Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/HB8Cm2pLjebMcj4OoJQv0fABZsY.roa
File:                     HB8Cm2pLjebMcj4OoJQv0fABZsY.roa (raw, json)
Hash identifier:          UljQoxaG0zud6s4ArsAKP19kdWk6dP1112SMV69V36o=
Subject key identifier:   1C:1F:02:9B:6A:4B:8D:E6:CC:72:3E:0E:A0:94:2F:D1:F0:01:66:C6
Certificate issuer:       /CN=bfb493457b2f02e69b85f718dcc16a9a9ef0fcd1
Certificate serial:       018CC7273D26D18EA3E159EA2DD48610EC37
Authority key identifier: BF:B4:93:45:7B:2F:02:E6:9B:85:F7:18:DC:C1:6A:9A:9E:F0:FC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v7STRXsvAuabhfcY3MFqmp7w_NE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/HB8Cm2pLjebMcj4OoJQv0fABZsY.roa
Signing time:             Mon 01 Jan 2024 22:31:26 +0000
ROA not before:           Mon 01 Jan 2024 22:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196714
IP address blocks:        93.94.7.0/24 maxlen: 24
                          93.94.6.0/24 maxlen: 24
                          93.94.6.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/v7STRXsvAuabhfcY3MFqmp7w_NE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/v7STRXsvAuabhfcY3MFqmp7w_NE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v7STRXsvAuabhfcY3MFqmp7w_NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:3d:26:d1:8e:a3:e1:59:ea:2d:d4:86:10:ec:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfb493457b2f02e69b85f718dcc16a9a9ef0fcd1
        Validity
            Not Before: Jan  1 22:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c1f029b6a4b8de6cc723e0ea0942fd1f00166c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:a7:a1:5a:41:79:d4:db:96:81:66:b6:14:c4:
                    52:8a:f9:dd:b0:75:b7:6b:e1:b0:05:5b:72:a4:52:
                    61:e6:8a:4e:e2:3b:61:0a:53:d8:e6:2e:e3:95:80:
                    b0:c1:3a:eb:1f:3c:63:7e:40:4a:10:ca:de:c2:66:
                    57:bb:ec:1c:3a:d5:e2:52:02:be:42:b8:d0:a7:73:
                    50:e7:2d:49:ae:46:68:20:5a:0c:18:10:50:7d:f2:
                    a4:14:98:e6:13:db:f9:8e:f6:32:82:a1:7a:67:6f:
                    6c:0f:da:4a:c4:d7:c3:89:3b:14:8f:39:0f:88:ff:
                    d1:76:7a:da:af:2a:3e:17:ea:68:1b:fe:5b:71:7f:
                    fe:e5:12:41:de:84:a8:e5:2d:69:f1:96:03:e9:59:
                    ad:6f:37:e8:87:ba:51:1f:a6:20:d9:09:57:a3:35:
                    25:ac:56:78:b9:d5:d5:ed:7a:8f:95:d8:32:33:20:
                    c3:9a:81:67:7d:a3:05:fd:3e:8c:23:3b:a2:0a:54:
                    a6:8e:92:cf:9a:62:51:70:ce:ef:1b:93:db:99:1c:
                    d5:1e:6f:a6:3a:cd:c1:3a:77:43:9d:a0:26:7c:92:
                    5c:eb:c3:9a:76:ff:d5:f6:04:c7:e9:45:d4:86:5b:
                    3f:cb:af:97:c9:77:d5:bd:aa:4a:14:f4:d6:84:34:
                    36:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:1F:02:9B:6A:4B:8D:E6:CC:72:3E:0E:A0:94:2F:D1:F0:01:66:C6
            X509v3 Authority Key Identifier:
                keyid:BF:B4:93:45:7B:2F:02:E6:9B:85:F7:18:DC:C1:6A:9A:9E:F0:FC:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v7STRXsvAuabhfcY3MFqmp7w_NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/HB8Cm2pLjebMcj4OoJQv0fABZsY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/v7STRXsvAuabhfcY3MFqmp7w_NE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.94.6.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7a:9f:f4:7a:8a:30:6c:06:ad:b3:bb:03:79:fc:b3:8e:11:9f:
         ad:ea:77:8c:21:b3:9d:99:b0:c2:86:47:01:99:26:4b:bd:0c:
         00:78:a6:cd:81:98:f9:b4:bd:6c:cd:5c:35:e3:88:89:1a:ec:
         cd:df:cf:36:a9:f3:60:70:6c:f4:a1:1c:ca:dd:57:fe:08:93:
         b8:39:7b:a0:0e:2b:b0:2f:c3:8f:fc:de:85:a2:bf:32:60:fd:
         f6:56:a3:5d:1c:3e:81:ec:6b:2e:b0:1d:af:ba:38:a6:56:43:
         8f:f0:7f:1d:04:5f:9b:ee:07:ba:1a:ee:04:e3:7d:b9:e6:ea:
         ab:46:11:a0:e9:97:20:01:d6:1e:15:22:1b:2f:ad:0e:4f:91:
         21:bf:d0:fa:7f:4a:f8:40:a6:77:21:8b:5d:18:dc:1f:4b:d8:
         3a:9c:86:c1:eb:39:a8:1f:71:5a:10:34:db:1d:ec:70:c5:5e:
         a1:be:ac:8e:c0:43:66:1f:00:ce:1e:98:d7:79:20:35:6a:2c:
         a4:4f:64:20:8e:04:a4:4d:5a:1b:6c:64:55:6a:6b:d5:02:ed:
         98:9f:f7:ad:d7:c1:7c:9a:eb:03:bf:c0:d5:79:cb:56:b3:54:
         d9:0c:84:0b:15:0e:c0:5e:93:12:d6:fe:52:c5:32:f0:05:1e:
         4e:6b:8e:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJz0m0Y6j4VnqLdSGEOw3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYjQ5MzQ1N2IyZjAyZTY5Yjg1ZjcxOGRjYzE2YTlhOWVm
MGZjZDEwHhcNMjQwMTAxMjIzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzFmMDI5YjZhNGI4ZGU2Y2M3MjNlMGVhMDk0MmZkMWYwMDE2NmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiqehWkF51NuWgWa2FMRSivndsHW3
a+GwBVtypFJh5opO4jthClPY5i7jlYCwwTrrHzxjfkBKEMrewmZXu+wcOtXiUgK+
QrjQp3NQ5y1JrkZoIFoMGBBQffKkFJjmE9v5jvYygqF6Z29sD9pKxNfDiTsUjzkP
iP/Rdnraryo+F+poG/5bcX/+5RJB3oSo5S1p8ZYD6Vmtbzfoh7pRH6Yg2QlXozUl
rFZ4udXV7XqPldgyMyDDmoFnfaMF/T6MIzuiClSmjpLPmmJRcM7vG5PbmRzVHm+m
Os3BOndDnaAmfJJc68Oadv/V9gTH6UXUhls/y6+XyXfVvapKFPTWhDQ26QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBwfAptqS43mzHI+DqCUL9HwAWbGMB8GA1UdIwQY
MBaAFL+0k0V7LwLmm4X3GNzBapqe8PzRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjdTVFJYc3ZBdWFiaGZjWTNNRnFtcDd3X05FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9hNDE0MWQtODQ5OC00MmY0LWIyZjMt
MWY2NDA5ODQ4MTUwLzEvSEI4Q20ycExqZWJNY2o0T29KUXYwZkFCWnNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9hNDE0MWQtODQ5OC00MmY0LWIyZjMtMWY2NDA5ODQ4MTUw
LzEvdjdTVFJYc3ZBdWFiaGZjWTNNRnFtcDd3X05FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXV4GMA0G
CSqGSIb3DQEBCwUAA4IBAQB6n/R6ijBsBq2zuwN5/LOOEZ+t6neMIbOdmbDChkcB
mSZLvQwAeKbNgZj5tL1szVw144iJGuzN3882qfNgcGz0oRzK3Vf+CJO4OXugDiuw
L8OP/N6For8yYP32VqNdHD6B7GsusB2vujimVkOP8H8dBF+b7ge6Gu4E43255uqr
RhGg6ZcgAdYeFSIbL60OT5Ehv9D6f0r4QKZ3IYtdGNwfS9g6nIbB6zmoH3FaEDTb
HexwxV6hvqyOwENmHwDOHpjXeSA1aiykT2QgjgSkTVobbGRVamvVAu2Yn/et18F8
musDv8DVectWs1TZDIQLFQ7AXpMS1v5SxTLwBR5Oa46I
-----END CERTIFICATE-----