Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/ZxR5d9lUvxqK9xB6Po07uSNsHtE.roa
File:                     ZxR5d9lUvxqK9xB6Po07uSNsHtE.roa (raw, json)
Hash identifier:          fgxhdQDxGBbFfxSeIFE1Y7ujs5uDdMlFovowN7rcvGw=
Subject key identifier:   67:14:79:77:D9:54:BF:1A:8A:F7:10:7A:3E:8D:3B:B9:23:6C:1E:D1
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       018CEE2A073622BFFDB112195829BE636B20
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/ZxR5d9lUvxqK9xB6Po07uSNsHtE.roa
Signing time:             Tue 09 Jan 2024 12:19:40 +0000
ROA not before:           Tue 09 Jan 2024 12:19:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49608
IP address blocks:        93.113.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ee:2a:07:36:22:bf:fd:b1:12:19:58:29:be:63:6b:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jan  9 12:19:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67147977d954bf1a8af7107a3e8d3bb9236c1ed1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:20:92:2c:ca:cb:be:e3:e8:2c:27:74:e4:e2:
                    5c:ac:ac:50:73:1c:a2:b3:bd:69:c2:6b:dd:0d:c3:
                    d5:e9:d7:04:c1:9d:f0:f3:de:9f:4a:64:60:c1:3e:
                    f3:3e:50:8a:cd:5a:3f:b5:5b:fe:92:aa:a1:9d:33:
                    53:b0:2d:84:b0:5d:03:5f:61:8b:44:7a:39:31:17:
                    ce:1c:a5:b6:82:01:ad:85:d1:4c:b9:8a:b4:cc:c6:
                    a4:7b:cc:ca:c0:d1:a8:c3:c9:d1:27:69:b9:17:8e:
                    13:4f:8b:cf:b5:f4:59:17:48:2d:3b:02:e1:63:27:
                    42:aa:e8:0b:89:a0:ab:52:ba:e6:ad:00:40:72:a8:
                    9e:ac:fe:00:ea:a2:51:10:b3:70:fb:c5:bf:cd:a0:
                    90:a5:6c:49:ee:f7:fd:6b:68:3e:8a:91:69:c2:d4:
                    92:95:e1:68:10:ae:c1:d4:d8:1c:cc:16:f5:22:fb:
                    ce:60:e1:6d:8c:13:f6:b1:85:03:47:0e:e6:31:77:
                    2b:aa:fd:b1:28:c7:33:c5:6a:9c:0c:be:ed:fd:01:
                    d3:cb:b8:64:71:07:7f:b8:cd:5b:7d:62:a8:7b:e8:
                    ce:f9:a1:31:cb:87:ef:95:b5:2d:40:77:1b:0c:20:
                    5f:01:df:ee:bd:7f:d1:aa:41:c8:19:42:24:fd:5c:
                    35:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:14:79:77:D9:54:BF:1A:8A:F7:10:7A:3E:8D:3B:B9:23:6C:1E:D1
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/ZxR5d9lUvxqK9xB6Po07uSNsHtE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.113.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:a7:be:b2:8e:c8:4a:c9:d0:72:e3:d5:c2:76:4f:6b:c1:d0:
         fc:66:ad:2c:bd:eb:49:db:3a:94:78:1d:e6:3a:ad:db:ac:a3:
         db:6e:42:1b:32:da:9e:0f:4b:11:ee:26:4d:aa:44:d5:71:54:
         93:1a:09:32:3e:d4:2c:23:10:3a:c8:05:88:71:3f:d0:88:e7:
         83:3f:aa:df:8a:ea:32:ce:b1:0c:63:72:ba:71:fa:84:d9:63:
         d3:7e:9c:97:32:2d:7d:bc:37:d8:1d:65:e1:75:14:f6:3e:8d:
         e9:98:81:94:06:03:b1:ca:5f:c4:76:76:5a:91:e5:a0:0d:cc:
         d8:6e:59:d1:11:a7:e8:57:f5:23:63:e5:35:1f:dd:19:bd:d8:
         f1:8a:34:f4:2d:51:e3:65:d2:77:2e:8e:1f:ed:f1:61:57:c5:
         97:89:e4:8f:7b:dd:f8:9c:46:64:d2:a9:90:20:87:4a:52:e1:
         11:04:56:d1:03:ca:3a:c0:8f:be:95:f4:ae:0c:08:f7:64:5c:
         57:99:3f:d0:26:9c:ca:84:6a:69:b1:65:fb:c6:cc:84:42:e5:
         9a:f9:97:41:16:a8:94:b6:8d:ca:ba:39:3e:31:1c:6b:0c:99:
         df:57:b0:f8:09:2c:44:ac:5f:35:3f:24:4b:f5:66:8b:48:bc:
         ae:f2:28:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzuKgc2Ir/9sRIZWCm+Y2sgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjQwMTA5MTIxOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzE0Nzk3N2Q5NTRiZjFhOGFmNzEwN2EzZThkM2JiOTIzNmMxZWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyCSLMrLvuPoLCd05OJcrKxQcxyi
s71pwmvdDcPV6dcEwZ3w896fSmRgwT7zPlCKzVo/tVv+kqqhnTNTsC2EsF0DX2GL
RHo5MRfOHKW2ggGthdFMuYq0zMake8zKwNGow8nRJ2m5F44TT4vPtfRZF0gtOwLh
YydCqugLiaCrUrrmrQBAcqierP4A6qJRELNw+8W/zaCQpWxJ7vf9a2g+ipFpwtSS
leFoEK7B1NgczBb1IvvOYOFtjBP2sYUDRw7mMXcrqv2xKMczxWqcDL7t/QHTy7hk
cQd/uM1bfWKoe+jO+aExy4fvlbUtQHcbDCBfAd/uvX/RqkHIGUIk/Vw1dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGcUeXfZVL8aivcQej6NO7kjbB7RMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvWnhSNWQ5bFV2eHFLOXhCNlBvMDd1U05zSHRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXXGxMA0G
CSqGSIb3DQEBCwUAA4IBAQAgp76yjshKydBy49XCdk9rwdD8Zq0svetJ2zqUeB3m
Oq3brKPbbkIbMtqeD0sR7iZNqkTVcVSTGgkyPtQsIxA6yAWIcT/QiOeDP6rfiuoy
zrEMY3K6cfqE2WPTfpyXMi19vDfYHWXhdRT2Po3pmIGUBgOxyl/EdnZakeWgDczY
blnREafoV/UjY+U1H90ZvdjxijT0LVHjZdJ3Lo4f7fFhV8WXieSPe934nEZk0qmQ
IIdKUuERBFbRA8o6wI++lfSuDAj3ZFxXmT/QJpzKhGppsWX7xsyEQuWa+ZdBFqiU
to3Kujk+MRxrDJnfV7D4CSxErF81PyRL9WaLSLyu8iib
-----END CERTIFICATE-----