Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/39e9ec-8fa5-409c-b1de-937e9d99cac2/1/lZPpOwuR1IDr7KQsvcKgQVXmJPk.roa
File:                     lZPpOwuR1IDr7KQsvcKgQVXmJPk.roa (raw, json)
Hash identifier:          TaDtz8ab4MmySPq+i1DKtTCAAKcTyrbTLt04jWDE3BA=
Subject key identifier:   95:93:E9:3B:0B:91:D4:80:EB:EC:A4:2C:BD:C2:A0:41:55:E6:24:F9
Certificate issuer:       /CN=ad393c63f178657821a237ba026ca5279233333d
Certificate serial:       018CC9BC7DB139CB6AB044C9EC5DFBA0FC91
Authority key identifier: AD:39:3C:63:F1:78:65:78:21:A2:37:BA:02:6C:A5:27:92:33:33:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rTk8Y_F4ZXghoje6AmylJ5IzMz0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/39e9ec-8fa5-409c-b1de-937e9d99cac2/1/lZPpOwuR1IDr7KQsvcKgQVXmJPk.roa
Signing time:             Tue 02 Jan 2024 10:33:42 +0000
ROA not before:           Tue 02 Jan 2024 10:33:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209791
IP address blocks:        93.175.240.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/39e9ec-8fa5-409c-b1de-937e9d99cac2/1/rTk8Y_F4ZXghoje6AmylJ5IzMz0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/39e9ec-8fa5-409c-b1de-937e9d99cac2/1/rTk8Y_F4ZXghoje6AmylJ5IzMz0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rTk8Y_F4ZXghoje6AmylJ5IzMz0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 14:15:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:7d:b1:39:cb:6a:b0:44:c9:ec:5d:fb:a0:fc:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad393c63f178657821a237ba026ca5279233333d
        Validity
            Not Before: Jan  2 10:33:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9593e93b0b91d480ebeca42cbdc2a04155e624f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:fc:ef:60:b9:75:16:65:6e:29:98:cc:76:0b:
                    50:cc:25:51:bb:6c:f0:be:a2:0b:39:38:3b:ce:d2:
                    fb:4b:5b:8d:ef:b9:87:10:5d:c4:09:8b:2c:8f:f3:
                    df:67:73:98:6f:28:cf:47:84:53:dd:08:48:f3:5c:
                    fb:6b:b2:17:f0:71:c1:fd:a8:69:6a:1b:b9:9b:e3:
                    18:53:5d:e2:13:e9:db:e7:d3:24:5b:22:7e:13:ee:
                    90:89:70:9f:69:db:63:6f:a9:c6:2d:49:62:3f:b1:
                    03:88:83:73:f7:03:fc:63:9e:a9:58:5a:e7:53:2f:
                    5b:a6:93:1e:c3:c7:19:4c:d3:83:25:c8:77:e9:0c:
                    b1:06:a8:ab:4e:ff:df:71:a7:5b:97:60:fc:c3:67:
                    1c:2a:cf:05:73:50:d7:80:62:d4:06:d1:fe:8e:33:
                    cf:3f:fb:31:95:41:0b:52:8d:bc:0d:cf:2d:b6:09:
                    71:b4:ae:0b:af:0b:de:af:2d:0c:0e:30:56:e9:aa:
                    be:b1:5d:ff:b3:d5:38:7d:1d:33:50:89:49:ec:0f:
                    30:b5:22:b5:75:11:7f:4a:d8:88:31:33:02:80:c4:
                    bf:1e:7d:8d:2a:e6:41:53:eb:86:ec:8b:85:67:db:
                    70:75:db:45:11:b2:f4:76:39:e1:67:37:cb:07:80:
                    05:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:93:E9:3B:0B:91:D4:80:EB:EC:A4:2C:BD:C2:A0:41:55:E6:24:F9
            X509v3 Authority Key Identifier:
