Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/Zz3V97If1ajORJClpVYy_t4ucHE.roa
File:                     Zz3V97If1ajORJClpVYy_t4ucHE.roa (raw, json)
Hash identifier:          333HN15n/pVVypYaFtQ5pm5wmRhAkjGEtDlXW8cNGmw=
Subject key identifier:   67:3D:D5:F7:B2:1F:D5:A8:CE:44:90:A5:A5:56:32:FE:DE:2E:70:71
Certificate issuer:       /CN=b0b5a80a7106e0a4b8545c8150bb72c699fcc9a0
Certificate serial:       0192E8AB9B17AD4DA5D390E8EFD2FCBBA814
Authority key identifier: B0:B5:A8:0A:71:06:E0:A4:B8:54:5C:81:50:BB:72:C6:99:FC:C9:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sLWoCnEG4KS4VFyBULtyxpn8yaA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/Zz3V97If1ajORJClpVYy_t4ucHE.roa
Signing time:             Fri 01 Nov 2024 17:00:13 +0000
ROA not before:           Fri 01 Nov 2024 17:00:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57844
IP address blocks:        185.93.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/sLWoCnEG4KS4VFyBULtyxpn8yaA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/sLWoCnEG4KS4VFyBULtyxpn8yaA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sLWoCnEG4KS4VFyBULtyxpn8yaA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e8:ab:9b:17:ad:4d:a5:d3:90:e8:ef:d2:fc:bb:a8:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0b5a80a7106e0a4b8545c8150bb72c699fcc9a0
        Validity
            Not Before: Nov  1 17:00:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=673dd5f7b21fd5a8ce4490a5a55632fede2e7071
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:ba:15:08:08:95:d2:1b:92:aa:16:ec:61:21:
                    6d:99:cb:13:1e:49:a5:c1:f0:37:0c:7f:e5:18:93:
                    f7:8f:ad:01:62:c5:e8:c5:03:7c:32:01:5e:6e:af:
                    28:44:7d:72:eb:9f:df:4c:9c:91:40:8c:c5:dc:5e:
                    14:2a:c0:82:81:75:e6:0f:f5:ca:eb:29:04:f9:5f:
                    cd:ff:5f:d2:12:1f:ac:25:04:71:87:90:6d:22:7d:
                    4f:36:2d:a3:f9:d9:d6:43:b1:ad:2f:8f:7a:61:ad:
                    db:7a:17:2c:06:89:b9:b7:05:ef:74:54:22:3e:1e:
                    71:6a:30:ca:92:52:67:09:0e:6c:47:9c:49:28:e2:
                    d3:2f:53:11:95:65:88:32:14:4a:e5:f2:5c:4a:0d:
                    7e:01:a9:91:52:2e:cc:80:4a:86:29:e9:0c:ac:26:
                    77:15:64:c1:21:07:e9:42:5a:d1:ab:90:57:c8:ac:
                    4a:db:59:ee:ed:cb:c1:4d:66:15:9c:3a:0d:2c:a9:
                    20:a1:67:e9:a8:7d:cd:c4:e0:93:a4:0d:86:79:9f:
                    32:f9:bf:e5:ee:f7:26:9c:14:0d:df:d0:fc:bb:ca:
                    4d:08:97:2f:f9:17:52:b2:a8:9b:cd:1e:5b:1b:49:
                    84:10:57:09:ab:05:7d:84:7c:e6:a8:ff:26:22:57:
                    95:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:3D:D5:F7:B2:1F:D5:A8:CE:44:90:A5:A5:56:32:FE:DE:2E:70:71
            X509v3 Authority Key Identifier:
                keyid:B0:B5:A8:0A:71:06:E0:A4:B8:54:5C:81:50:BB:72:C6:99:FC:C9:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sLWoCnEG4KS4VFyBULtyxpn8yaA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/Zz3V97If1ajORJClpVYy_t4ucHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/sLWoCnEG4KS4VFyBULtyxpn8yaA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.93.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:9b:db:ab:fa:11:5b:93:d4:95:a5:41:73:ce:74:88:7a:01:
         5a:da:c4:9f:55:2f:17:c2:30:d9:58:a3:84:37:ed:66:11:91:
         29:0c:48:ed:9a:af:2b:4b:c0:9f:fa:04:fa:48:ad:1c:eb:34:
         f7:11:f5:14:42:e7:11:e5:3e:67:28:9b:ea:b8:81:f9:56:66:
         83:fe:11:77:10:27:7d:63:4d:2a:e9:d1:bd:91:76:6a:96:5e:
         88:e9:b1:24:c5:99:0f:41:88:2b:10:8f:d1:0a:cb:d2:e0:86:
         c2:39:a1:db:9b:4a:c3:35:5c:23:9c:c4:41:68:66:a1:76:35:
         d0:83:e9:a6:20:31:0a:9b:d2:2f:23:64:30:f4:6b:01:15:84:
         aa:17:0b:92:b1:53:78:d3:dc:c1:fe:fc:df:78:37:a5:4f:d9:
         94:3b:bc:6b:d8:93:79:19:b4:7b:30:9d:c8:b4:cf:46:df:e0:
         06:fe:d3:89:08:6b:e6:00:29:a8:13:32:2e:f7:83:a4:89:dd:
         43:5f:46:c0:7e:fb:89:b5:cf:47:39:4f:a5:bc:74:10:d6:16:
         3f:14:ac:4d:23:ac:a8:1e:b9:ca:77:1d:91:31:90:eb:84:fd:
         c4:8a:a5:58:a4:92:f5:a0:21:7a:88:26:94:25:f5:60:c9:76:
         17:8a:84:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLoq5sXrU2l05Do79L8u6gUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYjVhODBhNzEwNmUwYTRiODU0NWM4MTUwYmI3MmM2OTlm
Y2M5YTAwHhcNMjQxMTAxMTcwMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzNkZDVmN2IyMWZkNWE4Y2U0NDkwYTVhNTU2MzJmZWRlMmU3MDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp7oVCAiV0huSqhbsYSFtmcsTHkml
wfA3DH/lGJP3j60BYsXoxQN8MgFebq8oRH1y65/fTJyRQIzF3F4UKsCCgXXmD/XK
6ykE+V/N/1/SEh+sJQRxh5BtIn1PNi2j+dnWQ7GtL496Ya3behcsBom5twXvdFQi
Ph5xajDKklJnCQ5sR5xJKOLTL1MRlWWIMhRK5fJcSg1+AamRUi7MgEqGKekMrCZ3
FWTBIQfpQlrRq5BXyKxK21nu7cvBTWYVnDoNLKkgoWfpqH3NxOCTpA2GeZ8y+b/l
7vcmnBQN39D8u8pNCJcv+RdSsqibzR5bG0mEEFcJqwV9hHzmqP8mIleV6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGc91feyH9WozkSQpaVWMv7eLnBxMB8GA1UdIwQY
MBaAFLC1qApxBuCkuFRcgVC7csaZ/MmgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0xXb0NuRUc0S1M0VkZ5QlVMdHl4cG44eWFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9mMTUzZGMtY2JmYi00YTRmLTgwZDIt
NzQ1ZTA4ZmU1OGM2LzEvWnozVjk3SWYxYWpPUkpDbHBWWXlfdDR1Y0hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9mMTUzZGMtY2JmYi00YTRmLTgwZDItNzQ1ZTA4ZmU1OGM2
LzEvc0xXb0NuRUc0S1M0VkZ5QlVMdHl4cG44eWFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuV1HMA0G
CSqGSIb3DQEBCwUAA4IBAQASm9ur+hFbk9SVpUFzznSIegFa2sSfVS8XwjDZWKOE
N+1mEZEpDEjtmq8rS8Cf+gT6SK0c6zT3EfUUQucR5T5nKJvquIH5VmaD/hF3ECd9
Y00q6dG9kXZqll6I6bEkxZkPQYgrEI/RCsvS4IbCOaHbm0rDNVwjnMRBaGahdjXQ
g+mmIDEKm9IvI2Qw9GsBFYSqFwuSsVN409zB/vzfeDelT9mUO7xr2JN5GbR7MJ3I
tM9G3+AG/tOJCGvmACmoEzIu94Okid1DX0bAfvuJtc9HOU+lvHQQ1hY/FKxNI6yo
HrnKdx2RMZDrhP3EiqVYpJL1oCF6iCaUJfVgyXYXioRr
-----END CERTIFICATE-----