Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/c71e30-c868-48fc-80df-36483139dc5e/1/VRs8CShO6bRg5uI1JwT1RKe3PrI.roa
File:                     VRs8CShO6bRg5uI1JwT1RKe3PrI.roa (raw, json)
Hash identifier:          fbnkM+ZXK5PucV+W/pV7w3InLQ8yhq+sy8zU5D/9V1k=
Subject key identifier:   55:1B:3C:09:28:4E:E9:B4:60:E6:E2:35:27:04:F5:44:A7:B7:3E:B2
Certificate issuer:       /CN=93c38d3e1c4e7e543a36c8b6353eb66da4dab40b
Certificate serial:       0194266C0598C5CB37E107953753215C1BB1
Authority key identifier: 93:C3:8D:3E:1C:4E:7E:54:3A:36:C8:B6:35:3E:B6:6D:A4:DA:B4:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k8ONPhxOflQ6Nsi2NT62baTatAs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/c71e30-c868-48fc-80df-36483139dc5e/1/VRs8CShO6bRg5uI1JwT1RKe3PrI.roa
Signing time:             Thu 02 Jan 2025 09:50:00 +0000
ROA not before:           Thu 02 Jan 2025 09:50:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31463
IP address blocks:        93.177.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/c71e30-c868-48fc-80df-36483139dc5e/1/k8ONPhxOflQ6Nsi2NT62baTatAs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/c71e30-c868-48fc-80df-36483139dc5e/1/k8ONPhxOflQ6Nsi2NT62baTatAs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k8ONPhxOflQ6Nsi2NT62baTatAs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:05:98:c5:cb:37:e1:07:95:37:53:21:5c:1b:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93c38d3e1c4e7e543a36c8b6353eb66da4dab40b
        Validity
            Not Before: Jan  2 09:50:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=551b3c09284ee9b460e6e2352704f544a7b73eb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:7c:63:45:1a:76:d8:db:6f:51:22:58:85:80:
                    0e:5d:98:0f:1c:bf:97:cd:04:d1:4c:78:62:ad:15:
                    17:e2:88:e4:13:25:f3:af:4d:72:01:7e:c8:3e:de:
                    d5:76:e4:6f:6f:69:84:71:4a:74:50:cd:ce:1a:8e:
                    07:06:54:50:56:b9:06:e6:d5:7e:49:b8:3f:88:64:
                    64:e7:a1:ac:3e:84:07:01:e6:38:b3:58:1b:4c:41:
                    69:f8:10:69:3a:58:8a:7e:d1:b3:4f:57:49:1f:1b:
                    20:53:8d:ec:28:5b:c3:dc:f7:44:4f:81:e3:3a:46:
                    32:59:80:43:bf:51:ff:5f:42:f3:77:36:15:e2:a6:
                    e9:5a:12:60:4b:76:00:5a:86:35:6c:b9:7f:ec:fd:
                    e4:c4:15:49:43:e6:e5:a3:3a:4a:59:4d:f7:9e:ef:
                    8f:8a:6a:c6:dd:53:47:94:68:13:21:41:7e:72:97:
                    c5:bc:8b:3c:03:3b:1e:9b:12:9b:08:eb:fe:86:f2:
                    d5:90:b2:56:3e:2e:05:00:73:df:a9:c4:a0:ac:9c:
                    3a:d1:1d:b9:2b:01:e0:5d:20:71:39:43:83:60:0c:
                    85:a6:6a:c6:94:0f:45:31:d3:9f:fe:a7:6e:3f:8f:
                    fa:37:9f:3a:15:ac:ae:0a:80:4b:75:66:61:e3:a2:
                    0e:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:1B:3C:09:28:4E:E9:B4:60:E6:E2:35:27:04:F5:44:A7:B7:3E:B2
            X509v3 Authority Key Identifier:
