Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/19c888-a2bb-4b6c-822e-c00a646d8031/1/aYJLx7MCL2HWELUZ9JXEemtA0Is.roa
File:                     aYJLx7MCL2HWELUZ9JXEemtA0Is.roa (raw, json)
Hash identifier:          y6QsQbk5i/iXjQAN7pMUDoEPATSibWo7zebmlQauf1w=
Subject key identifier:   69:82:4B:C7:B3:02:2F:61:D6:10:B5:19:F4:95:C4:7A:6B:40:D0:8B
Certificate issuer:       /CN=1639ddbe0ff3a1870cdb455098dc42facfd549f5
Certificate serial:       018CCA9A1CD313CB4C01584D8120CB91B448
Authority key identifier: 16:39:DD:BE:0F:F3:A1:87:0C:DB:45:50:98:DC:42:FA:CF:D5:49:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fjndvg_zoYcM20VQmNxC-s_VSfU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/19c888-a2bb-4b6c-822e-c00a646d8031/1/aYJLx7MCL2HWELUZ9JXEemtA0Is.roa
Signing time:             Tue 02 Jan 2024 14:35:46 +0000
ROA not before:           Tue 02 Jan 2024 14:35:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29119
IP address blocks:        188.93.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/19c888-a2bb-4b6c-822e-c00a646d8031/1/Fjndvg_zoYcM20VQmNxC-s_VSfU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/19c888-a2bb-4b6c-822e-c00a646d8031/1/Fjndvg_zoYcM20VQmNxC-s_VSfU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fjndvg_zoYcM20VQmNxC-s_VSfU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 04:01:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:9a:1c:d3:13:cb:4c:01:58:4d:81:20:cb:91:b4:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1639ddbe0ff3a1870cdb455098dc42facfd549f5
        Validity
            Not Before: Jan  2 14:35:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69824bc7b3022f61d610b519f495c47a6b40d08b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:8e:ec:c1:be:9f:bf:6c:b6:c3:11:78:08:20:
                    8e:c0:68:af:9d:07:d2:b0:ec:1f:e6:b2:03:51:16:
                    c5:b5:15:30:85:c7:91:83:ff:ff:c4:78:6e:dc:25:
                    21:bd:21:07:c5:21:5d:07:5b:cc:4c:d1:b1:7b:91:
                    a2:58:bd:05:94:ec:b2:40:39:f2:59:98:b5:1f:fe:
                    dd:0d:85:77:7a:cd:50:40:9b:e4:72:7e:69:4a:11:
                    ca:d3:38:0f:6a:6e:c2:c5:cd:46:42:c9:a3:28:87:
                    8e:79:57:cb:df:d6:78:7d:91:0b:40:c5:02:42:ea:
                    b2:77:4a:96:7e:70:cd:6b:01:b5:8c:90:c4:8e:01:
                    96:9d:c7:7f:19:b3:09:bf:32:47:f8:47:f5:b7:78:
                    bc:16:a1:e8:99:84:f5:a7:21:cb:88:0c:a7:cc:d5:
                    f9:2d:d6:c3:a2:b8:ac:04:58:81:51:59:59:1b:3a:
                    60:a3:c9:3c:5b:8a:10:16:f8:17:46:93:35:0d:51:
                    97:4a:d2:b2:b5:36:ca:da:20:4d:0c:6a:8a:6a:59:
                    58:95:3e:76:9f:29:24:17:80:ca:73:93:f4:f6:8c:
                    2f:b0:8a:46:1b:11:41:2b:1c:71:6a:91:0c:2f:ce:
                    56:8a:72:19:da:68:c3:89:d7:ee:7b:d4:f4:b1:ae:
                    60:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:82:4B:C7:B3:02:2F:61:D6:10:B5:19:F4:95:C4:7A:6B:40:D0:8B
            X509v3 Authority Key Identifier:
