Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/hjt3ahUvEmP9Mv-rcM2eDgkLcc0.roa
File:                     hjt3ahUvEmP9Mv-rcM2eDgkLcc0.roa (raw, json)
Hash identifier:          8sZiWWKy05tds9NSiOuUHxw3U/Rn50wZ1HdMiNdXpjc=
Subject key identifier:   86:3B:77:6A:15:2F:12:63:FD:32:FF:AB:70:CD:9E:0E:09:0B:71:CD
Certificate issuer:       /CN=b0b5a80a7106e0a4b8545c8150bb72c699fcc9a0
Certificate serial:       018CC8DF2054E5D11E45677457120305E5ED
Authority key identifier: B0:B5:A8:0A:71:06:E0:A4:B8:54:5C:81:50:BB:72:C6:99:FC:C9:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sLWoCnEG4KS4VFyBULtyxpn8yaA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/hjt3ahUvEmP9Mv-rcM2eDgkLcc0.roa
Signing time:             Tue 02 Jan 2024 06:31:55 +0000
ROA not before:           Tue 02 Jan 2024 06:31:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207326
IP address blocks:        93.177.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/sLWoCnEG4KS4VFyBULtyxpn8yaA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/sLWoCnEG4KS4VFyBULtyxpn8yaA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sLWoCnEG4KS4VFyBULtyxpn8yaA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 15:42:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:20:54:e5:d1:1e:45:67:74:57:12:03:05:e5:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0b5a80a7106e0a4b8545c8150bb72c699fcc9a0
        Validity
            Not Before: Jan  2 06:31:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=863b776a152f1263fd32ffab70cd9e0e090b71cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:a7:d3:38:2d:51:e6:56:40:99:64:c8:94:f4:
                    f4:36:20:e5:8c:71:d9:31:20:36:b4:b9:89:b6:d3:
                    b6:b0:93:3d:1b:99:a2:78:6b:04:93:23:dc:75:67:
                    b4:5c:23:ee:d9:5d:0b:24:05:04:de:e7:90:bd:60:
                    b3:26:a5:96:b6:32:1d:3b:a9:99:5e:5e:d1:d3:05:
                    18:45:54:4c:f8:0b:f9:c7:cf:9b:15:7c:36:07:02:
                    e5:0e:5d:2f:d0:8a:51:a4:37:ee:77:88:b3:9a:9d:
                    c2:35:15:70:d7:80:fd:be:b5:d3:ff:40:19:c2:ad:
                    85:3a:35:2d:62:9d:b2:c3:4a:a2:65:2b:b1:79:5d:
                    c7:ba:46:fb:35:ba:49:d8:aa:d7:99:90:05:80:9e:
                    87:09:94:51:69:20:80:52:f5:75:33:3b:8d:a3:ac:
                    37:6a:e6:41:82:64:08:72:f5:78:85:fd:0e:5b:4c:
                    8b:0e:5c:8c:83:d2:19:d0:d4:ac:da:6e:ec:3f:f5:
                    0e:d2:3b:8c:4f:14:be:32:53:b1:04:42:2f:ef:f9:
                    23:ad:2d:97:a1:e5:59:52:81:14:25:64:67:b3:21:
                    db:9a:35:f8:72:b6:08:da:09:04:47:fb:28:64:73:
                    6c:08:86:9a:10:5a:a7:50:96:31:f7:23:1f:9c:15:
                    3d:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:3B:77:6A:15:2F:12:63:FD:32:FF:AB:70:CD:9E:0E:09:0B:71:CD
            X509v3 Authority Key Identifier:
                keyid:B0:B5:A8:0A:71:06:E0:A4:B8:54:5C:81:50:BB:72:C6:99:FC:C9:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sLWoCnEG4KS4VFyBULtyxpn8yaA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/hjt3ahUvEmP9Mv-rcM2eDgkLcc0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/sLWoCnEG4KS4VFyBULtyxpn8yaA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.177.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:ef:77:a0:04:36:27:6d:be:de:f7:4b:8f:3a:3d:83:85:f3:
         b3:25:f4:48:5a:a0:af:9e:ab:72:88:d4:a6:31:12:b1:4c:60:
         b0:8b:7b:5d:cc:79:e8:4e:c4:73:a7:bd:27:f3:25:2d:53:3c:
         b9:9e:a0:6c:3f:e0:b1:be:62:e7:f5:2f:c1:7b:68:5c:1a:aa:
         01:13:da:2f:f8:c4:ea:e5:a5:b4:f3:47:18:2b:3a:e7:33:27:
         1e:e1:30:2c:e8:5d:b4:5c:27:2e:a7:69:ef:51:2f:3d:af:9b:
         6f:ce:c0:40:8a:e6:60:69:ec:12:c1:87:6c:b8:90:a1:cd:46:
         74:6c:66:e1:6a:36:ed:9a:59:23:4a:41:d3:ef:c5:c0:19:98:
         9e:42:a0:a5:99:34:15:d5:35:59:c1:e6:8c:64:be:44:4e:e6:
         bd:d8:d1:f6:79:03:01:6c:8d:96:4a:65:a4:8a:5b:01:fb:a5:
         2e:d2:73:fb:9e:9b:18:13:f8:9d:ef:1d:d1:d1:af:c5:a5:75:
         15:f9:08:f0:b8:73:a2:bb:aa:1a:bd:85:59:7f:3b:eb:f3:f1:
         90:2e:07:2c:cf:2a:61:95:bd:c1:e5:91:36:8b:50:20:5d:d0:
         25:b4:49:14:c9:08:ef:8a:23:35:24:85:1f:9e:77:c9:c6:35:
         83:fe:3d:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3yBU5dEeRWd0VxIDBeXtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYjVhODBhNzEwNmUwYTRiODU0NWM4MTUwYmI3MmM2OTlm
Y2M5YTAwHhcNMjQwMTAyMDYzMTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjNiNzc2YTE1MmYxMjYzZmQzMmZmYWI3MGNkOWUwZTA5MGI3MWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6fTOC1R5lZAmWTIlPT0NiDljHHZ
MSA2tLmJttO2sJM9G5mieGsEkyPcdWe0XCPu2V0LJAUE3ueQvWCzJqWWtjIdO6mZ
Xl7R0wUYRVRM+Av5x8+bFXw2BwLlDl0v0IpRpDfud4izmp3CNRVw14D9vrXT/0AZ
wq2FOjUtYp2yw0qiZSuxeV3Hukb7NbpJ2KrXmZAFgJ6HCZRRaSCAUvV1MzuNo6w3
auZBgmQIcvV4hf0OW0yLDlyMg9IZ0NSs2m7sP/UO0juMTxS+MlOxBEIv7/kjrS2X
oeVZUoEUJWRnsyHbmjX4crYI2gkER/soZHNsCIaaEFqnUJYx9yMfnBU9lwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIY7d2oVLxJj/TL/q3DNng4JC3HNMB8GA1UdIwQY
MBaAFLC1qApxBuCkuFRcgVC7csaZ/MmgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0xXb0NuRUc0S1M0VkZ5QlVMdHl4cG44eWFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9mMTUzZGMtY2JmYi00YTRmLTgwZDIt
NzQ1ZTA4ZmU1OGM2LzEvaGp0M2FoVXZFbVA5TXYtcmNNMmVEZ2tMY2MwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9mMTUzZGMtY2JmYi00YTRmLTgwZDItNzQ1ZTA4ZmU1OGM2
LzEvc0xXb0NuRUc0S1M0VkZ5QlVMdHl4cG44eWFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXbFnMA0G
CSqGSIb3DQEBCwUAA4IBAQAH73egBDYnbb7e90uPOj2DhfOzJfRIWqCvnqtyiNSm
MRKxTGCwi3tdzHnoTsRzp70n8yUtUzy5nqBsP+CxvmLn9S/Be2hcGqoBE9ov+MTq
5aW080cYKzrnMyce4TAs6F20XCcup2nvUS89r5tvzsBAiuZgaewSwYdsuJChzUZ0
bGbhajbtmlkjSkHT78XAGZieQqClmTQV1TVZweaMZL5ETua92NH2eQMBbI2WSmWk
ilsB+6Uu0nP7npsYE/id7x3R0a/FpXUV+QjwuHOiu6oavYVZfzvr8/GQLgcszyph
lb3B5ZE2i1AgXdAltEkUyQjviiM1JIUfnnfJxjWD/j35
-----END CERTIFICATE-----