Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/PEppcNvJjXnRhJY43E_LrbZ4b6Y.roa
File:                     PEppcNvJjXnRhJY43E_LrbZ4b6Y.roa (raw, json)
Hash identifier:          cA6/Zn5y/f62RQujNI9AmlKGDu+DsPIKIqYlGLbyskk=
Subject key identifier:   3C:4A:69:70:DB:C9:8D:79:D1:84:96:38:DC:4F:CB:AD:B6:78:6F:A6
Certificate issuer:       /CN=bfb493457b2f02e69b85f718dcc16a9a9ef0fcd1
Certificate serial:       019427488CF538024DFC3159EE1732F9D71E
Authority key identifier: BF:B4:93:45:7B:2F:02:E6:9B:85:F7:18:DC:C1:6A:9A:9E:F0:FC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v7STRXsvAuabhfcY3MFqmp7w_NE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/PEppcNvJjXnRhJY43E_LrbZ4b6Y.roa
Signing time:             Thu 02 Jan 2025 13:50:53 +0000
ROA not before:           Thu 02 Jan 2025 13:50:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        93.94.3.0/24 maxlen: 24
                          2a03:1e03::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/v7STRXsvAuabhfcY3MFqmp7w_NE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/v7STRXsvAuabhfcY3MFqmp7w_NE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v7STRXsvAuabhfcY3MFqmp7w_NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:8c:f5:38:02:4d:fc:31:59:ee:17:32:f9:d7:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfb493457b2f02e69b85f718dcc16a9a9ef0fcd1
        Validity
            Not Before: Jan  2 13:50:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3c4a6970dbc98d79d1849638dc4fcbadb6786fa6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:23:f9:ec:e6:6d:dc:80:21:cd:c0:a9:e7:0e:
                    d8:2f:56:04:48:86:ce:b8:1d:95:40:3b:97:ff:6e:
                    d0:16:12:d2:0e:cc:f6:ec:73:48:12:47:96:5b:c1:
                    88:d5:58:c0:7e:84:9d:18:74:d6:86:2f:29:ed:b2:
                    97:cb:4a:79:be:53:38:5f:db:da:f6:de:30:66:5e:
                    0c:45:2f:22:37:09:a2:b9:69:ad:14:3e:9f:dd:f5:
                    78:2e:c4:9b:12:b8:e2:b7:11:23:e5:91:54:16:11:
                    1b:a6:d9:65:d3:0b:ea:9b:65:41:f7:9e:c8:33:ed:
                    a8:38:08:f1:a0:fa:1f:8b:ff:a6:86:a8:ca:f9:26:
                    5b:1a:74:35:72:fb:53:1d:10:5e:4b:94:10:62:6f:
                    85:58:e0:c2:14:24:90:f0:7d:25:ba:3b:85:87:70:
                    28:f5:0a:7c:f0:09:e4:80:66:ec:48:d8:fc:59:2b:
                    a0:90:34:65:39:1f:29:5b:6c:90:4e:2e:ed:1f:13:
                    67:01:45:08:69:34:c8:eb:97:aa:1a:2b:e3:da:23:
                    36:ca:f3:41:9f:d8:e4:69:dd:f9:6a:6e:d0:b7:54:
                    fb:d9:0e:55:69:ed:0e:7e:1c:7e:6a:49:f1:a7:f5:
                    13:0a:65:20:39:7f:6c:e7:b9:b0:3c:32:80:1b:d2:
                    36:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:4A:69:70:DB:C9:8D:79:D1:84:96:38:DC:4F:CB:AD:B6:78:6F:A6
            X509v3 Authority Key Identifier:
                keyid:BF:B4:93:45:7B:2F:02:E6:9B:85:F7:18:DC:C1:6A:9A:9E:F0:FC:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v7STRXsvAuabhfcY3MFqmp7w_NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/PEppcNvJjXnRhJY43E_LrbZ4b6Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/v7STRXsvAuabhfcY3MFqmp7w_NE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.94.3.0/24
                IPv6:
                  2a03:1e03::/48

    Signature Algorithm: sha256WithRSAEncryption
         40:39:d6:22:13:1e:88:1b:f9:6f:36:f8:a0:a6:99:e2:07:ee:
         6f:56:d1:7d:38:9e:3c:1c:d5:8a:e3:63:04:44:ab:e3:56:9c:
         ac:b1:2a:b9:aa:25:53:12:a5:7d:f7:bd:bf:be:9b:b9:41:6e:
         15:6d:68:bb:e6:2a:4e:0b:92:4f:f3:b6:89:09:f1:d8:e9:07:
         1b:d5:11:d5:a2:38:ed:4f:63:d8:84:cb:e5:47:b4:af:dc:be:
         3f:6d:40:c9:88:6e:fd:0d:c4:15:51:97:de:1f:54:da:71:7d:
         31:91:4a:21:20:7a:8c:ab:d0:4c:45:1d:ac:15:6f:4c:89:42:
         20:1d:5a:73:ef:9d:79:b0:b3:05:97:35:50:6e:fd:3b:4d:ef:
         86:28:92:dd:4c:ba:77:b2:38:cd:22:49:6e:77:e0:60:d3:31:
         ac:35:e5:f8:f7:b5:3c:f5:97:b3:b1:d1:77:c2:14:75:b2:8b:
         e1:18:63:ca:c5:20:95:db:dd:a3:2b:45:27:d1:9d:11:de:6f:
         d7:2e:c1:e9:28:cc:42:d1:ea:65:66:26:dd:54:83:ce:e8:3c:
         1c:1a:d2:4b:bd:30:22:38:ba:fa:e1:24:7e:62:5e:b0:86:25:
         cf:36:53:ac:82:6e:0c:c5:d1:84:15:a2:a0:15:de:ed:71:16:
         ad:81:cd:fa
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQnSIz1OAJN/DFZ7hcy+dceMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYjQ5MzQ1N2IyZjAyZTY5Yjg1ZjcxOGRjYzE2YTlhOWVm
MGZjZDEwHhcNMjUwMTAyMTM1MDUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzRhNjk3MGRiYzk4ZDc5ZDE4NDk2MzhkYzRmY2JhZGI2Nzg2ZmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviP57OZt3IAhzcCp5w7YL1YESIbO
uB2VQDuX/27QFhLSDsz27HNIEkeWW8GI1VjAfoSdGHTWhi8p7bKXy0p5vlM4X9va
9t4wZl4MRS8iNwmiuWmtFD6f3fV4LsSbErjitxEj5ZFUFhEbptll0wvqm2VB957I
M+2oOAjxoPofi/+mhqjK+SZbGnQ1cvtTHRBeS5QQYm+FWODCFCSQ8H0lujuFh3Ao
9Qp88AnkgGbsSNj8WSugkDRlOR8pW2yQTi7tHxNnAUUIaTTI65eqGivj2iM2yvNB
n9jkad35am7Qt1T72Q5Vae0Ofhx+aknxp/UTCmUgOX9s57mwPDKAG9I25wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDxKaXDbyY150YSWONxPy622eG+mMB8GA1UdIwQY
MBaAFL+0k0V7LwLmm4X3GNzBapqe8PzRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjdTVFJYc3ZBdWFiaGZjWTNNRnFtcDd3X05FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9hNDE0MWQtODQ5OC00MmY0LWIyZjMt
MWY2NDA5ODQ4MTUwLzEvUEVwcGNOdkpqWG5SaEpZNDNFX0xyYlo0YjZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9hNDE0MWQtODQ5OC00MmY0LWIyZjMtMWY2NDA5ODQ4MTUw
LzEvdjdTVFJYc3ZBdWFiaGZjWTNNRnFtcDd3X05FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAXV4DMA8E
AgACMAkDBwAqAx4DAAAwDQYJKoZIhvcNAQELBQADggEBAEA51iITHogb+W82+KCm
meIH7m9W0X04njwc1YrjYwREq+NWnKyxKrmqJVMSpX33vb++m7lBbhVtaLvmKk4L
kk/ztokJ8djpBxvVEdWiOO1PY9iEy+VHtK/cvj9tQMmIbv0NxBVRl94fVNpxfTGR
SiEgeoyr0ExFHawVb0yJQiAdWnPvnXmwswWXNVBu/TtN74Yokt1MuneyOM0iSW53
4GDTMaw15fj3tTz1l7Ox0XfCFHWyi+EYY8rFIJXb3aMrRSfRnRHeb9cuwekozELR
6mVmJt1Ug87oPBwa0ku9MCI4uvrhJH5iXrCGJc82U6yCbgzF0YQVoqAV3u1xFq2B
zfo=
-----END CERTIFICATE-----