                keyid:16:39:DD:BE:0F:F3:A1:87:0C:DB:45:50:98:DC:42:FA:CF:D5:49:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fjndvg_zoYcM20VQmNxC-s_VSfU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/19c888-a2bb-4b6c-822e-c00a646d8031/1/aYJLx7MCL2HWELUZ9JXEemtA0Is.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/19c888-a2bb-4b6c-822e-c00a646d8031/1/Fjndvg_zoYcM20VQmNxC-s_VSfU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.93.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c8:e8:fb:66:29:5e:4b:b4:bd:ed:5e:8f:f5:6e:c0:b4:3b:7a:
         11:70:4d:c9:7b:83:5a:35:db:6c:e3:ba:04:0c:f2:9d:aa:7c:
         49:24:95:98:f9:46:e4:54:c2:ed:96:33:2c:4f:90:13:10:a2:
         a2:8d:95:46:bf:f0:f6:bc:5c:11:71:5e:4d:fa:f2:80:68:f0:
         47:ad:cb:15:9b:7c:44:c7:29:65:e8:68:be:b8:a9:5d:dc:5d:
         34:8e:2c:ec:5c:4b:83:a8:ff:a5:80:75:5c:ed:bd:59:96:8c:
         fe:01:53:10:11:0e:33:1c:a8:38:63:d7:75:40:7c:e9:2f:74:
         9a:6a:d1:aa:66:62:71:18:88:f4:c3:ed:34:77:00:e5:98:56:
         0c:7f:54:e9:13:77:12:78:3f:3a:f7:f1:ea:d2:25:9c:83:8d:
         71:2c:31:0e:8c:91:e6:dc:50:3b:40:7c:d5:e8:ab:54:d5:45:
         ca:27:c2:68:2c:93:9b:07:b2:76:77:ad:0a:3a:a3:c0:a9:ea:
         1b:c3:7d:39:ec:36:58:ff:15:ec:cb:d9:40:76:c2:96:1d:58:
         ad:73:03:50:41:21:d1:01:08:f5:e0:48:76:8b:dc:4d:96:b9:
         96:87:58:42:2d:23:df:3c:69:62:60:bd:8a:6d:74:9b:6d:39:
         22:12:6a:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmhzTE8tMAVhNgSDLkbRIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2MzlkZGJlMGZmM2ExODcwY2RiNDU1MDk4ZGM0MmZhY2Zk
NTQ5ZjUwHhcNMjQwMTAyMTQzNTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTgyNGJjN2IzMDIyZjYxZDYxMGI1MTlmNDk1YzQ3YTZiNDBkMDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxY7swb6fv2y2wxF4CCCOwGivnQfS
sOwf5rIDURbFtRUwhceRg///xHhu3CUhvSEHxSFdB1vMTNGxe5GiWL0FlOyyQDny
WZi1H/7dDYV3es1QQJvkcn5pShHK0zgPam7Cxc1GQsmjKIeOeVfL39Z4fZELQMUC
Quqyd0qWfnDNawG1jJDEjgGWncd/GbMJvzJH+Ef1t3i8FqHomYT1pyHLiAynzNX5
LdbDorisBFiBUVlZGzpgo8k8W4oQFvgXRpM1DVGXStKytTbK2iBNDGqKallYlT52
nykkF4DKc5P09owvsIpGGxFBKxxxapEML85WinIZ2mjDidfue9T0sa5gCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGmCS8ezAi9h1hC1GfSVxHprQNCLMB8GA1UdIwQY
MBaAFBY53b4P86GHDNtFUJjcQvrP1Un1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmpuZHZnX3pvWWNNMjBWUW1OeEMtc19WU2ZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi8xOWM4ODgtYTJiYi00YjZjLTgyMmUt
YzAwYTY0NmQ4MDMxLzEvYVlKTHg3TUNMMkhXRUxVWjlKWEVlbXRBMElzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi8xOWM4ODgtYTJiYi00YjZjLTgyMmUtYzAwYTY0NmQ4MDMx
LzEvRmpuZHZnX3pvWWNNMjBWUW1OeEMtc19WU2ZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvF2OMA0G
CSqGSIb3DQEBCwUAA4IBAQDI6PtmKV5LtL3tXo/1bsC0O3oRcE3Je4NaNdts47oE
DPKdqnxJJJWY+UbkVMLtljMsT5ATEKKijZVGv/D2vFwRcV5N+vKAaPBHrcsVm3xE
xyll6Gi+uKld3F00jizsXEuDqP+lgHVc7b1Zloz+AVMQEQ4zHKg4Y9d1QHzpL3Sa
atGqZmJxGIj0w+00dwDlmFYMf1TpE3cSeD869/Hq0iWcg41xLDEOjJHm3FA7QHzV
6KtU1UXKJ8JoLJObB7J2d60KOqPAqeobw3057DZY/xXsy9lAdsKWHVitcwNQQSHR
AQj14Eh2i9xNlrmWh1hCLSPfPGliYL2KbXSbbTkiEmqR
-----END CERTIFICATE-----