Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/1a134f-030a-43e7-b041-6c7856ef7b31/1/qaazKkyHF-zOpnj5pfAT-0AZb_s.roa
File:                     qaazKkyHF-zOpnj5pfAT-0AZb_s.roa (raw, json)
Hash identifier:          SYOXo+X9MJAVV22B5dpRLeq5rczJI17IzQIn7Mm/dxM=
Subject key identifier:   A9:A6:B3:2A:4C:87:17:EC:CE:A6:78:F9:A5:F0:13:FB:40:19:6F:FB
Certificate issuer:       /CN=e9e4dc968ed52935a04dee3b229c21ca9bfdbd7e
Certificate serial:       018CC9BC4848486631B51A472CCE3B305E65
Authority key identifier: E9:E4:DC:96:8E:D5:29:35:A0:4D:EE:3B:22:9C:21:CA:9B:FD:BD:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6eTclo7VKTWgTe47Ipwhypv9vX4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/1a134f-030a-43e7-b041-6c7856ef7b31/1/qaazKkyHF-zOpnj5pfAT-0AZb_s.roa
Signing time:             Tue 02 Jan 2024 10:33:28 +0000
ROA not before:           Tue 02 Jan 2024 10:33:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49558
IP address blocks:        93.183.120.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/1a134f-030a-43e7-b041-6c7856ef7b31/1/6eTclo7VKTWgTe47Ipwhypv9vX4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/1a134f-030a-43e7-b041-6c7856ef7b31/1/6eTclo7VKTWgTe47Ipwhypv9vX4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6eTclo7VKTWgTe47Ipwhypv9vX4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 04:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:48:48:48:66:31:b5:1a:47:2c:ce:3b:30:5e:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9e4dc968ed52935a04dee3b229c21ca9bfdbd7e
        Validity
            Not Before: Jan  2 10:33:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9a6b32a4c8717eccea678f9a5f013fb40196ffb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:35:cb:45:7b:2f:33:15:e4:5f:87:c2:d9:49:
                    7f:aa:65:56:d9:73:5e:2c:e1:bc:28:df:2a:48:aa:
                    b8:ef:91:3f:34:b3:79:13:30:4f:9c:86:d7:3e:a7:
                    e6:a5:22:4c:4f:2b:fa:c5:43:eb:55:e5:0d:8b:e7:
                    60:30:a7:82:ac:90:b6:bd:db:39:be:ad:1b:51:eb:
                    5d:68:84:7e:80:e2:3a:5e:7b:83:bc:9c:be:d9:22:
                    32:55:4c:13:37:c9:2b:9a:8a:d3:69:24:72:26:4b:
                    48:b8:dd:00:31:fa:95:2f:4a:b1:c6:0f:23:3f:2e:
                    f2:6e:2c:2a:05:ad:48:2a:a4:ff:48:d5:15:21:b9:
                    5a:91:56:de:80:1b:fd:96:82:c1:22:fc:04:28:fb:
                    b2:ed:31:cb:32:85:cc:e6:ac:bd:d5:9e:44:64:99:
                    0c:b1:aa:26:8f:95:fa:14:c0:36:72:9b:a2:4f:cd:
                    fa:92:0a:44:47:a1:61:36:85:a2:e5:ee:21:5c:17:
                    0e:0b:85:97:63:a0:34:04:68:30:98:86:49:a7:35:
                    32:fe:2a:dd:20:2f:da:9e:5d:66:34:3c:6f:10:f9:
                    fc:9e:83:c4:a4:a4:28:6d:a4:a0:d5:de:44:5a:2f:
                    ad:01:65:4d:f3:bf:74:8f:b2:1d:35:10:d1:5a:6a:
                    af:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:A6:B3:2A:4C:87:17:EC:CE:A6:78:F9:A5:F0:13:FB:40:19:6F:FB
            X509v3 Authority Key Identifier:
