Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/a596e2-29d2-48c6-9bab-5cbd1f3ff39a/1/TDwa1TTwLjVDtFs-gXbaBFqZjlo.roa
File:                     TDwa1TTwLjVDtFs-gXbaBFqZjlo.roa (raw, json)
Hash identifier:          abYyLyF9btDLa+MWiQ1DhP15ezK/uvuyBpLKAfH9MgY=
Subject key identifier:   4C:3C:1A:D5:34:F0:2E:35:43:B4:5B:3E:81:76:DA:04:5A:99:8E:5A
Certificate issuer:       /CN=122a646bed4c417a6b4805f93d77a7a465e34b93
Certificate serial:       018CC726D75DAB27F96EB55CB48697BCEF7F
Authority key identifier: 12:2A:64:6B:ED:4C:41:7A:6B:48:05:F9:3D:77:A7:A4:65:E3:4B:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Eipka-1MQXprSAX5PXenpGXjS5M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/a596e2-29d2-48c6-9bab-5cbd1f3ff39a/1/TDwa1TTwLjVDtFs-gXbaBFqZjlo.roa
Signing time:             Mon 01 Jan 2024 22:31:00 +0000
ROA not before:           Mon 01 Jan 2024 22:31:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202061
IP address blocks:        93.159.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/a596e2-29d2-48c6-9bab-5cbd1f3ff39a/1/Eipka-1MQXprSAX5PXenpGXjS5M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/a596e2-29d2-48c6-9bab-5cbd1f3ff39a/1/Eipka-1MQXprSAX5PXenpGXjS5M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Eipka-1MQXprSAX5PXenpGXjS5M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:d7:5d:ab:27:f9:6e:b5:5c:b4:86:97:bc:ef:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=122a646bed4c417a6b4805f93d77a7a465e34b93
        Validity
            Not Before: Jan  1 22:31:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c3c1ad534f02e3543b45b3e8176da045a998e5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:5f:90:49:9c:70:ff:7a:22:fd:04:f0:de:bf:
                    72:30:e0:8a:21:c9:75:64:46:d2:45:61:2b:53:7e:
                    30:3f:cd:60:52:a1:3e:f7:45:c1:fa:50:64:84:97:
                    ee:f2:11:1b:bc:19:ee:c9:3b:04:1a:4d:28:e6:b4:
                    d8:b8:d9:0a:9c:7b:e7:49:58:79:ad:76:13:7e:7a:
                    f3:52:00:b3:31:fc:a4:3c:b3:72:9b:48:f6:87:90:
                    b8:2f:8f:e0:04:64:72:1d:16:9a:59:c4:85:02:b8:
                    bf:29:3d:c1:0c:68:a9:c2:da:72:0f:1b:9a:5b:f2:
                    98:b6:2b:37:27:46:17:a2:cf:90:bd:fe:11:61:83:
                    79:47:ac:7b:e1:dd:c1:92:84:8d:6a:ef:d3:2b:ab:
                    ee:33:80:52:2a:4a:c8:53:14:fc:53:b5:c7:88:62:
                    03:11:70:25:6f:09:8b:76:17:7e:22:29:09:a9:37:
                    f7:e7:61:ec:1f:13:c6:b7:dd:79:d1:56:4a:e5:3c:
                    63:9e:03:54:42:7e:86:4a:45:0e:98:3a:73:a8:8c:
                    c2:bb:cc:55:63:c6:db:ca:f0:73:90:85:e0:bc:7d:
                    2c:fa:c0:57:b3:fb:16:e3:5a:0c:03:eb:6e:5f:3a:
                    8f:e2:fa:91:a0:14:f0:06:59:aa:c0:e9:3d:e6:51:
                    60:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:3C:1A:D5:34:F0:2E:35:43:B4:5B:3E:81:76:DA:04:5A:99:8E:5A
            X509v3 Authority Key Identifier:
