Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/9WKehCxjsufpL0TalMHPJnz7PHs.roa
File:                     9WKehCxjsufpL0TalMHPJnz7PHs.roa (raw, json)
Hash identifier:          npIYWO0gU2+WwJPB6Z7znViP7vWDuFhU7YxJ4s5X2w0=
Subject key identifier:   F5:62:9E:84:2C:63:B2:E7:E9:2F:44:DA:94:C1:CF:26:7C:FB:3C:7B
Certificate issuer:       /CN=4da84d247ce37cdccf06e1571d226a2b85677bcd
Certificate serial:       018CC500387F2A98014637F914B35FB4B662
Authority key identifier: 4D:A8:4D:24:7C:E3:7C:DC:CF:06:E1:57:1D:22:6A:2B:85:67:7B:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TahNJHzjfNzPBuFXHSJqK4Vne80.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/9WKehCxjsufpL0TalMHPJnz7PHs.roa
Signing time:             Mon 01 Jan 2024 12:29:35 +0000
ROA not before:           Mon 01 Jan 2024 12:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57152
IP address blocks:        93.180.132.0/24 maxlen: 24
                          93.180.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/TahNJHzjfNzPBuFXHSJqK4Vne80.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/TahNJHzjfNzPBuFXHSJqK4Vne80.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TahNJHzjfNzPBuFXHSJqK4Vne80.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:38:7f:2a:98:01:46:37:f9:14:b3:5f:b4:b6:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4da84d247ce37cdccf06e1571d226a2b85677bcd
        Validity
            Not Before: Jan  1 12:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5629e842c63b2e7e92f44da94c1cf267cfb3c7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:0c:c5:d7:f8:f0:2d:ff:ab:8c:38:29:b3:3a:
                    a9:4a:67:db:2f:64:59:2b:82:f0:22:2b:a5:b4:a0:
                    59:06:39:76:61:80:b4:ee:0b:b9:d0:9c:e6:af:f3:
                    93:10:7e:2b:9b:f4:a8:c2:52:76:a5:08:49:cd:62:
                    07:05:27:a2:44:34:0e:b6:39:67:6e:10:32:24:27:
                    de:37:88:5e:60:b6:27:aa:fc:d8:f2:b1:98:82:18:
                    49:cf:07:b2:15:85:b3:80:45:8b:38:78:f0:92:79:
                    54:75:b2:a8:4e:0b:08:dc:1e:97:69:b0:9d:f0:02:
                    fe:6b:da:9e:fd:87:8a:ca:68:65:61:c1:1c:35:e0:
                    82:e9:ca:bd:d8:88:e3:4e:a6:ef:e1:ad:ad:26:3f:
                    b2:52:2b:d1:be:2d:67:ac:7e:39:7e:e7:85:91:6a:
                    ed:d4:20:c2:97:ce:70:ff:df:21:5a:a8:ad:f8:a9:
                    9b:db:e5:23:41:76:7e:e0:36:79:fe:2f:49:61:70:
                    86:24:d6:db:ed:ab:70:4b:6a:09:f3:16:81:42:59:
                    ce:94:98:88:eb:dd:00:79:65:22:b5:98:e2:10:b8:
                    b6:46:07:d4:14:29:12:89:a2:2a:0e:37:99:94:c5:
                    de:c4:7a:2a:06:62:dd:97:ac:f0:00:92:a8:9c:66:
                    eb:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:62:9E:84:2C:63:B2:E7:E9:2F:44:DA:94:C1:CF:26:7C:FB:3C:7B
            X509v3 Authority Key Identifier:
                keyid:4D:A8:4D:24:7C:E3:7C:DC:CF:06:E1:57:1D:22:6A:2B:85:67:7B:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TahNJHzjfNzPBuFXHSJqK4Vne80.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/9WKehCxjsufpL0TalMHPJnz7PHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/TahNJHzjfNzPBuFXHSJqK4Vne80.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.180.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a7:e0:12:ab:fd:88:28:3f:2e:a3:65:9f:cd:b3:39:e4:ca:51:
         04:4b:19:2e:1d:e3:5f:a0:92:f0:ac:27:c2:8f:3f:99:51:15:
         d7:36:00:88:16:61:16:12:85:9b:84:43:4f:d5:b4:cb:60:e2:
         54:a4:39:d7:87:79:af:8c:28:4f:bd:fc:c0:9d:36:b7:2d:d8:
         f3:d0:e6:8a:24:91:d8:43:e5:68:ab:f1:04:5f:2c:2b:66:f4:
         29:51:36:fd:d3:a2:f2:17:40:2c:fb:e3:57:e2:74:6e:c5:76:
         70:9e:ea:4d:b4:3a:a9:e6:aa:dc:58:12:cf:cb:cf:ed:cd:a0:
         6c:01:6a:55:63:c7:a3:f5:cc:52:60:fd:0b:92:2a:ff:63:49:
         01:37:b9:6b:39:15:cb:f5:43:f7:42:04:db:cf:5b:57:2d:20:
         e0:5d:7c:d2:76:f5:b3:96:ff:87:a4:b2:9f:5c:01:de:a3:52:
         fc:6d:62:4e:7b:a7:49:b2:ab:4b:ca:5d:4a:d5:2b:fa:35:83:
         99:e4:41:13:50:ab:d2:7a:29:1b:e6:71:06:31:99:60:9d:aa:
         ba:84:1f:54:51:d9:3c:8b:4b:73:f4:75:df:47:76:3d:e4:ab:
         d8:8b:1c:a4:52:9b:01:d1:e7:8d:43:92:45:4d:3c:d6:18:9f:
         33:a5:fb:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFADh/KpgBRjf5FLNftLZiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkYTg0ZDI0N2NlMzdjZGNjZjA2ZTE1NzFkMjI2YTJiODU2
NzdiY2QwHhcNMjQwMTAxMTIyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTYyOWU4NDJjNjNiMmU3ZTkyZjQ0ZGE5NGMxY2YyNjdjZmIzYzdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQzF1/jwLf+rjDgpszqpSmfbL2RZ
K4LwIiultKBZBjl2YYC07gu50Jzmr/OTEH4rm/SowlJ2pQhJzWIHBSeiRDQOtjln
bhAyJCfeN4heYLYnqvzY8rGYghhJzweyFYWzgEWLOHjwknlUdbKoTgsI3B6XabCd
8AL+a9qe/YeKymhlYcEcNeCC6cq92IjjTqbv4a2tJj+yUivRvi1nrH45fueFkWrt
1CDCl85w/98hWqit+Kmb2+UjQXZ+4DZ5/i9JYXCGJNbb7atwS2oJ8xaBQlnOlJiI
690AeWUitZjiELi2RgfUFCkSiaIqDjeZlMXexHoqBmLdl6zwAJKonGbrRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPVinoQsY7Ln6S9E2pTBzyZ8+zx7MB8GA1UdIwQY
MBaAFE2oTSR843zczwbhVx0iaiuFZ3vNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGFoTkpIempmTnpQQnVGWEhTSnFLNFZuZTgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC8yMTBmYmItYWE2ZS00OWM5LTkxOGIt
NTU1OGE4YjUzZTNkLzEvOVdLZWhDeGpzdWZwTDBUYWxNSFBKbno3UEhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC8yMTBmYmItYWE2ZS00OWM5LTkxOGItNTU1OGE4YjUzZTNk
LzEvVGFoTkpIempmTnpQQnVGWEhTSnFLNFZuZTgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXbSEMA0G
CSqGSIb3DQEBCwUAA4IBAQCn4BKr/YgoPy6jZZ/NsznkylEESxkuHeNfoJLwrCfC
jz+ZURXXNgCIFmEWEoWbhENP1bTLYOJUpDnXh3mvjChPvfzAnTa3Ldjz0OaKJJHY
Q+Voq/EEXywrZvQpUTb906LyF0As++NX4nRuxXZwnupNtDqp5qrcWBLPy8/tzaBs
AWpVY8ej9cxSYP0Lkir/Y0kBN7lrORXL9UP3QgTbz1tXLSDgXXzSdvWzlv+HpLKf
XAHeo1L8bWJOe6dJsqtLyl1K1Sv6NYOZ5EETUKvSeikb5nEGMZlgnaq6hB9UUdk8
i0tz9HXfR3Y95KvYixykUpsB0eeNQ5JFTTzWGJ8zpfvj
-----END CERTIFICATE-----