Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/30f7a4-36c8-499d-8d43-bebbe4aa7cab/1/tb5fwmY1wuRdkpyAv9F5vaFr89A.roa
File:                     tb5fwmY1wuRdkpyAv9F5vaFr89A.roa (raw, json)
Hash identifier:          EwR9j95M4Dr7rtaFXghW2r1BTHkpGSa0cyecfKJfN/M=
Subject key identifier:   B5:BE:5F:C2:66:35:C2:E4:5D:92:9C:80:BF:D1:79:BD:A1:6B:F3:D0
Certificate issuer:       /CN=8b92c55e8b35950775df763e74930d5229c9fa00
Certificate serial:       018CC9BBC217A03CD4F22533D50DB856BB47
Authority key identifier: 8B:92:C5:5E:8B:35:95:07:75:DF:76:3E:74:93:0D:52:29:C9:FA:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i5LFXos1lQd133Y-dJMNUinJ-gA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/30f7a4-36c8-499d-8d43-bebbe4aa7cab/1/tb5fwmY1wuRdkpyAv9F5vaFr89A.roa
Signing time:             Tue 02 Jan 2024 10:32:54 +0000
ROA not before:           Tue 02 Jan 2024 10:32:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30801
IP address blocks:        193.93.112.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/30f7a4-36c8-499d-8d43-bebbe4aa7cab/1/i5LFXos1lQd133Y-dJMNUinJ-gA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/30f7a4-36c8-499d-8d43-bebbe4aa7cab/1/i5LFXos1lQd133Y-dJMNUinJ-gA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i5LFXos1lQd133Y-dJMNUinJ-gA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:c2:17:a0:3c:d4:f2:25:33:d5:0d:b8:56:bb:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b92c55e8b35950775df763e74930d5229c9fa00
        Validity
            Not Before: Jan  2 10:32:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5be5fc26635c2e45d929c80bfd179bda16bf3d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:42:e7:7b:8a:a2:ab:18:de:90:7b:2b:43:90:
                    ce:a4:aa:dc:86:a7:d7:cc:97:b5:3f:28:4e:39:b7:
                    10:52:99:b1:b6:2f:2f:fc:2a:0e:0f:a3:99:63:60:
                    59:b1:e3:ce:8d:9e:6e:c7:e1:eb:e0:5d:f2:49:b2:
                    8b:60:cf:d5:45:80:0e:5b:30:57:ae:2d:6f:52:1a:
                    22:a9:cc:ed:ff:89:52:ba:d9:7e:ff:42:08:a9:a4:
                    6d:85:59:fb:a8:de:6e:fc:36:04:ef:60:16:12:2c:
                    21:3e:69:ba:6f:16:eb:f0:9f:78:9d:71:73:60:a6:
                    64:18:0b:5f:9a:68:e0:02:25:3a:d9:56:41:40:49:
                    39:c2:cb:7e:e8:32:bc:62:dd:60:fc:a7:cb:1d:63:
                    e9:d5:a4:27:70:b0:51:2f:1d:c9:32:b3:36:16:dc:
                    d3:7e:23:82:46:f5:90:59:79:15:63:68:b2:56:2d:
                    1c:3e:cc:b5:b4:0c:15:6f:44:80:a2:1a:c3:9c:b0:
                    0a:71:91:ea:e3:e5:48:62:16:cd:d7:ae:30:aa:2e:
                    13:3f:81:2b:f1:64:62:07:c7:bf:5c:c3:75:ff:88:
                    7c:94:d3:5f:c4:0f:d7:ca:b5:ab:fd:f6:db:61:89:
                    b8:b5:ad:74:2c:e4:71:8c:46:02:9d:07:f4:fb:fa:
                    a0:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:BE:5F:C2:66:35:C2:E4:5D:92:9C:80:BF:D1:79:BD:A1:6B:F3:D0
            X509v3 Authority Key Identifier:
                keyid:8B:92:C5:5E:8B:35:95:07:75:DF:76:3E:74:93:0D:52:29:C9:FA:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i5LFXos1lQd133Y-dJMNUinJ-gA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/30f7a4-36c8-499d-8d43-bebbe4aa7cab/1/tb5fwmY1wuRdkpyAv9F5vaFr89A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/30f7a4-36c8-499d-8d43-bebbe4aa7cab/1/i5LFXos1lQd133Y-dJMNUinJ-gA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.93.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         84:02:a6:e5:75:58:67:bd:6a:0c:a2:e2:6e:44:15:21:5f:e3:
         ca:b1:1f:fd:51:6e:be:58:aa:4e:c8:f2:10:c6:3b:ec:66:f1:
         22:cc:ce:2d:a1:ff:a7:89:15:2e:f8:35:fa:9f:ad:24:12:f5:
         21:c1:98:22:6d:1b:28:45:36:06:a1:74:ec:64:b9:1f:e2:cf:
         75:0e:5e:85:32:01:eb:81:10:23:80:7b:aa:46:68:08:58:a5:
         31:7e:a6:4c:40:23:dc:9a:ca:a7:a5:a4:4f:c2:59:9c:d2:fb:
         2c:c3:fb:1e:85:b1:a1:5c:8c:fa:13:f1:55:8a:ee:7f:2b:a9:
         a1:da:56:9a:ef:41:34:1f:9b:74:a1:2d:ed:30:b1:42:a8:f3:
         7b:53:53:3f:fe:c3:7c:5c:6e:d5:51:55:a0:58:66:cb:a8:78:
         94:36:53:94:73:bd:29:47:f0:17:20:04:7e:e1:be:14:83:40:
         59:de:b1:a7:05:ac:a6:eb:ba:bd:b8:d1:11:16:5f:ce:78:fd:
         0a:34:43:8a:7d:2c:7d:72:7f:8d:71:0c:c8:09:d9:4e:ef:78:
         d4:2c:73:b4:13:1e:f2:84:23:4f:fb:cf:36:28:ba:69:9d:82:
         a1:30:d0:74:c5:1f:e4:f7:f9:22:a6:1d:78:89:97:99:ee:f0:
         56:0e:0d:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu8IXoDzU8iUz1Q24VrtHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiOTJjNTVlOGIzNTk1MDc3NWRmNzYzZTc0OTMwZDUyMjlj
OWZhMDAwHhcNMjQwMTAyMTAzMjU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWJlNWZjMjY2MzVjMmU0NWQ5MjljODBiZmQxNzliZGExNmJmM2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAukLne4qiqxjekHsrQ5DOpKrchqfX
zJe1PyhOObcQUpmxti8v/CoOD6OZY2BZsePOjZ5ux+Hr4F3ySbKLYM/VRYAOWzBX
ri1vUhoiqczt/4lSutl+/0IIqaRthVn7qN5u/DYE72AWEiwhPmm6bxbr8J94nXFz
YKZkGAtfmmjgAiU62VZBQEk5wst+6DK8Yt1g/KfLHWPp1aQncLBRLx3JMrM2FtzT
fiOCRvWQWXkVY2iyVi0cPsy1tAwVb0SAohrDnLAKcZHq4+VIYhbN164wqi4TP4Er
8WRiB8e/XMN1/4h8lNNfxA/XyrWr/fbbYYm4ta10LORxjEYCnQf0+/qgNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLW+X8JmNcLkXZKcgL/Reb2ha/PQMB8GA1UdIwQY
MBaAFIuSxV6LNZUHdd92PnSTDVIpyfoAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTVMRlhvczFsUWQxMzNZLWRKTU5VaW5KLWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8zMGY3YTQtMzZjOC00OTlkLThkNDMt
YmViYmU0YWE3Y2FiLzEvdGI1ZndtWTF3dVJka3B5QXY5RjV2YUZyODlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8zMGY3YTQtMzZjOC00OTlkLThkNDMtYmViYmU0YWE3Y2Fi
LzEvaTVMRlhvczFsUWQxMzNZLWRKTU5VaW5KLWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwV1wMA0G
CSqGSIb3DQEBCwUAA4IBAQCEAqbldVhnvWoMouJuRBUhX+PKsR/9UW6+WKpOyPIQ
xjvsZvEizM4tof+niRUu+DX6n60kEvUhwZgibRsoRTYGoXTsZLkf4s91Dl6FMgHr
gRAjgHuqRmgIWKUxfqZMQCPcmsqnpaRPwlmc0vssw/sehbGhXIz6E/FViu5/K6mh
2laa70E0H5t0oS3tMLFCqPN7U1M//sN8XG7VUVWgWGbLqHiUNlOUc70pR/AXIAR+
4b4Ug0BZ3rGnBaym67q9uNERFl/OeP0KNEOKfSx9cn+NcQzICdlO73jULHO0Ex7y
hCNP+882KLppnYKhMNB0xR/k9/kiph14iZeZ7vBWDg0M
-----END CERTIFICATE-----