Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/dltNpJjwDGHyEEOA677kBUzkRvU.roa
File:                     dltNpJjwDGHyEEOA677kBUzkRvU.roa (raw, json)
Hash identifier:          5oogiShbtMsUJb/98HpJq5UTDNd0RiHRIGkjEdT9ssI=
Subject key identifier:   76:5B:4D:A4:98:F0:0C:61:F2:10:43:80:EB:BE:E4:05:4C:E4:46:F5
Certificate issuer:       /CN=bfb493457b2f02e69b85f718dcc16a9a9ef0fcd1
Certificate serial:       0194274890768C53F3ED4F63D97E5EE74508
Authority key identifier: BF:B4:93:45:7B:2F:02:E6:9B:85:F7:18:DC:C1:6A:9A:9E:F0:FC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v7STRXsvAuabhfcY3MFqmp7w_NE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/dltNpJjwDGHyEEOA677kBUzkRvU.roa
Signing time:             Thu 02 Jan 2025 13:50:54 +0000
ROA not before:           Thu 02 Jan 2025 13:50:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203865
IP address blocks:        93.94.0.0/23 maxlen: 23
                          93.94.2.0/24 maxlen: 24
                          2a03:1e02::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/v7STRXsvAuabhfcY3MFqmp7w_NE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/v7STRXsvAuabhfcY3MFqmp7w_NE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v7STRXsvAuabhfcY3MFqmp7w_NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 14:13:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:90:76:8c:53:f3:ed:4f:63:d9:7e:5e:e7:45:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfb493457b2f02e69b85f718dcc16a9a9ef0fcd1
        Validity
            Not Before: Jan  2 13:50:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=765b4da498f00c61f2104380ebbee4054ce446f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:0d:49:64:c2:49:e3:fd:f3:ac:4b:cb:2d:21:
                    ee:7f:b4:9b:ce:06:58:58:30:eb:8e:3f:76:cb:2b:
                    51:24:2f:7e:6e:75:57:45:aa:ca:cd:9a:a7:51:28:
                    7b:f0:9d:ad:3d:96:00:cb:ed:a5:dc:51:65:15:3b:
                    ec:43:6f:fe:1b:a6:fc:24:ab:2d:c3:86:1a:f4:08:
                    d5:69:69:95:f1:fb:e1:f8:0c:5e:0a:8b:4e:15:a9:
                    a0:33:c7:97:95:c1:3c:0c:5a:4e:34:a1:1a:86:f3:
                    e3:28:3c:5b:b7:aa:4d:9f:5f:31:31:61:a6:ec:bd:
                    71:1e:8b:c6:f8:97:0d:a1:72:11:4b:99:ce:c1:de:
                    ff:ae:98:e2:3e:f7:c4:88:94:b0:69:ef:65:01:c0:
                    e5:f7:99:52:0c:2f:31:ea:b0:04:4f:ad:c9:5f:5d:
                    ad:8b:71:e3:9f:7c:7e:24:f5:1c:ce:ef:35:8b:ad:
                    c8:7b:77:5f:76:1b:f7:1c:f0:85:fd:96:24:d8:d4:
                    ed:73:bf:2f:40:47:86:e9:65:48:63:ea:bc:76:d5:
                    7a:33:d4:fe:66:a8:74:94:59:1d:c3:4f:0e:fc:6a:
                    78:df:95:80:8c:2c:48:36:91:94:19:65:05:a9:fa:
                    bf:73:30:54:23:bb:57:61:c1:e1:1a:ac:90:62:61:
                    97:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:5B:4D:A4:98:F0:0C:61:F2:10:43:80:EB:BE:E4:05:4C:E4:46:F5
            X509v3 Authority Key Identifier:
                keyid:BF:B4:93:45:7B:2F:02:E6:9B:85:F7:18:DC:C1:6A:9A:9E:F0:FC:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v7STRXsvAuabhfcY3MFqmp7w_NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/dltNpJjwDGHyEEOA677kBUzkRvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/a4141d-8498-42f4-b2f3-1f6409848150/1/v7STRXsvAuabhfcY3MFqmp7w_NE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.94.0.0-93.94.2.255
                IPv6:
                  2a03:1e02::/32

    Signature Algorithm: sha256WithRSAEncryption
         35:8e:05:a4:50:c4:f9:f6:5a:9b:9b:7e:4a:d2:a7:c8:2d:52:
         94:a8:5f:c8:ea:de:d2:31:4e:15:e6:e0:9c:e5:75:ba:cc:14:
         8d:b0:31:d1:e5:af:36:b8:83:bd:9f:8d:7c:23:60:1d:00:33:
         59:47:a9:95:6e:91:aa:7f:b5:e2:70:8f:3a:10:3a:23:ce:d8:
         5d:45:85:eb:42:f6:87:75:f0:3c:39:a9:8b:b6:19:d8:4a:27:
         8f:46:ad:6f:2b:82:26:5e:07:5e:5e:51:dd:b7:a5:71:ea:9f:
         30:23:1a:4f:46:28:67:94:b1:32:a1:9f:8a:f9:08:07:04:11:
         50:73:43:ab:f6:b1:64:94:82:35:bc:38:d4:3f:b3:66:85:1b:
         5f:7a:b4:7d:28:0d:f8:01:07:e8:45:ce:ba:6f:40:a6:ec:9f:
         17:ac:ef:68:2e:56:c7:3b:6f:70:02:13:8d:3e:44:53:59:ab:
         88:97:83:29:78:e7:65:27:a0:fd:30:0f:1a:d5:0e:cc:b4:72:
         c1:fe:d3:32:3a:f9:1f:c3:00:bc:71:9f:0c:67:23:59:e2:07:
         56:20:c5:b1:e1:90:3d:9d:95:3e:90:19:c8:97:25:ff:38:99:
         ae:5b:f0:97:1c:03:18:53:a6:6c:12:ec:c6:b1:4b:d4:6c:5d:
         aa:b4:20:13
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZQnSJB2jFPz7U9j2X5e50UIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYjQ5MzQ1N2IyZjAyZTY5Yjg1ZjcxOGRjYzE2YTlhOWVm
MGZjZDEwHhcNMjUwMTAyMTM1MDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjViNGRhNDk4ZjAwYzYxZjIxMDQzODBlYmJlZTQwNTRjZTQ0NmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7g1JZMJJ4/3zrEvLLSHuf7SbzgZY
WDDrjj92yytRJC9+bnVXRarKzZqnUSh78J2tPZYAy+2l3FFlFTvsQ2/+G6b8JKst
w4Ya9AjVaWmV8fvh+AxeCotOFamgM8eXlcE8DFpONKEahvPjKDxbt6pNn18xMWGm
7L1xHovG+JcNoXIRS5nOwd7/rpjiPvfEiJSwae9lAcDl95lSDC8x6rAET63JX12t
i3Hjn3x+JPUczu81i63Ie3dfdhv3HPCF/ZYk2NTtc78vQEeG6WVIY+q8dtV6M9T+
Zqh0lFkdw08O/Gp435WAjCxINpGUGWUFqfq/czBUI7tXYcHhGqyQYmGXhQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFHZbTaSY8Axh8hBDgOu+5AVM5Eb1MB8GA1UdIwQY
MBaAFL+0k0V7LwLmm4X3GNzBapqe8PzRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjdTVFJYc3ZBdWFiaGZjWTNNRnFtcDd3X05FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9hNDE0MWQtODQ5OC00MmY0LWIyZjMt
MWY2NDA5ODQ4MTUwLzEvZGx0TnBKandER0h5RUVPQTY3N2tCVXprUnZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9hNDE0MWQtODQ5OC00MmY0LWIyZjMtMWY2NDA5ODQ4MTUw
LzEvdjdTVFJYc3ZBdWFiaGZjWTNNRnFtcDd3X05FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDATBAIAATANMAsDAwFdXgME
AF1eAjANBAIAAjAHAwUAKgMeAjANBgkqhkiG9w0BAQsFAAOCAQEANY4FpFDE+fZa
m5t+StKnyC1SlKhfyOre0jFOFebgnOV1uswUjbAx0eWvNriDvZ+NfCNgHQAzWUep
lW6Rqn+14nCPOhA6I87YXUWF60L2h3XwPDmpi7YZ2Eonj0atbyuCJl4HXl5R3bel
ceqfMCMaT0YoZ5SxMqGfivkIBwQRUHNDq/axZJSCNbw41D+zZoUbX3q0fSgN+AEH
6EXOum9ApuyfF6zvaC5WxztvcAITjT5EU1mriJeDKXjnZSeg/TAPGtUOzLRywf7T
Mjr5H8MAvHGfDGcjWeIHViDFseGQPZ2VPpAZyJcl/ziZrlvwlxwDGFOmbBLsxrFL
1GxdqrQgEw==
-----END CERTIFICATE-----