Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/MAXZTMOIkdmvwOtOSxRT4d9V0HQ.roa
File:                     MAXZTMOIkdmvwOtOSxRT4d9V0HQ.roa (raw, json)
Hash identifier:          OAAsiaIoVWs5YaIX8hinIFpmOAVZYAt6NtBN6RbOhts=
Subject key identifier:   30:05:D9:4C:C3:88:91:D9:AF:C0:EB:4E:4B:14:53:E1:DF:55:D0:74
Certificate issuer:       /CN=bfb493457b2f02e69b85f718dcc16a9a9ef0fcd1
Certificate serial:       018CC7273C40C204C7691D28E03A809D3A7A
Authority key identifier: BF:B4:93:45:7B:2F:02:E6:9B:85:F7:18:DC:C1:6A:9A:9E:F0:FC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v7STRXsvAuabhfcY3MFqmp7w_NE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/MAXZTMOIkdmvwOtOSxRT4d9V0HQ.roa
Signing time:             Mon 01 Jan 2024 22:31:26 +0000
ROA not before:           Mon 01 Jan 2024 22:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        93.94.3.0/24 maxlen: 24
                          2a03:1e03::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/v7STRXsvAuabhfcY3MFqmp7w_NE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/v7STRXsvAuabhfcY3MFqmp7w_NE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v7STRXsvAuabhfcY3MFqmp7w_NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 10:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:3c:40:c2:04:c7:69:1d:28:e0:3a:80:9d:3a:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfb493457b2f02e69b85f718dcc16a9a9ef0fcd1
        Validity
            Not Before: Jan  1 22:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3005d94cc38891d9afc0eb4e4b1453e1df55d074
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:1c:1c:65:30:0c:f3:0c:0c:93:71:0a:f5:88:
                    1a:a9:fd:c2:d3:57:30:29:0d:48:4a:49:73:ab:bb:
                    0f:39:57:dc:95:47:62:b5:f0:d6:e1:78:68:84:af:
                    aa:e8:dc:08:c3:9c:52:45:49:b3:6a:2b:6c:54:77:
                    73:05:3e:4e:4e:9d:d8:f0:b6:b3:1b:fd:5e:35:4b:
                    b9:17:25:e3:e7:a8:6c:5a:50:07:aa:b7:1a:82:b2:
                    0d:ae:06:10:65:e3:15:c3:07:cb:d8:4a:a9:03:99:
                    a3:09:8d:f9:de:24:d2:f3:a5:7a:b8:84:be:95:77:
                    78:4e:7b:a7:38:5d:2c:c4:92:4c:c4:c9:10:bf:ed:
                    0d:4f:2b:e8:36:1c:b5:a8:44:5a:95:20:65:98:e8:
                    e2:ba:00:7f:76:23:f6:2b:96:1c:c4:e6:41:49:1f:
                    6f:0a:32:f0:02:2f:84:71:59:c0:22:59:95:bb:f4:
                    b4:c2:b8:e8:d7:bc:d0:bb:0b:b5:50:70:0c:f2:60:
                    8e:9c:d1:a7:89:33:85:5f:48:3d:ea:96:80:5e:ad:
                    6e:85:1a:a7:e1:8c:1e:bd:95:cd:14:f5:75:63:04:
                    d1:3b:8a:07:49:a4:6f:f7:39:89:a4:a5:70:f8:cc:
                    de:89:39:84:d6:b2:0e:b5:9c:d2:f9:cc:57:7c:de:
                    39:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:05:D9:4C:C3:88:91:D9:AF:C0:EB:4E:4B:14:53:E1:DF:55:D0:74
            X509v3 Authority Key Identifier:
                keyid:BF:B4:93:45:7B:2F:02:E6:9B:85:F7:18:DC:C1:6A:9A:9E:F0:FC:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v7STRXsvAuabhfcY3MFqmp7w_NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/MAXZTMOIkdmvwOtOSxRT4d9V0HQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/v7STRXsvAuabhfcY3MFqmp7w_NE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.94.3.0/24
                IPv6:
                  2a03:1e03::/48

    Signature Algorithm: sha256WithRSAEncryption
         3c:aa:43:94:78:94:9c:08:dd:13:3e:f7:35:c5:2a:a5:7e:c4:
         02:25:6c:ae:9d:48:f7:5b:48:59:6f:e8:db:ac:d3:85:66:ae:
         8a:8c:a3:13:9c:fa:3b:2f:eb:1b:4a:38:c5:91:e1:5e:e1:91:
         e5:41:a9:ac:c8:62:f6:c5:4b:e5:06:bb:bb:2d:fa:66:91:f6:
         fa:fc:03:22:4f:ba:34:da:28:c8:bb:47:91:fa:f1:87:9a:52:
         07:e9:66:7d:ad:ab:96:df:b0:48:16:19:c4:fc:e2:4c:88:c2:
         1a:38:fa:56:10:19:fa:52:5c:71:b6:fc:21:eb:f3:db:9a:7a:
         0b:7c:0a:b5:30:a2:93:42:2c:31:7a:0e:e9:6b:ae:9f:cd:b7:
         e2:01:bf:31:fe:cf:18:84:38:3f:42:93:f2:f2:71:f8:5a:23:
         63:7f:7f:cb:48:7c:c1:f8:cc:ee:c4:7a:ec:9b:99:78:9b:67:
         f1:26:f8:5d:c3:91:e7:ea:c5:1b:7d:3a:8b:ab:8a:d7:a4:39:
         c4:f3:51:a0:84:ff:a9:f0:49:68:03:52:3b:3a:58:9c:e4:6b:
         38:47:ba:d6:31:7b:25:82:87:d1:6e:91:4c:0f:d2:09:ec:93:
         df:87:bc:c6:7b:5f:58:f0:3e:4b:88:1f:e3:14:84:1f:7d:1d:
         0f:b0:d2:de
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHJzxAwgTHaR0o4DqAnTp6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYjQ5MzQ1N2IyZjAyZTY5Yjg1ZjcxOGRjYzE2YTlhOWVm
MGZjZDEwHhcNMjQwMTAxMjIzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDA1ZDk0Y2MzODg5MWQ5YWZjMGViNGU0YjE0NTNlMWRmNTVkMDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnxwcZTAM8wwMk3EK9Ygaqf3C01cw
KQ1ISklzq7sPOVfclUditfDW4XhohK+q6NwIw5xSRUmzaitsVHdzBT5OTp3Y8Laz
G/1eNUu5FyXj56hsWlAHqrcagrINrgYQZeMVwwfL2EqpA5mjCY353iTS86V6uIS+
lXd4TnunOF0sxJJMxMkQv+0NTyvoNhy1qERalSBlmOjiugB/diP2K5YcxOZBSR9v
CjLwAi+EcVnAIlmVu/S0wrjo17zQuwu1UHAM8mCOnNGniTOFX0g96paAXq1uhRqn
4YwevZXNFPV1YwTRO4oHSaRv9zmJpKVw+MzeiTmE1rIOtZzS+cxXfN450wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDAF2UzDiJHZr8DrTksUU+HfVdB0MB8GA1UdIwQY
MBaAFL+0k0V7LwLmm4X3GNzBapqe8PzRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjdTVFJYc3ZBdWFiaGZjWTNNRnFtcDd3X05FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9hNDE0MWQtODQ5OC00MmY0LWIyZjMt
MWY2NDA5ODQ4MTUwLzEvTUFYWlRNT0lrZG12d090T1N4UlQ0ZDlWMEhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9hNDE0MWQtODQ5OC00MmY0LWIyZjMtMWY2NDA5ODQ4MTUw
LzEvdjdTVFJYc3ZBdWFiaGZjWTNNRnFtcDd3X05FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAXV4DMA8E
AgACMAkDBwAqAx4DAAAwDQYJKoZIhvcNAQELBQADggEBADyqQ5R4lJwI3RM+9zXF
KqV+xAIlbK6dSPdbSFlv6Nus04VmroqMoxOc+jsv6xtKOMWR4V7hkeVBqazIYvbF
S+UGu7st+maR9vr8AyJPujTaKMi7R5H68YeaUgfpZn2tq5bfsEgWGcT84kyIwho4
+lYQGfpSXHG2/CHr89uaegt8CrUwopNCLDF6Dulrrp/Nt+IBvzH+zxiEOD9Ck/Ly
cfhaI2N/f8tIfMH4zO7EeuybmXibZ/Em+F3DkefqxRt9OouritekOcTzUaCE/6nw
SWgDUjs6WJzkazhHutYxeyWCh9FukUwP0gnsk9+HvMZ7X1jwPkuIH+MUhB99HQ+w
0t4=
-----END CERTIFICATE-----