                keyid:12:2A:64:6B:ED:4C:41:7A:6B:48:05:F9:3D:77:A7:A4:65:E3:4B:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Eipka-1MQXprSAX5PXenpGXjS5M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/a596e2-29d2-48c6-9bab-5cbd1f3ff39a/1/TDwa1TTwLjVDtFs-gXbaBFqZjlo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/a596e2-29d2-48c6-9bab-5cbd1f3ff39a/1/Eipka-1MQXprSAX5PXenpGXjS5M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.159.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:a0:d1:0f:d2:20:38:b2:3a:d4:d6:02:b8:3a:32:b6:db:94:
         8d:6b:35:23:e5:5e:d4:1d:07:71:6b:5b:f9:3d:94:a3:f7:4b:
         f1:83:da:21:e3:ef:f3:86:71:20:d9:f8:83:92:27:7d:e4:e0:
         a9:e0:ae:2b:64:6a:84:f3:05:05:19:0d:22:27:6d:3f:45:09:
         65:cb:a9:66:c6:e3:fc:ea:6b:97:e6:d9:0e:a1:52:2d:ee:08:
         48:d3:e0:47:b3:48:d8:8c:c3:22:58:4e:ab:ed:9a:a0:7a:92:
         37:48:19:85:76:ae:8c:74:da:bf:09:05:8d:27:ab:1f:1f:87:
         e0:fc:7e:e8:21:c1:4e:e8:ca:1a:bf:15:c6:e0:6b:6f:4e:a3:
         94:48:38:48:d1:2d:07:01:d8:20:5d:e8:c2:09:95:4b:c9:20:
         c5:fa:d7:56:b1:9d:0a:5e:d4:89:f6:09:1c:6c:bd:7c:72:18:
         5b:f2:5e:83:e9:33:7c:e0:b9:dd:ab:81:b6:2e:b9:cd:26:02:
         c2:70:6a:8c:a5:ac:d4:f5:ba:3c:4a:23:0d:86:21:87:ad:b3:
         69:2c:e7:59:dc:60:ea:7c:cf:01:53:97:d9:30:e7:15:7f:81:
         f6:8f:23:8c:17:cf:9d:63:b6:64:e4:28:b7:70:f6:67:90:b4:
         2b:78:66:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJtddqyf5brVctIaXvO9/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMmE2NDZiZWQ0YzQxN2E2YjQ4MDVmOTNkNzdhN2E0NjVl
MzRiOTMwHhcNMjQwMTAxMjIzMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzNjMWFkNTM0ZjAyZTM1NDNiNDViM2U4MTc2ZGEwNDVhOTk4ZTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoV+QSZxw/3oi/QTw3r9yMOCKIcl1
ZEbSRWErU34wP81gUqE+90XB+lBkhJfu8hEbvBnuyTsEGk0o5rTYuNkKnHvnSVh5
rXYTfnrzUgCzMfykPLNym0j2h5C4L4/gBGRyHRaaWcSFAri/KT3BDGipwtpyDxua
W/KYtis3J0YXos+Qvf4RYYN5R6x74d3BkoSNau/TK6vuM4BSKkrIUxT8U7XHiGID
EXAlbwmLdhd+IikJqTf352HsHxPGt9150VZK5TxjngNUQn6GSkUOmDpzqIzCu8xV
Y8bbyvBzkIXgvH0s+sBXs/sW41oMA+tuXzqP4vqRoBTwBlmqwOk95lFg1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEw8GtU08C41Q7RbPoF22gRamY5aMB8GA1UdIwQY
MBaAFBIqZGvtTEF6a0gF+T13p6Rl40uTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWlwa2EtMU1RWHByU0FYNVBYZW5wR1hqUzVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9hNTk2ZTItMjlkMi00OGM2LTliYWIt
NWNiZDFmM2ZmMzlhLzEvVER3YTFUVHdMalZEdEZzLWdYYmFCRnFaamxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9hNTk2ZTItMjlkMi00OGM2LTliYWItNWNiZDFmM2ZmMzlh
LzEvRWlwa2EtMU1RWHByU0FYNVBYZW5wR1hqUzVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXZ+5MA0G
CSqGSIb3DQEBCwUAA4IBAQAuoNEP0iA4sjrU1gK4OjK225SNazUj5V7UHQdxa1v5
PZSj90vxg9oh4+/zhnEg2fiDkid95OCp4K4rZGqE8wUFGQ0iJ20/RQlly6lmxuP8
6muX5tkOoVIt7ghI0+BHs0jYjMMiWE6r7ZqgepI3SBmFdq6MdNq/CQWNJ6sfH4fg
/H7oIcFO6MoavxXG4GtvTqOUSDhI0S0HAdggXejCCZVLySDF+tdWsZ0KXtSJ9gkc
bL18chhb8l6D6TN84Lndq4G2LrnNJgLCcGqMpazU9bo8SiMNhiGHrbNpLOdZ3GDq
fM8BU5fZMOcVf4H2jyOMF8+dY7Zk5Ci3cPZnkLQreGYP
-----END CERTIFICATE-----