Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/8e1f53-b674-40e8-8bb8-db5d89e8a17c/1/IZ00nLA87apsGFhrgOSziCyvLIw.roa
File:                     IZ00nLA87apsGFhrgOSziCyvLIw.roa (raw, json)
Hash identifier:          HOOWV8CM8keoyHiB3Lv/mWUTqDsbRl9tTtIYERqrAxM=
Subject key identifier:   21:9D:34:9C:B0:3C:ED:AA:6C:18:58:6B:80:E4:B3:88:2C:AF:2C:8C
Certificate issuer:       /CN=40cc81ff82ced61aef8476ace7a0e818bbae8fc4
Certificate serial:       018CC8DEBD544028F875423B21DE1F80CC91
Authority key identifier: 40:CC:81:FF:82:CE:D6:1A:EF:84:76:AC:E7:A0:E8:18:BB:AE:8F:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QMyB_4LO1hrvhHas56DoGLuuj8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/8e1f53-b674-40e8-8bb8-db5d89e8a17c/1/IZ00nLA87apsGFhrgOSziCyvLIw.roa
Signing time:             Tue 02 Jan 2024 06:31:29 +0000
ROA not before:           Tue 02 Jan 2024 06:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204774
IP address blocks:        93.95.209.0/24 maxlen: 24
                          2a13:5000::/29 maxlen: 48
                          2a13:5000::/48 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/8e1f53-b674-40e8-8bb8-db5d89e8a17c/1/QMyB_4LO1hrvhHas56DoGLuuj8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/8e1f53-b674-40e8-8bb8-db5d89e8a17c/1/QMyB_4LO1hrvhHas56DoGLuuj8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QMyB_4LO1hrvhHas56DoGLuuj8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:bd:54:40:28:f8:75:42:3b:21:de:1f:80:cc:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40cc81ff82ced61aef8476ace7a0e818bbae8fc4
        Validity
            Not Before: Jan  2 06:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=219d349cb03cedaa6c18586b80e4b3882caf2c8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:32:ca:5a:04:a4:ab:37:09:23:3b:57:75:a3:
                    e2:d4:4b:eb:5f:a0:c2:9b:e8:61:99:10:26:5c:71:
                    91:32:a3:8d:f7:9e:60:c9:fe:d4:37:fa:16:10:e6:
                    d0:60:55:fe:1b:ad:b2:a1:6a:3b:e3:26:34:f0:4c:
                    be:96:95:7f:10:e1:8a:2a:f4:4f:d3:e0:f7:b1:d6:
                    ac:b9:0b:09:e9:e2:42:76:f4:8a:cf:73:1e:fc:6a:
                    4d:08:ef:e2:01:96:ba:f3:7d:b6:43:26:f3:82:f3:
                    92:28:54:85:69:1a:f1:f6:82:c7:fc:f8:e4:66:67:
                    39:f4:bb:4e:95:ac:39:d6:75:c6:37:00:8f:c3:32:
                    88:90:35:70:43:5e:20:19:2c:c3:50:2b:fa:41:b4:
                    d5:c7:8b:38:a3:51:6e:c2:81:41:22:bf:9c:36:57:
                    5c:41:5e:65:6a:84:40:cb:87:da:10:1e:d8:4d:fe:
                    5f:bf:49:12:8a:77:33:d3:c0:25:aa:af:25:ff:86:
                    a6:3b:72:91:d5:f1:58:bf:0d:ce:c0:a9:f2:18:63:
                    e5:b8:8a:6a:ae:a8:7a:d9:c8:d5:d4:f1:a0:71:0a:
                    85:35:61:3e:60:06:6a:ea:68:62:01:ec:5e:8d:06:
                    23:5d:37:04:ef:a6:1d:a7:e5:2c:bc:6a:f6:54:8e:
                    16:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:9D:34:9C:B0:3C:ED:AA:6C:18:58:6B:80:E4:B3:88:2C:AF:2C:8C
            X509v3 Authority Key Identifier:
