Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/7ed7b1-b8f3-43f3-96e3-1dc54d1c03a3/1/0uxvcqE3rm6jNe_RFhBrZB2RZGc.roa
File:                     0uxvcqE3rm6jNe_RFhBrZB2RZGc.roa (raw, json)
Hash identifier:          cUzeUYCfkUnNbMQsdt6lgTKqGSGrebFChDr4YcCpi3w=
Subject key identifier:   D2:EC:6F:72:A1:37:AE:6E:A3:35:EF:D1:16:10:6B:64:1D:91:64:67
Certificate issuer:       /CN=4c3789ecf67e04298c5ee44c67d8fb7f5d6d95a1
Certificate serial:       018CC9BCF0213A589F3F13512D73CDA195C6
Authority key identifier: 4C:37:89:EC:F6:7E:04:29:8C:5E:E4:4C:67:D8:FB:7F:5D:6D:95:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TDeJ7PZ-BCmMXuRMZ9j7f11tlaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/7ed7b1-b8f3-43f3-96e3-1dc54d1c03a3/1/0uxvcqE3rm6jNe_RFhBrZB2RZGc.roa
Signing time:             Tue 02 Jan 2024 10:34:11 +0000
ROA not before:           Tue 02 Jan 2024 10:34:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35530
IP address blocks:        93.126.64.0/18 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/7ed7b1-b8f3-43f3-96e3-1dc54d1c03a3/1/TDeJ7PZ-BCmMXuRMZ9j7f11tlaE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/7ed7b1-b8f3-43f3-96e3-1dc54d1c03a3/1/TDeJ7PZ-BCmMXuRMZ9j7f11tlaE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TDeJ7PZ-BCmMXuRMZ9j7f11tlaE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:f0:21:3a:58:9f:3f:13:51:2d:73:cd:a1:95:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c3789ecf67e04298c5ee44c67d8fb7f5d6d95a1
        Validity
            Not Before: Jan  2 10:34:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d2ec6f72a137ae6ea335efd116106b641d916467
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:e9:1a:3f:da:09:cf:e8:f3:8e:06:df:83:05:
                    bd:db:e5:d3:70:fe:37:d4:6a:7d:66:68:44:e4:f3:
                    fc:67:f0:29:ab:f3:6c:88:34:1d:a8:3d:8e:ff:a9:
                    60:fa:f3:21:1a:47:23:6a:6b:80:e7:6d:25:e7:e1:
                    d6:5a:9f:e3:18:78:0a:8c:e2:52:d0:64:d9:99:c0:
                    37:99:f4:f1:a5:1d:3e:39:0a:b1:ef:ad:af:ab:c0:
                    4b:37:b0:5f:24:66:a2:eb:e3:5f:5c:03:7f:ed:47:
                    56:df:04:24:2d:2a:a1:b7:1b:7a:62:60:20:0a:66:
                    96:3c:54:26:e7:57:93:4d:2f:11:27:74:b3:aa:00:
                    65:5a:55:1b:ed:41:ad:06:2f:40:db:f0:44:85:75:
                    32:aa:5d:32:a3:0e:01:09:c6:5f:db:45:24:80:81:
                    6c:f5:81:5f:45:fb:ee:e5:03:fb:7d:f7:a9:88:07:
                    9c:87:19:c3:14:aa:64:18:6d:6d:07:d3:0f:db:b3:
                    d5:0f:f4:19:6e:e5:13:65:25:87:b5:df:56:f4:18:
                    9d:0c:da:26:2c:51:0e:94:6c:4a:f2:84:a2:aa:04:
                    3f:a7:5a:1c:f7:8a:04:fd:68:9a:c0:40:82:61:e3:
                    ef:7f:c2:46:20:f0:b7:ed:94:33:0f:ca:34:10:74:
                    51:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:EC:6F:72:A1:37:AE:6E:A3:35:EF:D1:16:10:6B:64:1D:91:64:67
            X509v3 Authority Key Identifier:
                keyid:4C:37:89:EC:F6:7E:04:29:8C:5E:E4:4C:67:D8:FB:7F:5D:6D:95:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TDeJ7PZ-BCmMXuRMZ9j7f11tlaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/7ed7b1-b8f3-43f3-96e3-1dc54d1c03a3/1/0uxvcqE3rm6jNe_RFhBrZB2RZGc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/7ed7b1-b8f3-43f3-96e3-1dc54d1c03a3/1/TDeJ7PZ-BCmMXuRMZ9j7f11tlaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.126.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         67:a4:8f:dd:dd:62:8d:f3:ff:d6:36:b8:c0:2f:a8:fe:f2:d7:
         ae:2c:b9:ac:63:f7:50:e1:80:15:f6:97:97:6a:b8:19:2b:2b:
         33:0d:c3:08:55:ea:6f:46:d1:c6:11:fe:d4:d1:13:cd:f7:c3:
         8c:02:4a:7d:f2:63:78:7d:58:9c:55:3b:bc:4d:0c:7a:65:07:
         32:73:e5:d3:ce:37:4d:74:fc:96:40:cc:a4:35:d5:59:40:90:
         e5:d5:fb:07:f7:11:02:f9:fc:b0:36:0c:22:55:96:21:21:9a:
         9e:b1:71:cf:e6:bc:4f:ed:c2:4a:f4:7b:6b:4c:69:72:77:c5:
         89:9c:e3:11:87:4b:02:b2:f9:03:24:38:55:38:f4:01:0d:9e:
         dc:ed:1b:61:e7:a0:14:b8:fc:9c:31:f4:45:c0:a8:84:dc:f4:
         77:b1:bd:1e:6e:0f:a7:43:4c:cf:7d:64:2f:a9:5f:ad:08:a2:
         2f:9f:aa:8a:a8:6e:53:84:48:ba:27:2e:f7:eb:65:5c:eb:42:
         fb:c7:25:6f:d3:ca:a4:4d:de:e1:11:4c:57:94:87:7a:55:54:
         fc:c5:fb:cb:ef:b4:5c:9e:11:83:80:f0:a2:41:c5:89:41:86:
         95:1f:89:9a:e2:d9:37:85:b7:ca:dc:87:78:9b:e5:ef:72:9c:
         2c:8a:fa:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvPAhOlifPxNRLXPNoZXGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjMzc4OWVjZjY3ZTA0Mjk4YzVlZTQ0YzY3ZDhmYjdmNWQ2
ZDk1YTEwHhcNMjQwMTAyMTAzNDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmVjNmY3MmExMzdhZTZlYTMzNWVmZDExNjEwNmI2NDFkOTE2NDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+kaP9oJz+jzjgbfgwW92+XTcP43
1Gp9ZmhE5PP8Z/Apq/NsiDQdqD2O/6lg+vMhGkcjamuA520l5+HWWp/jGHgKjOJS
0GTZmcA3mfTxpR0+OQqx762vq8BLN7BfJGai6+NfXAN/7UdW3wQkLSqhtxt6YmAg
CmaWPFQm51eTTS8RJ3SzqgBlWlUb7UGtBi9A2/BEhXUyql0yow4BCcZf20UkgIFs
9YFfRfvu5QP7ffepiAechxnDFKpkGG1tB9MP27PVD/QZbuUTZSWHtd9W9BidDNom
LFEOlGxK8oSiqgQ/p1oc94oE/WiawECCYePvf8JGIPC37ZQzD8o0EHRR6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNLsb3KhN65uozXv0RYQa2QdkWRnMB8GA1UdIwQY
MBaAFEw3iez2fgQpjF7kTGfY+39dbZWhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVERlSjdQWi1CQ21NWHVSTVo5ajdmMTF0bGFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC83ZWQ3YjEtYjhmMy00M2YzLTk2ZTMt
MWRjNTRkMWMwM2EzLzEvMHV4dmNxRTNybTZqTmVfUkZoQnJaQjJSWkdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC83ZWQ3YjEtYjhmMy00M2YzLTk2ZTMtMWRjNTRkMWMwM2Ez
LzEvVERlSjdQWi1CQ21NWHVSTVo5ajdmMTF0bGFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQGXX5AMA0G
CSqGSIb3DQEBCwUAA4IBAQBnpI/d3WKN8//WNrjAL6j+8teuLLmsY/dQ4YAV9peX
argZKyszDcMIVepvRtHGEf7U0RPN98OMAkp98mN4fVicVTu8TQx6ZQcyc+XTzjdN
dPyWQMykNdVZQJDl1fsH9xEC+fywNgwiVZYhIZqesXHP5rxP7cJK9HtrTGlyd8WJ
nOMRh0sCsvkDJDhVOPQBDZ7c7Rth56AUuPycMfRFwKiE3PR3sb0ebg+nQ0zPfWQv
qV+tCKIvn6qKqG5ThEi6Jy7362Vc60L7xyVv08qkTd7hEUxXlId6VVT8xfvL77Rc
nhGDgPCiQcWJQYaVH4ma4tk3hbfK3Id4m+Xvcpwsivqm
-----END CERTIFICATE-----