                keyid:AD:39:3C:63:F1:78:65:78:21:A2:37:BA:02:6C:A5:27:92:33:33:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rTk8Y_F4ZXghoje6AmylJ5IzMz0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/39e9ec-8fa5-409c-b1de-937e9d99cac2/1/lZPpOwuR1IDr7KQsvcKgQVXmJPk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/39e9ec-8fa5-409c-b1de-937e9d99cac2/1/rTk8Y_F4ZXghoje6AmylJ5IzMz0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.175.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         37:2f:65:e2:b4:4c:95:7e:38:56:88:5d:aa:96:a4:65:96:71:
         50:24:9b:30:85:4e:0d:9c:fe:c2:b3:f4:7f:96:5c:84:dd:a1:
         48:55:4b:68:a1:3f:a8:f9:4d:83:a4:87:2e:85:f4:e2:e9:bb:
         4b:86:c2:fa:b9:09:b9:60:2a:dd:4c:81:c8:e9:93:7b:d5:f6:
         c7:ed:95:3e:51:eb:a3:1a:0d:66:18:04:97:64:1c:b0:c8:fe:
         0e:f4:80:a1:dd:2d:b9:ae:b2:2d:6c:4e:0a:9d:9e:ac:06:1a:
         ac:58:26:ee:71:53:74:fb:2d:7b:e1:c6:35:17:7d:5b:39:70:
         e8:34:3b:0d:b8:15:21:f0:64:34:e5:56:10:ae:7c:52:c6:87:
         44:dd:9c:05:5f:2c:ff:bf:27:f7:cd:39:fd:66:0e:bb:24:cf:
         09:b6:29:f6:e2:6e:02:b5:e0:01:f7:43:06:ae:4b:10:8d:eb:
         8c:5d:3c:69:0c:e9:f0:91:c4:be:4a:1f:1a:4a:72:8d:c1:47:
         a5:9f:8e:cc:ec:5e:76:3f:09:d0:e2:c5:c6:59:93:8d:80:39:
         a9:fe:99:32:3b:f7:9b:8b:6b:56:8c:e4:e9:e3:d1:eb:1e:c4:
         57:25:9d:2b:fa:b1:47:b2:c2:5e:75:f8:4d:01:72:c3:bc:6a:
         9c:16:64:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvH2xOctqsETJ7F37oPyRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMzkzYzYzZjE3ODY1NzgyMWEyMzdiYTAyNmNhNTI3OTIz
MzMzM2QwHhcNMjQwMTAyMTAzMzQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTkzZTkzYjBiOTFkNDgwZWJlY2E0MmNiZGMyYTA0MTU1ZTYyNGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhPzvYLl1FmVuKZjMdgtQzCVRu2zw
vqILOTg7ztL7S1uN77mHEF3ECYssj/PfZ3OYbyjPR4RT3QhI81z7a7IX8HHB/ahp
ahu5m+MYU13iE+nb59MkWyJ+E+6QiXCfadtjb6nGLUliP7EDiINz9wP8Y56pWFrn
Uy9bppMew8cZTNODJch36QyxBqirTv/fcadbl2D8w2ccKs8Fc1DXgGLUBtH+jjPP
P/sxlUELUo28Dc8ttglxtK4Lrwvery0MDjBW6aq+sV3/s9U4fR0zUIlJ7A8wtSK1
dRF/StiIMTMCgMS/Hn2NKuZBU+uG7IuFZ9twddtFEbL0djnhZzfLB4AFqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJWT6TsLkdSA6+ykLL3CoEFV5iT5MB8GA1UdIwQY
MBaAFK05PGPxeGV4IaI3ugJspSeSMzM9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclRrOFlfRjRaWGdob2plNkFteWxKNUl6TXowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8zOWU5ZWMtOGZhNS00MDljLWIxZGUt
OTM3ZTlkOTljYWMyLzEvbFpQcE93dVIxSURyN0tRc3ZjS2dRVlhtSlBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8zOWU5ZWMtOGZhNS00MDljLWIxZGUtOTM3ZTlkOTljYWMy
LzEvclRrOFlfRjRaWGdob2plNkFteWxKNUl6TXowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXa/wMA0G
CSqGSIb3DQEBCwUAA4IBAQA3L2XitEyVfjhWiF2qlqRllnFQJJswhU4NnP7Cs/R/
llyE3aFIVUtooT+o+U2DpIcuhfTi6btLhsL6uQm5YCrdTIHI6ZN71fbH7ZU+Ueuj
Gg1mGASXZBywyP4O9ICh3S25rrItbE4KnZ6sBhqsWCbucVN0+y174cY1F31bOXDo
NDsNuBUh8GQ05VYQrnxSxodE3ZwFXyz/vyf3zTn9Zg67JM8Jtin24m4CteAB90MG
rksQjeuMXTxpDOnwkcS+Sh8aSnKNwUeln47M7F52PwnQ4sXGWZONgDmp/pkyO/eb
i2tWjOTp49HrHsRXJZ0r+rFHssJedfhNAXLDvGqcFmQE
-----END CERTIFICATE-----