Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/ae0a93-f690-4e36-befa-91a349e77478/1/sXkPb4yBrRNRFuvMRoKSrPZTQcg.roa
File:                     sXkPb4yBrRNRFuvMRoKSrPZTQcg.roa (raw, json)
Hash identifier:          swjw1JW52ps6TsaTPmxq7I+5Wc2d1k3yF6uzNWQlvL8=
Subject key identifier:   B1:79:0F:6F:8C:81:AD:13:51:16:EB:CC:46:82:92:AC:F6:53:41:C8
Certificate issuer:       /CN=0d2efe3b63fa9b2a7932c5b5ec854b70c3f18839
Certificate serial:       0192A3C173DC61392655101F48907AA5DACD
Authority key identifier: 0D:2E:FE:3B:63:FA:9B:2A:79:32:C5:B5:EC:85:4B:70:C3:F1:88:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DS7-O2P6myp5MsW17IVLcMPxiDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/ae0a93-f690-4e36-befa-91a349e77478/1/sXkPb4yBrRNRFuvMRoKSrPZTQcg.roa
Signing time:             Sat 19 Oct 2024 07:50:17 +0000
ROA not before:           Sat 19 Oct 2024 07:50:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214068
IP address blocks:        93.157.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/ae0a93-f690-4e36-befa-91a349e77478/1/DS7-O2P6myp5MsW17IVLcMPxiDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/ae0a93-f690-4e36-befa-91a349e77478/1/DS7-O2P6myp5MsW17IVLcMPxiDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DS7-O2P6myp5MsW17IVLcMPxiDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:a3:c1:73:dc:61:39:26:55:10:1f:48:90:7a:a5:da:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d2efe3b63fa9b2a7932c5b5ec854b70c3f18839
        Validity
            Not Before: Oct 19 07:50:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1790f6f8c81ad135116ebcc468292acf65341c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:c5:7a:1a:33:b0:3b:df:c6:bd:d1:5d:6c:e1:
                    ef:78:19:68:f2:b1:0a:9c:91:1c:82:d0:59:8c:c4:
                    a0:48:d6:84:8d:79:aa:e1:06:c4:11:14:de:d0:a8:
                    ba:9f:f9:99:d8:5c:a9:0f:3e:06:30:4b:4e:86:07:
                    ce:d3:66:b8:db:a1:dd:7f:59:eb:dd:dc:57:ed:2b:
                    9f:98:5b:68:9f:45:51:59:6d:7f:d4:ab:5b:a4:66:
                    78:49:33:ba:fa:77:3f:0c:46:05:a0:fc:e2:aa:e6:
                    1b:9a:33:57:c7:60:60:5c:6f:2a:c8:a4:95:08:44:
                    df:46:e1:19:78:20:21:e5:a4:01:c9:5b:71:a8:c6:
                    b9:bc:c0:af:05:40:e0:f8:d9:a8:8b:6c:53:b4:aa:
                    d6:e0:27:1f:69:0a:e0:db:ac:eb:0e:51:d8:4b:af:
                    f5:91:14:4a:6a:6a:a7:d5:90:ab:3b:81:88:2d:70:
                    30:27:9c:84:65:6d:e7:03:5a:d0:aa:a8:1c:c7:ca:
                    45:9b:38:2a:e7:3c:82:66:ec:a6:41:58:6d:6c:b6:
                    8c:68:23:69:ef:70:2f:89:fc:36:1d:25:26:53:49:
                    57:db:cf:57:65:84:f1:70:d9:b1:15:d8:ee:ee:e7:
                    f4:db:5d:f9:9a:f0:66:6f:0a:7b:43:48:f4:cf:1a:
                    35:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:79:0F:6F:8C:81:AD:13:51:16:EB:CC:46:82:92:AC:F6:53:41:C8
            X509v3 Authority Key Identifier:
                keyid:0D:2E:FE:3B:63:FA:9B:2A:79:32:C5:B5:EC:85:4B:70:C3:F1:88:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DS7-O2P6myp5MsW17IVLcMPxiDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/ae0a93-f690-4e36-befa-91a349e77478/1/sXkPb4yBrRNRFuvMRoKSrPZTQcg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/ae0a93-f690-4e36-befa-91a349e77478/1/DS7-O2P6myp5MsW17IVLcMPxiDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.157.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:68:c8:77:1b:36:55:a5:e7:58:bd:55:2a:41:82:33:8f:72:
         b2:4a:6f:7c:a8:ee:f2:96:be:dd:45:7e:fb:33:71:35:3b:f4:
         a7:14:78:73:48:f7:c8:0f:29:96:fc:08:e4:5f:85:cf:a9:c1:
         a3:1c:cd:2f:ee:9b:b7:a6:eb:65:99:81:8d:d0:04:6f:03:4a:
         32:f6:67:77:9b:14:15:fd:80:87:4b:b6:c7:08:10:67:ed:e4:
         94:e2:fc:bb:43:24:72:05:9d:64:5a:bd:91:6f:1f:fe:10:74:
         42:12:34:d8:a0:58:3c:dc:27:1c:59:de:46:68:ed:32:ad:33:
         7b:ed:84:f0:c6:3e:dc:13:53:d6:4c:1a:35:77:98:99:dc:ac:
         37:b7:3b:66:06:c0:1b:10:3e:f9:41:10:88:cd:5d:9c:18:5e:
         f6:36:78:e0:53:3f:3c:df:df:cf:7c:81:13:84:a0:03:fd:b8:
         c1:90:06:77:6d:05:15:30:76:b2:93:4b:c4:ba:54:cc:84:91:
         14:a3:17:12:45:62:92:7c:3b:97:97:db:e7:f3:b6:8c:a4:7f:
         fe:2b:ca:e2:95:b6:1a:b7:1c:be:14:1e:3a:5d:86:2f:d9:00:
         4e:f1:0f:7f:e5:26:ae:20:ee:89:c6:6b:a6:ee:f7:7b:c3:4b:
         fd:42:23:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKjwXPcYTkmVRAfSJB6pdrNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMmVmZTNiNjNmYTliMmE3OTMyYzViNWVjODU0YjcwYzNm
MTg4MzkwHhcNMjQxMDE5MDc1MDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTc5MGY2ZjhjODFhZDEzNTExNmViY2M0NjgyOTJhY2Y2NTM0MWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkcV6GjOwO9/GvdFdbOHveBlo8rEK
nJEcgtBZjMSgSNaEjXmq4QbEERTe0Ki6n/mZ2FypDz4GMEtOhgfO02a426Hdf1nr
3dxX7SufmFton0VRWW1/1KtbpGZ4STO6+nc/DEYFoPziquYbmjNXx2BgXG8qyKSV
CETfRuEZeCAh5aQByVtxqMa5vMCvBUDg+Nmoi2xTtKrW4CcfaQrg26zrDlHYS6/1
kRRKamqn1ZCrO4GILXAwJ5yEZW3nA1rQqqgcx8pFmzgq5zyCZuymQVhtbLaMaCNp
73Avifw2HSUmU0lX289XZYTxcNmxFdju7uf02135mvBmbwp7Q0j0zxo1iQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLF5D2+Mga0TURbrzEaCkqz2U0HIMB8GA1UdIwQY
MBaAFA0u/jtj+psqeTLFteyFS3DD8Yg5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFM3LU8yUDZteXA1TXNXMTdJVkxjTVB4aURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9hZTBhOTMtZjY5MC00ZTM2LWJlZmEt
OTFhMzQ5ZTc3NDc4LzEvc1hrUGI0eUJyUk5SRnV2TVJvS1NyUFpUUWNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9hZTBhOTMtZjY5MC00ZTM2LWJlZmEtOTFhMzQ5ZTc3NDc4
LzEvRFM3LU8yUDZteXA1TXNXMTdJVkxjTVB4aURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXZ2OMA0G
CSqGSIb3DQEBCwUAA4IBAQBlaMh3GzZVpedYvVUqQYIzj3KySm98qO7ylr7dRX77
M3E1O/SnFHhzSPfIDymW/AjkX4XPqcGjHM0v7pu3putlmYGN0ARvA0oy9md3mxQV
/YCHS7bHCBBn7eSU4vy7QyRyBZ1kWr2Rbx/+EHRCEjTYoFg83CccWd5GaO0yrTN7
7YTwxj7cE1PWTBo1d5iZ3Kw3tztmBsAbED75QRCIzV2cGF72NnjgUz8839/PfIET
hKAD/bjBkAZ3bQUVMHayk0vEulTMhJEUoxcSRWKSfDuXl9vn87aMpH/+K8rilbYa
txy+FB46XYYv2QBO8Q9/5SauIO6Jxmum7vd7w0v9QiNU
-----END CERTIFICATE-----