Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/1d4994-cfe3-46df-b02d-f776c92207b7/1/RxqgPSUql4ZUblStVKA5rtP6c58.roa
File:                     RxqgPSUql4ZUblStVKA5rtP6c58.roa (raw, json)
Hash identifier:          p0ji3b2jhXQ8IHF5IhOiIoEuJyACLI6bwoNjLguGL4E=
Subject key identifier:   47:1A:A0:3D:25:2A:97:86:54:6E:54:AD:54:A0:39:AE:D3:FA:73:9F
Certificate issuer:       /CN=93ad6e39991a2e8c09c1ade53be595f8b8a9425e
Certificate serial:       01909123C401BAE0EC69E8AEF014BA0664AF
Authority key identifier: 93:AD:6E:39:99:1A:2E:8C:09:C1:AD:E5:3B:E5:95:F8:B8:A9:42:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k61uOZkaLowJwa3lO-WV-LipQl4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/1d4994-cfe3-46df-b02d-f776c92207b7/1/RxqgPSUql4ZUblStVKA5rtP6c58.roa
Signing time:             Mon 08 Jul 2024 06:59:18 +0000
ROA not before:           Mon 08 Jul 2024 06:59:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21173
IP address blocks:        80.91.96.0/20 maxlen: 20
                          80.91.96.0/21 maxlen: 21
                          80.91.104.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/1d4994-cfe3-46df-b02d-f776c92207b7/1/k61uOZkaLowJwa3lO-WV-LipQl4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/1d4994-cfe3-46df-b02d-f776c92207b7/1/k61uOZkaLowJwa3lO-WV-LipQl4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k61uOZkaLowJwa3lO-WV-LipQl4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 15:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:91:23:c4:01:ba:e0:ec:69:e8:ae:f0:14:ba:06:64:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93ad6e39991a2e8c09c1ade53be595f8b8a9425e
        Validity
            Not Before: Jul  8 06:59:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=471aa03d252a9786546e54ad54a039aed3fa739f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:9e:39:00:23:26:aa:55:63:47:cc:0d:8d:40:
                    2f:66:7e:a1:b8:80:e6:4d:10:54:d9:3e:ed:23:7b:
                    77:cf:09:15:e1:60:7b:c9:27:27:73:a1:9b:ea:d9:
                    20:a3:70:6c:fb:d6:df:7b:4c:bc:31:d7:90:3a:06:
                    48:2a:f4:9d:30:b4:b0:5d:5b:35:56:20:27:78:70:
                    e0:84:06:2b:e5:d5:92:a5:5f:2c:67:18:60:fa:ac:
                    0b:21:b9:e9:1a:3d:d1:d2:07:d7:5c:4c:c7:f6:8c:
                    fd:b0:5b:fe:4a:8f:90:61:08:95:2b:34:c0:8c:06:
                    67:37:5e:05:e7:22:a7:9d:ac:89:ee:04:19:fa:f3:
                    47:34:5c:b3:f0:f9:c6:86:9b:38:a3:2f:dc:78:03:
                    d4:bc:6e:30:4d:e1:72:a2:f3:94:00:12:1b:03:25:
                    26:e6:53:4e:8a:5e:5f:08:b9:2b:96:cc:cf:a0:9e:
                    4d:6e:2b:58:1a:a1:00:54:79:89:bb:3f:bf:df:42:
                    68:b9:7f:a9:54:7b:ef:16:b9:01:2f:c7:a6:90:b1:
                    fd:ba:57:2e:6d:fc:4e:d4:15:1f:7c:16:40:33:66:
                    31:85:1f:d3:71:43:d9:9c:77:21:81:e5:a7:1f:97:
                    f5:a0:e0:0f:83:60:f9:7e:73:1e:e7:d1:ab:53:4e:
                    5f:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:1A:A0:3D:25:2A:97:86:54:6E:54:AD:54:A0:39:AE:D3:FA:73:9F
