Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/A7xWbj9tfw1-IqbfhhM-F8_AsfE.roa
File:                     A7xWbj9tfw1-IqbfhhM-F8_AsfE.roa (raw, json)
Hash identifier:          SAAd3v0WxPGzVc8KTnqRHrBICtCukGZov+YlwzOD7As=
Subject key identifier:   03:BC:56:6E:3F:6D:7F:0D:7E:22:A6:DF:86:13:3E:17:CF:C0:B1:F1
Certificate issuer:       /CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
Certificate serial:       018D7A052AA9A1C7E7B3F45AEF9FB7661EEE
Authority key identifier: 2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/A7xWbj9tfw1-IqbfhhM-F8_AsfE.roa
Signing time:             Mon 05 Feb 2024 16:06:15 +0000
ROA not before:           Mon 05 Feb 2024 16:06:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     45382
IP address blocks:        93.152.212.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7a:05:2a:a9:a1:c7:e7:b3:f4:5a:ef:9f:b7:66:1e:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
        Validity
            Not Before: Feb  5 16:06:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03bc566e3f6d7f0d7e22a6df86133e17cfc0b1f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:e7:2c:df:fc:18:c3:c4:f8:fd:05:f7:60:37:
                    46:35:83:f8:78:9d:f3:f9:cd:12:fa:58:af:e7:b1:
                    1a:28:57:79:24:0d:44:9f:3c:42:de:a5:1f:51:88:
                    ee:d3:6e:5c:8a:38:3f:2e:5d:7e:86:6d:ac:8d:7f:
                    0d:df:ca:b5:64:af:d5:73:79:fc:38:44:80:f6:d1:
                    fc:b7:29:d8:e4:d8:33:1d:36:28:82:93:8a:39:6a:
                    9e:86:b6:ce:1c:9b:8b:2a:de:fe:4c:98:9f:00:b0:
                    40:d3:81:8d:95:d7:5d:85:7a:8e:de:44:5f:79:7b:
                    14:3d:e5:71:58:e0:15:08:0e:6f:cf:ef:78:76:2a:
                    ed:6c:6b:0b:c1:fe:2c:3b:02:11:e8:b1:2f:02:31:
                    62:5d:63:26:1d:e9:61:f4:6a:59:bb:dc:a1:0b:b9:
                    07:62:32:92:1f:ea:12:cb:85:eb:a6:2a:6d:75:0e:
                    e1:e5:84:61:d5:6d:51:ab:39:a2:90:0e:7b:12:5f:
                    5c:4d:0e:be:05:de:62:b4:22:80:ef:68:08:0a:4f:
                    bf:34:a4:5b:4b:e7:af:8c:1b:db:9a:27:cd:a6:1c:
                    41:1e:20:09:cf:60:d5:aa:56:a2:e7:50:31:40:72:
                    5e:27:65:dd:7f:1e:ab:99:2b:0d:16:73:ea:5a:41:
                    8b:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:BC:56:6E:3F:6D:7F:0D:7E:22:A6:DF:86:13:3E:17:CF:C0:B1:F1
            X509v3 Authority Key Identifier:
                keyid:2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/A7xWbj9tfw1-IqbfhhM-F8_AsfE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.152.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:aa:35:fa:1c:eb:a2:98:ec:e3:88:45:8f:93:fd:55:9b:3a:
         1b:d0:4a:69:fb:90:bc:81:31:5a:a2:cf:e0:23:e7:7a:7f:ad:
         6c:77:80:2a:3b:44:24:c0:e1:e2:bb:5e:87:da:ad:97:a5:ab:
         26:e6:05:20:61:8e:17:33:eb:a9:73:ec:cc:de:14:c5:a7:ee:
         c5:be:3f:4f:6e:f6:dc:c7:79:ef:8d:50:44:30:5b:e5:9d:1f:
         81:fc:50:ae:ec:09:5c:a6:5c:6c:fb:d3:4a:d9:5b:b5:23:1b:
         ff:26:4e:d7:c0:1b:09:94:d0:db:10:59:fd:ad:6e:4a:60:55:
         46:b5:4e:fd:14:cb:f1:8b:82:3e:c4:7e:0d:20:65:38:13:e9:
         1d:96:72:46:5d:c2:eb:54:c1:d8:9b:48:f9:e3:49:18:3b:62:
         fe:d2:68:26:54:de:7f:8c:92:32:83:f6:ca:c4:fe:45:94:89:
         25:94:68:89:f6:3e:9b:fc:b3:88:9e:29:67:2a:17:77:bf:9c:
         c3:80:1f:00:fa:2c:f5:8a:50:00:60:ce:61:34:14:3e:ff:23:
         19:08:bb:3e:43:96:20:f1:0c:44:7c:aa:49:b3:1e:ce:40:b1:
         d1:ba:2d:83:e2:72:fc:9e:2a:f6:23:c7:26:8b:ab:e3:20:e4:
         05:0d:9d:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY16BSqpocfns/Ra75+3Zh7uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMWNhYTY5MzU4ZjhjOThmN2E3MTlmMjU5N2Q1ZGFkZGJk
MDAxOGMwHhcNMjQwMjA1MTYwNjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2JjNTY2ZTNmNmQ3ZjBkN2UyMmE2ZGY4NjEzM2UxN2NmYzBiMWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiucs3/wYw8T4/QX3YDdGNYP4eJ3z
+c0S+liv57EaKFd5JA1EnzxC3qUfUYju025cijg/Ll1+hm2sjX8N38q1ZK/Vc3n8
OESA9tH8tynY5NgzHTYogpOKOWqehrbOHJuLKt7+TJifALBA04GNldddhXqO3kRf
eXsUPeVxWOAVCA5vz+94dirtbGsLwf4sOwIR6LEvAjFiXWMmHelh9GpZu9yhC7kH
YjKSH+oSy4XrpiptdQ7h5YRh1W1RqzmikA57El9cTQ6+Bd5itCKA72gICk+/NKRb
S+evjBvbmifNphxBHiAJz2DVqlai51AxQHJeJ2Xdfx6rmSsNFnPqWkGLzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAO8Vm4/bX8NfiKm34YTPhfPwLHxMB8GA1UdIwQY
MBaAFC0cqmk1j4yY96cZ8ll9Xa3b0AGMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2Yjct
MjliMDg1ZGQyM2FkLzEvQTd4V2JqOXRmdzEtSXFiZmhoTS1GOF9Bc2ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2YjctMjliMDg1ZGQyM2Fk
LzEvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXZjUMA0G
CSqGSIb3DQEBCwUAA4IBAQACqjX6HOuimOzjiEWPk/1Vmzob0Epp+5C8gTFaos/g
I+d6f61sd4AqO0QkwOHiu16H2q2Xpasm5gUgYY4XM+upc+zM3hTFp+7Fvj9Pbvbc
x3nvjVBEMFvlnR+B/FCu7Alcplxs+9NK2Vu1Ixv/Jk7XwBsJlNDbEFn9rW5KYFVG
tU79FMvxi4I+xH4NIGU4E+kdlnJGXcLrVMHYm0j540kYO2L+0mgmVN5/jJIyg/bK
xP5FlIkllGiJ9j6b/LOInilnKhd3v5zDgB8A+iz1ilAAYM5hNBQ+/yMZCLs+Q5Yg
8QxEfKpJsx7OQLHRui2D4nL8nir2I8cmi6vjIOQFDZ3F
-----END CERTIFICATE-----