Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/a596e2-29d2-48c6-9bab-5cbd1f3ff39a/1/lNRs0BmJg2zqQMNQc_ixIHE9WsQ.roa
File:                     lNRs0BmJg2zqQMNQc_ixIHE9WsQ.roa (raw, json)
Hash identifier:          7Ls+3IQ8Q9VQV+f9v4gnxgD+wykLzcCXGexomxswIGQ=
Subject key identifier:   94:D4:6C:D0:19:89:83:6C:EA:40:C3:50:73:F8:B1:20:71:3D:5A:C4
Certificate issuer:       /CN=122a646bed4c417a6b4805f93d77a7a465e34b93
Certificate serial:       0194236A206D587B279711CBDACC9D0C2685
Authority key identifier: 12:2A:64:6B:ED:4C:41:7A:6B:48:05:F9:3D:77:A7:A4:65:E3:4B:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Eipka-1MQXprSAX5PXenpGXjS5M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/a596e2-29d2-48c6-9bab-5cbd1f3ff39a/1/lNRs0BmJg2zqQMNQc_ixIHE9WsQ.roa
Signing time:             Wed 01 Jan 2025 19:49:05 +0000
ROA not before:           Wed 01 Jan 2025 19:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208041
IP address blocks:        93.159.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/a596e2-29d2-48c6-9bab-5cbd1f3ff39a/1/Eipka-1MQXprSAX5PXenpGXjS5M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/a596e2-29d2-48c6-9bab-5cbd1f3ff39a/1/Eipka-1MQXprSAX5PXenpGXjS5M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Eipka-1MQXprSAX5PXenpGXjS5M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 02:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:20:6d:58:7b:27:97:11:cb:da:cc:9d:0c:26:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=122a646bed4c417a6b4805f93d77a7a465e34b93
        Validity
            Not Before: Jan  1 19:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=94d46cd01989836cea40c35073f8b120713d5ac4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:7f:95:98:04:41:05:43:d4:53:04:90:be:f5:
                    10:fb:c3:9d:01:4e:a9:c3:a3:52:5f:06:a6:7c:63:
                    ff:32:fc:af:d5:53:ef:e1:e2:06:00:41:9f:24:b6:
                    b8:dd:1c:20:3e:11:20:f5:4e:e5:43:c4:9f:1d:b3:
                    07:8a:50:81:ab:dd:b8:6c:99:46:dd:58:12:13:3c:
                    d1:2a:a5:e4:87:ca:f0:74:82:90:e5:89:93:0f:d3:
                    fe:76:5e:08:c5:ac:20:cb:70:7e:23:1c:f9:3d:ef:
                    2f:2a:7d:e4:df:2c:74:fc:48:9e:d4:4b:f6:9c:8d:
                    40:35:cc:3f:0d:11:47:20:7d:0b:7f:a8:ec:65:b3:
                    0b:95:aa:c5:bf:31:74:0d:47:46:c1:ac:29:c0:cc:
                    12:d4:04:eb:a3:81:f9:dd:8c:cc:03:b3:7e:76:f4:
                    e2:0d:f5:50:77:a0:14:37:a1:1c:ea:96:ac:f1:e6:
                    97:4c:1d:93:46:83:1d:be:96:50:e9:d0:ea:0d:3a:
                    88:40:6a:b3:89:51:13:11:22:0b:d6:83:4a:03:e4:
                    49:45:78:ad:20:ae:15:25:58:41:c6:9d:ee:db:2d:
                    25:80:74:98:1e:15:93:a0:81:d0:7b:1b:e0:3b:20:
                    9c:94:fc:8d:1d:00:14:7b:fa:9f:e9:10:55:a4:40:
                    e6:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:D4:6C:D0:19:89:83:6C:EA:40:C3:50:73:F8:B1:20:71:3D:5A:C4
            X509v3 Authority Key Identifier:
                keyid:12:2A:64:6B:ED:4C:41:7A:6B:48:05:F9:3D:77:A7:A4:65:E3:4B:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Eipka-1MQXprSAX5PXenpGXjS5M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/a596e2-29d2-48c6-9bab-5cbd1f3ff39a/1/lNRs0BmJg2zqQMNQc_ixIHE9WsQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/a596e2-29d2-48c6-9bab-5cbd1f3ff39a/1/Eipka-1MQXprSAX5PXenpGXjS5M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.159.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:fa:93:d5:f9:c8:37:a5:79:74:ba:5e:72:63:ba:49:20:7d:
         40:92:a8:8c:84:45:3b:91:d5:c0:fd:c4:e6:37:4c:ff:11:31:
         2b:a7:03:a4:13:be:98:22:46:75:1b:56:d1:7a:99:85:0a:0a:
         7d:d1:06:66:31:06:7f:27:ca:a3:65:84:b0:48:52:f0:4f:a6:
         79:0c:c9:08:e3:f2:23:a3:6f:fb:50:8a:0b:47:87:11:59:df:
         00:b1:10:c4:54:27:21:d1:6a:db:3a:9d:59:27:7f:73:12:de:
         f2:ea:94:9c:66:ae:2e:26:b1:fc:35:9f:e4:ad:2a:72:03:d8:
         7b:b7:de:e7:31:69:db:2c:ae:f0:88:b8:3d:cb:8b:ea:bb:ac:
         35:2d:d9:17:b5:66:ac:38:b8:01:7a:c5:31:13:29:80:26:44:
         e9:66:ad:40:65:3c:a6:5c:de:3a:77:e1:2f:98:db:b8:da:03:
         3a:95:33:78:8d:1d:97:02:99:52:5f:bb:4a:00:2b:e2:6b:53:
         df:28:45:d2:26:6f:87:91:79:b7:7d:f0:68:81:4c:6c:a4:d1:
         87:be:13:97:4e:7a:7d:e2:7b:72:74:a9:d4:16:0c:a2:35:77:
         d8:8f:b2:1a:ee:ea:75:65:9a:9f:02:58:32:0a:0d:7e:69:09:
         ee:3a:42:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaiBtWHsnlxHL2sydDCaFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMmE2NDZiZWQ0YzQxN2E2YjQ4MDVmOTNkNzdhN2E0NjVl
MzRiOTMwHhcNMjUwMTAxMTk0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGQ0NmNkMDE5ODk4MzZjZWE0MGMzNTA3M2Y4YjEyMDcxM2Q1YWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1X+VmARBBUPUUwSQvvUQ+8OdAU6p
w6NSXwamfGP/Mvyv1VPv4eIGAEGfJLa43RwgPhEg9U7lQ8SfHbMHilCBq924bJlG
3VgSEzzRKqXkh8rwdIKQ5YmTD9P+dl4Ixawgy3B+Ixz5Pe8vKn3k3yx0/Eie1Ev2
nI1ANcw/DRFHIH0Lf6jsZbMLlarFvzF0DUdGwawpwMwS1ATro4H53YzMA7N+dvTi
DfVQd6AUN6Ec6pas8eaXTB2TRoMdvpZQ6dDqDTqIQGqziVETESIL1oNKA+RJRXit
IK4VJVhBxp3u2y0lgHSYHhWToIHQexvgOyCclPyNHQAUe/qf6RBVpEDmDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJTUbNAZiYNs6kDDUHP4sSBxPVrEMB8GA1UdIwQY
MBaAFBIqZGvtTEF6a0gF+T13p6Rl40uTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWlwa2EtMU1RWHByU0FYNVBYZW5wR1hqUzVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9hNTk2ZTItMjlkMi00OGM2LTliYWIt
NWNiZDFmM2ZmMzlhLzEvbE5SczBCbUpnMnpxUU1OUWNfaXhJSEU5V3NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9hNTk2ZTItMjlkMi00OGM2LTliYWItNWNiZDFmM2ZmMzlh
LzEvRWlwa2EtMU1RWHByU0FYNVBYZW5wR1hqUzVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXZ+zMA0G
CSqGSIb3DQEBCwUAA4IBAQAa+pPV+cg3pXl0ul5yY7pJIH1AkqiMhEU7kdXA/cTm
N0z/ETErpwOkE76YIkZ1G1bRepmFCgp90QZmMQZ/J8qjZYSwSFLwT6Z5DMkI4/Ij
o2/7UIoLR4cRWd8AsRDEVCch0WrbOp1ZJ39zEt7y6pScZq4uJrH8NZ/krSpyA9h7
t97nMWnbLK7wiLg9y4vqu6w1LdkXtWasOLgBesUxEymAJkTpZq1AZTymXN46d+Ev
mNu42gM6lTN4jR2XAplSX7tKACvia1PfKEXSJm+HkXm3ffBogUxspNGHvhOXTnp9
4ntydKnUFgyiNXfYj7Ia7up1ZZqfAlgyCg1+aQnuOkKK
-----END CERTIFICATE-----