Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/19c888-a2bb-4b6c-822e-c00a646d8031/1/_AaogpvsZ_kHaJAoO7eUxP8H-zY.roa
File:                     _AaogpvsZ_kHaJAoO7eUxP8H-zY.roa (raw, json)
Hash identifier:          a3qZI1EQuEaQg0ZHFbrz5Ccf6fiwQDzr5b8C2ZRATT4=
Subject key identifier:   FC:06:A8:82:9B:EC:67:F9:07:68:90:28:3B:B7:94:C4:FF:07:FB:36
Certificate issuer:       /CN=1639ddbe0ff3a1870cdb455098dc42facfd549f5
Certificate serial:       01941F8C301BE0F8E43ED24A63A471848925
Authority key identifier: 16:39:DD:BE:0F:F3:A1:87:0C:DB:45:50:98:DC:42:FA:CF:D5:49:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fjndvg_zoYcM20VQmNxC-s_VSfU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/19c888-a2bb-4b6c-822e-c00a646d8031/1/_AaogpvsZ_kHaJAoO7eUxP8H-zY.roa
Signing time:             Wed 01 Jan 2025 01:47:48 +0000
ROA not before:           Wed 01 Jan 2025 01:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29119
IP address blocks:        188.93.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/19c888-a2bb-4b6c-822e-c00a646d8031/1/Fjndvg_zoYcM20VQmNxC-s_VSfU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/19c888-a2bb-4b6c-822e-c00a646d8031/1/Fjndvg_zoYcM20VQmNxC-s_VSfU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fjndvg_zoYcM20VQmNxC-s_VSfU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:30:1b:e0:f8:e4:3e:d2:4a:63:a4:71:84:89:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1639ddbe0ff3a1870cdb455098dc42facfd549f5
        Validity
            Not Before: Jan  1 01:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fc06a8829bec67f9076890283bb794c4ff07fb36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:34:a0:11:06:7f:87:5a:7a:aa:b6:4c:f8:55:
                    09:85:1a:eb:5c:9c:b3:b9:32:04:5f:12:d9:e5:44:
                    2d:11:3f:c6:6f:2f:7e:ce:84:eb:fe:dd:08:4f:37:
                    df:56:a0:75:4a:f6:3c:33:5d:01:e0:a1:23:2a:91:
                    2b:49:93:3b:a7:7e:e7:d6:8b:7a:21:b9:66:4e:6c:
                    15:db:b8:01:c6:ce:f1:6e:44:8c:0f:cc:33:5f:4b:
                    23:94:98:ca:74:e0:27:14:ec:68:f8:b4:9e:72:01:
                    65:eb:c0:03:61:63:24:6e:c3:2f:37:67:78:85:42:
                    58:5a:99:05:1e:e1:3e:6c:13:62:69:8e:08:b8:d2:
                    42:4e:36:86:e7:2e:d4:94:c9:0b:7d:e3:d8:ac:9c:
                    d1:cc:e7:1b:d5:a9:87:07:81:7d:00:e3:dd:75:2d:
                    cb:d3:e1:7e:8e:82:13:41:3d:56:93:45:c4:b7:81:
                    af:22:3b:1b:39:31:9c:c7:9f:38:4a:33:8d:5c:f3:
                    8a:b9:cc:96:ff:4b:4d:ac:38:21:98:05:6a:2d:cf:
                    e5:a2:0e:1d:ff:3b:25:3c:3e:e1:ba:86:3d:3c:fe:
                    29:c8:eb:c7:27:ef:d3:66:8d:82:8d:5c:ee:b2:dc:
                    f6:da:2f:52:c5:73:4b:72:bc:9f:8a:9d:17:2d:e5:
                    e2:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:06:A8:82:9B:EC:67:F9:07:68:90:28:3B:B7:94:C4:FF:07:FB:36
            X509v3 Authority Key Identifier:
                keyid:16:39:DD:BE:0F:F3:A1:87:0C:DB:45:50:98:DC:42:FA:CF:D5:49:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fjndvg_zoYcM20VQmNxC-s_VSfU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/19c888-a2bb-4b6c-822e-c00a646d8031/1/_AaogpvsZ_kHaJAoO7eUxP8H-zY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/19c888-a2bb-4b6c-822e-c00a646d8031/1/Fjndvg_zoYcM20VQmNxC-s_VSfU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.93.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         dd:69:b2:f5:04:68:2a:40:60:84:d6:45:30:2f:7d:44:bd:08:
         bc:ae:8d:b8:71:28:e4:c9:26:a0:2d:6c:9f:7f:15:21:08:77:
         d2:bb:54:76:08:5e:23:45:d5:b9:50:0c:11:26:43:bf:e0:d1:
         e8:dc:9e:de:d8:08:95:84:10:7a:2f:dc:92:0d:7a:21:c5:72:
         f0:10:77:7d:c0:ad:fe:cc:78:c6:f6:9c:00:e5:a9:7f:45:69:
         0d:0f:35:df:59:25:59:a2:6a:5a:4e:2f:14:2f:68:2d:02:19:
         8c:b0:ad:53:aa:33:c5:97:68:0e:fc:d5:70:a0:ad:90:89:a0:
         70:24:c0:20:2a:bf:f7:04:13:fc:87:ba:b2:8a:aa:c7:f1:d2:
         e4:17:26:7e:5f:79:0a:a7:0a:c4:13:d0:5b:9e:a1:f3:09:b4:
         7a:f6:db:ad:3b:7b:55:82:ce:63:d4:77:57:29:e7:11:d0:53:
         96:9f:9e:2d:8d:fd:e3:65:69:a6:c5:64:67:7b:da:b4:81:08:
         c3:0a:8b:1e:3b:f7:8f:7a:98:f1:c6:38:9f:f1:40:b7:5d:f5:
         af:de:ec:6e:9f:11:f3:c1:14:1b:d1:56:ea:c9:af:70:0a:57:
         fd:49:91:fc:e6:b0:11:2b:8f:5d:60:dc:20:4c:3a:a1:d1:45:
         c1:df:3f:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjDAb4PjkPtJKY6RxhIklMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2MzlkZGJlMGZmM2ExODcwY2RiNDU1MDk4ZGM0MmZhY2Zk
NTQ5ZjUwHhcNMjUwMTAxMDE0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzA2YTg4MjliZWM2N2Y5MDc2ODkwMjgzYmI3OTRjNGZmMDdmYjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnTSgEQZ/h1p6qrZM+FUJhRrrXJyz
uTIEXxLZ5UQtET/Gby9+zoTr/t0ITzffVqB1SvY8M10B4KEjKpErSZM7p37n1ot6
IblmTmwV27gBxs7xbkSMD8wzX0sjlJjKdOAnFOxo+LSecgFl68ADYWMkbsMvN2d4
hUJYWpkFHuE+bBNiaY4IuNJCTjaG5y7UlMkLfePYrJzRzOcb1amHB4F9AOPddS3L
0+F+joITQT1Wk0XEt4GvIjsbOTGcx584SjONXPOKucyW/0tNrDghmAVqLc/log4d
/zslPD7huoY9PP4pyOvHJ+/TZo2CjVzustz22i9SxXNLcryfip0XLeXi6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPwGqIKb7Gf5B2iQKDu3lMT/B/s2MB8GA1UdIwQY
MBaAFBY53b4P86GHDNtFUJjcQvrP1Un1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmpuZHZnX3pvWWNNMjBWUW1OeEMtc19WU2ZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi8xOWM4ODgtYTJiYi00YjZjLTgyMmUt
YzAwYTY0NmQ4MDMxLzEvX0Fhb2dwdnNaX2tIYUpBb083ZVV4UDhILXpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi8xOWM4ODgtYTJiYi00YjZjLTgyMmUtYzAwYTY0NmQ4MDMx
LzEvRmpuZHZnX3pvWWNNMjBWUW1OeEMtc19WU2ZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvF2OMA0G
CSqGSIb3DQEBCwUAA4IBAQDdabL1BGgqQGCE1kUwL31EvQi8ro24cSjkySagLWyf
fxUhCHfSu1R2CF4jRdW5UAwRJkO/4NHo3J7e2AiVhBB6L9ySDXohxXLwEHd9wK3+
zHjG9pwA5al/RWkNDzXfWSVZompaTi8UL2gtAhmMsK1TqjPFl2gO/NVwoK2QiaBw
JMAgKr/3BBP8h7qyiqrH8dLkFyZ+X3kKpwrEE9BbnqHzCbR69tutO3tVgs5j1HdX
KecR0FOWn54tjf3jZWmmxWRne9q0gQjDCoseO/ePepjxxjif8UC3XfWv3uxunxHz
wRQb0Vbqya9wClf9SZH85rARK49dYNwgTDqh0UXB3z+0
-----END CERTIFICATE-----