Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/EmionTnTpPlzT52LsnXIHxYCAkI.roa
File:                     EmionTnTpPlzT52LsnXIHxYCAkI.roa (raw, json)
Hash identifier:          UMQ25c4lRqhS469mkTBlM+KaqUpU4RkEs/AqPIjlOwA=
Subject key identifier:   12:68:A8:9D:39:D3:A4:F9:73:4F:9D:8B:B2:75:C8:1F:16:02:02:42
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DFAF2E1F5A3ED95DC6405A1DF97384
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/EmionTnTpPlzT52LsnXIHxYCAkI.roa
Signing time:             Tue 02 Jan 2024 06:32:31 +0000
ROA not before:           Tue 02 Jan 2024 06:32:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209728
IP address blocks:        193.34.235.0/24 maxlen: 24
                          193.168.225.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:af:2e:1f:5a:3e:d9:5d:c6:40:5a:1d:f9:73:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1268a89d39d3a4f9734f9d8bb275c81f16020242
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:e8:90:18:8b:6d:02:10:e2:be:ad:bd:da:5a:
                    94:c2:cf:88:b7:bd:68:86:d4:74:e9:0f:b4:00:53:
                    68:b0:37:52:72:d7:24:4b:4a:67:69:e2:1a:46:f1:
                    2c:64:4c:ac:dd:96:d1:93:33:40:eb:ed:03:17:7a:
                    24:93:23:51:27:26:1b:42:37:68:a0:3c:11:0b:b7:
                    bd:f7:a6:28:38:dd:83:de:e8:8b:6e:06:86:0e:f4:
                    ce:b2:1a:b6:46:75:5c:47:0f:5a:f1:0f:32:29:9d:
                    88:30:f5:46:8b:f0:ad:55:55:f4:f8:47:86:2e:94:
                    13:39:59:1f:8f:5a:bf:13:aa:f6:0a:cc:39:f2:e1:
                    b1:2b:81:7d:4b:5d:f8:2f:9a:e8:66:62:a6:3f:d2:
                    03:70:bb:7b:ba:59:f8:6a:84:f9:7e:31:c9:22:85:
                    c8:d9:5e:80:ff:3a:d7:6a:63:ff:46:1d:20:b7:da:
                    a0:0a:d3:4f:41:f7:09:3a:83:3b:25:9b:03:45:a9:
                    fb:ec:e6:71:dd:e5:6a:b5:c7:f9:32:88:d5:45:56:
                    24:62:f6:d4:d6:5f:3a:d8:48:bd:32:fd:bb:17:5c:
                    8c:89:84:44:cd:fd:ce:2a:ec:6a:35:28:6b:18:b8:
                    20:dc:ed:9d:cf:b8:66:00:fd:da:67:e3:e4:dc:ae:
                    14:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:68:A8:9D:39:D3:A4:F9:73:4F:9D:8B:B2:75:C8:1F:16:02:02:42
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/EmionTnTpPlzT52LsnXIHxYCAkI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.34.235.0/24
                  193.168.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:ac:d7:5d:69:fe:c9:72:93:2b:cc:9c:ea:67:7e:92:ed:a3:
         ce:9b:8c:49:8d:4b:7d:d9:00:2e:9d:fd:84:54:19:bf:e4:93:
         2e:2f:af:00:8c:04:32:69:29:1b:cf:0c:76:62:fe:73:ce:89:
         ac:0e:f1:c2:dc:52:45:47:e9:f2:e7:a1:1f:57:67:03:c8:34:
         e5:6d:c8:bf:1f:23:46:29:ac:1f:3e:73:89:ed:9c:6c:e4:54:
         d9:58:6d:3b:92:de:b6:c9:2f:a9:7f:1f:08:a5:0b:8f:03:8d:
         fd:2d:f9:76:fe:84:15:a9:ce:01:4b:90:40:7e:71:2b:20:d1:
         59:1a:72:86:5e:98:db:d7:af:3d:eb:43:21:af:bb:a0:c1:ad:
         27:a5:b7:16:85:a4:b9:81:ce:e7:de:ea:da:73:05:51:e5:f0:
         99:24:20:66:3c:af:e8:9c:5a:f6:78:97:57:cb:70:c6:74:92:
         3c:90:2d:68:79:41:b8:aa:27:7a:4f:64:fd:06:af:8a:fc:07:
         9d:75:57:c9:68:c3:af:19:a4:a6:1f:a5:ac:db:af:d6:09:5a:
         2d:09:e6:0a:b8:62:5c:f7:38:8b:83:c3:0a:e2:7e:84:5a:eb:
         34:4e:fe:2f:2c:26:2a:2b:b7:f7:74:06:bc:bf:4e:51:f4:7d:
         9b:3b:9c:e4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI368uH1o+2V3GQFod+XOEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjY4YTg5ZDM5ZDNhNGY5NzM0ZjlkOGJiMjc1YzgxZjE2MDIwMjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAieiQGIttAhDivq292lqUws+It71o
htR06Q+0AFNosDdSctckS0pnaeIaRvEsZEys3ZbRkzNA6+0DF3okkyNRJyYbQjdo
oDwRC7e996YoON2D3uiLbgaGDvTOshq2RnVcRw9a8Q8yKZ2IMPVGi/CtVVX0+EeG
LpQTOVkfj1q/E6r2Csw58uGxK4F9S134L5roZmKmP9IDcLt7uln4aoT5fjHJIoXI
2V6A/zrXamP/Rh0gt9qgCtNPQfcJOoM7JZsDRan77OZx3eVqtcf5MojVRVYkYvbU
1l862Ei9Mv27F1yMiYREzf3OKuxqNShrGLgg3O2dz7hmAP3aZ+Pk3K4UKQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBJoqJ0506T5c0+di7J1yB8WAgJCMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvRW1pb25UblRwUGx6VDUyTHNuWElIeFlDQWtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwSLrAwQA
wajhMA0GCSqGSIb3DQEBCwUAA4IBAQBdrNddaf7JcpMrzJzqZ36S7aPOm4xJjUt9
2QAunf2EVBm/5JMuL68AjAQyaSkbzwx2Yv5zzomsDvHC3FJFR+ny56EfV2cDyDTl
bci/HyNGKawfPnOJ7Zxs5FTZWG07kt62yS+pfx8IpQuPA439Lfl2/oQVqc4BS5BA
fnErINFZGnKGXpjb168960Mhr7ugwa0npbcWhaS5gc7n3uracwVR5fCZJCBmPK/o
nFr2eJdXy3DGdJI8kC1oeUG4qid6T2T9Bq+K/AeddVfJaMOvGaSmH6Ws26/WCVot
CeYKuGJc9ziLg8MK4n6EWus0Tv4vLCYqK7f3dAa8v05R9H2bO5zk
-----END CERTIFICATE-----