Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/b523db-842d-4267-be87-e6df8edabfb8/1/pCSKhYNkTR7SxUskaAwpFx35Lys.roa
File:                     pCSKhYNkTR7SxUskaAwpFx35Lys.roa (raw, json)
Hash identifier:          XnHKJyo6BAhxQvWoTo8yVgwue3aegX0njca6tfTmGRU=
Subject key identifier:   A4:24:8A:85:83:64:4D:1E:D2:C5:4B:24:68:0C:29:17:1D:F9:2F:2B
Certificate issuer:       /CN=794f253abffa3214cda8dc99599e5e7c664abf4a
Certificate serial:       019423D6E39F921A193B34C1F7A7E091EE2A
Authority key identifier: 79:4F:25:3A:BF:FA:32:14:CD:A8:DC:99:59:9E:5E:7C:66:4A:BF:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eU8lOr_6MhTNqNyZWZ5efGZKv0o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/b523db-842d-4267-be87-e6df8edabfb8/1/pCSKhYNkTR7SxUskaAwpFx35Lys.roa
Signing time:             Wed 01 Jan 2025 21:47:52 +0000
ROA not before:           Wed 01 Jan 2025 21:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60751
IP address blocks:        93.157.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/b523db-842d-4267-be87-e6df8edabfb8/1/eU8lOr_6MhTNqNyZWZ5efGZKv0o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/b523db-842d-4267-be87-e6df8edabfb8/1/eU8lOr_6MhTNqNyZWZ5efGZKv0o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eU8lOr_6MhTNqNyZWZ5efGZKv0o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:e3:9f:92:1a:19:3b:34:c1:f7:a7:e0:91:ee:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=794f253abffa3214cda8dc99599e5e7c664abf4a
        Validity
            Not Before: Jan  1 21:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a4248a8583644d1ed2c54b24680c29171df92f2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:02:1d:4a:07:4d:b4:2b:3f:3e:85:59:1e:b5:
                    c9:fe:ba:40:ae:3a:8c:05:a0:25:c2:35:c6:23:d8:
                    12:13:fb:e0:5e:22:48:01:d2:02:c6:3a:c8:de:35:
                    f2:ca:ef:06:62:5a:60:5e:99:6a:22:61:0d:a8:34:
                    3b:19:21:57:b1:d6:27:fa:55:84:cd:42:83:1c:ff:
                    ce:90:53:32:ac:ed:71:bd:c4:81:3b:91:51:0e:e4:
                    64:5d:45:d7:a9:ab:4d:52:e0:4e:93:c4:37:1d:41:
                    c2:8f:15:ee:7f:45:78:cf:e0:6c:a3:98:42:9d:d0:
                    39:02:d0:08:25:bf:06:13:d9:9b:b9:a4:30:94:8b:
                    17:df:ce:c0:ef:d8:94:68:c4:bd:c4:48:52:9a:da:
                    d5:b9:ca:2e:a9:42:d6:89:4e:bd:5e:af:7d:3e:1b:
                    4e:dd:6a:f9:73:15:b1:dd:eb:fe:20:5b:3d:c3:9e:
                    e1:77:d2:f1:06:44:8a:c0:1f:35:f5:ed:b5:88:7a:
                    f1:1e:fd:bc:9e:47:8c:31:c4:b4:3c:7d:ed:33:a9:
                    21:14:b6:33:c9:a2:7b:a6:8e:11:a6:a9:18:55:49:
                    8b:ac:87:d6:17:ed:2b:a6:f1:db:4e:79:f6:0a:49:
                    42:e3:7b:d0:36:42:d9:88:78:4b:93:46:81:62:47:
                    1a:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:24:8A:85:83:64:4D:1E:D2:C5:4B:24:68:0C:29:17:1D:F9:2F:2B
            X509v3 Authority Key Identifier:
