Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/jknt15rw120miyLAbd6G3QLL1wM.roa
File:                     jknt15rw120miyLAbd6G3QLL1wM.roa (raw, json)
Hash identifier:          w4lnfnj2ypCVD8OwkcFQ3q+RWcDkNb9OXouDKPfT4+Y=
Subject key identifier:   8E:49:ED:D7:9A:F0:D7:6D:26:8B:22:C0:6D:DE:86:DD:02:CB:D7:03
Certificate issuer:       /CN=954a2aee086174b01272fae779ad431eb092aeb7
Certificate serial:       018CC8DE2C446FFA0C691AF105D57FAFB52F
Authority key identifier: 95:4A:2A:EE:08:61:74:B0:12:72:FA:E7:79:AD:43:1E:B0:92:AE:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lUoq7ghhdLAScvrnea1DHrCSrrc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/jknt15rw120miyLAbd6G3QLL1wM.roa
Signing time:             Tue 02 Jan 2024 06:30:52 +0000
ROA not before:           Tue 02 Jan 2024 06:30:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44922
IP address blocks:        93.89.31.0/24 maxlen: 24
                          2a03:400::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/lUoq7ghhdLAScvrnea1DHrCSrrc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/lUoq7ghhdLAScvrnea1DHrCSrrc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lUoq7ghhdLAScvrnea1DHrCSrrc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:2c:44:6f:fa:0c:69:1a:f1:05:d5:7f:af:b5:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=954a2aee086174b01272fae779ad431eb092aeb7
        Validity
            Not Before: Jan  2 06:30:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e49edd79af0d76d268b22c06dde86dd02cbd703
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:91:29:09:94:f2:7b:dc:a7:fd:c2:fb:82:cc:
                    7a:2a:db:ee:ff:ca:8e:7f:e6:61:5b:75:f5:a8:4b:
                    81:73:53:c9:2e:5d:01:7b:f0:29:8f:72:53:71:5f:
                    de:b4:a6:6f:2c:c1:9c:32:5b:20:e3:62:01:f5:67:
                    4a:d4:38:51:e1:e9:cf:d3:6b:06:3c:54:fe:d4:0e:
                    91:4e:0f:0e:25:04:dc:ae:ab:a7:95:ff:96:8d:ae:
                    43:a7:ec:95:fe:dd:6f:d1:fc:2f:3d:a8:ae:3b:91:
                    88:81:4c:c1:a9:83:6c:b3:7b:fe:53:50:fc:b8:ba:
                    2a:e8:24:85:41:cd:05:6d:ac:51:62:2f:02:0b:8a:
                    d9:96:3f:80:59:6e:13:6c:8a:4a:39:23:cc:fc:bf:
                    16:64:b0:03:00:a2:ea:a9:cd:24:75:41:27:c4:bc:
                    03:34:77:0c:4f:5e:04:df:87:8b:87:7c:45:94:43:
                    47:79:d4:dd:72:5d:20:a9:c2:35:1d:3f:aa:8f:c3:
                    5c:4d:8f:7f:4a:25:cc:f6:4a:4a:75:54:ad:b1:6c:
                    b7:8e:b6:9b:22:42:b9:31:52:8d:a8:f6:2e:9b:2a:
                    5f:eb:88:8c:82:aa:33:3b:8c:c3:17:69:27:8c:90:
                    3b:05:72:0e:19:ed:99:b8:0f:4f:36:43:cc:13:6f:
                    bd:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:49:ED:D7:9A:F0:D7:6D:26:8B:22:C0:6D:DE:86:DD:02:CB:D7:03
            X509v3 Authority Key Identifier:
