Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/iwREtFCK0IaEHCS1cSgf1PofL3A.roa
File:                     iwREtFCK0IaEHCS1cSgf1PofL3A.roa (raw, json)
Hash identifier:          fPV8J3ZtEXTWuyODOsK9kGChSOlWtutkWvTDywQLHU0=
Subject key identifier:   8B:04:44:B4:50:8A:D0:86:84:1C:24:B5:71:28:1F:D4:FA:1F:2F:70
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       018CC2DB5A79832A6C27009A32E47F642764
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/iwREtFCK0IaEHCS1cSgf1PofL3A.roa
Signing time:             Mon 01 Jan 2024 02:30:04 +0000
ROA not before:           Mon 01 Jan 2024 02:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49846
IP address blocks:        93.191.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:5a:79:83:2a:6c:27:00:9a:32:e4:7f:64:27:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Jan  1 02:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b0444b4508ad086841c24b571281fd4fa1f2f70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:81:57:bc:9a:46:4d:c9:26:22:d9:61:ab:13:
                    69:ac:34:dc:2e:c4:d9:c0:f6:0c:5d:a9:b6:da:29:
                    53:aa:61:7a:c5:bc:a2:65:25:cb:29:d4:e9:c3:54:
                    ba:f3:5b:9f:c6:97:33:32:46:51:85:7f:9e:00:a4:
                    98:37:fa:f3:25:b9:ca:96:ac:f5:ac:6d:91:76:72:
                    98:fd:24:ac:88:b6:06:4c:47:0b:ae:3f:3c:97:5a:
                    a6:ce:12:a8:70:36:76:9f:f9:c5:f9:09:c7:b1:4d:
                    05:a3:d0:ce:0c:50:6e:29:cd:c2:9d:5d:7d:15:b5:
                    7e:c8:4c:7b:07:bd:44:43:fe:23:72:9e:97:82:62:
                    72:d2:ae:d8:46:6a:1e:5d:f3:ff:11:49:67:66:60:
                    69:13:db:96:9d:09:f5:e9:73:b0:7e:57:61:77:f3:
                    af:7f:c0:38:1d:cf:c6:a6:40:46:63:28:2a:2f:17:
                    fd:9e:20:61:29:fb:54:05:0d:a4:a6:06:bf:40:ae:
                    47:8d:59:89:73:b5:e7:e0:73:2d:a8:e7:15:ff:cb:
                    d4:b9:74:cf:79:a3:60:8e:77:d0:36:15:36:6e:6e:
                    ab:00:de:1a:89:91:8e:8c:15:97:75:b3:14:e2:75:
                    21:a5:ab:2e:14:63:ce:cc:21:86:bf:dd:6f:b4:49:
                    82:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:04:44:B4:50:8A:D0:86:84:1C:24:B5:71:28:1F:D4:FA:1F:2F:70
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/iwREtFCK0IaEHCS1cSgf1PofL3A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.191.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:91:5d:7d:ca:3e:1e:25:4b:04:bc:a8:a9:53:ba:80:cd:73:
         4b:50:ac:48:f4:83:f0:0d:d7:a3:99:4e:cd:30:03:fc:75:a0:
         36:87:51:c6:f5:6d:0c:b9:8c:c4:43:3d:27:71:19:4b:c7:96:
         c2:8e:f9:1c:69:82:0a:e4:b2:9b:bd:fd:f8:a8:c9:e6:55:96:
         f6:50:eb:76:7c:64:d3:e3:5a:ef:1c:15:61:ff:ab:46:a4:6a:
         38:10:6c:9b:b9:77:a9:5e:15:95:37:c4:68:8d:e4:d3:24:04:
         d1:e6:bd:cd:30:15:29:68:1a:f0:36:87:bc:b5:67:74:22:94:
         bc:fa:93:08:f9:ef:30:3c:a6:41:13:12:52:78:03:2c:9e:0f:
         a1:ed:08:45:a2:70:96:46:02:4b:19:6f:36:69:82:33:e6:1a:
         42:f3:cd:e4:1f:5c:d6:b8:dd:1e:88:da:bc:6c:a3:97:48:e2:
         a3:7b:98:3a:e6:b1:88:1e:d3:74:25:c8:0d:59:bc:00:63:87:
         4d:2d:4d:26:35:85:c4:6d:11:60:b8:c7:fe:65:5b:16:9c:8d:
         31:5d:54:87:8c:16:08:bc:27:65:b4:66:48:03:5c:c1:16:0f:
         48:ed:56:ee:65:0d:2c:40:c5:53:aa:fe:fa:94:b5:c5:e5:e6:
         31:96:7a:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC21p5gypsJwCaMuR/ZCdkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjQwMTAxMDIzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjA0NDRiNDUwOGFkMDg2ODQxYzI0YjU3MTI4MWZkNGZhMWYyZjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0IFXvJpGTckmItlhqxNprDTcLsTZ
wPYMXam22ilTqmF6xbyiZSXLKdTpw1S681ufxpczMkZRhX+eAKSYN/rzJbnKlqz1
rG2RdnKY/SSsiLYGTEcLrj88l1qmzhKocDZ2n/nF+QnHsU0Fo9DODFBuKc3CnV19
FbV+yEx7B71EQ/4jcp6XgmJy0q7YRmoeXfP/EUlnZmBpE9uWnQn16XOwfldhd/Ov
f8A4Hc/GpkBGYygqLxf9niBhKftUBQ2kpga/QK5HjVmJc7Xn4HMtqOcV/8vUuXTP
eaNgjnfQNhU2bm6rAN4aiZGOjBWXdbMU4nUhpasuFGPOzCGGv91vtEmCYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIsERLRQitCGhBwktXEoH9T6Hy9wMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvaXdSRXRGQ0swSWFFSENTMWNTZ2YxUG9mTDNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXb+vMA0G
CSqGSIb3DQEBCwUAA4IBAQAtkV19yj4eJUsEvKipU7qAzXNLUKxI9IPwDdejmU7N
MAP8daA2h1HG9W0MuYzEQz0ncRlLx5bCjvkcaYIK5LKbvf34qMnmVZb2UOt2fGTT
41rvHBVh/6tGpGo4EGybuXepXhWVN8RojeTTJATR5r3NMBUpaBrwNoe8tWd0IpS8
+pMI+e8wPKZBExJSeAMsng+h7QhFonCWRgJLGW82aYIz5hpC883kH1zWuN0eiNq8
bKOXSOKje5g65rGIHtN0JcgNWbwAY4dNLU0mNYXEbRFguMf+ZVsWnI0xXVSHjBYI
vCdltGZIA1zBFg9I7VbuZQ0sQMVTqv76lLXF5eYxlnrx
-----END CERTIFICATE-----