                keyid:E9:E4:DC:96:8E:D5:29:35:A0:4D:EE:3B:22:9C:21:CA:9B:FD:BD:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6eTclo7VKTWgTe47Ipwhypv9vX4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/1a134f-030a-43e7-b041-6c7856ef7b31/1/qaazKkyHF-zOpnj5pfAT-0AZb_s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/1a134f-030a-43e7-b041-6c7856ef7b31/1/6eTclo7VKTWgTe47Ipwhypv9vX4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.183.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         76:ae:43:12:c9:08:9b:11:e9:de:7a:5f:2a:6a:1e:ba:24:cb:
         90:63:6e:73:ce:a4:b2:be:21:5f:23:61:26:80:1a:0f:f2:84:
         68:87:b9:6c:58:07:44:91:d5:fe:a4:16:0b:b8:86:a3:8d:e0:
         8a:75:44:0e:18:d3:0b:f4:53:fe:81:dd:b2:09:a3:42:6b:ff:
         50:09:7f:cb:07:9b:fb:09:c5:b6:73:df:3e:68:2f:00:4f:27:
         ab:40:eb:a8:f6:3d:c6:f5:bf:2f:59:15:68:d9:84:60:25:b6:
         36:53:db:a5:28:d4:39:fc:5e:05:65:9b:b7:39:8a:d3:d4:a6:
         cd:19:0c:67:a8:e0:27:9b:ce:37:7a:0a:7d:d0:63:0a:3a:82:
         99:82:3e:d2:81:73:b7:5a:12:5a:33:a3:7c:c2:0e:f2:fc:6c:
         f5:54:1e:b6:49:9d:f8:31:80:72:67:08:02:5b:8e:4f:e5:6b:
         2d:c1:86:7c:b5:56:af:1d:8a:2e:4f:7e:db:0c:8e:52:e6:3c:
         95:42:72:60:55:be:16:d5:7e:40:0d:83:9b:b8:40:d0:48:e4:
         d7:10:1e:f5:de:70:c1:b2:6e:19:b1:55:44:0e:c7:20:90:01:
         09:d9:28:fe:31:23:a7:23:de:ea:a2:ff:6b:93:f7:f2:a6:31:
         fd:5b:3e:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvEhISGYxtRpHLM47MF5lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5ZTRkYzk2OGVkNTI5MzVhMDRkZWUzYjIyOWMyMWNhOWJm
ZGJkN2UwHhcNMjQwMTAyMTAzMzI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWE2YjMyYTRjODcxN2VjY2VhNjc4ZjlhNWYwMTNmYjQwMTk2ZmZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgTXLRXsvMxXkX4fC2Ul/qmVW2XNe
LOG8KN8qSKq475E/NLN5EzBPnIbXPqfmpSJMTyv6xUPrVeUNi+dgMKeCrJC2vds5
vq0bUetdaIR+gOI6XnuDvJy+2SIyVUwTN8krmorTaSRyJktIuN0AMfqVL0qxxg8j
Py7ybiwqBa1IKqT/SNUVIblakVbegBv9loLBIvwEKPuy7THLMoXM5qy91Z5EZJkM
saomj5X6FMA2cpuiT836kgpER6FhNoWi5e4hXBcOC4WXY6A0BGgwmIZJpzUy/ird
IC/anl1mNDxvEPn8noPEpKQobaSg1d5EWi+tAWVN8790j7IdNRDRWmqvFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKmmsypMhxfszqZ4+aXwE/tAGW/7MB8GA1UdIwQY
MBaAFOnk3JaO1Sk1oE3uOyKcIcqb/b1+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmVUY2xvN1ZLVFdnVGU0N0lwd2h5cHY5dlg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8xYTEzNGYtMDMwYS00M2U3LWIwNDEt
NmM3ODU2ZWY3YjMxLzEvcWFhektreUhGLXpPcG5qNXBmQVQtMEFaYl9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8xYTEzNGYtMDMwYS00M2U3LWIwNDEtNmM3ODU2ZWY3YjMx
LzEvNmVUY2xvN1ZLVFdnVGU0N0lwd2h5cHY5dlg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXbd4MA0G
CSqGSIb3DQEBCwUAA4IBAQB2rkMSyQibEeneel8qah66JMuQY25zzqSyviFfI2Em
gBoP8oRoh7lsWAdEkdX+pBYLuIajjeCKdUQOGNML9FP+gd2yCaNCa/9QCX/LB5v7
CcW2c98+aC8ATyerQOuo9j3G9b8vWRVo2YRgJbY2U9ulKNQ5/F4FZZu3OYrT1KbN
GQxnqOAnm843egp90GMKOoKZgj7SgXO3WhJaM6N8wg7y/Gz1VB62SZ34MYByZwgC
W45P5WstwYZ8tVavHYouT37bDI5S5jyVQnJgVb4W1X5ADYObuEDQSOTXEB713nDB
sm4ZsVVEDscgkAEJ2Sj+MSOnI97qov9rk/fypjH9Wz6X
-----END CERTIFICATE-----