Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/18ZPhXMHuvzVxi0dQ-Jn8vcDA_o.roa
File:                     18ZPhXMHuvzVxi0dQ-Jn8vcDA_o.roa (raw, json)
Hash identifier:          0W6+wcUAbuDDeiFlSxGrZ8YlqYucGO1T/KcQ9Ea1seQ=
Subject key identifier:   D7:C6:4F:85:73:07:BA:FC:D5:C6:2D:1D:43:E2:67:F2:F7:03:03:FA
Certificate issuer:       /CN=4da84d247ce37cdccf06e1571d226a2b85677bcd
Certificate serial:       018D9249052ED19431E8D489AA6C89C22D68
Authority key identifier: 4D:A8:4D:24:7C:E3:7C:DC:CF:06:E1:57:1D:22:6A:2B:85:67:7B:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TahNJHzjfNzPBuFXHSJqK4Vne80.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/18ZPhXMHuvzVxi0dQ-Jn8vcDA_o.roa
Signing time:             Sat 10 Feb 2024 09:11:15 +0000
ROA not before:           Sat 10 Feb 2024 09:11:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62456
IP address blocks:        93.180.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/TahNJHzjfNzPBuFXHSJqK4Vne80.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/TahNJHzjfNzPBuFXHSJqK4Vne80.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TahNJHzjfNzPBuFXHSJqK4Vne80.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:92:49:05:2e:d1:94:31:e8:d4:89:aa:6c:89:c2:2d:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4da84d247ce37cdccf06e1571d226a2b85677bcd
        Validity
            Not Before: Feb 10 09:11:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d7c64f857307bafcd5c62d1d43e267f2f70303fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:ac:a3:ec:84:c4:af:a0:f2:33:a4:b2:2a:6c:
                    dc:3e:19:4b:ca:ef:da:a5:56:15:4d:13:0a:19:e2:
                    ed:74:67:89:48:42:92:d7:5c:fb:6d:ef:12:d9:3c:
                    3b:f4:12:6f:ea:2d:d2:d8:fc:e3:01:ed:3e:23:99:
                    d7:4e:59:a7:ac:17:0b:ae:31:c1:b2:16:4c:09:a0:
                    27:fe:32:d2:de:dc:90:a4:61:e0:32:dc:57:0b:75:
                    4b:3f:bd:7c:13:52:d3:34:38:94:47:56:b3:69:ef:
                    b3:65:f4:f7:ff:73:99:93:1d:0f:d0:e4:1f:62:a0:
                    11:32:7e:13:67:83:e6:5e:fa:5c:f6:8c:54:0b:e2:
                    b8:8a:6c:dd:9b:a8:55:5f:4e:cc:8e:74:64:9b:fa:
                    31:2c:aa:d1:7d:9c:9a:e7:59:10:c9:9e:ee:57:20:
                    e0:8e:ba:e3:7b:aa:1b:59:bb:b0:f0:22:d8:80:f3:
                    ce:4b:af:3d:fe:4b:f3:17:19:25:0b:a0:35:87:85:
                    89:32:21:d8:4b:b9:5a:ac:92:9a:08:41:6a:d6:67:
                    ba:8e:c5:26:e2:4f:10:f4:31:83:3b:97:6d:c3:2b:
                    cf:d7:a8:8a:ce:11:7e:b9:d3:85:c7:c6:8f:b7:20:
                    dd:a7:80:e8:8f:2d:15:98:0b:03:3a:d7:f5:e9:af:
                    06:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:C6:4F:85:73:07:BA:FC:D5:C6:2D:1D:43:E2:67:F2:F7:03:03:FA
            X509v3 Authority Key Identifier:
                keyid:4D:A8:4D:24:7C:E3:7C:DC:CF:06:E1:57:1D:22:6A:2B:85:67:7B:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TahNJHzjfNzPBuFXHSJqK4Vne80.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/18ZPhXMHuvzVxi0dQ-Jn8vcDA_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/TahNJHzjfNzPBuFXHSJqK4Vne80.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.180.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:5e:61:73:24:6f:82:93:aa:1f:b0:cd:ff:e6:8f:2b:82:e5:
         b0:d8:3e:d8:87:97:6f:b6:1d:0b:41:f5:41:7f:0e:94:3d:23:
         eb:34:b4:e8:34:09:df:57:56:0a:3e:4d:a3:f7:d5:98:04:91:
         a1:f4:34:7e:d1:ea:6a:84:b3:b2:82:d0:b3:65:99:43:cc:27:
         9a:71:a0:d9:15:bf:31:95:18:d2:30:3d:ef:ef:19:dc:87:fd:
         33:c4:96:08:0a:36:38:fd:61:76:21:dd:54:3a:f6:14:f7:b7:
         8e:95:a7:10:76:0c:db:87:e6:28:5e:dd:96:54:a2:c4:01:c7:
         9f:71:a0:19:0c:a1:97:d0:ad:f9:66:79:7d:87:3c:2f:e4:f7:
         06:49:17:82:4f:d7:8d:3f:59:97:2a:54:44:39:48:b8:50:71:
         3d:d7:d9:05:df:0b:bf:fa:e9:b1:c6:a0:04:36:8d:8a:dd:a2:
         48:a6:0a:1b:25:a7:30:9b:66:5f:fb:76:0b:ac:20:05:90:43:
         26:1c:95:39:37:5b:e8:21:c6:30:ff:25:7f:4c:97:62:69:66:
         ff:3a:b3:47:71:6e:d6:e8:f0:7e:5a:fd:78:ca:6b:ee:d8:a3:
         33:0e:66:ac:9c:0b:16:b1:2a:e4:ff:87:1d:6b:40:dd:27:ba:
         88:92:e8:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2SSQUu0ZQx6NSJqmyJwi1oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkYTg0ZDI0N2NlMzdjZGNjZjA2ZTE1NzFkMjI2YTJiODU2
NzdiY2QwHhcNMjQwMjEwMDkxMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2M2NGY4NTczMDdiYWZjZDVjNjJkMWQ0M2UyNjdmMmY3MDMwM2ZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6yj7ITEr6DyM6SyKmzcPhlLyu/a
pVYVTRMKGeLtdGeJSEKS11z7be8S2Tw79BJv6i3S2PzjAe0+I5nXTlmnrBcLrjHB
shZMCaAn/jLS3tyQpGHgMtxXC3VLP718E1LTNDiUR1azae+zZfT3/3OZkx0P0OQf
YqARMn4TZ4PmXvpc9oxUC+K4imzdm6hVX07MjnRkm/oxLKrRfZya51kQyZ7uVyDg
jrrje6obWbuw8CLYgPPOS689/kvzFxklC6A1h4WJMiHYS7larJKaCEFq1me6jsUm
4k8Q9DGDO5dtwyvP16iKzhF+udOFx8aPtyDdp4Dojy0VmAsDOtf16a8G8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNfGT4VzB7r81cYtHUPiZ/L3AwP6MB8GA1UdIwQY
MBaAFE2oTSR843zczwbhVx0iaiuFZ3vNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGFoTkpIempmTnpQQnVGWEhTSnFLNFZuZTgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC8yMTBmYmItYWE2ZS00OWM5LTkxOGIt
NTU1OGE4YjUzZTNkLzEvMThaUGhYTUh1dnpWeGkwZFEtSm44dmNEQV9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC8yMTBmYmItYWE2ZS00OWM5LTkxOGItNTU1OGE4YjUzZTNk
LzEvVGFoTkpIempmTnpQQnVGWEhTSnFLNFZuZTgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXbSHMA0G
CSqGSIb3DQEBCwUAA4IBAQAoXmFzJG+Ck6ofsM3/5o8rguWw2D7Yh5dvth0LQfVB
fw6UPSPrNLToNAnfV1YKPk2j99WYBJGh9DR+0epqhLOygtCzZZlDzCeacaDZFb8x
lRjSMD3v7xnch/0zxJYICjY4/WF2Id1UOvYU97eOlacQdgzbh+YoXt2WVKLEAcef
caAZDKGX0K35Znl9hzwv5PcGSReCT9eNP1mXKlREOUi4UHE919kF3wu/+umxxqAE
No2K3aJIpgobJacwm2Zf+3YLrCAFkEMmHJU5N1voIcYw/yV/TJdiaWb/OrNHcW7W
6PB+Wv14ymvu2KMzDmasnAsWsSrk/4cda0DdJ7qIkuiG
-----END CERTIFICATE-----