Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/1b8f2a-0abd-4ffb-82f6-ef3bbb05655e/1/l0wAbULeVazPwYlU9T-Fs3m4VN0.roa
File:                     l0wAbULeVazPwYlU9T-Fs3m4VN0.roa (raw, json)
Hash identifier:          DZ6o3hO1cP2UGjoUI60lf4xxGDkyAXhO8s2og9CadCc=
Subject key identifier:   97:4C:00:6D:42:DE:55:AC:CF:C1:89:54:F5:3F:85:B3:79:B8:54:DD
Certificate issuer:       /CN=9b7d24416aa8a478b3ed36e2e65855d42259d9ee
Certificate serial:       019427B66C1F0ED1CC8EAF51D95F0F7E7C55
Authority key identifier: 9B:7D:24:41:6A:A8:A4:78:B3:ED:36:E2:E6:58:55:D4:22:59:D9:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m30kQWqopHiz7Tbi5lhV1CJZ2e4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/1b8f2a-0abd-4ffb-82f6-ef3bbb05655e/1/l0wAbULeVazPwYlU9T-Fs3m4VN0.roa
Signing time:             Thu 02 Jan 2025 15:50:54 +0000
ROA not before:           Thu 02 Jan 2025 15:50:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215996
IP address blocks:        93.189.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/1b8f2a-0abd-4ffb-82f6-ef3bbb05655e/1/m30kQWqopHiz7Tbi5lhV1CJZ2e4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/1b8f2a-0abd-4ffb-82f6-ef3bbb05655e/1/m30kQWqopHiz7Tbi5lhV1CJZ2e4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m30kQWqopHiz7Tbi5lhV1CJZ2e4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:6c:1f:0e:d1:cc:8e:af:51:d9:5f:0f:7e:7c:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b7d24416aa8a478b3ed36e2e65855d42259d9ee
        Validity
            Not Before: Jan  2 15:50:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=974c006d42de55accfc18954f53f85b379b854dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:d4:ae:0d:36:5d:2c:8a:e4:84:39:90:4f:06:
                    7e:e4:a4:92:e3:c5:f4:9b:48:61:17:78:58:90:4a:
                    17:7b:cb:f7:85:4f:a4:62:b2:17:71:3c:39:0d:46:
                    38:fe:bc:2b:8f:b9:27:cd:f9:81:96:5b:52:e5:8a:
                    2a:8a:21:b1:8e:34:8d:83:53:c0:87:a6:a4:ed:75:
                    42:84:b9:62:43:b8:13:8c:a6:53:27:d8:07:d5:9a:
                    4a:17:cb:8b:24:3e:60:2e:df:0d:c0:42:17:ad:1e:
                    99:65:00:10:55:ee:cd:cc:fb:ed:11:c1:33:d1:0e:
                    d4:62:47:d4:24:3d:8c:55:8e:c0:68:01:eb:f2:71:
                    5a:1b:aa:71:df:1f:d4:59:ca:3c:f3:5d:bf:82:a4:
                    dd:66:35:d6:e0:d1:bb:c7:ae:d5:03:5c:e1:a5:42:
                    8a:96:d5:9c:ef:4b:49:e2:ce:03:07:17:4c:43:38:
                    51:44:a2:e1:d9:8b:66:6c:56:1d:f3:8b:45:d4:89:
                    8e:ff:7a:43:65:fc:e1:6d:0e:37:90:63:3d:88:5c:
                    33:51:44:36:67:f3:3b:42:1c:27:b7:74:84:f3:26:
                    3b:a4:43:7b:89:6c:ba:b2:34:d2:c7:46:64:8b:4c:
                    31:3d:ca:84:b7:a9:58:a6:0d:4a:59:6b:b7:c4:8b:
                    b0:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:4C:00:6D:42:DE:55:AC:CF:C1:89:54:F5:3F:85:B3:79:B8:54:DD
            X509v3 Authority Key Identifier:
                keyid:9B:7D:24:41:6A:A8:A4:78:B3:ED:36:E2:E6:58:55:D4:22:59:D9:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m30kQWqopHiz7Tbi5lhV1CJZ2e4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/1b8f2a-0abd-4ffb-82f6-ef3bbb05655e/1/l0wAbULeVazPwYlU9T-Fs3m4VN0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/1b8f2a-0abd-4ffb-82f6-ef3bbb05655e/1/m30kQWqopHiz7Tbi5lhV1CJZ2e4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.189.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:e3:66:e9:7b:62:c4:38:79:4a:ff:19:bc:d1:7b:d8:b0:ed:
         2b:8e:45:09:8a:f7:87:2c:4a:ac:5c:dd:09:72:a5:d4:54:08:
         b1:18:f1:67:d1:a4:64:cb:2a:3d:d0:cb:16:4a:00:2b:51:9b:
         55:fe:f6:e6:e7:8d:c9:bf:73:2e:60:e0:59:26:b5:27:2a:91:
         3d:4f:4e:2f:35:c4:8b:dc:89:8f:65:96:96:fd:8f:76:74:4b:
         4f:3c:99:61:32:9f:05:9c:b5:26:21:7b:9e:e8:ee:f8:46:f6:
         1c:7c:7a:78:3e:71:24:06:a8:57:da:08:5e:a6:13:37:70:ee:
         fa:27:45:6a:23:79:1d:f4:f3:95:c6:2c:dd:b5:ff:5e:3d:73:
         ca:a9:8d:09:8a:0e:df:e8:51:4a:df:0a:95:46:4e:dc:06:71:
         11:20:7e:c0:85:08:a0:7a:6a:09:88:9e:45:36:21:55:34:1e:
         bc:d2:b5:2c:b3:05:8b:d4:cd:6b:63:cb:3a:9a:46:44:25:b9:
         ba:62:08:1f:8c:97:13:e4:f4:23:7e:f5:fa:03:cf:78:a2:cf:
         cf:de:15:ba:97:3d:a4:44:01:34:8e:b6:09:83:2a:02:ec:c3:
         2c:78:5c:ee:cb:da:00:3b:21:6d:1a:18:d3:c5:eb:27:43:d8:
         8e:1c:b2:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntmwfDtHMjq9R2V8PfnxVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliN2QyNDQxNmFhOGE0NzhiM2VkMzZlMmU2NTg1NWQ0MjI1
OWQ5ZWUwHhcNMjUwMTAyMTU1MDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzRjMDA2ZDQyZGU1NWFjY2ZjMTg5NTRmNTNmODViMzc5Yjg1NGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoNSuDTZdLIrkhDmQTwZ+5KSS48X0
m0hhF3hYkEoXe8v3hU+kYrIXcTw5DUY4/rwrj7knzfmBlltS5YoqiiGxjjSNg1PA
h6ak7XVChLliQ7gTjKZTJ9gH1ZpKF8uLJD5gLt8NwEIXrR6ZZQAQVe7NzPvtEcEz
0Q7UYkfUJD2MVY7AaAHr8nFaG6px3x/UWco8812/gqTdZjXW4NG7x67VA1zhpUKK
ltWc70tJ4s4DBxdMQzhRRKLh2YtmbFYd84tF1ImO/3pDZfzhbQ43kGM9iFwzUUQ2
Z/M7Qhwnt3SE8yY7pEN7iWy6sjTSx0Zki0wxPcqEt6lYpg1KWWu3xIuwuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJdMAG1C3lWsz8GJVPU/hbN5uFTdMB8GA1UdIwQY
MBaAFJt9JEFqqKR4s+024uZYVdQiWdnuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTMwa1FXcW9wSGl6N1RiaTVsaFYxQ0paMmU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8xYjhmMmEtMGFiZC00ZmZiLTgyZjYt
ZWYzYmJiMDU2NTVlLzEvbDB3QWJVTGVWYXpQd1lsVTlULUZzM200Vk4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8xYjhmMmEtMGFiZC00ZmZiLTgyZjYtZWYzYmJiMDU2NTVl
LzEvbTMwa1FXcW9wSGl6N1RiaTVsaFYxQ0paMmU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXb2YMA0G
CSqGSIb3DQEBCwUAA4IBAQC042bpe2LEOHlK/xm80XvYsO0rjkUJiveHLEqsXN0J
cqXUVAixGPFn0aRkyyo90MsWSgArUZtV/vbm543Jv3MuYOBZJrUnKpE9T04vNcSL
3ImPZZaW/Y92dEtPPJlhMp8FnLUmIXue6O74RvYcfHp4PnEkBqhX2ghephM3cO76
J0VqI3kd9POVxizdtf9ePXPKqY0Jig7f6FFK3wqVRk7cBnERIH7AhQigemoJiJ5F
NiFVNB680rUsswWL1M1rY8s6mkZEJbm6YggfjJcT5PQjfvX6A894os/P3hW6lz2k
RAE0jrYJgyoC7MMseFzuy9oAOyFtGhjTxesnQ9iOHLIl
-----END CERTIFICATE-----