 02:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49882
IP address blocks:        93.191.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:5b:0a:ce:52:28:59:ab:9a:18:fc:7f:c8:22:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Jan  1 02:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff29c56067c95efa8380878669d0a6ce7b089510
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:26:0a:97:05:22:f1:bd:76:15:b1:f7:92:7a:
                    0b:d1:74:1c:6d:35:a5:02:3d:6e:c3:93:bf:ca:8f:
                    52:9b:9d:ee:61:c1:d8:d8:e3:6f:d4:58:f3:ec:f3:
                    76:91:83:a9:1c:cb:2a:8b:d1:97:d5:2e:8d:82:ce:
                    7e:29:67:a7:a7:53:f5:3a:73:21:7d:c9:b8:e0:ed:
                    8b:ae:9f:9d:2f:d1:e0:75:81:51:17:71:53:f7:6f:
                    61:55:4c:7f:ba:a6:ac:4c:44:28:52:d0:86:6a:69:
                    45:0e:6e:57:26:cb:9b:9b:7a:d2:58:08:18:11:d8:
                    04:f2:33:a9:7b:90:40:0c:72:a5:0a:0e:10:7b:f4:
                    08:90:83:81:64:ad:5a:ca:00:df:57:b0:55:72:71:
                    c4:eb:ab:53:08:43:b0:b1:82:6e:39:92:1f:96:8d:
                    9c:8f:8a:e8:d8:01:70:d7:73:79:d1:7d:72:27:c1:
                    57:c7:ae:b7:3a:3c:39:42:6c:5b:87:c5:72:e9:c0:
                    0f:6a:27:82:e8:43:bd:10:9e:02:d0:54:e8:53:fe:
                    2a:e6:54:88:72:cf:15:62:f9:2c:e0:16:e7:cf:15:
                    d5:ec:9c:df:fd:6b:ca:7b:20:49:30:f2:25:a4:6d:
                    ab:8b:9a:cb:00:e1:65:75:20:e7:ad:74:99:6c:28:
                    b6:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:29:C5:60:67:C9:5E:FA:83:80:87:86:69:D0:A6:CE:7B:08:95:10
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/_ynFYGfJXvqDgIeGadCmznsIlRA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.191.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:1c:a5:eb:41:8c:e5:5d:57:43:7e:33:75:94:79:7f:bc:99:
         78:45:a3:e3:8a:7d:fe:65:fa:eb:67:1b:f7:3f:60:29:6b:83:
         b3:0d:6b:7f:d1:82:6e:cd:c7:d8:35:b1:ed:d0:47:1a:21:ea:
         d1:92:c6:e9:f8:a4:5a:d0:0b:65:da:d3:1a:52:fe:eb:4c:0e:
         5d:68:e5:55:58:9c:a2:79:a9:1a:b6:5e:bb:f1:99:93:fd:61:
         3d:53:e5:16:36:7e:ad:59:07:1e:5d:a9:22:4c:ec:fd:13:bb:
         72:69:3f:76:06:0a:5c:ce:dc:f2:23:88:76:93:87:32:29:00:
         3f:80:ca:a8:82:b7:f3:0e:76:10:4f:7d:fb:3d:d3:1c:d8:49:
         19:ba:ba:f0:a4:4d:10:15:30:16:7c:ff:f9:c0:e9:86:5c:89:
         7f:b7:60:54:49:bd:f0:fc:03:10:8c:a8:eb:b3:c9:f1:da:cc:
         e2:ab:de:60:5a:6c:cf:a1:37:95:5b:57:90:0b:f5:cb:2d:fd:
         5a:9b:b1:99:ff:7a:7d:24:ff:85:fc:1f:de:e3:79:be:c5:8d:
         03:a0:8a:85:bf:f5:95:13:5f:8a:4a:c9:85:fa:9f:80:b8:e7:
         a1:6d:68:3e:89:aa:bf:63:07:5a:6f:42:94:98:c3:51:8b:f3:
         7e:e8:4a:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC21sKzlIoWauaGPx/yCL3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjQwMTAxMDIzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjI5YzU2MDY3Yzk1ZWZhODM4MDg3ODY2OWQwYTZjZTdiMDg5NTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiSYKlwUi8b12FbH3knoL0XQcbTWl
Aj1uw5O/yo9Sm53uYcHY2ONv1Fjz7PN2kYOpHMsqi9GX1S6Ngs5+KWenp1P1OnMh
fcm44O2Lrp+dL9HgdYFRF3FT929hVUx/uqasTEQoUtCGamlFDm5XJsubm3rSWAgY
EdgE8jOpe5BADHKlCg4Qe/QIkIOBZK1aygDfV7BVcnHE66tTCEOwsYJuOZIflo2c
j4ro2AFw13N50X1yJ8FXx663Ojw5Qmxbh8Vy6cAPaieC6EO9EJ4C0FToU/4q5lSI
cs8VYvks4BbnzxXV7Jzf/WvKeyBJMPIlpG2ri5rLAOFldSDnrXSZbCi2WQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP8pxWBnyV76g4CHhmnQps57CJUQMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvX3luRllHZkpYdnFEZ0llR2FkQ216bnNJbFJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXb+uMA0G
CSqGSIb3DQEBCwUAA4IBAQCiHKXrQYzlXVdDfjN1lHl/vJl4RaPjin3+ZfrrZxv3
P2Apa4OzDWt/0YJuzcfYNbHt0EcaIerRksbp+KRa0Atl2tMaUv7rTA5daOVVWJyi
eakatl678ZmT/WE9U+UWNn6tWQceXakiTOz9E7tyaT92BgpcztzyI4h2k4cyKQA/
gMqogrfzDnYQT337PdMc2EkZurrwpE0QFTAWfP/5wOmGXIl/t2BUSb3w/AMQjKjr
s8nx2sziq95gWmzPoTeVW1eQC/XLLf1am7GZ/3p9JP+F/B/e43m+xY0DoIqFv/WV
E1+KSsmF+p+AuOehbWg+iaq/Ywdab0KUmMNRi/N+6Eq8
-----END CERTIFICATE-----