Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/ede94e-ba2a-41ee-b12c-e0534e23859b/1/0yXRRx15MWWb4CasqTCuI_SEXSU.roa
File:                     0yXRRx15MWWb4CasqTCuI_SEXSU.roa (raw, json)
Hash identifier:          k/5ZFNKNxSmK93TZF+kMmnaN6kmjp1xQ8K9lWeJeRbg=
Subject key identifier:   D3:25:D1:47:1D:79:31:65:9B:E0:26:AC:A9:30:AE:23:F4:84:5D:25
Certificate issuer:       /CN=e6596f1b163cab0c45a84eeb13261b65f1a22962
Certificate serial:       018CC649996E654FC97805E5AD782705E4E1
Authority key identifier: E6:59:6F:1B:16:3C:AB:0C:45:A8:4E:EB:13:26:1B:65:F1:A2:29:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5llvGxY8qwxFqE7rEyYbZfGiKWI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/ede94e-ba2a-41ee-b12c-e0534e23859b/1/0yXRRx15MWWb4CasqTCuI_SEXSU.roa
Signing time:             Mon 01 Jan 2024 18:29:21 +0000
ROA not before:           Mon 01 Jan 2024 18:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35007
IP address blocks:        93.105.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/ede94e-ba2a-41ee-b12c-e0534e23859b/1/5llvGxY8qwxFqE7rEyYbZfGiKWI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/ede94e-ba2a-41ee-b12c-e0534e23859b/1/5llvGxY8qwxFqE7rEyYbZfGiKWI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5llvGxY8qwxFqE7rEyYbZfGiKWI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:99:6e:65:4f:c9:78:05:e5:ad:78:27:05:e4:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e6596f1b163cab0c45a84eeb13261b65f1a22962
        Validity
            Not Before: Jan  1 18:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d325d1471d7931659be026aca930ae23f4845d25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:cf:ec:68:4d:6a:a0:e9:3e:c4:5f:f7:e9:8c:
                    43:59:8b:b2:75:b2:96:71:da:a5:54:07:b2:98:0b:
                    20:8f:e4:66:65:f3:68:6f:94:19:01:91:2a:4b:e0:
                    ff:44:56:9d:fe:5f:af:1a:f9:56:50:52:39:c6:c7:
                    17:9d:71:55:57:81:3b:86:70:f6:27:02:a5:7c:ac:
                    b5:de:31:fa:88:c1:0b:9e:64:84:8e:f4:5d:2f:62:
                    0d:88:85:db:ac:49:a5:c0:41:82:43:ee:66:ee:ac:
                    bb:75:00:6d:4d:f0:04:5d:24:b8:54:9d:55:4a:32:
                    a9:e5:67:70:c4:f6:20:0a:cc:02:1f:8c:2e:53:61:
                    9a:66:92:7d:20:cb:20:98:d6:7b:f3:22:c9:ac:df:
                    23:e2:11:db:a8:ba:fb:94:ea:10:23:8b:08:80:9d:
                    30:09:6e:3f:6d:cb:cf:94:6f:08:48:44:69:eb:59:
                    65:c7:04:dc:01:0e:61:0b:14:be:f3:56:fb:d1:c4:
                    cd:d7:7e:10:a3:57:0c:e2:a2:48:73:37:a9:d3:e2:
                    ce:1c:52:4a:d6:13:00:23:50:48:0f:34:e5:98:36:
                    93:89:7d:c0:7b:78:8a:00:13:59:b4:c6:64:0f:39:
                    27:30:e8:7b:16:54:8b:31:3a:cb:b1:21:a6:08:21:
                    34:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:25:D1:47:1D:79:31:65:9B:E0:26:AC:A9:30:AE:23:F4:84:5D:25
            X509v3 Authority Key Identifier:
