Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/a596e2-29d2-48c6-9bab-5cbd1f3ff39a/1/9TN7OmpBTn3odCM4kFVbjFdPlSk.roa
File:                     9TN7OmpBTn3odCM4kFVbjFdPlSk.roa (raw, json)
Hash identifier:          D2iAXvZ/ZlDvtU4hQEIQKTsba+VOrpYMfTEtVYKDmew=
Subject key identifier:   F5:33:7B:3A:6A:41:4E:7D:E8:74:23:38:90:55:5B:8C:57:4F:95:29
Certificate issuer:       /CN=122a646bed4c417a6b4805f93d77a7a465e34b93
Certificate serial:       018CC726D8285A1CD4DECCD3D7BC86FB80CC
Authority key identifier: 12:2A:64:6B:ED:4C:41:7A:6B:48:05:F9:3D:77:A7:A4:65:E3:4B:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Eipka-1MQXprSAX5PXenpGXjS5M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/a596e2-29d2-48c6-9bab-5cbd1f3ff39a/1/9TN7OmpBTn3odCM4kFVbjFdPlSk.roa
Signing time:             Mon 01 Jan 2024 22:31:00 +0000
ROA not before:           Mon 01 Jan 2024 22:31:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205148
IP address blocks:        93.159.187.0/24 maxlen: 24
                          2a00:1578:100::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/a596e2-29d2-48c6-9bab-5cbd1f3ff39a/1/Eipka-1MQXprSAX5PXenpGXjS5M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/a596e2-29d2-48c6-9bab-5cbd1f3ff39a/1/Eipka-1MQXprSAX5PXenpGXjS5M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Eipka-1MQXprSAX5PXenpGXjS5M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:d8:28:5a:1c:d4:de:cc:d3:d7:bc:86:fb:80:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=122a646bed4c417a6b4805f93d77a7a465e34b93
        Validity
            Not Before: Jan  1 22:31:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5337b3a6a414e7de874233890555b8c574f9529
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:7d:38:c0:09:9a:97:a5:9c:fd:e6:9b:a4:de:
                    4a:a5:1f:d3:b1:b6:7c:8f:e4:5f:f4:78:cc:9c:fd:
                    de:08:bc:c1:6d:43:07:41:4a:ca:58:a8:3c:3e:d6:
                    9f:fb:d5:0b:cc:f7:a2:cb:ce:9d:00:33:c5:4f:54:
                    a0:a8:9a:53:8f:49:dc:a5:2a:78:6c:a6:2d:f1:11:
                    b2:78:57:85:48:f4:27:ab:98:76:4b:91:d0:a6:02:
                    62:27:5f:67:12:b0:00:3e:e3:f1:a4:5f:b2:74:5b:
                    f7:38:d7:ce:d6:9c:4d:b0:43:76:87:59:c7:43:c4:
                    48:66:d8:00:33:6b:78:e6:a7:31:b2:2a:4c:2e:01:
                    ff:e0:7d:8f:79:54:09:09:92:32:91:54:6f:3f:05:
                    38:a4:45:28:dc:03:b1:cc:3d:bf:91:58:20:00:4a:
                    4f:2c:1c:fa:df:fe:89:75:02:ba:57:18:71:a5:d6:
                    a7:5a:f2:53:8f:74:8a:e4:c4:73:14:b7:18:45:68:
                    b8:7d:78:70:b5:0f:de:93:18:33:a1:18:41:86:60:
                    fd:8b:b3:aa:dc:09:5d:e4:f3:8f:11:5c:de:9b:4d:
                    f7:70:3e:58:ce:d0:9f:d7:37:af:fd:01:0f:4a:9d:
                    4c:6e:9e:3e:fb:5e:16:7b:44:dc:68:7b:ec:ea:e2:
                    58:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:33:7B:3A:6A:41:4E:7D:E8:74:23:38:90:55:5B:8C:57:4F:95:29
            X509v3 Authority Key Identifier:
                keyid:12:2A:64:6B:ED:4C:41:7A:6B:48:05:F9:3D:77:A7:A4:65:E3:4B:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Eipka-1MQXprSAX5PXenpGXjS5M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/a596e2-29d2-48c6-9bab-5cbd1f3ff39a/1/9TN7OmpBTn3odCM4kFVbjFdPlSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/a596e2-29d2-48c6-9bab-5cbd1f3ff39a/1/Eipka-1MQXprSAX5PXenpGXjS5M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.159.187.0/24
                IPv6:
                  2a00:1578:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         56:8c:23:2d:64:13:19:82:d7:0b:19:f3:de:68:f7:4b:5b:ed:
         5b:c0:82:0d:d9:a2:42:97:31:7c:42:e7:42:ac:d5:36:6b:f1:
         d4:30:a8:a1:78:b2:96:30:5b:48:46:a2:14:92:b5:73:47:e9:
         8d:d2:69:d3:5c:56:c4:63:7d:e5:75:53:b8:92:ae:fe:8a:0a:
         aa:30:82:86:18:e3:1f:12:16:57:e5:79:50:94:57:39:bf:d7:
         2c:28:a5:ca:b2:c7:94:35:65:16:0f:be:49:ce:59:33:5a:4d:
         6c:22:96:5f:a8:24:79:73:7b:31:f8:25:8a:d3:f2:fe:5f:e3:
         a4:fc:08:9d:36:a9:46:28:95:99:33:ab:1b:85:e3:42:be:a4:
         a7:a6:af:9d:46:d3:be:d2:db:da:01:3e:36:04:08:81:3c:f6:
         2c:91:72:26:7d:86:7e:0f:91:6c:2a:30:3d:78:92:59:c4:c8:
         5d:d3:de:46:22:a0:0a:0e:93:ae:5c:a0:b7:c3:bb:07:df:75:
         d8:c8:3c:a0:31:94:19:6d:f6:64:3c:97:05:9b:30:b0:3f:91:
         24:d2:5a:7e:1b:1e:5d:aa:2b:04:1b:6b:4a:d2:14:7d:79:2e:
         40:37:bc:67:69:52:05:48:79:60:f5:03:70:3d:1a:4c:2b:f9:
         1e:13:83:dd
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzHJtgoWhzU3szT17yG+4DMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMmE2NDZiZWQ0YzQxN2E2YjQ4MDVmOTNkNzdhN2E0NjVl
MzRiOTMwHhcNMjQwMTAxMjIzMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTMzN2IzYTZhNDE0ZTdkZTg3NDIzMzg5MDU1NWI4YzU3NGY5NTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkn04wAmal6Wc/eabpN5KpR/TsbZ8
j+Rf9HjMnP3eCLzBbUMHQUrKWKg8Ptaf+9ULzPeiy86dADPFT1SgqJpTj0ncpSp4
bKYt8RGyeFeFSPQnq5h2S5HQpgJiJ19nErAAPuPxpF+ydFv3ONfO1pxNsEN2h1nH
Q8RIZtgAM2t45qcxsipMLgH/4H2PeVQJCZIykVRvPwU4pEUo3AOxzD2/kVggAEpP
LBz63/6JdQK6VxhxpdanWvJTj3SK5MRzFLcYRWi4fXhwtQ/ekxgzoRhBhmD9i7Oq
3Ald5POPEVzem033cD5YztCf1zev/QEPSp1Mbp4++14We0TcaHvs6uJY2QIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFPUzezpqQU596HQjOJBVW4xXT5UpMB8GA1UdIwQY
MBaAFBIqZGvtTEF6a0gF+T13p6Rl40uTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWlwa2EtMU1RWHByU0FYNVBYZW5wR1hqUzVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9hNTk2ZTItMjlkMi00OGM2LTliYWIt
NWNiZDFmM2ZmMzlhLzEvOVRON09tcEJUbjNvZENNNGtGVmJqRmRQbFNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9hNTk2ZTItMjlkMi00OGM2LTliYWItNWNiZDFmM2ZmMzlh
LzEvRWlwa2EtMU1RWHByU0FYNVBYZW5wR1hqUzVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAXZ+7MA4E
AgACMAgDBgAqABV4ATANBgkqhkiG9w0BAQsFAAOCAQEAVowjLWQTGYLXCxnz3mj3
S1vtW8CCDdmiQpcxfELnQqzVNmvx1DCooXiyljBbSEaiFJK1c0fpjdJp01xWxGN9
5XVTuJKu/ooKqjCChhjjHxIWV+V5UJRXOb/XLCilyrLHlDVlFg++Sc5ZM1pNbCKW
X6gkeXN7MfglitPy/l/jpPwInTapRiiVmTOrG4XjQr6kp6avnUbTvtLb2gE+NgQI
gTz2LJFyJn2Gfg+RbCowPXiSWcTIXdPeRiKgCg6Trlygt8O7B9912Mg8oDGUGW32
ZDyXBZswsD+RJNJafhseXaorBBtrStIUfXkuQDe8Z2lSBUh5YPUDcD0aTCv5HhOD
3Q==
-----END CERTIFICATE-----