Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/bef200-22c6-4417-a896-24bf40c1308f/1/BwH7iqZq6FdSl-vwSh47caHAm-o.roa
File:                     BwH7iqZq6FdSl-vwSh47caHAm-o.roa (raw, json)
Hash identifier:          /hoKIof5ZKKPcaltgC+oVP6lKEWHPWE72rUT9/mMuxQ=
Subject key identifier:   07:01:FB:8A:A6:6A:E8:57:52:97:EB:F0:4A:1E:3B:71:A1:C0:9B:EA
Certificate issuer:       /CN=9382bdfc9b1b25002039123779ffaf2473f851b7
Certificate serial:       018CC8DED368C35CABFD19B5AC5A644E06A5
Authority key identifier: 93:82:BD:FC:9B:1B:25:00:20:39:12:37:79:FF:AF:24:73:F8:51:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k4K9_JsbJQAgORI3ef-vJHP4Ubc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/bef200-22c6-4417-a896-24bf40c1308f/1/BwH7iqZq6FdSl-vwSh47caHAm-o.roa
Signing time:             Tue 02 Jan 2024 06:31:35 +0000
ROA not before:           Tue 02 Jan 2024 06:31:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        93.177.84.0/22 maxlen: 32
                          2a0d:6440::/29 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/bef200-22c6-4417-a896-24bf40c1308f/1/k4K9_JsbJQAgORI3ef-vJHP4Ubc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/bef200-22c6-4417-a896-24bf40c1308f/1/k4K9_JsbJQAgORI3ef-vJHP4Ubc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k4K9_JsbJQAgORI3ef-vJHP4Ubc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 01:57:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:d3:68:c3:5c:ab:fd:19:b5:ac:5a:64:4e:06:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9382bdfc9b1b25002039123779ffaf2473f851b7
        Validity
            Not Before: Jan  2 06:31:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0701fb8aa66ae8575297ebf04a1e3b71a1c09bea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:f4:88:4c:f6:e1:e9:15:1c:44:44:1c:5a:94:
                    81:70:28:c7:73:89:80:3f:fb:3a:26:32:0a:33:76:
                    7e:55:78:d5:e5:5f:6d:2f:28:3c:70:16:89:7f:31:
                    a5:5e:80:2f:d0:43:31:61:e7:74:a5:f6:72:c1:f6:
                    bf:cb:05:83:0a:fb:f3:f0:db:52:f6:e9:70:7f:6e:
                    14:79:2d:b7:64:a5:e5:77:10:f2:30:4c:69:da:81:
                    31:ea:f7:e6:fd:26:73:18:45:e2:01:07:19:37:eb:
                    f6:11:dd:21:5e:5b:e7:4a:d5:c4:bb:01:57:bc:7f:
                    91:10:f5:51:d4:f8:43:42:71:4a:94:4d:89:d3:c2:
                    13:09:59:57:64:f5:37:de:ba:c4:f3:60:99:e4:35:
                    fe:a6:a5:54:69:d1:33:00:69:5f:ff:0c:4c:67:aa:
                    b4:6b:12:98:d9:6e:4c:c6:a0:95:66:81:e2:b1:b9:
                    bf:e9:fe:9f:4e:b5:c5:f2:e3:a9:f1:c7:c4:dd:8e:
                    43:01:4e:e7:ce:f7:72:cd:10:c8:e5:5a:4a:13:8f:
                    90:f9:55:50:35:37:4f:7c:cf:33:ea:67:a9:2c:44:
                    26:43:d6:67:ef:89:11:5d:a5:2e:ed:e2:39:58:5d:
                    47:4c:42:3d:3e:b4:2d:e5:09:99:81:72:4c:14:74:
                    4a:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:01:FB:8A:A6:6A:E8:57:52:97:EB:F0:4A:1E:3B:71:A1:C0:9B:EA
            X509v3 Authority Key Identifier:
                keyid:93:82:BD:FC:9B:1B:25:00:20:39:12:37:79:FF:AF:24:73:F8:51:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k4K9_JsbJQAgORI3ef-vJHP4Ubc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/bef200-22c6-4417-a896-24bf40c1308f/1/BwH7iqZq6FdSl-vwSh47caHAm-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/bef200-22c6-4417-a896-24bf40c1308f/1/k4K9_JsbJQAgORI3ef-vJHP4Ubc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.177.84.0/22
                IPv6:
                  2a0d:6440::/29

    Signature Algorithm: sha256WithRSAEncryption
         7c:2c:d9:d0:6c:64:5e:7e:e1:04:09:75:3c:4c:57:90:05:fb:
         1e:06:43:92:8e:b3:7d:e3:7f:7e:32:bc:ff:fc:14:bc:d2:4e:
         5a:8e:22:1e:c3:e3:57:ac:f2:05:17:0a:c1:e4:f3:b7:97:d1:
         da:28:85:2b:33:78:7c:33:4a:16:9b:d0:d1:03:c3:2c:51:ad:
         66:db:79:63:a0:29:6d:bf:f2:bc:14:6f:1a:26:f1:4a:a0:d7:
         76:5a:28:ec:05:9b:ca:b5:2d:5a:22:a2:c6:1b:b2:64:35:ff:
         25:2f:d3:62:21:d4:3b:d1:6b:94:d6:66:8e:97:d6:50:76:9a:
         b5:2c:86:64:9e:a1:eb:e3:62:62:76:e7:cd:6f:68:8b:dc:a8:
         72:b2:2a:9a:55:85:91:90:1a:71:68:de:85:31:bd:b8:85:e6:
         aa:6b:6c:96:53:a8:21:7f:73:ed:60:0e:3d:88:ce:4d:7b:7d:
         64:6b:ca:2a:46:59:8e:84:92:00:ac:c8:34:f0:ed:20:33:4d:
         84:4c:3b:d5:eb:97:78:5c:9f:92:dd:5f:38:0f:fb:c7:a2:e8:
         87:dc:94:99:b2:89:35:c0:83:c1:40:e4:36:29:af:18:27:99:
         23:b4:d9:55:db:fe:15:be:58:4e:d6:71:1a:41:8e:09:e8:86:
         c7:03:40:0b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3tNow1yr/Rm1rFpkTgalMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzODJiZGZjOWIxYjI1MDAyMDM5MTIzNzc5ZmZhZjI0NzNm
ODUxYjcwHhcNMjQwMTAyMDYzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzAxZmI4YWE2NmFlODU3NTI5N2ViZjA0YTFlM2I3MWExYzA5YmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3/SITPbh6RUcREQcWpSBcCjHc4mA
P/s6JjIKM3Z+VXjV5V9tLyg8cBaJfzGlXoAv0EMxYed0pfZywfa/ywWDCvvz8NtS
9ulwf24UeS23ZKXldxDyMExp2oEx6vfm/SZzGEXiAQcZN+v2Ed0hXlvnStXEuwFX
vH+REPVR1PhDQnFKlE2J08ITCVlXZPU33rrE82CZ5DX+pqVUadEzAGlf/wxMZ6q0
axKY2W5MxqCVZoHisbm/6f6fTrXF8uOp8cfE3Y5DAU7nzvdyzRDI5VpKE4+Q+VVQ
NTdPfM8z6mepLEQmQ9Zn74kRXaUu7eI5WF1HTEI9PrQt5QmZgXJMFHRKKQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAcB+4qmauhXUpfr8EoeO3GhwJvqMB8GA1UdIwQY
MBaAFJOCvfybGyUAIDkSN3n/ryRz+FG3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazRLOV9Kc2JKUUFnT1JJM2VmLXZKSFA0VWJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9iZWYyMDAtMjJjNi00NDE3LWE4OTYt
MjRiZjQwYzEzMDhmLzEvQndIN2lxWnE2RmRTbC12d1NoNDdjYUhBbS1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9iZWYyMDAtMjJjNi00NDE3LWE4OTYtMjRiZjQwYzEzMDhm
LzEvazRLOV9Kc2JKUUFnT1JJM2VmLXZKSFA0VWJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCXbFUMA0E
AgACMAcDBQMqDWRAMA0GCSqGSIb3DQEBCwUAA4IBAQB8LNnQbGRefuEECXU8TFeQ
BfseBkOSjrN9439+Mrz//BS80k5ajiIew+NXrPIFFwrB5PO3l9HaKIUrM3h8M0oW
m9DRA8MsUa1m23ljoCltv/K8FG8aJvFKoNd2WijsBZvKtS1aIqLGG7JkNf8lL9Ni
IdQ70WuU1maOl9ZQdpq1LIZknqHr42JidufNb2iL3KhysiqaVYWRkBpxaN6FMb24
heaqa2yWU6ghf3PtYA49iM5Ne31ka8oqRlmOhJIArMg08O0gM02ETDvV65d4XJ+S
3V84D/vHouiH3JSZsok1wIPBQOQ2Ka8YJ5kjtNlV2/4VvlhO1nEaQY4J6IbHA0AL
-----END CERTIFICATE-----