            X509v3 Authority Key Identifier:
                keyid:93:AD:6E:39:99:1A:2E:8C:09:C1:AD:E5:3B:E5:95:F8:B8:A9:42:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k61uOZkaLowJwa3lO-WV-LipQl4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/1d4994-cfe3-46df-b02d-f776c92207b7/1/RxqgPSUql4ZUblStVKA5rtP6c58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/1d4994-cfe3-46df-b02d-f776c92207b7/1/k61uOZkaLowJwa3lO-WV-LipQl4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.91.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         88:ea:94:0e:6d:49:f7:23:89:f4:c3:da:b4:83:82:fe:fc:9b:
         32:af:b3:0e:06:1f:64:3a:cf:db:1f:8e:02:02:9f:02:82:12:
         f7:8f:d1:a5:a8:18:82:63:7d:9c:c5:d5:8f:72:17:7b:04:d9:
         0d:57:8b:6d:a4:51:2c:30:8d:ec:e9:5e:1d:2c:ec:31:9c:4c:
         87:cf:26:8e:3b:ca:51:c6:7b:cb:7a:99:56:db:36:ca:dd:99:
         18:74:38:14:29:7e:08:8c:70:fe:8c:5c:74:96:46:e3:c2:e2:
         f9:65:58:a8:9b:fb:cb:7d:bc:d2:6c:30:05:b9:7c:61:04:62:
         a3:a1:b2:fd:6b:e5:cf:85:9b:c4:7f:99:e9:ff:c6:57:a7:a3:
         17:f2:e1:e0:dd:76:01:90:57:f3:29:83:4c:0d:22:a5:cd:49:
         81:dc:fe:3f:fe:31:67:79:0d:cd:1a:2a:63:15:34:c0:fa:a9:
         14:09:9a:76:7c:e8:ab:90:8d:80:28:cf:4c:96:50:58:ab:97:
         51:aa:ca:5a:b6:dc:a1:96:ee:00:97:27:76:ff:22:d4:d0:2d:
         e1:45:c4:fa:d7:78:b5:44:ea:48:7f:4c:cc:5c:d9:4b:29:7d:
         d0:f0:06:06:80:a7:59:11:5b:d3:f8:c2:27:8c:1c:a2:54:8e:
         cb:47:84:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCRI8QBuuDsaeiu8BS6BmSvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzYWQ2ZTM5OTkxYTJlOGMwOWMxYWRlNTNiZTU5NWY4Yjhh
OTQyNWUwHhcNMjQwNzA4MDY1OTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzFhYTAzZDI1MmE5Nzg2NTQ2ZTU0YWQ1NGEwMzlhZWQzZmE3MzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAop45ACMmqlVjR8wNjUAvZn6huIDm
TRBU2T7tI3t3zwkV4WB7yScnc6Gb6tkgo3Bs+9bfe0y8MdeQOgZIKvSdMLSwXVs1
ViAneHDghAYr5dWSpV8sZxhg+qwLIbnpGj3R0gfXXEzH9oz9sFv+So+QYQiVKzTA
jAZnN14F5yKnnayJ7gQZ+vNHNFyz8PnGhps4oy/ceAPUvG4wTeFyovOUABIbAyUm
5lNOil5fCLkrlszPoJ5NbitYGqEAVHmJuz+/30JouX+pVHvvFrkBL8emkLH9ulcu
bfxO1BUffBZAM2YxhR/TcUPZnHchgeWnH5f1oOAPg2D5fnMe59GrU05fAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEcaoD0lKpeGVG5UrVSgOa7T+nOfMB8GA1UdIwQY
MBaAFJOtbjmZGi6MCcGt5Tvllfi4qUJeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazYxdU9aa2FMb3dKd2EzbE8tV1YtTGlwUWw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8xZDQ5OTQtY2ZlMy00NmRmLWIwMmQt
Zjc3NmM5MjIwN2I3LzEvUnhxZ1BTVXFsNFpVYmxTdFZLQTVydFA2YzU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8xZDQ5OTQtY2ZlMy00NmRmLWIwMmQtZjc3NmM5MjIwN2I3
LzEvazYxdU9aa2FMb3dKd2EzbE8tV1YtTGlwUWw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEUFtgMA0G
CSqGSIb3DQEBCwUAA4IBAQCI6pQObUn3I4n0w9q0g4L+/Jsyr7MOBh9kOs/bH44C
Ap8CghL3j9GlqBiCY32cxdWPchd7BNkNV4ttpFEsMI3s6V4dLOwxnEyHzyaOO8pR
xnvLeplW2zbK3ZkYdDgUKX4IjHD+jFx0lkbjwuL5ZViom/vLfbzSbDAFuXxhBGKj
obL9a+XPhZvEf5np/8ZXp6MX8uHg3XYBkFfzKYNMDSKlzUmB3P4//jFneQ3NGipj
FTTA+qkUCZp2fOirkI2AKM9MllBYq5dRqspattyhlu4Alyd2/yLU0C3hRcT613i1
ROpIf0zMXNlLKX3Q8AYGgKdZEVvT+MInjByiVI7LR4Qz
-----END CERTIFICATE-----