Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/db5787-c2c8-429b-8137-cbf6c1849c44/1/CW10SkrntznzDH7bS5RfW5Uw8xk.roa
File:                     CW10SkrntznzDH7bS5RfW5Uw8xk.roa (raw, json)
Hash identifier:          rKTQ//lwwy2CZZp27K/4CpKhTx3ALApeUFzckoFonP0=
Subject key identifier:   09:6D:74:4A:4A:E7:B7:39:F3:0C:7E:DB:4B:94:5F:5B:95:30:F3:19
Certificate issuer:       /CN=63e30980305345fd5365b3515e3568f9cee58541
Certificate serial:       018CC9BCCAE8FFB588C95E04DB88BF4CA07F
Authority key identifier: 63:E3:09:80:30:53:45:FD:53:65:B3:51:5E:35:68:F9:CE:E5:85:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-MJgDBTRf1TZbNRXjVo-c7lhUE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/db5787-c2c8-429b-8137-cbf6c1849c44/1/CW10SkrntznzDH7bS5RfW5Uw8xk.roa
Signing time:             Tue 02 Jan 2024 10:34:02 +0000
ROA not before:           Tue 02 Jan 2024 10:34:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56366
IP address blocks:        93.92.240.0/21 maxlen: 21
                          2a03:d200::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/db5787-c2c8-429b-8137-cbf6c1849c44/1/Y-MJgDBTRf1TZbNRXjVo-c7lhUE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/db5787-c2c8-429b-8137-cbf6c1849c44/1/Y-MJgDBTRf1TZbNRXjVo-c7lhUE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-MJgDBTRf1TZbNRXjVo-c7lhUE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:ca:e8:ff:b5:88:c9:5e:04:db:88:bf:4c:a0:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e30980305345fd5365b3515e3568f9cee58541
        Validity
            Not Before: Jan  2 10:34:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=096d744a4ae7b739f30c7edb4b945f5b9530f319
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:0b:7f:fd:1c:00:d3:6b:3a:f4:d7:35:62:a4:
                    f9:ad:9e:e9:f7:cb:81:dd:eb:88:61:be:36:78:3c:
                    76:e8:eb:2e:05:ff:da:1f:72:21:50:8b:65:a2:e5:
                    4b:be:19:0e:f3:da:19:33:f6:5a:d6:fe:e4:76:de:
                    ef:7e:35:d1:68:89:1a:a8:3e:00:c6:38:4a:c3:f4:
                    4f:08:cb:04:d6:56:58:ea:0c:a1:58:82:11:97:2d:
                    03:f9:f1:09:cb:55:6b:d5:18:87:33:03:fd:1d:ba:
                    c0:e2:01:e7:06:97:88:02:2b:8c:1d:99:5d:d8:28:
                    55:93:07:d0:4f:81:06:4a:38:cb:36:59:80:38:cd:
                    13:af:54:43:ec:30:32:d4:cf:9a:6a:44:94:37:50:
                    00:9f:94:6b:fa:ab:e2:ba:44:75:d3:a8:d0:ca:40:
                    be:80:a2:5e:83:a4:a2:32:50:3f:40:a7:0b:63:c0:
                    3c:c3:b7:6d:1b:bd:1f:0b:72:04:55:d3:e1:82:82:
                    7a:5c:06:30:98:97:8e:4d:14:db:fc:32:8a:d8:a7:
                    0a:13:c4:6c:5d:8c:17:eb:0d:bf:16:db:f2:08:9f:
                    c2:22:6a:86:ec:67:dc:28:84:e1:0f:47:14:0c:a7:
                    78:d0:7e:66:45:e1:5c:e8:39:86:7d:89:1f:f4:9b:
                    33:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:6D:74:4A:4A:E7:B7:39:F3:0C:7E:DB:4B:94:5F:5B:95:30:F3:19
            X509v3 Authority Key Identifier:
                keyid:63:E3:09:80:30:53:45:FD:53:65:B3:51:5E:35:68:F9:CE:E5:85:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-MJgDBTRf1TZbNRXjVo-c7lhUE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/db5787-c2c8-429b-8137-cbf6c1849c44/1/CW10SkrntznzDH7bS5RfW5Uw8xk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/db5787-c2c8-429b-8137-cbf6c1849c44/1/Y-MJgDBTRf1TZbNRXjVo-c7lhUE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.92.240.0/21
                IPv6:
                  2a03:d200::/32

    Signature Algorithm: sha256WithRSAEncryption
         7d:c0:ab:50:c0:6d:cb:94:d9:26:21:1e:f7:b0:24:91:78:bc:
         7c:3a:5e:90:d6:0f:1b:4b:83:e1:33:96:5e:d5:64:9f:1d:af:
         9e:ec:e1:84:e7:47:b4:24:9f:56:8f:a4:9f:60:a9:5f:ab:cd:
         a3:92:89:bd:d6:1e:d8:ee:46:00:d3:19:b6:9b:83:85:83:a9:
         41:3f:4c:c1:ec:70:5b:2a:32:cc:99:5a:7c:87:ec:2a:f6:ea:
         db:79:1d:ab:87:81:58:d0:6d:9b:f4:d4:34:f9:38:9f:f2:9a:
         f0:72:7d:c6:f5:c5:23:18:6d:53:2d:22:3b:8e:d8:c6:26:78:
         6a:d8:9c:f1:96:b0:41:d9:b5:a7:cd:4d:df:4e:be:7f:1d:f7:
         9e:06:8a:e4:67:8f:c1:6b:b9:0c:a4:86:18:67:9d:42:21:9e:
         c2:4b:98:71:cb:8b:d3:66:ef:8e:c3:3d:33:a4:c2:80:cd:46:
         68:37:9a:92:8b:53:c1:09:b7:fc:b0:62:c7:dd:cb:9e:93:51:
         d4:fe:09:24:1c:db:aa:4e:68:86:1c:35:42:8c:55:72:06:61:
         e7:6f:44:b3:8f:8c:ca:c0:9c:f4:87:43:b5:52:c9:46:01:3a:
         33:3d:d2:e5:9c:a2:4f:8b:25:80:a2:cf:8b:7c:31:94:e3:61:
         e5:fd:35:59
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJvMro/7WIyV4E24i/TKB/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTMwOTgwMzA1MzQ1ZmQ1MzY1YjM1MTVlMzU2OGY5Y2Vl
NTg1NDEwHhcNMjQwMTAyMTAzNDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTZkNzQ0YTRhZTdiNzM5ZjMwYzdlZGI0Yjk0NWY1Yjk1MzBmMzE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwt//RwA02s69Nc1YqT5rZ7p98uB
3euIYb42eDx26OsuBf/aH3IhUItlouVLvhkO89oZM/Za1v7kdt7vfjXRaIkaqD4A
xjhKw/RPCMsE1lZY6gyhWIIRly0D+fEJy1Vr1RiHMwP9HbrA4gHnBpeIAiuMHZld
2ChVkwfQT4EGSjjLNlmAOM0Tr1RD7DAy1M+aakSUN1AAn5Rr+qviukR106jQykC+
gKJeg6SiMlA/QKcLY8A8w7dtG70fC3IEVdPhgoJ6XAYwmJeOTRTb/DKK2KcKE8Rs
XYwX6w2/FtvyCJ/CImqG7GfcKIThD0cUDKd40H5mReFc6DmGfYkf9JszRQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAltdEpK57c58wx+20uUX1uVMPMZMB8GA1UdIwQY
MBaAFGPjCYAwU0X9U2WzUV41aPnO5YVBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1NSmdEQlRSZjFUWmJOUlhqVm8tYzdsaFVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9kYjU3ODctYzJjOC00MjliLTgxMzct
Y2JmNmMxODQ5YzQ0LzEvQ1cxMFNrcm50em56REg3YlM1UmZXNVV3OHhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9kYjU3ODctYzJjOC00MjliLTgxMzctY2JmNmMxODQ5YzQ0
LzEvWS1NSmdEQlRSZjFUWmJOUlhqVm8tYzdsaFVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDXVzwMA0E
AgACMAcDBQAqA9IAMA0GCSqGSIb3DQEBCwUAA4IBAQB9wKtQwG3LlNkmIR73sCSR
eLx8Ol6Q1g8bS4PhM5Ze1WSfHa+e7OGE50e0JJ9Wj6SfYKlfq82jkom91h7Y7kYA
0xm2m4OFg6lBP0zB7HBbKjLMmVp8h+wq9urbeR2rh4FY0G2b9NQ0+Tif8prwcn3G
9cUjGG1TLSI7jtjGJnhq2JzxlrBB2bWnzU3fTr5/HfeeBorkZ4/Ba7kMpIYYZ51C
IZ7CS5hxy4vTZu+Owz0zpMKAzUZoN5qSi1PBCbf8sGLH3cuek1HU/gkkHNuqTmiG
HDVCjFVyBmHnb0Szj4zKwJz0h0O1UslGATozPdLlnKJPiyWAos+LfDGU42Hl/TVZ
-----END CERTIFICATE-----