Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/7ZoqxrROcBX5SOUM1a2KG7SMt0o.roa
File:                     7ZoqxrROcBX5SOUM1a2KG7SMt0o.roa (raw, json)
Hash identifier:          Wi4xQjWhgHo+5y6wqb5nz0LdKZZfv79g1T3dtEcdp38=
Subject key identifier:   ED:9A:2A:C6:B4:4E:70:15:F9:48:E5:0C:D5:AD:8A:1B:B4:8C:B7:4A
Certificate issuer:       /CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
Certificate serial:       018CC56E872D15765F4568A135B1CEF27B63
Authority key identifier: 1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/7ZoqxrROcBX5SOUM1a2KG7SMt0o.roa
Signing time:             Mon 01 Jan 2024 14:30:04 +0000
ROA not before:           Mon 01 Jan 2024 14:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20756
IP address blocks:        62.93.195.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:87:2d:15:76:5f:45:68:a1:35:b1:ce:f2:7b:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
        Validity
            Not Before: Jan  1 14:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ed9a2ac6b44e7015f948e50cd5ad8a1bb48cb74a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:9e:fc:93:b6:62:c7:55:7c:a3:35:dc:ad:67:
                    d7:78:a1:fa:2c:c0:a6:f8:71:cc:0f:e4:ea:58:52:
                    c4:50:dc:bd:8a:fb:0f:da:f9:c1:45:26:2d:70:07:
                    14:2d:6f:1a:4c:2a:8c:d6:ba:22:04:37:6b:e3:75:
                    b5:d8:97:c4:9c:c8:d7:d3:fe:74:10:ac:65:1e:04:
                    67:bc:2e:89:e4:5e:15:09:bc:c6:22:40:2a:14:df:
                    7d:86:ec:d6:a2:35:9a:b5:a6:64:59:f7:7b:0c:79:
                    62:1f:d3:84:db:08:6f:6b:e1:a5:05:23:64:a4:5c:
                    7f:ee:95:d0:ca:27:86:33:7e:d2:bd:28:0e:3b:b2:
                    b9:d4:ad:59:1d:1f:36:8a:58:d8:9c:25:d7:d3:b6:
                    48:e9:95:13:13:ff:8e:51:55:e9:cb:ec:0a:df:ea:
                    27:3b:fc:aa:ab:a1:dc:83:27:1e:c6:70:6c:d9:8f:
                    43:eb:c1:bd:df:da:b1:ee:02:0a:b1:7a:b2:06:b8:
                    5e:bf:0f:69:85:c2:cb:51:59:8e:92:e2:d0:cf:3e:
                    ec:55:62:e1:c0:1b:70:26:36:eb:21:bc:70:4f:57:
                    64:14:18:ed:04:20:43:43:a7:22:53:1e:ae:28:55:
                    2b:f3:b2:70:d2:39:98:93:13:50:e6:e5:60:11:44:
                    71:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:9A:2A:C6:B4:4E:70:15:F9:48:E5:0C:D5:AD:8A:1B:B4:8C:B7:4A
            X509v3 Authority Key Identifier:
                keyid:1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/7ZoqxrROcBX5SOUM1a2KG7SMt0o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.93.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:27:71:2e:b7:62:51:f1:63:af:64:4f:af:79:a6:32:c4:4c:
         12:c2:86:8c:b0:51:06:58:b3:73:7e:15:42:fa:8d:8e:ab:c3:
         83:25:06:cc:b8:e4:da:1c:a1:7c:4e:79:9d:2c:ce:89:1a:36:
         2f:7b:b3:69:5d:7e:fb:64:38:46:3d:3e:14:e5:89:57:61:bf:
         11:e1:8a:9e:1f:e7:75:a5:5d:5b:5e:3b:3c:68:ce:a1:68:e4:
         32:f5:5a:d4:c9:9f:c8:85:a9:8e:f8:06:13:e6:cd:4d:e5:36:
         a4:c1:ac:8f:76:99:eb:4f:74:a1:8f:14:c0:92:d4:bb:f3:b7:
         40:bc:c8:93:2c:8a:c0:1e:bd:b3:ef:be:3c:88:b8:5c:d4:1e:
         79:b9:e6:61:31:48:f5:10:33:19:dd:2f:3a:85:ca:c5:cf:78:
         b9:10:2c:6e:df:06:6f:87:e0:e9:bb:41:4f:8f:ae:53:cf:2b:
         28:75:96:19:4f:d6:60:78:d0:5c:ad:d9:ba:af:3b:34:aa:59:
         57:c5:3a:b3:8a:10:5c:74:ad:39:7e:a5:b9:c1:2e:b8:35:a8:
         6c:f8:19:da:f4:2c:bd:85:82:66:38:3f:c7:c4:65:c0:03:b3:
         4c:2e:51:17:71:8c:c9:5c:9a:ac:2d:26:a0:82:40:f9:05:57:
         26:2a:5f:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFboctFXZfRWihNbHO8ntjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmZTkwZmRlOTc4NGE5MWQ5M2E3YTJhZjU5ZDRkMDQzZjEx
NzFmYmEwHhcNMjQwMTAxMTQzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDlhMmFjNmI0NGU3MDE1Zjk0OGU1MGNkNWFkOGExYmI0OGNiNzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg578k7Zix1V8ozXcrWfXeKH6LMCm
+HHMD+TqWFLEUNy9ivsP2vnBRSYtcAcULW8aTCqM1roiBDdr43W12JfEnMjX0/50
EKxlHgRnvC6J5F4VCbzGIkAqFN99huzWojWataZkWfd7DHliH9OE2whva+GlBSNk
pFx/7pXQyieGM37SvSgOO7K51K1ZHR82iljYnCXX07ZI6ZUTE/+OUVXpy+wK3+on
O/yqq6HcgycexnBs2Y9D68G939qx7gIKsXqyBrhevw9phcLLUVmOkuLQzz7sVWLh
wBtwJjbrIbxwT1dkFBjtBCBDQ6ciUx6uKFUr87Jw0jmYkxNQ5uVgEURxwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO2aKsa0TnAV+UjlDNWtihu0jLdKMB8GA1UdIwQY
MBaAFB/pD96XhKkdk6eir1nU0EPxFx+6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQt
MjM3NzJlN2Y5MmUzLzEvN1pvcXhyUk9jQlg1U09VTTFhMktHN1NNdDBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQtMjM3NzJlN2Y5MmUz
LzEvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPl3DMA0G
CSqGSIb3DQEBCwUAA4IBAQCVJ3Eut2JR8WOvZE+veaYyxEwSwoaMsFEGWLNzfhVC
+o2Oq8ODJQbMuOTaHKF8TnmdLM6JGjYve7NpXX77ZDhGPT4U5YlXYb8R4YqeH+d1
pV1bXjs8aM6haOQy9VrUyZ/IhamO+AYT5s1N5TakwayPdpnrT3ShjxTAktS787dA
vMiTLIrAHr2z7748iLhc1B55ueZhMUj1EDMZ3S86hcrFz3i5ECxu3wZvh+Dpu0FP
j65TzysodZYZT9ZgeNBcrdm6rzs0qllXxTqzihBcdK05fqW5wS64Nahs+Bna9Cy9
hYJmOD/HxGXAA7NMLlEXcYzJXJqsLSaggkD5BVcmKl+o
-----END CERTIFICATE-----