Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/b6ca1b-67dc-404f-8d61-32891a58337f/1/S2JIeqVnatADsANwIgcL8igAIuw.roa
File:                     S2JIeqVnatADsANwIgcL8igAIuw.roa (raw, json)
Hash identifier:          nPDXR8+CGjt70agLI7oUbX+b1WS81uWyUaf8HBMnquE=
Subject key identifier:   4B:62:48:7A:A5:67:6A:D0:03:B0:03:70:22:07:0B:F2:28:00:22:EC
Certificate issuer:       /CN=6b5157e419fb5a18ba2beaf2de545f2bb3decfd1
Certificate serial:       018CC348C156116C52F3343856CCE4E29037
Authority key identifier: 6B:51:57:E4:19:FB:5A:18:BA:2B:EA:F2:DE:54:5F:2B:B3:DE:CF:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1FX5Bn7Whi6K-ry3lRfK7Pez9E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/b6ca1b-67dc-404f-8d61-32891a58337f/1/S2JIeqVnatADsANwIgcL8igAIuw.roa
Signing time:             Mon 01 Jan 2024 04:29:34 +0000
ROA not before:           Mon 01 Jan 2024 04:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60698
IP address blocks:        193.17.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/b6ca1b-67dc-404f-8d61-32891a58337f/1/a1FX5Bn7Whi6K-ry3lRfK7Pez9E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/b6ca1b-67dc-404f-8d61-32891a58337f/1/a1FX5Bn7Whi6K-ry3lRfK7Pez9E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1FX5Bn7Whi6K-ry3lRfK7Pez9E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 07:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c1:56:11:6c:52:f3:34:38:56:cc:e4:e2:90:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5157e419fb5a18ba2beaf2de545f2bb3decfd1
        Validity
            Not Before: Jan  1 04:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b62487aa5676ad003b0037022070bf2280022ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:ea:a0:45:01:e3:ef:0b:80:61:54:5a:61:bf:
                    bc:c5:a2:17:47:98:43:e6:d6:3c:f4:01:7b:ac:f9:
                    e6:a0:bf:a2:68:45:dc:20:1d:f1:c1:e9:b0:87:95:
                    18:ee:9e:98:12:fd:a5:e2:81:8b:67:03:e3:66:e1:
                    14:b9:0a:70:29:5e:6c:eb:bb:e2:0b:70:32:77:24:
                    cf:f8:b7:40:17:31:50:f3:66:78:91:87:d4:0e:1a:
                    75:2d:96:f9:41:8f:ab:18:6e:32:74:f3:ee:1d:65:
                    0d:29:29:d0:3e:b6:56:46:63:93:62:b1:5f:91:96:
                    8a:d5:05:ef:c7:b3:a6:43:e6:f6:9d:30:1b:90:17:
                    c1:65:51:a3:57:f3:85:a8:e7:48:fd:57:6c:85:95:
                    1f:9b:50:dd:c4:8f:32:04:26:36:8c:c0:f7:32:08:
                    5a:8e:fb:8d:a6:2f:dd:40:57:7e:14:3d:c8:1a:21:
                    1b:82:0d:17:69:43:b4:68:34:95:14:ed:4b:50:84:
                    28:db:f1:bc:97:16:3a:36:79:52:80:a4:3b:74:4d:
                    14:03:3a:ad:ac:06:89:d1:5a:dd:6d:55:a3:12:76:
                    cb:98:ef:a1:c9:ae:b1:48:6a:57:d6:ac:61:1e:cb:
                    bf:dc:48:d3:ad:2c:08:c5:6b:15:22:1e:49:55:bf:
                    20:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:62:48:7A:A5:67:6A:D0:03:B0:03:70:22:07:0B:F2:28:00:22:EC
            X509v3 Authority Key Identifier:
