Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/c861c8-c89a-4043-a02d-664f04d2a68d/1/8CNNYBbzQiDFPTM1tjqp5lUESM8.roa
File:                     8CNNYBbzQiDFPTM1tjqp5lUESM8.roa (raw, json)
Hash identifier:          FKMYJ+6HiuRFIY6sbk4LB3mHseE0YsFT5neIU8ZSV0A=
Subject key identifier:   F0:23:4D:60:16:F3:42:20:C5:3D:33:35:B6:3A:A9:E6:55:04:48:CF
Certificate issuer:       /CN=dc02b18f588a50b9274fe3469ff8bd4a1649d74d
Certificate serial:       0196EDD91A1B2D50A8A07362677B9126A611
Authority key identifier: DC:02:B1:8F:58:8A:50:B9:27:4F:E3:46:9F:F8:BD:4A:16:49:D7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3AKxj1iKULknT-NGn_i9ShZJ100.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/c861c8-c89a-4043-a02d-664f04d2a68d/1/8CNNYBbzQiDFPTM1tjqp5lUESM8.roa
Signing time:             Tue 20 May 2025 13:19:10 +0000
ROA not before:           Tue 20 May 2025 13:19:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213628
IP address blocks:        93.187.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/c861c8-c89a-4043-a02d-664f04d2a68d/1/3AKxj1iKULknT-NGn_i9ShZJ100.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/c861c8-c89a-4043-a02d-664f04d2a68d/1/3AKxj1iKULknT-NGn_i9ShZJ100.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3AKxj1iKULknT-NGn_i9ShZJ100.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 04:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ed:d9:1a:1b:2d:50:a8:a0:73:62:67:7b:91:26:a6:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc02b18f588a50b9274fe3469ff8bd4a1649d74d
        Validity
            Not Before: May 20 13:19:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f0234d6016f34220c53d3335b63aa9e6550448cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:d1:e9:a0:77:7c:7f:6d:dd:e6:40:e3:50:3f:
                    de:ff:7f:bf:14:04:cc:23:09:df:dd:58:30:1c:11:
                    d3:c8:a1:49:76:21:d2:ee:a6:1f:60:80:85:d8:a3:
                    4a:1d:7e:40:dc:71:77:3f:75:db:30:00:c9:c0:b4:
                    35:59:f7:f7:47:2d:8a:d3:fb:59:e8:ed:af:73:18:
                    d5:e1:6f:90:11:2e:14:7a:ab:4a:42:47:ba:2f:35:
                    45:0e:44:99:29:ac:5c:5c:d8:0d:e3:30:dc:26:06:
                    dc:d1:9e:db:46:28:fe:49:f2:4d:a3:44:22:51:a0:
                    50:54:71:41:47:ba:3a:da:45:13:17:fe:b3:18:b7:
                    3f:7a:ad:b9:2a:76:1c:23:0e:30:57:d5:25:69:67:
                    93:f6:49:ff:4e:93:b1:33:7b:5c:c7:12:68:96:da:
                    f8:69:11:5b:09:b5:b6:9d:41:e2:15:4d:f2:f4:20:
                    72:57:5c:d7:c7:6e:9f:20:b3:9a:8e:13:9d:cd:3f:
                    70:99:24:96:9d:10:9c:6a:5b:8d:42:84:04:93:81:
                    56:93:df:20:0d:17:39:43:39:27:e5:8d:1e:07:fa:
                    18:a8:32:ce:e4:51:7f:7f:2f:7f:d2:12:a2:39:af:
                    7c:7b:b4:3f:ba:be:b6:89:59:92:da:af:6c:66:32:
                    7c:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:23:4D:60:16:F3:42:20:C5:3D:33:35:B6:3A:A9:E6:55:04:48:CF
            X509v3 Authority Key Identifier:
                keyid:DC:02:B1:8F:58:8A:50:B9:27:4F:E3:46:9F:F8:BD:4A:16:49:D7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3AKxj1iKULknT-NGn_i9ShZJ100.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/c861c8-c89a-4043-a02d-664f04d2a68d/1/8CNNYBbzQiDFPTM1tjqp5lUESM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/c861c8-c89a-4043-a02d-664f04d2a68d/1/3AKxj1iKULknT-NGn_i9ShZJ100.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.187.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:4a:52:a2:be:e6:aa:88:62:f7:83:09:76:ae:78:bb:e4:61:
         e9:a7:90:12:0a:7e:3d:ff:9b:1e:85:1a:3f:4f:65:0a:e8:8f:
         e8:c5:50:7c:97:4d:c3:a3:6e:bb:78:15:2d:7d:24:42:5f:58:
         56:17:6c:db:86:fa:25:0d:1e:12:b0:78:a0:cd:91:7f:b6:18:
         5f:6d:ec:a1:50:01:ae:62:a6:c3:26:dd:ac:75:67:39:ee:16:
         a9:12:c9:5f:29:c8:fa:35:bb:94:e0:6b:a6:08:1c:87:13:5f:
         b4:91:b7:33:c9:be:92:6e:40:e0:f0:62:98:b7:a7:fe:2a:39:
         1d:22:4e:f8:33:9f:9e:47:35:2c:87:11:53:db:45:25:d4:33:
         3f:cd:d6:05:21:cb:fc:41:8f:16:31:95:b6:64:f9:df:a7:c7:
         44:c8:b9:65:ee:08:0c:7c:8b:a6:be:ec:a7:c8:2e:d2:eb:1e:
         4d:e8:3c:31:97:3c:e5:cf:08:d6:04:a4:9b:a7:68:cc:91:1f:
         d4:53:cd:91:cd:e5:4c:78:55:a1:dd:d4:43:92:aa:32:98:fa:
         92:16:dc:8e:ea:0e:ed:46:82:7a:68:83:9e:d7:4c:3f:62:10:
         40:b4:f1:f0:12:cb:fa:99:be:e0:30:cb:3e:9e:78:6e:28:d4:
         1a:52:95:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbt2RobLVCooHNiZ3uRJqYRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMDJiMThmNTg4YTUwYjkyNzRmZTM0NjlmZjhiZDRhMTY0
OWQ3NGQwHhcNMjUwNTIwMTMxOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDIzNGQ2MDE2ZjM0MjIwYzUzZDMzMzViNjNhYTllNjU1MDQ0OGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA39HpoHd8f23d5kDjUD/e/3+/FATM
Iwnf3VgwHBHTyKFJdiHS7qYfYICF2KNKHX5A3HF3P3XbMADJwLQ1Wff3Ry2K0/tZ
6O2vcxjV4W+QES4UeqtKQke6LzVFDkSZKaxcXNgN4zDcJgbc0Z7bRij+SfJNo0Qi
UaBQVHFBR7o62kUTF/6zGLc/eq25KnYcIw4wV9UlaWeT9kn/TpOxM3tcxxJoltr4
aRFbCbW2nUHiFU3y9CByV1zXx26fILOajhOdzT9wmSSWnRCcaluNQoQEk4FWk98g
DRc5Qzkn5Y0eB/oYqDLO5FF/fy9/0hKiOa98e7Q/ur62iVmS2q9sZjJ8yQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPAjTWAW80IgxT0zNbY6qeZVBEjPMB8GA1UdIwQY
MBaAFNwCsY9YilC5J0/jRp/4vUoWSddNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0FLeGoxaUtVTGtuVC1OR25faTlTaFpKMTAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9jODYxYzgtYzg5YS00MDQzLWEwMmQt
NjY0ZjA0ZDJhNjhkLzEvOENOTllCYnpRaURGUFRNMXRqcXA1bFVFU004LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9jODYxYzgtYzg5YS00MDQzLWEwMmQtNjY0ZjA0ZDJhNjhk
LzEvM0FLeGoxaUtVTGtuVC1OR25faTlTaFpKMTAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXbsnMA0G
CSqGSIb3DQEBCwUAA4IBAQAjSlKivuaqiGL3gwl2rni75GHpp5ASCn49/5sehRo/
T2UK6I/oxVB8l03Do267eBUtfSRCX1hWF2zbhvolDR4SsHigzZF/thhfbeyhUAGu
YqbDJt2sdWc57hapEslfKcj6NbuU4GumCByHE1+0kbczyb6SbkDg8GKYt6f+Kjkd
Ik74M5+eRzUshxFT20Ul1DM/zdYFIcv8QY8WMZW2ZPnfp8dEyLll7ggMfIumvuyn
yC7S6x5N6DwxlzzlzwjWBKSbp2jMkR/UU82RzeVMeFWh3dRDkqoymPqSFtyO6g7t
RoJ6aIOe10w/YhBAtPHwEsv6mb7gMMs+nnhuKNQaUpUV
-----END CERTIFICATE-----