Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/tE3f954vSl0Dkc7bIwL841MQEvk.roa
File:                     tE3f954vSl0Dkc7bIwL841MQEvk.roa (raw, json)
Hash identifier:          7cPLOrOrjCGKKCdwGGBI6tVF8oHMPSQmwC3VI5Qy/P0=
Subject key identifier:   B4:4D:DF:F7:9E:2F:4A:5D:03:91:CE:DB:23:02:FC:E3:53:10:12:F9
Certificate issuer:       /CN=62a15cc88659f578cc159c52b3a7e9ec5819fb20
Certificate serial:       018CC8017E4746011B38F1E6E65644E78735
Authority key identifier: 62:A1:5C:C8:86:59:F5:78:CC:15:9C:52:B3:A7:E9:EC:58:19:FB:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/tE3f954vSl0Dkc7bIwL841MQEvk.roa
Signing time:             Tue 02 Jan 2024 02:29:50 +0000
ROA not before:           Tue 02 Jan 2024 02:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25369
IP address blocks:        93.89.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:7e:47:46:01:1b:38:f1:e6:e6:56:44:e7:87:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62a15cc88659f578cc159c52b3a7e9ec5819fb20
        Validity
            Not Before: Jan  2 02:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b44ddff79e2f4a5d0391cedb2302fce3531012f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:81:c5:2b:75:3d:e2:4c:15:36:15:87:62:43:
                    64:e8:d7:48:79:94:11:1f:87:87:03:29:0c:bc:d6:
                    bd:5a:bd:98:a8:fe:8c:d6:de:fd:83:0c:e5:23:71:
                    15:23:71:20:00:4f:37:b9:f1:2c:e5:af:9e:7a:51:
                    dc:39:df:df:98:28:81:ed:02:4d:88:e7:4d:1c:0b:
                    77:3e:0d:15:59:d8:f9:6c:56:d7:c2:01:3b:40:86:
                    13:81:8a:dc:09:9b:17:ab:49:89:f9:3a:37:a0:68:
                    09:50:3b:cc:5b:86:67:6c:4e:10:74:fa:39:8e:82:
                    f6:de:96:e9:ea:7c:49:0e:b4:e3:ee:52:4b:03:f1:
                    c4:26:fc:bc:47:cb:f7:a6:7c:29:49:61:af:30:56:
                    63:98:a2:f4:04:2a:d0:3b:45:71:71:b4:cd:50:e1:
                    42:a4:49:49:9c:d3:a5:8d:bd:2a:c7:03:a5:78:a7:
                    33:b7:70:eb:38:df:53:a4:66:e8:4e:bf:af:69:b3:
                    5d:c3:ae:84:2b:33:7e:a4:37:60:ef:d7:7a:e8:4c:
                    f4:24:c6:f6:9d:dc:fe:50:38:4c:60:0a:37:fd:2e:
                    20:d1:f0:0e:87:9d:3b:5b:50:96:e3:c2:75:d5:97:
                    7c:9f:17:1b:da:7f:c6:b4:ee:88:a6:3b:0d:58:4d:
                    82:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:4D:DF:F7:9E:2F:4A:5D:03:91:CE:DB:23:02:FC:E3:53:10:12:F9
            X509v3 Authority Key Identifier:
                keyid:62:A1:5C:C8:86:59:F5:78:CC:15:9C:52:B3:A7:E9:EC:58:19:FB:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/tE3f954vSl0Dkc7bIwL841MQEvk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.89.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:3c:19:4d:23:a0:78:e3:87:78:3f:2c:90:56:8a:bc:c6:5f:
         c0:2f:b1:e5:2f:5e:aa:fc:d4:38:bb:d5:c8:25:3d:5e:ff:eb:
         b9:ca:3f:95:4b:45:90:a1:4e:cc:38:d7:cd:e5:3c:03:ed:c8:
         87:52:d1:43:e3:b2:5e:b2:02:88:9a:53:1a:7d:db:9c:d6:91:
         f9:e2:33:d8:1b:34:1f:1f:c7:c9:8d:77:a9:97:2f:4b:f0:2b:
         3e:d0:79:18:11:5c:48:41:79:6d:82:cd:15:dd:05:16:45:dd:
         28:89:f6:5e:b9:5a:ae:20:85:06:df:60:df:0b:e7:a9:e2:74:
         66:6c:65:0f:6f:03:07:4d:e8:4f:95:1c:55:b9:82:fd:e0:a9:
         bf:18:31:ec:da:1d:b4:58:58:a3:3f:0a:49:5e:df:26:87:1a:
         46:02:02:3a:fc:e5:21:cd:9a:52:7e:1f:f7:9f:84:7a:81:45:
         40:3a:44:38:c9:af:11:03:03:03:f8:63:04:87:28:fc:94:94:
         48:8a:1c:e5:b9:87:87:fd:ef:a3:ae:19:b0:48:68:cb:29:5f:
         16:67:25:2b:d8:a0:63:9f:cd:87:8e:7a:c2:06:a2:95:fa:fb:
         27:da:24:4c:97:1d:96:cf:f1:68:bf:f3:79:c5:bc:ab:01:7c:
         36:72:30:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAX5HRgEbOPHm5lZE54c1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyYTE1Y2M4ODY1OWY1NzhjYzE1OWM1MmIzYTdlOWVjNTgx
OWZiMjAwHhcNMjQwMTAyMDIyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDRkZGZmNzllMmY0YTVkMDM5MWNlZGIyMzAyZmNlMzUzMTAxMmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhoHFK3U94kwVNhWHYkNk6NdIeZQR
H4eHAykMvNa9Wr2YqP6M1t79gwzlI3EVI3EgAE83ufEs5a+eelHcOd/fmCiB7QJN
iOdNHAt3Pg0VWdj5bFbXwgE7QIYTgYrcCZsXq0mJ+To3oGgJUDvMW4ZnbE4QdPo5
joL23pbp6nxJDrTj7lJLA/HEJvy8R8v3pnwpSWGvMFZjmKL0BCrQO0VxcbTNUOFC
pElJnNOljb0qxwOleKczt3DrON9TpGboTr+vabNdw66EKzN+pDdg79d66Ez0JMb2
ndz+UDhMYAo3/S4g0fAOh507W1CW48J11Zd8nxcb2n/GtO6IpjsNWE2CLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLRN3/eeL0pdA5HO2yMC/ONTEBL5MB8GA1UdIwQY
MBaAFGKhXMiGWfV4zBWcUrOn6exYGfsgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXFGY3lJWlo5WGpNRlp4U3M2ZnA3RmdaLXlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi8yMTE3YmMtMWY5ZS00NTkwLWE1NTAt
NDI2OWI1NmJmN2Q0LzEvdEUzZjk1NHZTbDBEa2M3Ykl3TDg0MU1RRXZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi8yMTE3YmMtMWY5ZS00NTkwLWE1NTAtNDI2OWI1NmJmN2Q0
LzEvWXFGY3lJWlo5WGpNRlp4U3M2ZnA3RmdaLXlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXVnXMA0G
CSqGSIb3DQEBCwUAA4IBAQBbPBlNI6B444d4PyyQVoq8xl/AL7HlL16q/NQ4u9XI
JT1e/+u5yj+VS0WQoU7MONfN5TwD7ciHUtFD47JesgKImlMafduc1pH54jPYGzQf
H8fJjXeply9L8Cs+0HkYEVxIQXltgs0V3QUWRd0oifZeuVquIIUG32DfC+ep4nRm
bGUPbwMHTehPlRxVuYL94Km/GDHs2h20WFijPwpJXt8mhxpGAgI6/OUhzZpSfh/3
n4R6gUVAOkQ4ya8RAwMD+GMEhyj8lJRIihzluYeH/e+jrhmwSGjLKV8WZyUr2KBj
n82HjnrCBqKV+vsn2iRMlx2Wz/Fov/N5xbyrAXw2cjC4
-----END CERTIFICATE-----