                keyid:79:4F:25:3A:BF:FA:32:14:CD:A8:DC:99:59:9E:5E:7C:66:4A:BF:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eU8lOr_6MhTNqNyZWZ5efGZKv0o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b523db-842d-4267-be87-e6df8edabfb8/1/pCSKhYNkTR7SxUskaAwpFx35Lys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b523db-842d-4267-be87-e6df8edabfb8/1/eU8lOr_6MhTNqNyZWZ5efGZKv0o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.157.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:24:4f:65:58:b3:96:21:4e:4e:c1:45:2d:5d:17:e4:5c:2b:
         5f:54:d4:a1:a8:d8:55:05:14:98:ae:d4:69:f2:dc:f4:63:d0:
         81:68:d1:db:51:ae:4b:b8:18:90:ad:b2:45:f7:8c:19:27:a2:
         0b:aa:94:8e:29:ff:70:23:8e:76:a9:54:9c:95:b2:0f:fb:f1:
         70:87:ab:07:33:a6:9f:b0:10:3c:23:70:6d:11:6d:91:d8:5c:
         8e:1e:c4:f0:05:37:e9:7e:f2:ac:53:67:61:3c:1b:35:bc:3c:
         a2:6a:7d:70:af:25:ce:7c:60:26:a2:16:c4:77:66:53:ec:b6:
         e3:c1:ca:48:8c:9d:6f:36:ae:4f:a8:f7:d3:c3:22:b5:74:57:
         9e:cf:67:d2:35:f6:ba:11:43:33:ac:c8:2f:97:b3:ce:89:d8:
         20:1b:ec:7d:9c:34:17:2e:9b:80:21:a1:37:57:98:46:19:a1:
         7f:45:a9:93:b6:81:1e:f3:40:3b:d9:b6:1d:b3:be:0d:94:fe:
         d7:41:0f:34:4d:08:c8:58:da:8e:66:19:e1:63:4d:1e:5f:e4:
         61:78:a2:49:9b:52:d6:57:b7:bc:40:ec:23:89:29:9e:9e:1d:
         ee:6b:61:1e:1b:ad:2a:cb:d6:06:72:cc:59:3d:97:88:7f:23:
         0e:cb:cf:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1uOfkhoZOzTB96fgke4qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5NGYyNTNhYmZmYTMyMTRjZGE4ZGM5OTU5OWU1ZTdjNjY0
YWJmNGEwHhcNMjUwMTAxMjE0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDI0OGE4NTgzNjQ0ZDFlZDJjNTRiMjQ2ODBjMjkxNzFkZjkyZjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlgIdSgdNtCs/PoVZHrXJ/rpArjqM
BaAlwjXGI9gSE/vgXiJIAdICxjrI3jXyyu8GYlpgXplqImENqDQ7GSFXsdYn+lWE
zUKDHP/OkFMyrO1xvcSBO5FRDuRkXUXXqatNUuBOk8Q3HUHCjxXuf0V4z+Bso5hC
ndA5AtAIJb8GE9mbuaQwlIsX387A79iUaMS9xEhSmtrVucouqULWiU69Xq99PhtO
3Wr5cxWx3ev+IFs9w57hd9LxBkSKwB819e21iHrxHv28nkeMMcS0PH3tM6khFLYz
yaJ7po4RpqkYVUmLrIfWF+0rpvHbTnn2CklC43vQNkLZiHhLk0aBYkcafQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKQkioWDZE0e0sVLJGgMKRcd+S8rMB8GA1UdIwQY
MBaAFHlPJTq/+jIUzajcmVmeXnxmSr9KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVU4bE9yXzZNaFROcU55WldaNWVmR1pLdjBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iNTIzZGItODQyZC00MjY3LWJlODct
ZTZkZjhlZGFiZmI4LzEvcENTS2hZTmtUUjdTeFVza2FBd3BGeDM1THlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iNTIzZGItODQyZC00MjY3LWJlODctZTZkZjhlZGFiZmI4
LzEvZVU4bE9yXzZNaFROcU55WldaNWVmR1pLdjBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXZ2NMA0G
CSqGSIb3DQEBCwUAA4IBAQBQJE9lWLOWIU5OwUUtXRfkXCtfVNShqNhVBRSYrtRp
8tz0Y9CBaNHbUa5LuBiQrbJF94wZJ6ILqpSOKf9wI452qVSclbIP+/Fwh6sHM6af
sBA8I3BtEW2R2FyOHsTwBTfpfvKsU2dhPBs1vDyian1wryXOfGAmohbEd2ZT7Lbj
wcpIjJ1vNq5PqPfTwyK1dFeez2fSNfa6EUMzrMgvl7POidggG+x9nDQXLpuAIaE3
V5hGGaF/RamTtoEe80A72bYds74NlP7XQQ80TQjIWNqOZhnhY00eX+RheKJJm1LW
V7e8QOwjiSmenh3ua2EeG60qy9YGcsxZPZeIfyMOy8+n
-----END CERTIFICATE-----