Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/8efd8b-e516-4c49-92cb-89296ccb35f5/1/93DmKZhPP6C3A8rfNYLNAOSD7nY.roa
File:                     93DmKZhPP6C3A8rfNYLNAOSD7nY.roa (raw, json)
Hash identifier:          dt3s4SYU1dR+fLajxJTR3/3GKKVmv0f+WTIVOmO+2as=
Subject key identifier:   F7:70:E6:29:98:4F:3F:A0:B7:03:CA:DF:35:82:CD:00:E4:83:EE:76
Certificate issuer:       /CN=4d0ade54c27e6fcddace262c4fdf790f320fed9c
Certificate serial:       019420D64E4B8D164ADBA2D5312FDBAA02C0
Authority key identifier: 4D:0A:DE:54:C2:7E:6F:CD:DA:CE:26:2C:4F:DF:79:0F:32:0F:ED:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TQreVMJ-b83aziYsT995DzIP7Zw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/8efd8b-e516-4c49-92cb-89296ccb35f5/1/93DmKZhPP6C3A8rfNYLNAOSD7nY.roa
Signing time:             Wed 01 Jan 2025 07:48:23 +0000
ROA not before:           Wed 01 Jan 2025 07:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207031
IP address blocks:        185.168.72.0/22 maxlen: 22
                          2a0b:f200::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/8efd8b-e516-4c49-92cb-89296ccb35f5/1/TQreVMJ-b83aziYsT995DzIP7Zw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/8efd8b-e516-4c49-92cb-89296ccb35f5/1/TQreVMJ-b83aziYsT995DzIP7Zw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TQreVMJ-b83aziYsT995DzIP7Zw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:4e:4b:8d:16:4a:db:a2:d5:31:2f:db:aa:02:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d0ade54c27e6fcddace262c4fdf790f320fed9c
        Validity
            Not Before: Jan  1 07:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f770e629984f3fa0b703cadf3582cd00e483ee76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:61:0c:56:3b:78:f7:34:2a:68:29:a3:e0:33:
                    96:dc:05:52:18:c1:70:ee:03:00:3f:2d:55:4c:85:
                    05:4c:13:cb:02:68:40:a1:3a:6d:eb:be:7f:ba:87:
                    d6:4a:fa:ea:68:c8:70:44:5b:a6:55:d6:98:3b:4b:
                    c4:8b:72:e9:ce:12:05:e7:fa:6c:bd:79:7c:3d:2e:
                    c2:e6:f1:ec:08:2e:f6:22:fc:b7:1c:16:71:7e:d6:
                    ea:2c:df:bc:83:a5:47:09:52:31:27:e6:63:d0:6f:
                    8d:a0:8f:18:1f:60:35:17:b6:71:89:ca:cd:fe:0a:
                    77:04:c6:63:34:01:d1:62:72:47:6c:9d:68:0d:c8:
                    73:e1:2e:65:8a:d3:80:13:48:9b:69:87:87:27:9c:
                    5a:4f:64:22:60:3b:0d:78:c4:1b:5c:e0:4c:44:2d:
                    bf:4d:b9:49:dd:dd:3c:21:ec:dd:13:79:93:bd:43:
                    09:18:be:77:0c:e5:0c:47:f6:52:cb:6c:10:4c:5e:
                    61:bd:2d:14:9d:0c:b9:a5:b1:e6:e8:7f:ae:13:3b:
                    4f:e6:79:f3:7b:c6:d8:2f:23:a8:e8:e5:85:d8:b2:
                    19:35:a7:0c:e5:3f:1f:59:ba:6d:fb:39:6c:78:cf:
                    43:8c:d6:12:13:ba:50:40:c9:dc:8c:60:83:54:76:
                    32:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:70:E6:29:98:4F:3F:A0:B7:03:CA:DF:35:82:CD:00:E4:83:EE:76
            X509v3 Authority Key Identifier:
