Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/454f11-fc35-498c-a7c0-5a4d8b4e3f0a/1/8mFb3fMndMnorzMdD7cIA1PgoDQ.roa
File:                     8mFb3fMndMnorzMdD7cIA1PgoDQ.roa (raw, json)
Hash identifier:          upCPUYIC4Si5umIdsLHPSpv7k9AGsf+Ft1xLsZP33uw=
Subject key identifier:   F2:61:5B:DD:F3:27:74:C9:E8:AF:33:1D:0F:B7:08:03:53:E0:A0:34
Certificate issuer:       /CN=e2c756c691073752260eda0b29df3140cec48c18
Certificate serial:       018D0DFB79A629E017DC2A6687F76847BD99
Authority key identifier: E2:C7:56:C6:91:07:37:52:26:0E:DA:0B:29:DF:31:40:CE:C4:8C:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sdWxpEHN1ImDtoLKd8xQM7EjBg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/454f11-fc35-498c-a7c0-5a4d8b4e3f0a/1/8mFb3fMndMnorzMdD7cIA1PgoDQ.roa
Signing time:             Mon 15 Jan 2024 16:36:40 +0000
ROA not before:           Mon 15 Jan 2024 16:36:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60508
IP address blocks:        93.90.77.0/24 maxlen: 24
                          93.90.76.0/22 maxlen: 22
                          93.90.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/454f11-fc35-498c-a7c0-5a4d8b4e3f0a/1/4sdWxpEHN1ImDtoLKd8xQM7EjBg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/454f11-fc35-498c-a7c0-5a4d8b4e3f0a/1/4sdWxpEHN1ImDtoLKd8xQM7EjBg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4sdWxpEHN1ImDtoLKd8xQM7EjBg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:0d:fb:79:a6:29:e0:17:dc:2a:66:87:f7:68:47:bd:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c756c691073752260eda0b29df3140cec48c18
        Validity
            Not Before: Jan 15 16:36:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2615bddf32774c9e8af331d0fb7080353e0a034
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:c5:13:fc:bc:fe:39:d6:1c:68:b5:02:f0:62:
                    6b:a3:e9:d9:83:b1:83:8f:3a:cc:8a:e1:b1:02:5b:
                    94:b4:f8:c4:f1:ed:63:77:1f:51:ca:59:c4:5f:04:
                    96:48:ad:52:d3:73:c4:29:40:03:26:32:2e:f8:e6:
                    8e:d9:e7:e5:47:2e:97:c1:c1:77:9c:34:0f:c9:b3:
                    6e:c3:f1:10:5e:7e:1e:6f:8f:af:32:84:3c:ed:40:
                    13:62:85:fb:a5:bd:bc:e8:e7:33:0b:c8:94:d9:dc:
                    6c:98:cf:c8:54:81:ab:72:48:4e:62:91:7e:b6:26:
                    be:28:e1:ce:9e:64:61:5c:19:44:8b:99:ce:00:2d:
                    ae:72:20:85:79:a2:6b:73:a6:5d:7b:09:f4:00:3a:
                    2a:29:13:a1:f6:35:09:a1:46:14:41:b6:f7:0c:91:
                    0a:94:62:dd:ae:cf:95:3a:21:5a:26:3c:20:91:f2:
                    1d:04:4b:a9:29:28:f5:55:24:48:8c:f9:28:cf:3c:
                    6e:27:48:0a:82:6e:d6:fc:34:c8:bb:ca:50:8b:c5:
                    8d:ee:a7:bf:0b:90:53:db:0a:d9:b1:ba:4c:60:77:
                    da:6c:17:de:78:95:6b:43:f6:b8:1f:d7:05:f2:7c:
                    a3:c9:a1:02:b5:fd:a3:5a:73:87:e7:9a:f1:0f:83:
                    bd:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:61:5B:DD:F3:27:74:C9:E8:AF:33:1D:0F:B7:08:03:53:E0:A0:34
            X509v3 Authority Key Identifier:
                keyid:E2:C7:56:C6:91:07:37:52:26:0E:DA:0B:29:DF:31:40:CE:C4:8C:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sdWxpEHN1ImDtoLKd8xQM7EjBg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/454f11-fc35-498c-a7c0-5a4d8b4e3f0a/1/8mFb3fMndMnorzMdD7cIA1PgoDQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/454f11-fc35-498c-a7c0-5a4d8b4e3f0a/1/4sdWxpEHN1ImDtoLKd8xQM7EjBg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.90.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         87:71:a0:0c:aa:51:91:f5:91:7f:4c:90:75:3c:19:cb:a8:34:
         c8:a8:9c:e7:c4:35:4c:fb:4c:56:00:ca:87:15:dd:87:ec:c4:
         8e:06:77:68:b8:67:a9:99:b3:4d:2b:ea:3a:20:fd:11:1b:49:
         7a:f3:a8:65:b5:8e:07:55:be:b0:3a:1c:3f:4e:6f:48:5e:09:
         e7:9e:59:f5:c8:0b:9d:a2:19:39:4c:c9:8e:53:c7:c5:5e:3f:
         92:30:9e:18:15:79:cd:40:ad:03:44:1f:41:fd:89:c5:7d:98:
         f8:07:ca:6a:79:6e:16:a0:fa:84:d9:06:37:71:63:ea:b1:95:
         f4:26:bc:6e:d8:1d:4c:5e:89:b7:a6:21:96:14:74:58:6a:c6:
         d2:18:ee:8f:81:dc:bf:da:4c:92:84:58:15:ef:08:09:8f:59:
         bd:ac:d3:a1:4a:a0:81:21:f8:27:a2:bd:7f:bb:27:d3:10:6a:
         fe:a8:13:e7:0b:40:a6:76:2b:55:3c:f5:89:07:0c:df:e6:f9:
         cc:a0:23:d3:fd:62:3a:58:a0:89:35:7e:85:29:1b:55:97:c2:
         06:83:8a:e1:49:79:00:70:74:36:86:b7:18:ad:87:33:35:92:
         a6:f2:31:65:82:45:24:4d:5e:0f:7a:c6:92:b4:bc:41:39:50:
         cf:4e:21:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0N+3mmKeAX3Cpmh/doR72ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzc1NmM2OTEwNzM3NTIyNjBlZGEwYjI5ZGYzMTQwY2Vj
NDhjMTgwHhcNMjQwMTE1MTYzNjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjYxNWJkZGYzMjc3NGM5ZThhZjMzMWQwZmI3MDgwMzUzZTBhMDM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkcUT/Lz+OdYcaLUC8GJro+nZg7GD
jzrMiuGxAluUtPjE8e1jdx9RylnEXwSWSK1S03PEKUADJjIu+OaO2eflRy6XwcF3
nDQPybNuw/EQXn4eb4+vMoQ87UATYoX7pb286OczC8iU2dxsmM/IVIGrckhOYpF+
tia+KOHOnmRhXBlEi5nOAC2uciCFeaJrc6Zdewn0ADoqKROh9jUJoUYUQbb3DJEK
lGLdrs+VOiFaJjwgkfIdBEupKSj1VSRIjPkozzxuJ0gKgm7W/DTIu8pQi8WN7qe/
C5BT2wrZsbpMYHfabBfeeJVrQ/a4H9cF8nyjyaECtf2jWnOH55rxD4O99wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPJhW93zJ3TJ6K8zHQ+3CANT4KA0MB8GA1UdIwQY
MBaAFOLHVsaRBzdSJg7aCynfMUDOxIwYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNkV3hwRUhOMUltRHRvTEtkOHhRTTdFakJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC80NTRmMTEtZmMzNS00OThjLWE3YzAt
NWE0ZDhiNGUzZjBhLzEvOG1GYjNmTW5kTW5vcnpNZEQ3Y0lBMVBnb0RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC80NTRmMTEtZmMzNS00OThjLWE3YzAtNWE0ZDhiNGUzZjBh
LzEvNHNkV3hwRUhOMUltRHRvTEtkOHhRTTdFakJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXVpMMA0G
CSqGSIb3DQEBCwUAA4IBAQCHcaAMqlGR9ZF/TJB1PBnLqDTIqJznxDVM+0xWAMqH
Fd2H7MSOBndouGepmbNNK+o6IP0RG0l686hltY4HVb6wOhw/Tm9IXgnnnln1yAud
ohk5TMmOU8fFXj+SMJ4YFXnNQK0DRB9B/YnFfZj4B8pqeW4WoPqE2QY3cWPqsZX0
Jrxu2B1MXom3piGWFHRYasbSGO6Pgdy/2kyShFgV7wgJj1m9rNOhSqCBIfgnor1/
uyfTEGr+qBPnC0CmditVPPWJBwzf5vnMoCPT/WI6WKCJNX6FKRtVl8IGg4rhSXkA
cHQ2hrcYrYczNZKm8jFlgkUkTV4PesaStLxBOVDPTiFf
-----END CERTIFICATE-----