Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/sIkJe_8TMuPMuiOttGUdpscpeCs.roa
File:                     sIkJe_8TMuPMuiOttGUdpscpeCs.roa (raw, json)
Hash identifier:          Os3pSB+5gg5sARYmKQ+RwIarATdPMccmB4lOB2kBzmc=
Subject key identifier:   B0:89:09:7B:FF:13:32:E3:CC:BA:23:AD:B4:65:1D:A6:C7:29:78:2B
Certificate issuer:       /CN=dcef58d4cfa35543f8488a2756e6924e647b4589
Certificate serial:       018CC94E714DD3BE3BE6EDD37FD561565113
Authority key identifier: DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/sIkJe_8TMuPMuiOttGUdpscpeCs.roa
Signing time:             Tue 02 Jan 2024 08:33:30 +0000
ROA not before:           Tue 02 Jan 2024 08:33:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57034
IP address blocks:        93.174.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 09:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:71:4d:d3:be:3b:e6:ed:d3:7f:d5:61:56:51:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcef58d4cfa35543f8488a2756e6924e647b4589
        Validity
            Not Before: Jan  2 08:33:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b089097bff1332e3ccba23adb4651da6c729782b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:77:b6:6e:a8:b0:31:1c:a1:8a:f2:17:28:cb:
                    6f:f2:e9:49:ed:65:82:15:54:db:31:aa:20:41:15:
                    ab:a4:f2:ce:b9:b6:04:12:7f:49:89:37:a2:37:82:
                    09:85:2d:a6:1d:bb:f0:c0:d7:d2:64:43:4d:32:0d:
                    f6:08:98:96:3d:5e:b9:d1:4e:88:e7:e6:e1:ce:ef:
                    6f:50:d8:dd:78:38:4a:5c:cc:8c:e1:e9:91:8a:58:
                    1f:ea:82:2e:23:88:c6:79:e7:b8:ca:c6:64:21:3d:
                    6f:ca:31:09:fe:2f:dc:1d:5d:37:c8:5e:94:63:79:
                    f9:3d:7d:3c:20:ea:a0:e8:11:91:e1:2f:76:1e:4d:
                    e1:a0:f1:eb:75:a0:a9:6b:9b:4d:41:1a:e2:02:71:
                    23:ac:16:71:38:d7:34:25:59:64:87:8b:bb:f4:ac:
                    34:8b:00:4f:2f:5d:08:19:07:6c:53:c0:e0:00:da:
                    25:e7:10:36:ba:d8:aa:86:d6:79:a4:b3:83:da:d4:
                    b1:b9:74:57:35:06:4e:4a:17:dd:53:2d:41:03:b3:
                    b1:75:1e:98:fc:45:d8:22:97:e8:ed:11:07:5c:23:
                    0c:6e:94:a3:25:d5:16:8d:f2:e0:8c:0f:d6:c0:6c:
                    25:7e:15:ac:f9:e6:76:f3:b6:b8:aa:a0:6f:3c:ad:
                    8f:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:89:09:7B:FF:13:32:E3:CC:BA:23:AD:B4:65:1D:A6:C7:29:78:2B
            X509v3 Authority Key Identifier:
                keyid:DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/sIkJe_8TMuPMuiOttGUdpscpeCs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.174.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:92:12:31:9f:78:0a:00:39:c1:a0:05:08:df:d3:04:6e:bf:
         76:33:2f:0a:d5:73:d6:d9:db:47:5d:ed:84:b0:0a:b2:e8:2d:
         a7:15:2f:ac:a4:80:18:8f:1d:0c:d0:e7:da:26:22:70:91:34:
         37:81:fc:84:48:df:c7:63:4c:7f:49:0c:15:2e:d7:d9:88:0d:
         5f:47:30:0c:c5:4d:79:43:dc:49:f2:ec:c5:70:17:6a:b0:1d:
         a1:8e:93:85:94:f9:f9:e3:ea:55:4d:80:ec:99:37:49:87:5a:
         a3:fe:e5:1b:01:b1:c3:e6:59:07:fc:a4:7f:5f:82:8e:97:bd:
         72:56:96:3f:38:6d:fb:6b:ed:47:15:ee:0f:b4:f6:98:fe:1f:
         47:7d:4a:73:ab:11:33:a4:16:2f:f7:ca:a6:d6:86:78:08:08:
         7c:d7:5f:b2:67:c9:54:d3:42:44:3d:d8:21:e8:c7:d9:6a:d7:
         29:f5:b1:2c:1a:a3:ac:1a:bd:dd:4c:30:6e:b1:ab:40:2c:f6:
         68:42:aa:70:cc:d7:aa:d0:cb:4e:fa:9e:cf:ca:98:4b:12:43:
         54:17:49:3d:75:b3:2b:24:18:7c:be:ec:7f:4b:b4:a4:8c:3d:
         7c:01:5a:d8:ec:81:d4:c7:7b:49:9e:5b:ba:b9:de:49:5d:e2:
         50:49:50:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTnFN07475u3Tf9VhVlETMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZWY1OGQ0Y2ZhMzU1NDNmODQ4OGEyNzU2ZTY5MjRlNjQ3
YjQ1ODkwHhcNMjQwMTAyMDgzMzMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDg5MDk3YmZmMTMzMmUzY2NiYTIzYWRiNDY1MWRhNmM3Mjk3ODJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkXe2bqiwMRyhivIXKMtv8ulJ7WWC
FVTbMaogQRWrpPLOubYEEn9JiTeiN4IJhS2mHbvwwNfSZENNMg32CJiWPV650U6I
5+bhzu9vUNjdeDhKXMyM4emRilgf6oIuI4jGeee4ysZkIT1vyjEJ/i/cHV03yF6U
Y3n5PX08IOqg6BGR4S92Hk3hoPHrdaCpa5tNQRriAnEjrBZxONc0JVlkh4u79Kw0
iwBPL10IGQdsU8DgANol5xA2utiqhtZ5pLOD2tSxuXRXNQZOShfdUy1BA7OxdR6Y
/EXYIpfo7REHXCMMbpSjJdUWjfLgjA/WwGwlfhWs+eZ287a4qqBvPK2PowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLCJCXv/EzLjzLojrbRlHabHKXgrMB8GA1UdIwQY
MBaAFNzvWNTPo1VD+EiKJ1bmkk5ke0WJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMt
MmVjZTA0ZTE4NWMyLzEvc0lrSmVfOFRNdVBNdWlPdHRHVWRwc2NwZUNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMtMmVjZTA0ZTE4NWMy
LzEvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXa6kMA0G
CSqGSIb3DQEBCwUAA4IBAQBskhIxn3gKADnBoAUI39MEbr92My8K1XPW2dtHXe2E
sAqy6C2nFS+spIAYjx0M0OfaJiJwkTQ3gfyESN/HY0x/SQwVLtfZiA1fRzAMxU15
Q9xJ8uzFcBdqsB2hjpOFlPn54+pVTYDsmTdJh1qj/uUbAbHD5lkH/KR/X4KOl71y
VpY/OG37a+1HFe4PtPaY/h9HfUpzqxEzpBYv98qm1oZ4CAh811+yZ8lU00JEPdgh
6MfZatcp9bEsGqOsGr3dTDBusatALPZoQqpwzNeq0MtO+p7PyphLEkNUF0k9dbMr
JBh8vux/S7SkjD18AVrY7IHUx3tJnlu6ud5JXeJQSVDW
-----END CERTIFICATE-----