Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/979296-ef7a-4bac-8c15-67771359a2b3/1/Wr8EOmHckxzTGd0Aamj6K9DADdU.roa
File:                     Wr8EOmHckxzTGd0Aamj6K9DADdU.roa (raw, json)
Hash identifier:          OPshObN2z5FsqJnygnFeWGUMJE0uYykW0pM3DUOjmQQ=
Subject key identifier:   5A:BF:04:3A:61:DC:93:1C:D3:19:DD:00:6A:68:FA:2B:D0:C0:0D:D5
Certificate issuer:       /CN=20c5ee02d2e05861dd906fe06b3844f04d378c73
Certificate serial:       0194258F43B3F1810C2F7275728CE2C00E55
Authority key identifier: 20:C5:EE:02:D2:E0:58:61:DD:90:6F:E0:6B:38:44:F0:4D:37:8C:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IMXuAtLgWGHdkG_gazhE8E03jHM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/979296-ef7a-4bac-8c15-67771359a2b3/1/Wr8EOmHckxzTGd0Aamj6K9DADdU.roa
Signing time:             Thu 02 Jan 2025 05:48:53 +0000
ROA not before:           Thu 02 Jan 2025 05:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12406
IP address blocks:        93.177.124.0/24 maxlen: 24
                          185.179.82.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/979296-ef7a-4bac-8c15-67771359a2b3/1/IMXuAtLgWGHdkG_gazhE8E03jHM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/979296-ef7a-4bac-8c15-67771359a2b3/1/IMXuAtLgWGHdkG_gazhE8E03jHM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IMXuAtLgWGHdkG_gazhE8E03jHM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:43:b3:f1:81:0c:2f:72:75:72:8c:e2:c0:0e:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20c5ee02d2e05861dd906fe06b3844f04d378c73
        Validity
            Not Before: Jan  2 05:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5abf043a61dc931cd319dd006a68fa2bd0c00dd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:f6:bd:b2:3d:33:b7:85:4a:03:9e:77:58:35:
                    8a:1f:fe:d8:71:b4:95:dc:ab:5f:50:d9:58:20:02:
                    31:8e:bc:cf:b7:96:b0:8d:1d:b6:68:bd:61:1a:d1:
                    b1:cf:9e:72:c1:f5:b0:29:df:5f:e6:20:3c:51:f5:
                    f0:0e:a6:46:7f:81:6d:fe:a2:51:4c:13:2d:9a:5f:
                    c8:02:a1:d3:b6:36:ec:90:b9:05:85:1b:94:45:4f:
                    22:29:5e:0b:e5:49:52:b6:3f:b3:b5:c4:b5:e2:11:
                    32:3d:c8:fa:39:74:a9:a0:bc:d7:d6:19:63:46:da:
                    24:e4:ee:6d:7d:2f:bd:e2:f9:bf:16:fc:f8:f2:0e:
                    e4:05:30:b4:73:a1:4c:8a:3d:88:31:19:1f:f0:2c:
                    a8:18:9f:c0:fa:38:33:c0:22:8a:37:f2:e4:85:56:
                    0e:8f:75:12:1f:e2:87:02:6a:75:fa:be:a0:d6:c7:
                    8d:35:05:07:0c:6b:f1:9d:e7:57:c3:e7:8a:78:d7:
                    ca:b4:b4:fb:61:e3:17:c4:72:2c:c1:1a:a7:ff:16:
                    cd:eb:71:32:5a:6d:b2:1a:b9:5a:68:44:88:3d:7d:
                    4c:85:0c:ba:fb:56:83:9a:c2:ca:7c:c4:2a:6a:54:
                    71:c7:3a:0d:38:98:39:a9:4f:e2:07:2a:cd:7a:5f:
                    99:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:BF:04:3A:61:DC:93:1C:D3:19:DD:00:6A:68:FA:2B:D0:C0:0D:D5
            X509v3 Authority Key Identifier:
                keyid:20:C5:EE:02:D2:E0:58:61:DD:90:6F:E0:6B:38:44:F0:4D:37:8C:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IMXuAtLgWGHdkG_gazhE8E03jHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/979296-ef7a-4bac-8c15-67771359a2b3/1/Wr8EOmHckxzTGd0Aamj6K9DADdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/979296-ef7a-4bac-8c15-67771359a2b3/1/IMXuAtLgWGHdkG_gazhE8E03jHM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.177.124.0/24
                  185.179.82.0/23

    Signature Algorithm: sha256WithRSAEncryption
         79:d8:b5:eb:41:e2:52:1e:53:a0:71:9f:3d:b9:39:54:52:22:
         9b:98:78:74:11:a5:1e:c7:e6:24:32:b9:15:44:45:3a:6d:c7:
         15:97:2e:76:99:d4:19:5c:ec:51:58:61:ec:8d:1b:5d:29:01:
         0e:e9:92:a2:da:41:55:76:2b:74:0f:b9:6c:ca:63:b8:7f:67:
         20:22:32:ad:11:8e:39:28:9a:6b:85:23:2b:83:11:08:5a:5d:
         99:74:ec:f5:2d:85:e1:35:b3:85:2c:bc:a2:7e:bc:4d:56:bb:
         a6:b6:0a:28:4d:0d:3e:64:47:aa:4c:51:8a:00:bf:75:1b:97:
         2b:89:e5:b6:60:b2:97:c3:22:8d:2e:6d:de:84:03:83:f0:6a:
         44:d3:08:12:96:d3:f2:ac:ba:eb:f3:bc:7f:40:27:02:15:6c:
         d4:83:01:14:82:d7:78:ac:77:57:90:7f:ec:7f:c8:ab:e0:ee:
         2b:cf:17:a3:34:c9:f9:c3:64:63:92:74:bb:56:a9:6e:7a:88:
         07:bd:a9:b9:15:cf:33:bc:bf:9e:49:cf:9e:1a:46:36:6c:bf:
         3d:2f:50:17:1a:13:03:a7:4f:2e:eb:6d:16:79:a3:52:28:c5:
         36:8b:bf:d2:b0:96:de:2a:6d:44:d5:79:54:44:8e:95:09:0c:
         1f:eb:f3:a0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQlj0Oz8YEML3J1coziwA5VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwYzVlZTAyZDJlMDU4NjFkZDkwNmZlMDZiMzg0NGYwNGQz
NzhjNzMwHhcNMjUwMTAyMDU0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWJmMDQzYTYxZGM5MzFjZDMxOWRkMDA2YTY4ZmEyYmQwYzAwZGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyPa9sj0zt4VKA553WDWKH/7YcbSV
3KtfUNlYIAIxjrzPt5awjR22aL1hGtGxz55ywfWwKd9f5iA8UfXwDqZGf4Ft/qJR
TBMtml/IAqHTtjbskLkFhRuURU8iKV4L5UlStj+ztcS14hEyPcj6OXSpoLzX1hlj
Rtok5O5tfS+94vm/Fvz48g7kBTC0c6FMij2IMRkf8CyoGJ/A+jgzwCKKN/LkhVYO
j3USH+KHAmp1+r6g1seNNQUHDGvxnedXw+eKeNfKtLT7YeMXxHIswRqn/xbN63Ey
Wm2yGrlaaESIPX1MhQy6+1aDmsLKfMQqalRxxzoNOJg5qU/iByrNel+ZZQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFq/BDph3JMc0xndAGpo+ivQwA3VMB8GA1UdIwQY
MBaAFCDF7gLS4Fhh3ZBv4Gs4RPBNN4xzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU1YdUF0TGdXR0hka0dfZ2F6aEU4RTAzakhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC85NzkyOTYtZWY3YS00YmFjLThjMTUt
Njc3NzEzNTlhMmIzLzEvV3I4RU9tSGNreHpUR2QwQWFtajZLOURBRGRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC85NzkyOTYtZWY3YS00YmFjLThjMTUtNjc3NzEzNTlhMmIz
LzEvSU1YdUF0TGdXR0hka0dfZ2F6aEU4RTAzakhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXbF8AwQB
ubNSMA0GCSqGSIb3DQEBCwUAA4IBAQB52LXrQeJSHlOgcZ89uTlUUiKbmHh0EaUe
x+YkMrkVREU6bccVly52mdQZXOxRWGHsjRtdKQEO6ZKi2kFVdit0D7lsymO4f2cg
IjKtEY45KJprhSMrgxEIWl2ZdOz1LYXhNbOFLLyifrxNVrumtgooTQ0+ZEeqTFGK
AL91G5crieW2YLKXwyKNLm3ehAOD8GpE0wgSltPyrLrr87x/QCcCFWzUgwEUgtd4
rHdXkH/sf8ir4O4rzxejNMn5w2RjknS7VqlueogHvam5Fc8zvL+eSc+eGkY2bL89
L1AXGhMDp08u620WeaNSKMU2i7/SsJbeKm1E1XlURI6VCQwf6/Og
-----END CERTIFICATE-----