                keyid:95:4A:2A:EE:08:61:74:B0:12:72:FA:E7:79:AD:43:1E:B0:92:AE:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lUoq7ghhdLAScvrnea1DHrCSrrc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/jknt15rw120miyLAbd6G3QLL1wM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/lUoq7ghhdLAScvrnea1DHrCSrrc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.89.31.0/24
                IPv6:
                  2a03:400::/32

    Signature Algorithm: sha256WithRSAEncryption
         ed:d9:57:80:4c:c5:82:0d:9a:19:0c:b6:c6:23:b5:42:0c:67:
         c5:2b:d3:26:7e:6c:aa:c4:19:66:86:1f:b5:85:90:aa:68:9a:
         7f:f5:fe:51:ef:6e:47:83:0f:ee:0e:1b:9f:b0:03:9b:d9:ca:
         6c:54:56:f5:be:31:c8:0e:7d:49:0c:0b:84:f3:6f:62:5a:7b:
         a6:0c:93:74:4e:c3:59:69:21:c5:a4:a1:e6:b6:4f:cc:ab:4d:
         f7:f0:4e:00:11:fb:1b:73:4b:23:39:be:33:82:b8:83:a1:5a:
         5c:b5:53:6d:67:12:62:9e:8b:14:01:45:94:29:90:68:8d:e9:
         32:6c:85:d1:a4:fe:6f:34:67:31:9b:9c:e0:bd:d1:55:0d:63:
         ee:3c:96:2c:3e:8e:9c:59:c2:e6:20:ea:5d:84:98:e2:19:6c:
         78:b6:18:07:2f:d8:4b:87:d1:4c:32:85:51:c7:45:a8:ac:29:
         4c:8c:f4:9a:06:4e:c2:92:a5:28:75:fe:dc:b3:3a:a9:54:67:
         e3:ee:01:da:66:25:1e:5b:85:d3:13:fe:78:20:47:a9:10:b9:
         72:84:70:6d:fb:6f:82:b4:0f:69:31:15:15:1a:de:c6:34:61:
         59:51:4c:f2:08:50:5d:c3:6f:98:ba:f4:c1:6e:75:e2:82:6b:
         ce:9c:03:24
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3ixEb/oMaRrxBdV/r7UvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1NGEyYWVlMDg2MTc0YjAxMjcyZmFlNzc5YWQ0MzFlYjA5
MmFlYjcwHhcNMjQwMTAyMDYzMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTQ5ZWRkNzlhZjBkNzZkMjY4YjIyYzA2ZGRlODZkZDAyY2JkNzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAipEpCZTye9yn/cL7gsx6Ktvu/8qO
f+ZhW3X1qEuBc1PJLl0Be/Apj3JTcV/etKZvLMGcMlsg42IB9WdK1DhR4enP02sG
PFT+1A6RTg8OJQTcrqunlf+Wja5Dp+yV/t1v0fwvPaiuO5GIgUzBqYNss3v+U1D8
uLoq6CSFQc0FbaxRYi8CC4rZlj+AWW4TbIpKOSPM/L8WZLADAKLqqc0kdUEnxLwD
NHcMT14E34eLh3xFlENHedTdcl0gqcI1HT+qj8NcTY9/SiXM9kpKdVStsWy3jrab
IkK5MVKNqPYumypf64iMgqozO4zDF2knjJA7BXIOGe2ZuA9PNkPME2+9uwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFI5J7dea8NdtJosiwG3eht0Cy9cDMB8GA1UdIwQY
MBaAFJVKKu4IYXSwEnL653mtQx6wkq63MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFVvcTdnaGhkTEFTY3ZybmVhMURIckNTcnJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS8yMzUzOTYtMGU0Mi00Mzc3LTg1NWEt
NDU2NWYwNGY4ZDg1LzEvamtudDE1cncxMjBtaXlMQWJkNkczUUxMMXdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS8yMzUzOTYtMGU0Mi00Mzc3LTg1NWEtNDU2NWYwNGY4ZDg1
LzEvbFVvcTdnaGhkTEFTY3ZybmVhMURIckNTcnJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAXVkfMA0E
AgACMAcDBQAqAwQAMA0GCSqGSIb3DQEBCwUAA4IBAQDt2VeATMWCDZoZDLbGI7VC
DGfFK9MmfmyqxBlmhh+1hZCqaJp/9f5R725Hgw/uDhufsAOb2cpsVFb1vjHIDn1J
DAuE829iWnumDJN0TsNZaSHFpKHmtk/Mq0338E4AEfsbc0sjOb4zgriDoVpctVNt
ZxJinosUAUWUKZBojekybIXRpP5vNGcxm5zgvdFVDWPuPJYsPo6cWcLmIOpdhJji
GWx4thgHL9hLh9FMMoVRx0WorClMjPSaBk7CkqUodf7cszqpVGfj7gHaZiUeW4XT
E/54IEepELlyhHBt+2+CtA9pMRUVGt7GNGFZUUzyCFBdw2+YuvTBbnXigmvOnAMk
-----END CERTIFICATE-----