Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/a596e2-29d2-48c6-9bab-5cbd1f3ff39a/1/ZAjtpANAjrQ3gk4FFR8AwdcECZU.roa
File:                     ZAjtpANAjrQ3gk4FFR8AwdcECZU.roa (raw, json)
Hash identifier:          Em+OWKCf08xqOA5UZ8XPrswI4UzPh1hC2zQ3C/FmQjI=
Subject key identifier:   64:08:ED:A4:03:40:8E:B4:37:82:4E:05:15:1F:00:C1:D7:04:09:95
Certificate issuer:       /CN=122a646bed4c417a6b4805f93d77a7a465e34b93
Certificate serial:       018CC726D6D36516E144E205444943748973
Authority key identifier: 12:2A:64:6B:ED:4C:41:7A:6B:48:05:F9:3D:77:A7:A4:65:E3:4B:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Eipka-1MQXprSAX5PXenpGXjS5M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/a596e2-29d2-48c6-9bab-5cbd1f3ff39a/1/ZAjtpANAjrQ3gk4FFR8AwdcECZU.roa
Signing time:             Mon 01 Jan 2024 22:31:00 +0000
ROA not before:           Mon 01 Jan 2024 22:31:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199774
IP address blocks:        93.159.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/a596e2-29d2-48c6-9bab-5cbd1f3ff39a/1/Eipka-1MQXprSAX5PXenpGXjS5M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/a596e2-29d2-48c6-9bab-5cbd1f3ff39a/1/Eipka-1MQXprSAX5PXenpGXjS5M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Eipka-1MQXprSAX5PXenpGXjS5M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:d6:d3:65:16:e1:44:e2:05:44:49:43:74:89:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=122a646bed4c417a6b4805f93d77a7a465e34b93
        Validity
            Not Before: Jan  1 22:31:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6408eda403408eb437824e05151f00c1d7040995
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:c6:04:6d:96:6c:31:01:9a:96:6b:78:98:34:
                    19:a5:46:f4:5b:87:4b:05:4d:3e:0d:cd:57:cc:00:
                    55:9a:f7:2c:4c:25:f2:29:e7:17:90:18:d8:8f:fa:
                    63:44:55:38:7d:2c:fe:77:df:68:a9:96:14:23:dc:
                    e6:38:9c:b3:5c:9a:9f:63:ff:b7:77:7b:53:b5:f4:
                    45:ad:b6:4f:8a:b6:41:55:d2:7a:11:99:b4:41:8b:
                    8e:b3:55:1b:13:be:ba:b1:e3:f6:1f:cd:2b:a2:a4:
                    ca:47:c3:3e:3c:3e:48:fb:d6:c5:1d:46:a3:64:71:
                    e1:f3:24:c7:51:77:bb:97:ff:24:0d:ca:33:5d:5f:
                    36:09:40:ef:04:c8:20:11:2e:dc:fe:74:ff:09:19:
                    d5:94:0c:64:26:a4:73:1b:d0:0b:3c:5f:a1:1b:e3:
                    c2:b7:91:2a:0d:ae:51:70:df:0e:be:df:86:f5:72:
                    eb:f9:18:cf:fb:52:fd:ff:66:80:6f:20:c6:ce:b0:
                    2e:45:e7:3d:90:a2:7f:1a:8e:8a:36:59:b3:73:e2:
                    03:9b:3d:e3:8c:63:5a:f5:ff:b0:c3:cc:2f:d5:3c:
                    c8:30:27:5a:8e:52:ed:3d:c2:3e:39:cf:b1:fe:f1:
                    67:e0:bc:d1:3c:71:11:42:54:bd:1c:69:98:87:3d:
                    cf:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:08:ED:A4:03:40:8E:B4:37:82:4E:05:15:1F:00:C1:D7:04:09:95
            X509v3 Authority Key Identifier:
                keyid:12:2A:64:6B:ED:4C:41:7A:6B:48:05:F9:3D:77:A7:A4:65:E3:4B:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Eipka-1MQXprSAX5PXenpGXjS5M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/a596e2-29d2-48c6-9bab-5cbd1f3ff39a/1/ZAjtpANAjrQ3gk4FFR8AwdcECZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/a596e2-29d2-48c6-9bab-5cbd1f3ff39a/1/Eipka-1MQXprSAX5PXenpGXjS5M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.159.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:71:21:72:53:ef:85:fd:52:84:19:ad:3f:2b:7f:f8:93:c9:
         d0:cb:c7:67:34:52:a2:21:15:50:3f:a6:7a:3e:16:df:ec:a5:
         71:57:63:df:05:5a:90:86:4a:55:d7:6a:1d:a1:a2:d6:d5:3b:
         3e:23:3a:aa:d7:ba:a2:5a:84:11:8f:44:40:87:59:eb:e9:a4:
         6a:d5:7f:22:3f:15:c6:7d:9a:df:d2:83:7b:2c:ae:3d:41:d1:
         cc:1b:87:f9:08:04:59:3c:ab:bb:72:ae:c2:59:80:29:ea:ce:
         a1:38:50:33:16:d4:9c:68:5b:63:8e:a1:5e:8e:9a:96:84:5f:
         af:83:28:2f:94:d1:ec:3c:39:d6:66:e8:f4:85:d9:5b:5b:bd:
         eb:f5:f8:f6:12:d7:81:f7:be:5a:3a:7a:16:41:f6:c1:a2:f8:
         e2:85:1b:f3:cb:0e:da:6e:e3:e1:4d:cb:1a:db:5c:dd:fa:e8:
         c6:f1:fe:7e:46:02:28:77:8b:32:c7:15:d7:0a:7a:84:49:27:
         e1:85:82:51:19:fe:78:04:cb:9c:e0:33:98:f2:50:16:b9:64:
         b1:36:09:8c:f2:22:31:80:a1:05:d8:77:63:04:75:67:6d:7c:
         d1:33:f3:0f:2c:47:05:15:fd:fd:32:ca:40:c3:bf:5f:e5:71:
         7f:87:44:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJtbTZRbhROIFRElDdIlzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMmE2NDZiZWQ0YzQxN2E2YjQ4MDVmOTNkNzdhN2E0NjVl
MzRiOTMwHhcNMjQwMTAxMjIzMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDA4ZWRhNDAzNDA4ZWI0Mzc4MjRlMDUxNTFmMDBjMWQ3MDQwOTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp8YEbZZsMQGalmt4mDQZpUb0W4dL
BU0+Dc1XzABVmvcsTCXyKecXkBjYj/pjRFU4fSz+d99oqZYUI9zmOJyzXJqfY/+3
d3tTtfRFrbZPirZBVdJ6EZm0QYuOs1UbE766seP2H80roqTKR8M+PD5I+9bFHUaj
ZHHh8yTHUXe7l/8kDcozXV82CUDvBMggES7c/nT/CRnVlAxkJqRzG9ALPF+hG+PC
t5EqDa5RcN8Ovt+G9XLr+RjP+1L9/2aAbyDGzrAuRec9kKJ/Go6KNlmzc+IDmz3j
jGNa9f+ww8wv1TzIMCdajlLtPcI+Oc+x/vFn4LzRPHERQlS9HGmYhz3PkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGQI7aQDQI60N4JOBRUfAMHXBAmVMB8GA1UdIwQY
MBaAFBIqZGvtTEF6a0gF+T13p6Rl40uTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWlwa2EtMU1RWHByU0FYNVBYZW5wR1hqUzVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9hNTk2ZTItMjlkMi00OGM2LTliYWIt
NWNiZDFmM2ZmMzlhLzEvWkFqdHBBTkFqclEzZ2s0RkZSOEF3ZGNFQ1pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9hNTk2ZTItMjlkMi00OGM2LTliYWItNWNiZDFmM2ZmMzlh
LzEvRWlwa2EtMU1RWHByU0FYNVBYZW5wR1hqUzVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXZ+4MA0G
CSqGSIb3DQEBCwUAA4IBAQBWcSFyU++F/VKEGa0/K3/4k8nQy8dnNFKiIRVQP6Z6
Phbf7KVxV2PfBVqQhkpV12odoaLW1Ts+Izqq17qiWoQRj0RAh1nr6aRq1X8iPxXG
fZrf0oN7LK49QdHMG4f5CARZPKu7cq7CWYAp6s6hOFAzFtScaFtjjqFejpqWhF+v
gygvlNHsPDnWZuj0hdlbW73r9fj2EteB975aOnoWQfbBovjihRvzyw7abuPhTcsa
21zd+ujG8f5+RgIod4syxxXXCnqESSfhhYJRGf54BMuc4DOY8lAWuWSxNgmM8iIx
gKEF2HdjBHVnbXzRM/MPLEcFFf39MspAw79f5XF/h0QB
-----END CERTIFICATE-----