Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/xrmI2lOqw4vwh9asj_fS8nm8zOw.roa
File:                     xrmI2lOqw4vwh9asj_fS8nm8zOw.roa (raw, json)
Hash identifier:          dhsYNtAvgceEPO6AQvmBZwT1HzUmAMfIkuvuxbqcbvA=
Subject key identifier:   C6:B9:88:DA:53:AA:C3:8B:F0:87:D6:AC:8F:F7:D2:F2:79:BC:CC:EC
Certificate issuer:       /CN=81a7ce8bacbeceeb16f600b607d1bfd08033b302
Certificate serial:       018CC64A940B5E9D5D9A1F5B5CAFB3DEC0CD
Authority key identifier: 81:A7:CE:8B:AC:BE:CE:EB:16:F6:00:B6:07:D1:BF:D0:80:33:B3:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gafOi6y-zusW9gC2B9G_0IAzswI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/xrmI2lOqw4vwh9asj_fS8nm8zOw.roa
Signing time:             Mon 01 Jan 2024 18:30:25 +0000
ROA not before:           Mon 01 Jan 2024 18:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196763
IP address blocks:        93.190.232.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/gafOi6y-zusW9gC2B9G_0IAzswI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/gafOi6y-zusW9gC2B9G_0IAzswI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gafOi6y-zusW9gC2B9G_0IAzswI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:94:0b:5e:9d:5d:9a:1f:5b:5c:af:b3:de:c0:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81a7ce8bacbeceeb16f600b607d1bfd08033b302
        Validity
            Not Before: Jan  1 18:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c6b988da53aac38bf087d6ac8ff7d2f279bcccec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:4c:2c:c4:96:18:fc:27:81:6f:07:51:14:23:
                    ae:84:c9:09:c3:cf:3a:78:32:d3:93:43:5e:8d:e6:
                    28:d2:90:87:76:2a:58:1a:62:6c:9c:c2:ba:1d:7c:
                    9f:dc:86:b8:8b:5e:cc:69:5c:2e:d2:1e:6f:ff:89:
                    a5:b7:50:fe:6a:ae:17:5c:c3:b5:53:31:c0:54:59:
                    7d:0d:25:af:a9:bb:9c:75:70:22:77:49:1c:5c:1d:
                    a3:7a:86:dc:c6:93:b8:af:bd:0d:fd:e0:6f:b9:ab:
                    b9:6e:f7:cd:f4:04:6c:59:33:38:17:53:8d:48:63:
                    b9:d6:d9:f5:a6:5a:ad:95:6e:94:65:0b:9b:3a:8e:
                    02:81:36:d3:d9:e6:9a:71:f3:5d:62:d4:37:e5:da:
                    af:bc:c1:41:f4:f9:23:00:a9:18:0f:08:2b:ba:22:
                    96:0e:56:d8:9a:a7:4e:f6:bc:8c:7f:d0:3d:dd:5b:
                    f7:65:28:58:cf:94:72:7a:df:74:9d:00:81:b4:72:
                    81:0d:3c:29:92:2a:2b:62:12:dc:4b:ca:27:b7:e3:
                    ef:70:29:ba:75:5b:e3:02:81:b5:4b:57:2c:6b:6c:
                    c3:a9:4b:82:5f:01:85:cc:d9:1a:8a:12:36:ac:07:
                    d2:bb:fb:cc:92:a3:e6:98:57:03:75:c1:39:d5:b3:
                    93:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:B9:88:DA:53:AA:C3:8B:F0:87:D6:AC:8F:F7:D2:F2:79:BC:CC:EC
            X509v3 Authority Key Identifier:
                keyid:81:A7:CE:8B:AC:BE:CE:EB:16:F6:00:B6:07:D1:BF:D0:80:33:B3:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gafOi6y-zusW9gC2B9G_0IAzswI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/xrmI2lOqw4vwh9asj_fS8nm8zOw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/gafOi6y-zusW9gC2B9G_0IAzswI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.190.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         99:6c:62:70:b9:ad:18:3b:a1:97:d5:91:ad:e1:a7:90:ad:66:
         6f:f3:21:13:41:56:25:28:8b:35:13:6d:c8:4d:f6:37:05:c2:
         99:b8:28:8c:27:c1:08:f5:93:a9:6d:39:a9:98:e2:26:30:41:
         75:24:64:99:c7:32:fa:94:35:ff:d2:f1:58:dd:f2:47:ae:15:
         e5:d8:e2:34:50:53:2f:ea:c2:fc:f7:0f:0d:f6:19:b1:16:8f:
         a3:3c:9d:b0:2f:a0:61:ad:a0:fe:fc:c6:37:7c:43:22:fa:25:
         d9:2b:7f:cc:ab:47:96:23:26:80:1f:5c:76:f9:28:8f:14:86:
         30:d6:71:75:32:2e:da:5d:aa:3d:bf:39:11:62:6c:be:90:55:
         25:e6:78:9f:da:59:48:3c:f2:86:99:76:98:e3:3e:0c:13:7f:
         34:41:6e:d1:94:d7:05:1d:94:17:25:6c:9a:b2:ff:e8:14:18:
         b4:cf:dc:bb:51:18:8e:c7:67:19:3c:be:b9:2b:e0:c7:4d:65:
         cd:2d:57:c0:01:59:d5:d3:1a:b3:b4:9a:bf:19:2f:52:b4:1e:
         70:b7:f7:f4:16:b9:aa:38:f3:0c:6e:67:ad:7e:1e:f8:9f:02:
         80:36:c5:ea:ce:db:97:ad:2b:ed:74:d0:0a:a3:00:7a:e9:b4:
         64:6e:81:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSpQLXp1dmh9bXK+z3sDNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxYTdjZThiYWNiZWNlZWIxNmY2MDBiNjA3ZDFiZmQwODAz
M2IzMDIwHhcNMjQwMTAxMTgzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmI5ODhkYTUzYWFjMzhiZjA4N2Q2YWM4ZmY3ZDJmMjc5YmNjY2VjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh0wsxJYY/CeBbwdRFCOuhMkJw886
eDLTk0NejeYo0pCHdipYGmJsnMK6HXyf3Ia4i17MaVwu0h5v/4mlt1D+aq4XXMO1
UzHAVFl9DSWvqbucdXAid0kcXB2jeobcxpO4r70N/eBvuau5bvfN9ARsWTM4F1ON
SGO51tn1plqtlW6UZQubOo4CgTbT2eaacfNdYtQ35dqvvMFB9PkjAKkYDwgruiKW
DlbYmqdO9ryMf9A93Vv3ZShYz5Ryet90nQCBtHKBDTwpkiorYhLcS8ont+PvcCm6
dVvjAoG1S1csa2zDqUuCXwGFzNkaihI2rAfSu/vMkqPmmFcDdcE51bOTCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMa5iNpTqsOL8IfWrI/30vJ5vMzsMB8GA1UdIwQY
MBaAFIGnzousvs7rFvYAtgfRv9CAM7MCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2FmT2k2eS16dXNXOWdDMkI5R18wSUF6c3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9lZTY2ZmItNWRjMC00MTIyLTliYzct
YjI3ZDg3MzBhMjcwLzEveHJtSTJsT3F3NHZ3aDlhc2pfZlM4bm04ek93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9lZTY2ZmItNWRjMC00MTIyLTliYzctYjI3ZDg3MzBhMjcw
LzEvZ2FmT2k2eS16dXNXOWdDMkI5R18wSUF6c3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDXb7oMA0G
CSqGSIb3DQEBCwUAA4IBAQCZbGJwua0YO6GX1ZGt4aeQrWZv8yETQVYlKIs1E23I
TfY3BcKZuCiMJ8EI9ZOpbTmpmOImMEF1JGSZxzL6lDX/0vFY3fJHrhXl2OI0UFMv
6sL89w8N9hmxFo+jPJ2wL6BhraD+/MY3fEMi+iXZK3/Mq0eWIyaAH1x2+SiPFIYw
1nF1Mi7aXao9vzkRYmy+kFUl5nif2llIPPKGmXaY4z4ME380QW7RlNcFHZQXJWya
sv/oFBi0z9y7URiOx2cZPL65K+DHTWXNLVfAAVnV0xqztJq/GS9StB5wt/f0Frmq
OPMMbmetfh74nwKANsXqztuXrSvtdNAKowB66bRkboG5
-----END CERTIFICATE-----