Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/jA2xcBYSG320crD86pVcyRmnmAc.roa
File:                     jA2xcBYSG320crD86pVcyRmnmAc.roa (raw, json)
Hash identifier:          vVmp7RTrSC2ZvcszMVnrK3ydZKg+YMjQ+7vMpMEyE98=
Subject key identifier:   8C:0D:B1:70:16:12:1B:7D:B4:72:B0:FC:EA:95:5C:C9:19:A7:98:07
Certificate issuer:       /CN=66feef09c450990af34779ce701be6cd54b3d924
Certificate serial:       01932F833BA1F174BE00FD75722C1172C033
Authority key identifier: 66:FE:EF:09:C4:50:99:0A:F3:47:79:CE:70:1B:E6:CD:54:B3:D9:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/jA2xcBYSG320crD86pVcyRmnmAc.roa
Signing time:             Fri 15 Nov 2024 11:09:09 +0000
ROA not before:           Fri 15 Nov 2024 11:09:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2115
IP address blocks:        83.168.93.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:2f:83:3b:a1:f1:74:be:00:fd:75:72:2c:11:72:c0:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66feef09c450990af34779ce701be6cd54b3d924
        Validity
            Not Before: Nov 15 11:09:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c0db17016121b7db472b0fcea955cc919a79807
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:cc:90:5f:56:f1:e3:9a:5d:2a:16:ad:ba:43:
                    fd:de:01:cb:f6:21:a7:95:aa:b8:53:e0:3c:d9:99:
                    f2:98:04:98:5e:e9:66:bb:be:be:9f:2b:ce:fe:4a:
                    5a:9b:7a:7f:3a:70:16:64:12:9a:ed:25:de:cc:86:
                    6f:ad:90:02:43:29:7f:af:f4:a0:28:73:de:28:bc:
                    be:43:55:b4:4e:04:f8:dc:c2:ac:89:09:2a:7f:1f:
                    16:a6:e6:61:f6:10:c5:e0:8b:a4:ba:17:c5:c6:68:
                    c2:b5:15:30:bf:f5:fe:e8:fa:9a:b0:7f:84:36:03:
                    d4:08:4c:be:77:c9:78:22:4e:f8:f3:dd:71:19:1f:
                    7a:c7:1e:82:12:6c:34:22:2f:45:0e:bd:43:62:f7:
                    2a:c2:ea:d5:ba:60:80:3b:e1:3e:7d:c1:b5:c8:b3:
                    90:cd:4d:71:d7:c6:79:e4:8b:1a:74:36:f5:d1:25:
                    7b:bf:e9:4f:a6:ca:65:1b:19:f9:ff:a3:16:7c:52:
                    ef:a7:1b:8e:8b:1b:6b:51:ce:32:b7:52:2e:8c:b5:
                    3d:2c:3e:c4:cd:ab:d9:89:ce:29:6f:cc:d3:50:e6:
                    eb:01:76:d9:2d:06:2e:cc:fa:de:f7:16:c8:ce:d2:
                    2c:5b:ea:03:2c:ac:2a:b7:c6:84:a8:05:71:74:fe:
                    ca:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:0D:B1:70:16:12:1B:7D:B4:72:B0:FC:EA:95:5C:C9:19:A7:98:07
            X509v3 Authority Key Identifier:
                keyid:66:FE:EF:09:C4:50:99:0A:F3:47:79:CE:70:1B:E6:CD:54:B3:D9:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/jA2xcBYSG320crD86pVcyRmnmAc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.168.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:e4:11:1a:13:ec:76:34:84:68:ac:b8:77:49:c3:d9:54:09:
         5c:cc:4a:07:b5:d7:53:51:5a:a0:4e:f9:00:c3:98:94:23:b7:
         0b:9e:53:5c:b2:41:57:3c:7e:d2:83:cb:d5:84:d3:37:e3:85:
         13:19:95:84:28:41:12:34:1e:fa:9c:11:8f:ab:6b:9c:97:fa:
         77:8c:8b:61:c9:8b:af:f9:00:fc:92:ba:ee:27:44:bf:6c:89:
         2b:39:97:04:7f:81:02:2b:a5:7c:b5:a1:a9:ea:36:2d:39:0a:
         3e:81:c0:e7:b1:a1:d6:28:99:ca:26:75:09:23:53:77:77:97:
         4c:22:02:8c:d7:bd:92:28:4e:ad:0f:7a:38:34:f2:a4:b0:79:
         3a:07:e7:41:fc:45:88:2d:cc:f9:2a:97:70:f0:f2:12:da:d9:
         db:97:b0:2a:d5:8f:64:bb:43:30:ca:f4:88:0d:4b:00:1e:e5:
         b3:3e:14:c2:90:8a:6e:5f:bb:d9:83:6b:e2:fc:35:63:de:26:
         b1:c9:e8:1a:91:c1:ef:14:45:94:94:7b:25:69:68:41:1a:9e:
         12:1f:0c:93:12:aa:36:9d:c4:a1:d8:a9:62:b9:11:04:9c:14:
         e1:0c:90:40:28:d1:d8:1e:63:94:a2:63:53:c6:eb:5f:a7:b4:
         a8:36:2f:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMvgzuh8XS+AP11ciwRcsAzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZmVlZjA5YzQ1MDk5MGFmMzQ3NzljZTcwMWJlNmNkNTRi
M2Q5MjQwHhcNMjQxMTE1MTEwOTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzBkYjE3MDE2MTIxYjdkYjQ3MmIwZmNlYTk1NWNjOTE5YTc5ODA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA48yQX1bx45pdKhatukP93gHL9iGn
laq4U+A82ZnymASYXulmu76+nyvO/kpam3p/OnAWZBKa7SXezIZvrZACQyl/r/Sg
KHPeKLy+Q1W0TgT43MKsiQkqfx8WpuZh9hDF4IukuhfFxmjCtRUwv/X+6PqasH+E
NgPUCEy+d8l4Ik74891xGR96xx6CEmw0Ii9FDr1DYvcqwurVumCAO+E+fcG1yLOQ
zU1x18Z55IsadDb10SV7v+lPpsplGxn5/6MWfFLvpxuOixtrUc4yt1IujLU9LD7E
zavZic4pb8zTUObrAXbZLQYuzPre9xbIztIsW+oDLKwqt8aEqAVxdP7KpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIwNsXAWEht9tHKw/OqVXMkZp5gHMB8GA1UdIwQY
MBaAFGb+7wnEUJkK80d5znAb5s1Us9kkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnY3dkNjUlFtUXJ6UjNuT2NCdm16VlN6MlNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9hMTU5N2ItNmVmMi00NDMwLWFhNTYt
ODI0NTFmMzNmNGNhLzEvakEyeGNCWVNHMzIwY3JEODZwVmN5Um1ubUFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9hMTU5N2ItNmVmMi00NDMwLWFhNTYtODI0NTFmMzNmNGNh
LzEvWnY3dkNjUlFtUXJ6UjNuT2NCdm16VlN6MlNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU6hdMA0G
CSqGSIb3DQEBCwUAA4IBAQA35BEaE+x2NIRorLh3ScPZVAlczEoHtddTUVqgTvkA
w5iUI7cLnlNcskFXPH7Sg8vVhNM344UTGZWEKEESNB76nBGPq2ucl/p3jIthyYuv
+QD8krruJ0S/bIkrOZcEf4ECK6V8taGp6jYtOQo+gcDnsaHWKJnKJnUJI1N3d5dM
IgKM172SKE6tD3o4NPKksHk6B+dB/EWILcz5Kpdw8PIS2tnbl7Aq1Y9ku0MwyvSI
DUsAHuWzPhTCkIpuX7vZg2vi/DVj3iaxyegakcHvFEWUlHslaWhBGp4SHwyTEqo2
ncSh2KliuREEnBThDJBAKNHYHmOUomNTxutfp7SoNi/G
-----END CERTIFICATE-----