                keyid:40:CC:81:FF:82:CE:D6:1A:EF:84:76:AC:E7:A0:E8:18:BB:AE:8F:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QMyB_4LO1hrvhHas56DoGLuuj8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/8e1f53-b674-40e8-8bb8-db5d89e8a17c/1/IZ00nLA87apsGFhrgOSziCyvLIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/8e1f53-b674-40e8-8bb8-db5d89e8a17c/1/QMyB_4LO1hrvhHas56DoGLuuj8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.95.209.0/24
                IPv6:
                  2a13:5000::/29

    Signature Algorithm: sha256WithRSAEncryption
         6d:b2:3a:af:b5:9d:b6:06:1e:67:90:f1:2a:ad:fa:dd:a5:8e:
         8b:1f:21:b1:a1:d8:11:ec:f6:0d:43:90:c8:33:e9:67:f1:da:
         a0:6b:5e:4c:51:34:d1:5e:22:f0:eb:54:91:d9:0e:e1:96:42:
         4c:9e:09:05:4b:f9:e3:1c:f6:d7:f2:39:33:bb:50:d1:62:2a:
         80:56:9c:0e:d5:ec:ab:03:26:dd:07:09:3f:07:df:10:05:08:
         8b:04:9a:cb:61:40:28:e2:ca:c3:1e:8c:25:dc:81:51:04:ff:
         89:4c:65:35:af:c0:cd:2c:05:8b:90:bf:bf:b5:dd:c2:52:56:
         6e:b9:bb:e8:6a:15:9f:10:8e:6f:5a:6e:5c:b2:b6:f6:08:69:
         32:e2:95:97:ef:c0:82:bc:57:a9:70:ad:fa:ab:44:d5:e2:c0:
         4c:1b:19:a8:1d:56:36:ce:e7:08:c4:73:8c:17:59:00:d3:27:
         3d:ee:08:00:3e:4e:a9:da:4b:42:4e:6e:7a:56:3e:4c:21:1e:
         8a:a9:61:5a:8a:3b:82:fc:3c:97:90:28:fc:29:51:58:2a:0f:
         f8:c4:86:36:a2:69:95:e8:4f:23:24:2c:f6:b9:5e:df:c5:7f:
         1e:94:93:8a:77:c5:95:41:a7:cf:8c:bb:70:ca:ec:21:1d:62:
         13:76:25:84
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3r1UQCj4dUI7Id4fgMyRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwY2M4MWZmODJjZWQ2MWFlZjg0NzZhY2U3YTBlODE4YmJh
ZThmYzQwHhcNMjQwMTAyMDYzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTlkMzQ5Y2IwM2NlZGFhNmMxODU4NmI4MGU0YjM4ODJjYWYyYzhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwzLKWgSkqzcJIztXdaPi1EvrX6DC
m+hhmRAmXHGRMqON955gyf7UN/oWEObQYFX+G62yoWo74yY08Ey+lpV/EOGKKvRP
0+D3sdasuQsJ6eJCdvSKz3Me/GpNCO/iAZa68322QybzgvOSKFSFaRrx9oLH/Pjk
Zmc59LtOlaw51nXGNwCPwzKIkDVwQ14gGSzDUCv6QbTVx4s4o1FuwoFBIr+cNldc
QV5laoRAy4faEB7YTf5fv0kSincz08Alqq8l/4amO3KR1fFYvw3OwKnyGGPluIpq
rqh62cjV1PGgcQqFNWE+YAZq6mhiAexejQYjXTcE76Ydp+UsvGr2VI4WqwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCGdNJywPO2qbBhYa4Dks4gsryyMMB8GA1UdIwQY
MBaAFEDMgf+CztYa74R2rOeg6Bi7ro/EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUU15Ql80TE8xaHJ2aEhhczU2RG9HTHV1ajhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS84ZTFmNTMtYjY3NC00MGU4LThiYjgt
ZGI1ZDg5ZThhMTdjLzEvSVowMG5MQTg3YXBzR0ZocmdPU3ppQ3l2TEl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS84ZTFmNTMtYjY3NC00MGU4LThiYjgtZGI1ZDg5ZThhMTdj
LzEvUU15Ql80TE8xaHJ2aEhhczU2RG9HTHV1ajhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAXV/RMA0E
AgACMAcDBQMqE1AAMA0GCSqGSIb3DQEBCwUAA4IBAQBtsjqvtZ22Bh5nkPEqrfrd
pY6LHyGxodgR7PYNQ5DIM+ln8dqga15MUTTRXiLw61SR2Q7hlkJMngkFS/njHPbX
8jkzu1DRYiqAVpwO1eyrAybdBwk/B98QBQiLBJrLYUAo4srDHowl3IFRBP+JTGU1
r8DNLAWLkL+/td3CUlZuubvoahWfEI5vWm5csrb2CGky4pWX78CCvFepcK36q0TV
4sBMGxmoHVY2zucIxHOMF1kA0yc97ggAPk6p2ktCTm56Vj5MIR6KqWFaijuC/DyX
kCj8KVFYKg/4xIY2ommV6E8jJCz2uV7fxX8elJOKd8WVQafPjLtwyuwhHWITdiWE
-----END CERTIFICATE-----