Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/535a67-f540-4f14-ad11-7f699a83bb0c/1/3W76RQZ8eCmm5YRhBOD5yw0u6cY.roa
File:                     3W76RQZ8eCmm5YRhBOD5yw0u6cY.roa (raw, json)
Hash identifier:          fq3LchP5Z2LryCXRyXAVtb5KQOGUgYUZT1aoi3TZPnY=
Subject key identifier:   DD:6E:FA:45:06:7C:78:29:A6:E5:84:61:04:E0:F9:CB:0D:2E:E9:C6
Certificate issuer:       /CN=05bcc486749ab3ab804cf1198cbf575a8405a8d4
Certificate serial:       018D162AB5A47482BFD9CCDD8A73CF681BC0
Authority key identifier: 05:BC:C4:86:74:9A:B3:AB:80:4C:F1:19:8C:BF:57:5A:84:05:A8:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbzEhnSas6uATPEZjL9XWoQFqNQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/535a67-f540-4f14-ad11-7f699a83bb0c/1/3W76RQZ8eCmm5YRhBOD5yw0u6cY.roa
Signing time:             Wed 17 Jan 2024 06:45:14 +0000
ROA not before:           Wed 17 Jan 2024 06:45:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201120
IP address blocks:        93.187.65.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/535a67-f540-4f14-ad11-7f699a83bb0c/1/BbzEhnSas6uATPEZjL9XWoQFqNQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/535a67-f540-4f14-ad11-7f699a83bb0c/1/BbzEhnSas6uATPEZjL9XWoQFqNQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BbzEhnSas6uATPEZjL9XWoQFqNQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 18:17:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:16:2a:b5:a4:74:82:bf:d9:cc:dd:8a:73:cf:68:1b:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05bcc486749ab3ab804cf1198cbf575a8405a8d4
        Validity
            Not Before: Jan 17 06:45:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd6efa45067c7829a6e5846104e0f9cb0d2ee9c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:da:38:4c:66:67:30:09:a7:ca:44:b5:e2:31:
                    a3:73:d2:03:7d:cf:fe:e6:aa:fc:e6:c6:15:99:e2:
                    84:07:51:7e:a6:4c:e4:11:53:29:cf:80:91:44:11:
                    3b:a7:42:de:b1:c2:b5:53:59:69:fd:4a:77:11:d5:
                    61:da:60:9c:e3:3d:7f:fb:87:9b:3b:85:13:bc:d1:
                    dc:6a:a0:4e:88:56:19:bd:56:a8:bc:61:b7:d1:68:
                    0b:9a:38:60:d7:05:b0:3d:08:d6:f5:0a:d8:fc:9b:
                    dc:d2:e9:49:35:7d:6c:59:0b:61:08:f4:90:02:95:
                    d4:6e:fa:f7:81:e6:dc:32:4b:64:bf:17:7b:4d:bc:
                    f8:4f:8c:29:f6:60:81:ee:b9:af:57:95:b4:a0:0d:
                    3e:89:cc:9e:c2:75:0b:ec:12:fa:5b:e2:1a:75:1f:
                    f3:82:df:93:55:9c:e3:67:74:b7:01:5c:fa:c2:9f:
                    df:37:51:8f:1a:dc:58:4e:a1:8a:ec:fc:f3:4b:06:
                    7e:2d:f6:62:41:dc:9b:e4:7b:5b:e0:d5:f0:c9:92:
                    0f:41:2f:54:6f:83:e3:c6:3c:d5:69:23:49:4c:3b:
                    e3:6a:81:d6:8a:ce:16:80:54:c6:fc:38:05:4e:7b:
                    ba:f2:6b:dc:2f:1d:7c:de:f9:4b:71:65:fa:5a:3e:
                    f5:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:6E:FA:45:06:7C:78:29:A6:E5:84:61:04:E0:F9:CB:0D:2E:E9:C6
            X509v3 Authority Key Identifier:
                keyid:05:BC:C4:86:74:9A:B3:AB:80:4C:F1:19:8C:BF:57:5A:84:05:A8:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbzEhnSas6uATPEZjL9XWoQFqNQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/535a67-f540-4f14-ad11-7f699a83bb0c/1/3W76RQZ8eCmm5YRhBOD5yw0u6cY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/535a67-f540-4f14-ad11-7f699a83bb0c/1/BbzEhnSas6uATPEZjL9XWoQFqNQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.187.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:65:41:40:25:2d:ac:60:40:08:36:6f:de:a3:70:77:93:ca:
         b3:20:a8:73:a7:87:54:23:be:ce:11:20:6d:65:8d:38:54:06:
         7a:36:51:a4:25:17:cd:13:57:19:24:b1:89:f3:fe:d7:f2:12:
         cd:01:a8:bb:f7:43:c4:e1:f1:9c:8e:41:d0:2e:da:e0:d8:a6:
         9e:2f:12:ce:a5:9e:67:cc:3e:4b:05:1e:e8:d7:22:16:89:2d:
         8d:1d:96:42:f5:a8:6e:be:06:f7:50:a8:c8:49:44:40:1a:bc:
         0e:4f:28:bb:52:19:5a:13:2a:4a:16:c1:1f:7f:ff:aa:85:f5:
         9b:86:fe:5d:a8:72:be:93:44:1f:8c:a4:b7:6f:e4:12:0d:17:
         b4:54:71:a5:a2:24:e0:f5:bb:76:73:de:ea:b6:d7:d0:79:85:
         84:51:2e:3b:40:29:1f:c8:1f:9d:30:b7:20:af:2d:23:7f:51:
         13:49:83:fd:8f:db:a1:ba:c3:c1:56:54:89:37:45:17:19:29:
         c8:99:65:6f:68:77:68:75:ba:c7:12:56:68:1d:88:f7:58:09:
         8d:ff:a1:69:a9:66:20:c1:d4:c3:9e:33:b8:24:fa:8e:6a:a6:
         c7:5a:70:85:9e:cb:4c:71:67:a8:22:d2:ab:58:e3:7e:b5:35:
         b2:34:f1:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0WKrWkdIK/2czdinPPaBvAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YmNjNDg2NzQ5YWIzYWI4MDRjZjExOThjYmY1NzVhODQw
NWE4ZDQwHhcNMjQwMTE3MDY0NTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDZlZmE0NTA2N2M3ODI5YTZlNTg0NjEwNGUwZjljYjBkMmVlOWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArto4TGZnMAmnykS14jGjc9IDfc/+
5qr85sYVmeKEB1F+pkzkEVMpz4CRRBE7p0LescK1U1lp/Up3EdVh2mCc4z1/+4eb
O4UTvNHcaqBOiFYZvVaovGG30WgLmjhg1wWwPQjW9QrY/Jvc0ulJNX1sWQthCPSQ
ApXUbvr3gebcMktkvxd7Tbz4T4wp9mCB7rmvV5W0oA0+icyewnUL7BL6W+IadR/z
gt+TVZzjZ3S3AVz6wp/fN1GPGtxYTqGK7PzzSwZ+LfZiQdyb5Htb4NXwyZIPQS9U
b4PjxjzVaSNJTDvjaoHWis4WgFTG/DgFTnu68mvcLx183vlLcWX6Wj71UwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN1u+kUGfHgppuWEYQTg+csNLunGMB8GA1UdIwQY
MBaAFAW8xIZ0mrOrgEzxGYy/V1qEBajUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJ6RWhuU2FzNnVBVFBFWmpMOVhXb1FGcU5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC81MzVhNjctZjU0MC00ZjE0LWFkMTEt
N2Y2OTlhODNiYjBjLzEvM1c3NlJRWjhlQ21tNVlSaEJPRDV5dzB1NmNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC81MzVhNjctZjU0MC00ZjE0LWFkMTEtN2Y2OTlhODNiYjBj
LzEvQmJ6RWhuU2FzNnVBVFBFWmpMOVhXb1FGcU5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXbtBMA0G
CSqGSIb3DQEBCwUAA4IBAQBtZUFAJS2sYEAINm/eo3B3k8qzIKhzp4dUI77OESBt
ZY04VAZ6NlGkJRfNE1cZJLGJ8/7X8hLNAai790PE4fGcjkHQLtrg2KaeLxLOpZ5n
zD5LBR7o1yIWiS2NHZZC9ahuvgb3UKjISURAGrwOTyi7UhlaEypKFsEff/+qhfWb
hv5dqHK+k0QfjKS3b+QSDRe0VHGloiTg9bt2c97qttfQeYWEUS47QCkfyB+dMLcg
ry0jf1ETSYP9j9uhusPBVlSJN0UXGSnImWVvaHdodbrHElZoHYj3WAmN/6FpqWYg
wdTDnjO4JPqOaqbHWnCFnstMcWeoItKrWON+tTWyNPEM
-----END CERTIFICATE-----