                keyid:6B:51:57:E4:19:FB:5A:18:BA:2B:EA:F2:DE:54:5F:2B:B3:DE:CF:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1FX5Bn7Whi6K-ry3lRfK7Pez9E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/b6ca1b-67dc-404f-8d61-32891a58337f/1/S2JIeqVnatADsANwIgcL8igAIuw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/b6ca1b-67dc-404f-8d61-32891a58337f/1/a1FX5Bn7Whi6K-ry3lRfK7Pez9E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.17.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:ac:bb:ce:36:37:26:1e:39:e3:c6:a8:2c:df:ec:0a:2f:90:
         9f:27:b2:a1:fb:b0:a0:c7:56:91:26:8d:7e:15:ed:b2:d5:d6:
         7a:26:b3:38:51:58:2c:3f:6f:de:8f:d3:5f:42:5e:20:33:bb:
         85:6d:e2:98:64:9f:21:20:1e:a5:b5:00:ed:6d:5c:7e:30:c7:
         98:1f:e9:a7:ef:3a:c0:46:db:6d:c1:0a:c4:52:b4:0a:fe:73:
         6e:cf:13:2e:f5:4d:44:b9:a2:79:2f:0c:bf:61:30:f6:a5:9f:
         f0:28:a3:0b:3b:04:df:11:c4:0a:27:b0:59:d9:bf:58:0b:47:
         0d:4a:90:28:ed:be:17:de:a0:9b:ec:c0:48:ab:05:42:8a:39:
         1e:e9:43:bb:d2:fb:44:f6:e7:2c:6a:ca:af:a7:f0:bd:be:59:
         96:11:ff:29:0c:e1:a1:63:00:62:a8:8b:be:d0:85:5c:25:51:
         45:c2:cc:e9:1d:49:6f:e4:91:a1:7a:83:ee:ee:1e:8d:eb:f4:
         08:4b:73:d5:a0:1b:bd:11:ef:f7:5e:ad:75:09:84:d5:2f:26:
         8e:eb:6e:35:41:28:41:4f:a5:dc:c7:ea:0c:7b:44:6b:1c:3d:
         85:6c:8f:7c:7c:45:18:7c:94:29:ff:3d:fe:ad:2f:8b:6e:1b:
         53:59:0d:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSMFWEWxS8zQ4Vszk4pA3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNTE1N2U0MTlmYjVhMThiYTJiZWFmMmRlNTQ1ZjJiYjNk
ZWNmZDEwHhcNMjQwMTAxMDQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjYyNDg3YWE1Njc2YWQwMDNiMDAzNzAyMjA3MGJmMjI4MDAyMmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhOqgRQHj7wuAYVRaYb+8xaIXR5hD
5tY89AF7rPnmoL+iaEXcIB3xwemwh5UY7p6YEv2l4oGLZwPjZuEUuQpwKV5s67vi
C3AydyTP+LdAFzFQ82Z4kYfUDhp1LZb5QY+rGG4ydPPuHWUNKSnQPrZWRmOTYrFf
kZaK1QXvx7OmQ+b2nTAbkBfBZVGjV/OFqOdI/VdshZUfm1DdxI8yBCY2jMD3Mgha
jvuNpi/dQFd+FD3IGiEbgg0XaUO0aDSVFO1LUIQo2/G8lxY6NnlSgKQ7dE0UAzqt
rAaJ0VrdbVWjEnbLmO+hya6xSGpX1qxhHsu/3EjTrSwIxWsVIh5JVb8gSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEtiSHqlZ2rQA7ADcCIHC/IoACLsMB8GA1UdIwQY
MBaAFGtRV+QZ+1oYuivq8t5UXyuz3s/RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFGWDVCbjdXaGk2Sy1yeTNsUmZLN1BlejlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC9iNmNhMWItNjdkYy00MDRmLThkNjEt
MzI4OTFhNTgzMzdmLzEvUzJKSWVxVm5hdEFEc0FOd0lnY0w4aWdBSXV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC9iNmNhMWItNjdkYy00MDRmLThkNjEtMzI4OTFhNTgzMzdm
LzEvYTFGWDVCbjdXaGk2Sy1yeTNsUmZLN1BlejlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRFeMA0G
CSqGSIb3DQEBCwUAA4IBAQA6rLvONjcmHjnjxqgs3+wKL5CfJ7Kh+7Cgx1aRJo1+
Fe2y1dZ6JrM4UVgsP2/ej9NfQl4gM7uFbeKYZJ8hIB6ltQDtbVx+MMeYH+mn7zrA
RtttwQrEUrQK/nNuzxMu9U1EuaJ5Lwy/YTD2pZ/wKKMLOwTfEcQKJ7BZ2b9YC0cN
SpAo7b4X3qCb7MBIqwVCijke6UO70vtE9ucsasqvp/C9vlmWEf8pDOGhYwBiqIu+
0IVcJVFFwszpHUlv5JGheoPu7h6N6/QIS3PVoBu9Ee/3Xq11CYTVLyaO6241QShB
T6Xcx+oMe0RrHD2FbI98fEUYfJQp/z3+rS+LbhtTWQ2G
-----END CERTIFICATE-----