Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/ec1721-75c5-40f5-9345-c2fd0f958d4b/1/AfY1ZYeTo7qnkHcLXptxAQP7GyQ.roa
File:                     AfY1ZYeTo7qnkHcLXptxAQP7GyQ.roa (raw, json)
Hash identifier:          1xEDT1UMd67e6DGexKrS0dBi5JHBaxLSObcaYlvg4EE=
Subject key identifier:   01:F6:35:65:87:93:A3:BA:A7:90:77:0B:5E:9B:71:01:03:FB:1B:24
Certificate issuer:       /CN=4e5ebb9b051ad5ec7a36989fc3fcc94c1cabcc74
Certificate serial:       018CC8DF00ADC76796002EC1BB5489848B57
Authority key identifier: 4E:5E:BB:9B:05:1A:D5:EC:7A:36:98:9F:C3:FC:C9:4C:1C:AB:CC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tl67mwUa1ex6Npifw_zJTByrzHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/ec1721-75c5-40f5-9345-c2fd0f958d4b/1/AfY1ZYeTo7qnkHcLXptxAQP7GyQ.roa
Signing time:             Tue 02 Jan 2024 06:31:47 +0000
ROA not before:           Tue 02 Jan 2024 06:31:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61985
IP address blocks:        93.159.218.0/23 maxlen: 23
                          93.159.216.0/22 maxlen: 22
                          93.159.216.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/ec1721-75c5-40f5-9345-c2fd0f958d4b/1/Tl67mwUa1ex6Npifw_zJTByrzHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/ec1721-75c5-40f5-9345-c2fd0f958d4b/1/Tl67mwUa1ex6Npifw_zJTByrzHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tl67mwUa1ex6Npifw_zJTByrzHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:00:ad:c7:67:96:00:2e:c1:bb:54:89:84:8b:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e5ebb9b051ad5ec7a36989fc3fcc94c1cabcc74
        Validity
            Not Before: Jan  2 06:31:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01f635658793a3baa790770b5e9b710103fb1b24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:de:d6:f9:55:73:2c:c5:a9:9b:cc:a1:e5:a9:
                    48:bc:c2:f1:95:0d:80:e5:8e:6c:ee:09:db:25:c4:
                    23:05:4a:04:94:b0:e8:4b:e2:e6:34:f6:8d:49:b6:
                    03:61:f9:3d:48:75:0a:f1:e2:59:a8:73:1e:0f:ae:
                    d1:59:8d:57:d6:0c:7e:91:0e:56:c5:2a:e0:6e:44:
                    57:62:f4:ee:e9:af:2c:e6:a7:34:e2:41:51:f0:b0:
                    a0:2c:f7:4f:23:9d:a3:bd:44:0e:61:72:cd:b6:ef:
                    ed:9a:26:e4:0a:6a:d8:93:15:0c:89:3a:2c:6d:ec:
                    2e:19:0b:87:c2:23:62:40:a4:ee:8e:2d:a1:82:27:
                    60:10:90:aa:bb:7c:5a:47:07:9b:9a:05:f1:81:fe:
                    15:cc:2f:f1:78:ef:8e:03:e4:e2:37:0b:b9:3a:94:
                    7e:8c:df:a6:31:97:63:c1:f5:21:62:04:9e:d6:fc:
                    a4:0e:ee:a9:e7:c1:a1:8f:3d:e8:3e:1e:f2:81:16:
                    0e:38:87:33:4c:63:be:55:ab:98:3b:0c:67:80:99:
                    41:e9:56:49:6c:27:74:1e:ae:1c:a5:5a:c4:d8:15:
                    69:73:e1:31:c5:46:9e:47:01:95:80:41:ec:8f:7b:
                    5b:12:b0:0f:2f:cb:a4:89:90:b3:80:2c:7b:62:2e:
                    ef:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:F6:35:65:87:93:A3:BA:A7:90:77:0B:5E:9B:71:01:03:FB:1B:24
            X509v3 Authority Key Identifier:
                keyid:4E:5E:BB:9B:05:1A:D5:EC:7A:36:98:9F:C3:FC:C9:4C:1C:AB:CC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tl67mwUa1ex6Npifw_zJTByrzHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/ec1721-75c5-40f5-9345-c2fd0f958d4b/1/AfY1ZYeTo7qnkHcLXptxAQP7GyQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/ec1721-75c5-40f5-9345-c2fd0f958d4b/1/Tl67mwUa1ex6Npifw_zJTByrzHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.159.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3e:e5:43:a8:ac:0a:45:8d:87:0b:fd:8e:23:69:57:10:37:6f:
         f6:ed:37:98:33:06:78:f7:d9:71:cc:52:a1:9b:03:3e:20:b8:
         61:16:f4:39:ab:c0:fb:ab:59:28:f9:f7:e4:b3:8b:c9:92:da:
         e9:49:4b:7c:93:60:75:1e:eb:7b:62:37:e7:12:0c:8f:0d:5e:
         71:77:a1:d6:1e:15:e7:ce:92:bb:ee:27:e5:08:8b:17:61:b0:
         b7:80:d1:50:70:8b:9e:66:6a:82:43:9d:76:47:ad:ad:ae:92:
         c4:02:ff:61:b9:fc:bc:69:51:60:c7:b1:90:f1:90:fd:7d:25:
         52:05:4a:55:f2:64:a6:43:0a:19:35:4c:2c:6f:d0:21:e9:1a:
         dc:b3:ce:18:fa:f8:d7:ec:c3:4b:d6:a9:6b:4d:e1:40:3c:e0:
         e8:1b:44:eb:ae:7d:ac:6e:19:45:44:2f:68:e8:77:45:e1:ca:
         bb:ea:08:79:a9:b8:71:26:fa:62:0c:9c:2e:2b:23:04:85:e1:
         6b:a9:47:3b:99:02:ae:23:b4:68:1e:95:81:8a:6e:60:36:e5:
         c5:5d:a7:fe:48:b9:30:93:f0:27:64:bf:ed:e2:42:33:d0:4e:
         53:17:42:17:62:18:ff:c5:bc:d1:6a:4b:91:56:c3:b1:e4:a6:
         96:f6:f2:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3wCtx2eWAC7Bu1SJhItXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlNWViYjliMDUxYWQ1ZWM3YTM2OTg5ZmMzZmNjOTRjMWNh
YmNjNzQwHhcNMjQwMTAyMDYzMTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWY2MzU2NTg3OTNhM2JhYTc5MDc3MGI1ZTliNzEwMTAzZmIxYjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnN7W+VVzLMWpm8yh5alIvMLxlQ2A
5Y5s7gnbJcQjBUoElLDoS+LmNPaNSbYDYfk9SHUK8eJZqHMeD67RWY1X1gx+kQ5W
xSrgbkRXYvTu6a8s5qc04kFR8LCgLPdPI52jvUQOYXLNtu/tmibkCmrYkxUMiTos
bewuGQuHwiNiQKTuji2hgidgEJCqu3xaRwebmgXxgf4VzC/xeO+OA+TiNwu5OpR+
jN+mMZdjwfUhYgSe1vykDu6p58Ghjz3oPh7ygRYOOIczTGO+VauYOwxngJlB6VZJ
bCd0Hq4cpVrE2BVpc+ExxUaeRwGVgEHsj3tbErAPL8ukiZCzgCx7Yi7vXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAH2NWWHk6O6p5B3C16bcQED+xskMB8GA1UdIwQY
MBaAFE5eu5sFGtXsejaYn8P8yUwcq8x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGw2N213VWExZXg2TnBpZndfekpUQnlyekhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9lYzE3MjEtNzVjNS00MGY1LTkzNDUt
YzJmZDBmOTU4ZDRiLzEvQWZZMVpZZVRvN3Fua0hjTFhwdHhBUVA3R3lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9lYzE3MjEtNzVjNS00MGY1LTkzNDUtYzJmZDBmOTU4ZDRi
LzEvVGw2N213VWExZXg2TnBpZndfekpUQnlyekhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXZ/YMA0G
CSqGSIb3DQEBCwUAA4IBAQA+5UOorApFjYcL/Y4jaVcQN2/27TeYMwZ499lxzFKh
mwM+ILhhFvQ5q8D7q1ko+ffks4vJktrpSUt8k2B1Hut7YjfnEgyPDV5xd6HWHhXn
zpK77iflCIsXYbC3gNFQcIueZmqCQ512R62trpLEAv9hufy8aVFgx7GQ8ZD9fSVS
BUpV8mSmQwoZNUwsb9Ah6Rrcs84Y+vjX7MNL1qlrTeFAPODoG0Trrn2sbhlFRC9o
6HdF4cq76gh5qbhxJvpiDJwuKyMEheFrqUc7mQKuI7RoHpWBim5gNuXFXaf+SLkw
k/AnZL/t4kIz0E5TF0IXYhj/xbzRakuRVsOx5KaW9vJX
-----END CERTIFICATE-----