Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/iw_NoQr-4Zpqb1BQJiqjYWIyzAQ.roa
File:                     iw_NoQr-4Zpqb1BQJiqjYWIyzAQ.roa (raw, json)
Hash identifier:          ZwHWG6KrQHF+84kJtMaK0eTr4wmJ3UG8+nG5YiIQDc0=
Subject key identifier:   8B:0F:CD:A1:0A:FE:E1:9A:6A:6F:50:50:26:2A:A3:61:62:32:CC:04
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       018CC26D276BB152F0C923DBD7BFC74D94AA
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/iw_NoQr-4Zpqb1BQJiqjYWIyzAQ.roa
Signing time:             Mon 01 Jan 2024 00:29:42 +0000
ROA not before:           Mon 01 Jan 2024 00:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56913
IP address blocks:        93.113.177.0/24 maxlen: 24
                          93.113.178.0/24 maxlen: 24
                          93.113.179.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:27:6b:b1:52:f0:c9:23:db:d7:bf:c7:4d:94:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jan  1 00:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b0fcda10afee19a6a6f5050262aa3616232cc04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:07:bc:8d:74:cc:be:81:8e:46:f2:4d:74:2b:
                    05:75:2c:fd:45:97:18:26:cc:bd:15:ca:a1:07:8b:
                    a4:22:41:56:b3:db:4f:53:b9:f1:7d:d4:e7:e7:6a:
                    cd:c9:00:7c:1b:b3:80:bc:f0:04:42:35:49:50:a5:
                    0a:57:f5:17:7f:6e:bd:09:a5:b0:2d:3a:fc:3c:35:
                    04:0b:e6:ee:0e:cf:d4:e2:98:89:02:2e:44:74:d3:
                    74:4b:98:1b:47:33:f6:2a:ca:ae:46:9f:e0:ce:cc:
                    55:88:df:41:07:09:3e:30:ac:53:64:71:88:03:3a:
                    b3:c1:5d:dc:8a:af:9a:00:a8:a6:ff:7e:2a:27:33:
                    19:fa:dd:97:a1:68:23:38:99:82:cc:a7:d5:ab:80:
                    d7:81:35:37:f3:02:31:46:2a:3c:f7:90:81:a2:87:
                    2b:75:20:b3:2c:24:a2:3a:45:d1:c0:a5:b6:66:05:
                    d8:67:7b:44:ff:be:18:bc:f1:04:6a:d0:99:f7:e8:
                    bb:4a:92:5c:f7:b8:d6:82:7f:3b:4f:40:38:26:ce:
                    cc:c0:b9:88:cd:15:68:c2:2d:18:4d:1d:2d:3b:69:
                    d5:6c:e2:c8:c7:4f:08:6b:4e:09:b0:c5:3b:2c:9d:
                    02:e2:2a:67:d8:5a:94:fe:bf:16:58:88:7e:f5:d6:
                    ab:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:0F:CD:A1:0A:FE:E1:9A:6A:6F:50:50:26:2A:A3:61:62:32:CC:04
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/iw_NoQr-4Zpqb1BQJiqjYWIyzAQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.113.177.0-93.113.179.255

    Signature Algorithm: sha256WithRSAEncryption
         39:77:be:32:ee:d3:45:0a:d0:1a:17:90:e1:61:5f:ab:27:86:
         18:9d:9a:1c:b8:76:62:68:de:89:8a:1b:db:43:e0:19:33:9a:
         4e:71:01:bb:c2:2b:a1:4c:d2:c0:db:67:89:25:98:83:3e:aa:
         05:0d:87:fa:2a:8c:22:aa:80:98:4a:69:35:7f:73:89:36:e4:
         67:75:38:dd:d9:1a:9e:cc:d2:d2:5a:73:ff:e9:cd:bc:88:d9:
         ca:f6:49:ba:cf:38:de:a8:70:75:82:72:26:0c:a9:f8:3c:80:
         f0:06:b7:cb:dc:0d:7a:14:27:10:9f:54:66:16:6a:80:28:0d:
         df:19:1a:b6:9d:bd:ca:be:4d:a3:57:3c:e0:6f:73:26:4d:dd:
         38:1c:a3:c4:c6:6a:d7:76:da:48:64:47:91:b6:3b:10:f5:0f:
         05:90:e0:4c:62:b1:13:c3:0e:5c:e3:fa:dd:01:3d:6e:bd:26:
         f8:c9:15:2d:51:e4:f9:c4:12:63:6e:16:68:76:8b:b8:61:e4:
         c7:09:41:a7:81:39:7e:6d:8f:d8:ca:10:75:71:81:ae:29:8a:
         a4:09:a4:99:30:7e:51:ed:92:d2:ff:e5:b7:5e:17:e3:51:8c:
         02:5a:6b:09:a5:eb:f1:75:c2:ca:11:74:44:d7:62:2a:f0:44:
         8b:14:a4:5e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzCbSdrsVLwySPb17/HTZSqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjQwMTAxMDAyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjBmY2RhMTBhZmVlMTlhNmE2ZjUwNTAyNjJhYTM2MTYyMzJjYzA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiAe8jXTMvoGORvJNdCsFdSz9RZcY
Jsy9FcqhB4ukIkFWs9tPU7nxfdTn52rNyQB8G7OAvPAEQjVJUKUKV/UXf269CaWw
LTr8PDUEC+buDs/U4piJAi5EdNN0S5gbRzP2KsquRp/gzsxViN9BBwk+MKxTZHGI
AzqzwV3ciq+aAKim/34qJzMZ+t2XoWgjOJmCzKfVq4DXgTU38wIxRio895CBoocr
dSCzLCSiOkXRwKW2ZgXYZ3tE/74YvPEEatCZ9+i7SpJc97jWgn87T0A4Js7MwLmI
zRVowi0YTR0tO2nVbOLIx08Ia04JsMU7LJ0C4ipn2FqU/r8WWIh+9darAwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIsPzaEK/uGaam9QUCYqo2FiMswEMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvaXdfTm9Rci00WnBxYjFCUUppcWpZV0l5ekFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABdcbED
BAJdcbAwDQYJKoZIhvcNAQELBQADggEBADl3vjLu00UK0BoXkOFhX6snhhidmhy4
dmJo3omKG9tD4Bkzmk5xAbvCK6FM0sDbZ4klmIM+qgUNh/oqjCKqgJhKaTV/c4k2
5Gd1ON3ZGp7M0tJac//pzbyI2cr2SbrPON6ocHWCciYMqfg8gPAGt8vcDXoUJxCf
VGYWaoAoDd8ZGradvcq+TaNXPOBvcyZN3Tgco8TGatd22khkR5G2OxD1DwWQ4Exi
sRPDDlzj+t0BPW69JvjJFS1R5PnEEmNuFmh2i7hh5McJQaeBOX5tj9jKEHVxga4p
iqQJpJkwflHtktL/5bdeF+NRjAJaawml6/F1wsoRdETXYirwRIsUpF4=
-----END CERTIFICATE-----