                keyid:4D:0A:DE:54:C2:7E:6F:CD:DA:CE:26:2C:4F:DF:79:0F:32:0F:ED:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TQreVMJ-b83aziYsT995DzIP7Zw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/8efd8b-e516-4c49-92cb-89296ccb35f5/1/93DmKZhPP6C3A8rfNYLNAOSD7nY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/8efd8b-e516-4c49-92cb-89296ccb35f5/1/TQreVMJ-b83aziYsT995DzIP7Zw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.72.0/22
                IPv6:
                  2a0b:f200::/32

    Signature Algorithm: sha256WithRSAEncryption
         88:11:d8:a6:db:e9:36:eb:dd:aa:ea:df:47:b6:63:b3:31:64:
         0a:9e:9e:c7:7b:7c:48:c3:b1:89:67:9d:be:75:ff:42:ee:5e:
         c5:f9:a5:1d:69:fa:33:4f:c4:d8:ac:ec:24:61:fe:be:67:56:
         3d:54:ce:66:f0:ea:1c:94:34:76:d5:bf:96:84:99:fe:e8:46:
         f5:e0:73:45:0a:52:1d:fb:23:c9:ef:e5:60:b7:04:7a:f0:ff:
         e4:e9:87:a3:ed:14:2e:1e:2d:eb:f8:5b:d4:29:14:32:24:ac:
         83:12:29:b8:58:fb:e9:f7:1d:1e:80:18:02:e4:fb:46:62:27:
         a1:7d:bd:fa:da:e1:e4:53:7f:89:aa:e0:dc:dd:68:a2:16:01:
         69:4e:e1:83:61:e3:0d:c0:b3:28:86:10:60:6c:60:28:62:11:
         5b:50:29:43:46:d4:6f:9c:df:b1:79:8b:76:04:09:5b:6e:d7:
         18:5f:65:ae:1b:d4:e1:21:92:75:d7:1c:08:9c:49:db:90:3c:
         1f:21:39:e6:80:9d:53:9e:3b:82:a0:10:f3:51:0d:73:15:78:
         d0:2e:35:44:d8:86:9a:43:34:25:89:c1:5c:bf:c2:52:08:bf:
         b7:c3:5d:b4:7e:4b:c5:c2:16:b7:a8:0b:ac:71:47:fa:a7:35:
         10:02:a9:5f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQg1k5LjRZK26LVMS/bqgLAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkMGFkZTU0YzI3ZTZmY2RkYWNlMjYyYzRmZGY3OTBmMzIw
ZmVkOWMwHhcNMjUwMTAxMDc0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzcwZTYyOTk4NGYzZmEwYjcwM2NhZGYzNTgyY2QwMGU0ODNlZTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAimEMVjt49zQqaCmj4DOW3AVSGMFw
7gMAPy1VTIUFTBPLAmhAoTpt675/uofWSvrqaMhwRFumVdaYO0vEi3LpzhIF5/ps
vXl8PS7C5vHsCC72Ivy3HBZxftbqLN+8g6VHCVIxJ+Zj0G+NoI8YH2A1F7ZxicrN
/gp3BMZjNAHRYnJHbJ1oDchz4S5litOAE0ibaYeHJ5xaT2QiYDsNeMQbXOBMRC2/
TblJ3d08IezdE3mTvUMJGL53DOUMR/ZSy2wQTF5hvS0UnQy5pbHm6H+uEztP5nnz
e8bYLyOo6OWF2LIZNacM5T8fWbpt+zlseM9DjNYSE7pQQMncjGCDVHYyGQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPdw5imYTz+gtwPK3zWCzQDkg+52MB8GA1UdIwQY
MBaAFE0K3lTCfm/N2s4mLE/feQ8yD+2cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFFyZVZNSi1iODNhemlZc1Q5OTVEeklQN1p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC84ZWZkOGItZTUxNi00YzQ5LTkyY2It
ODkyOTZjY2IzNWY1LzEvOTNEbUtaaFBQNkMzQThyZk5ZTE5BT1NEN25ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC84ZWZkOGItZTUxNi00YzQ5LTkyY2ItODkyOTZjY2IzNWY1
LzEvVFFyZVZNSi1iODNhemlZc1Q5OTVEeklQN1p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuahIMA0E
AgACMAcDBQAqC/IAMA0GCSqGSIb3DQEBCwUAA4IBAQCIEdim2+k2692q6t9HtmOz
MWQKnp7He3xIw7GJZ52+df9C7l7F+aUdafozT8TYrOwkYf6+Z1Y9VM5m8OoclDR2
1b+WhJn+6Eb14HNFClId+yPJ7+VgtwR68P/k6Yej7RQuHi3r+FvUKRQyJKyDEim4
WPvp9x0egBgC5PtGYiehfb362uHkU3+JquDc3WiiFgFpTuGDYeMNwLMohhBgbGAo
YhFbUClDRtRvnN+xeYt2BAlbbtcYX2WuG9ThIZJ11xwInEnbkDwfITnmgJ1TnjuC
oBDzUQ1zFXjQLjVE2IaaQzQlicFcv8JSCL+3w120fkvFwha3qAuscUf6pzUQAqlf
-----END CERTIFICATE-----