                keyid:93:C3:8D:3E:1C:4E:7E:54:3A:36:C8:B6:35:3E:B6:6D:A4:DA:B4:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k8ONPhxOflQ6Nsi2NT62baTatAs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/c71e30-c868-48fc-80df-36483139dc5e/1/VRs8CShO6bRg5uI1JwT1RKe3PrI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/c71e30-c868-48fc-80df-36483139dc5e/1/k8ONPhxOflQ6Nsi2NT62baTatAs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.177.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:20:76:d5:65:c0:bc:29:23:2d:28:53:af:75:0b:be:57:91:
         1f:c6:2d:11:9b:75:94:b7:39:02:38:50:c6:9f:a4:c4:c8:c7:
         0d:3d:32:e3:c4:8f:27:35:2e:42:d6:f0:a6:fc:d9:f2:bc:29:
         7d:a7:ad:c7:51:d9:1d:fb:df:3a:e1:79:2e:a9:2f:b6:40:01:
         13:aa:52:09:54:d3:a0:7f:d1:08:19:62:74:d7:c4:85:f8:ac:
         81:ea:de:c4:e4:bf:a0:3b:77:41:19:f7:3b:e4:bf:eb:97:d2:
         da:31:66:2a:0e:cc:e3:a4:be:12:93:1b:e8:a2:62:4c:00:b4:
         bb:0f:77:b1:45:df:b2:3b:ad:fb:fe:5c:e5:50:44:18:57:7b:
         e5:e1:fe:ac:e2:71:c7:10:e3:63:b6:58:72:a3:69:ad:d2:1f:
         e3:19:a9:0f:1b:da:57:6a:38:fe:3b:cd:3e:72:ed:82:6e:6e:
         49:51:54:fb:bf:7e:52:f6:38:4e:20:9a:fd:c6:9d:1a:13:1f:
         8c:02:0e:b6:5e:e2:51:ef:34:f3:16:87:3d:a2:5e:7d:cd:0f:
         a5:82:1e:c8:f0:3f:d0:95:c2:d9:c8:08:2a:b7:c0:be:46:20:
         6b:88:b2:bd:39:97:e8:3f:ed:40:c7:e3:51:f6:4d:bc:8e:b8:
         da:52:96:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbAWYxcs34QeVN1MhXBuxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzYzM4ZDNlMWM0ZTdlNTQzYTM2YzhiNjM1M2ViNjZkYTRk
YWI0MGIwHhcNMjUwMTAyMDk1MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTFiM2MwOTI4NGVlOWI0NjBlNmUyMzUyNzA0ZjU0NGE3YjczZWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2nxjRRp22NtvUSJYhYAOXZgPHL+X
zQTRTHhirRUX4ojkEyXzr01yAX7IPt7VduRvb2mEcUp0UM3OGo4HBlRQVrkG5tV+
Sbg/iGRk56GsPoQHAeY4s1gbTEFp+BBpOliKftGzT1dJHxsgU43sKFvD3PdET4Hj
OkYyWYBDv1H/X0LzdzYV4qbpWhJgS3YAWoY1bLl/7P3kxBVJQ+blozpKWU33nu+P
imrG3VNHlGgTIUF+cpfFvIs8AzsemxKbCOv+hvLVkLJWPi4FAHPfqcSgrJw60R25
KwHgXSBxOUODYAyFpmrGlA9FMdOf/qduP4/6N586FayuCoBLdWZh46IOcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFUbPAkoTum0YObiNScE9USntz6yMB8GA1UdIwQY
MBaAFJPDjT4cTn5UOjbItjU+tm2k2rQLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazhPTlBoeE9mbFE2TnNpMk5UNjJiYVRhdEFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9jNzFlMzAtYzg2OC00OGZjLTgwZGYt
MzY0ODMxMzlkYzVlLzEvVlJzOENTaE82YlJnNXVJMUp3VDFSS2UzUHJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9jNzFlMzAtYzg2OC00OGZjLTgwZGYtMzY0ODMxMzlkYzVl
LzEvazhPTlBoeE9mbFE2TnNpMk5UNjJiYVRhdEFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXbF/MA0G
CSqGSIb3DQEBCwUAA4IBAQAEIHbVZcC8KSMtKFOvdQu+V5Efxi0Rm3WUtzkCOFDG
n6TEyMcNPTLjxI8nNS5C1vCm/NnyvCl9p63HUdkd+9864XkuqS+2QAETqlIJVNOg
f9EIGWJ018SF+KyB6t7E5L+gO3dBGfc75L/rl9LaMWYqDszjpL4SkxvoomJMALS7
D3exRd+yO637/lzlUEQYV3vl4f6s4nHHEONjtlhyo2mt0h/jGakPG9pXajj+O80+
cu2Cbm5JUVT7v35S9jhOIJr9xp0aEx+MAg62XuJR7zTzFoc9ol59zQ+lgh7I8D/Q
lcLZyAgqt8C+RiBriLK9OZfoP+1Ax+NR9k28jrjaUpab
-----END CERTIFICATE-----