                keyid:E6:59:6F:1B:16:3C:AB:0C:45:A8:4E:EB:13:26:1B:65:F1:A2:29:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5llvGxY8qwxFqE7rEyYbZfGiKWI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/ede94e-ba2a-41ee-b12c-e0534e23859b/1/0yXRRx15MWWb4CasqTCuI_SEXSU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/ede94e-ba2a-41ee-b12c-e0534e23859b/1/5llvGxY8qwxFqE7rEyYbZfGiKWI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.105.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:64:38:13:da:3c:54:c8:39:25:01:9a:e1:b7:60:7e:03:07:
         ed:29:41:74:5c:39:59:a8:6b:c4:57:6a:b9:7c:5e:b0:29:97:
         87:a7:d6:c0:27:57:00:68:20:0d:3d:37:3a:05:f2:64:64:f5:
         bc:74:ae:67:d2:0d:87:e2:79:20:57:c6:a9:d9:d3:6a:76:b2:
         71:ac:a7:e8:49:d9:04:58:25:ef:f3:c8:4a:cc:3f:e1:03:b8:
         a2:bb:2a:7c:16:82:cd:de:5a:c0:55:d0:b5:46:0e:bb:c4:7b:
         a9:e0:79:27:3a:34:e0:e3:2b:63:dc:20:8c:37:b8:36:5a:5c:
         9d:25:44:87:6b:a8:b7:a0:ab:2e:68:31:ed:75:52:24:d4:ee:
         3a:8e:d1:e8:9e:8b:c6:b8:0d:08:d1:4b:10:12:fc:56:9d:9c:
         7f:c4:33:5d:ea:9b:3c:77:3f:ac:58:79:76:2d:6a:67:6b:43:
         3e:c3:61:b7:90:ce:02:90:46:af:1d:9e:a5:37:32:d6:39:30:
         d3:66:b2:05:52:91:1e:5a:a2:45:13:a1:fb:84:4a:bf:c6:a3:
         7f:71:46:5b:d0:26:dc:ae:24:9e:cf:4b:d9:c6:b0:74:63:84:
         43:d0:38:36:0b:27:48:c3:eb:86:ab:bc:02:19:aa:df:6a:a8:
         1e:8f:4e:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSZluZU/JeAXlrXgnBeThMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2NTk2ZjFiMTYzY2FiMGM0NWE4NGVlYjEzMjYxYjY1ZjFh
MjI5NjIwHhcNMjQwMTAxMTgyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzI1ZDE0NzFkNzkzMTY1OWJlMDI2YWNhOTMwYWUyM2Y0ODQ1ZDI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAps/saE1qoOk+xF/36YxDWYuydbKW
cdqlVAeymAsgj+RmZfNob5QZAZEqS+D/RFad/l+vGvlWUFI5xscXnXFVV4E7hnD2
JwKlfKy13jH6iMELnmSEjvRdL2INiIXbrEmlwEGCQ+5m7qy7dQBtTfAEXSS4VJ1V
SjKp5WdwxPYgCswCH4wuU2GaZpJ9IMsgmNZ78yLJrN8j4hHbqLr7lOoQI4sIgJ0w
CW4/bcvPlG8ISERp61llxwTcAQ5hCxS+81b70cTN134Qo1cM4qJIczep0+LOHFJK
1hMAI1BIDzTlmDaTiX3Ae3iKABNZtMZkDzknMOh7FlSLMTrLsSGmCCE0nQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNMl0UcdeTFlm+AmrKkwriP0hF0lMB8GA1UdIwQY
MBaAFOZZbxsWPKsMRahO6xMmG2XxoiliMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWxsdkd4WThxd3hGcUU3ckV5WWJaZkdpS1dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9lZGU5NGUtYmEyYS00MWVlLWIxMmMt
ZTA1MzRlMjM4NTliLzEvMHlYUlJ4MTVNV1diNENhc3FUQ3VJX1NFWFNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9lZGU5NGUtYmEyYS00MWVlLWIxMmMtZTA1MzRlMjM4NTli
LzEvNWxsdkd4WThxd3hGcUU3ckV5WWJaZkdpS1dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXWlKMA0G
CSqGSIb3DQEBCwUAA4IBAQCgZDgT2jxUyDklAZrht2B+AwftKUF0XDlZqGvEV2q5
fF6wKZeHp9bAJ1cAaCANPTc6BfJkZPW8dK5n0g2H4nkgV8ap2dNqdrJxrKfoSdkE
WCXv88hKzD/hA7iiuyp8FoLN3lrAVdC1Rg67xHup4HknOjTg4ytj3CCMN7g2Wlyd
JUSHa6i3oKsuaDHtdVIk1O46jtHonovGuA0I0UsQEvxWnZx/xDNd6ps8dz+sWHl2
LWpna0M+w2G3kM4CkEavHZ6lNzLWOTDTZrIFUpEeWqJFE6H7hEq/xqN/cUZb0Cbc
riSez0vZxrB0Y4RD0Dg2CydIw+uGq7wCGarfaqgej04J
-----END CERTIFICATE-----