Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/eaf6ed-baf4-41bf-9f22-7d972e1d2e61/1/7B1DKJPAdDuKGrTJ_Iw-NlUsV3I.roa
File:                     7B1DKJPAdDuKGrTJ_Iw-NlUsV3I.roa (raw, json)
Hash identifier:          ZKslLfDiEcIEvuTI0FxRLRqf9+X8P6vKcxyrgD8uwc4=
Subject key identifier:   EC:1D:43:28:93:C0:74:3B:8A:1A:B4:C9:FC:8C:3E:36:55:2C:57:72
Certificate issuer:       /CN=c5e3f7f40c100dffdb18121c726199e85804c585
Certificate serial:       018CC801E313F999FF52A832231789958399
Authority key identifier: C5:E3:F7:F4:0C:10:0D:FF:DB:18:12:1C:72:61:99:E8:58:04:C5:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xeP39AwQDf_bGBIccmGZ6FgExYU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/eaf6ed-baf4-41bf-9f22-7d972e1d2e61/1/7B1DKJPAdDuKGrTJ_Iw-NlUsV3I.roa
Signing time:             Tue 02 Jan 2024 02:30:15 +0000
ROA not before:           Tue 02 Jan 2024 02:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41838
IP address blocks:        93.90.68.0/22 maxlen: 24
                          2a0d:3a40::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/eaf6ed-baf4-41bf-9f22-7d972e1d2e61/1/xeP39AwQDf_bGBIccmGZ6FgExYU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/eaf6ed-baf4-41bf-9f22-7d972e1d2e61/1/xeP39AwQDf_bGBIccmGZ6FgExYU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xeP39AwQDf_bGBIccmGZ6FgExYU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:e3:13:f9:99:ff:52:a8:32:23:17:89:95:83:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5e3f7f40c100dffdb18121c726199e85804c585
        Validity
            Not Before: Jan  2 02:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec1d432893c0743b8a1ab4c9fc8c3e36552c5772
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:66:44:29:a6:20:a8:01:f1:a5:fe:d8:7d:71:
                    f7:29:c9:7b:e6:3c:69:8a:99:72:90:37:c1:21:b2:
                    a1:56:dd:cd:c9:fa:ff:e0:ec:08:da:da:95:fb:37:
                    bb:3d:f1:04:81:8f:62:be:08:ae:db:ab:f1:f2:bf:
                    f3:10:ad:89:79:f2:e8:d5:46:6a:4b:89:5b:7c:6c:
                    8f:06:43:92:a4:07:c9:05:d0:09:2e:81:22:7f:c6:
                    43:62:d2:3b:3c:7e:71:ad:93:80:2a:23:c3:d6:a5:
                    7c:de:f3:18:7c:61:33:2b:c5:dd:3c:cb:10:42:0f:
                    23:f3:1c:39:80:c0:72:4e:eb:3d:1a:7f:26:11:b9:
                    eb:c5:fe:b3:76:27:9b:48:98:74:64:76:28:e3:7d:
                    21:63:20:28:30:54:2a:a8:fd:dd:08:75:51:f7:4e:
                    6e:e6:02:ec:59:e8:a7:e7:2b:77:b3:76:6a:ee:7b:
                    8e:a3:a8:2e:0f:6c:51:17:cb:b0:10:29:e6:c9:56:
                    6b:13:ee:95:0f:35:e7:d8:58:fe:0b:da:8f:5a:db:
                    ea:a1:a9:94:da:db:9f:ff:e6:4a:c0:52:19:23:8d:
                    8d:ac:d5:70:4c:ec:78:39:0f:63:f8:1e:ad:42:8e:
                    11:0a:d9:e1:69:1d:07:3c:25:7e:aa:cf:1d:80:ca:
                    61:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:1D:43:28:93:C0:74:3B:8A:1A:B4:C9:FC:8C:3E:36:55:2C:57:72
            X509v3 Authority Key Identifier:
                keyid:C5:E3:F7:F4:0C:10:0D:FF:DB:18:12:1C:72:61:99:E8:58:04:C5:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xeP39AwQDf_bGBIccmGZ6FgExYU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/eaf6ed-baf4-41bf-9f22-7d972e1d2e61/1/7B1DKJPAdDuKGrTJ_Iw-NlUsV3I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/eaf6ed-baf4-41bf-9f22-7d972e1d2e61/1/xeP39AwQDf_bGBIccmGZ6FgExYU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.90.68.0/22
                IPv6:
                  2a0d:3a40::/32

    Signature Algorithm: sha256WithRSAEncryption
         79:66:7c:cf:e4:de:4e:a2:a5:e3:b2:e8:1b:95:84:2e:b4:89:
         e7:ad:8a:17:7f:b5:df:8e:49:0a:11:f5:ae:df:09:78:43:fb:
         f4:11:3c:b9:58:6e:3f:71:14:e0:45:f4:5d:a0:25:be:ed:18:
         53:a6:21:26:1f:6f:0a:94:82:2b:b1:2a:e7:ca:1b:90:30:a6:
         9c:66:36:0b:f1:ae:25:ef:91:1c:1b:7d:5b:da:52:f1:cd:f1:
         48:6f:dc:a5:6e:ac:fb:06:0a:51:bd:0d:b1:7e:9e:27:5d:63:
         65:66:50:e2:9b:b2:6e:30:d3:4d:1b:8d:ad:e0:f2:79:1d:c4:
         5d:0f:97:d0:2e:6d:e3:71:4f:1a:fb:cf:00:3d:32:7e:66:ce:
         61:3e:01:9c:ca:bf:d3:86:a9:c5:ef:45:93:20:e6:69:ba:0a:
         2a:e5:f1:45:3e:e7:12:a9:52:85:d5:33:95:20:4a:b0:1a:81:
         6b:5e:d0:11:27:5c:f0:a4:bb:42:e0:27:04:aa:8f:84:e9:fa:
         f7:34:9d:d9:0c:3d:31:a5:09:61:e2:fa:47:23:58:ea:2a:05:
         b9:90:a1:59:eb:87:49:af:a3:fe:33:23:f2:83:4d:f6:c1:66:
         72:0e:f8:54:67:95:65:e9:c9:2e:c0:99:72:be:5d:60:76:fd:
         dc:8c:b8:9f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIAeMT+Zn/UqgyIxeJlYOZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1ZTNmN2Y0MGMxMDBkZmZkYjE4MTIxYzcyNjE5OWU4NTgw
NGM1ODUwHhcNMjQwMTAyMDIzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzFkNDMyODkzYzA3NDNiOGExYWI0YzlmYzhjM2UzNjU1MmM1NzcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3GZEKaYgqAHxpf7YfXH3Kcl75jxp
iplykDfBIbKhVt3Nyfr/4OwI2tqV+ze7PfEEgY9ivgiu26vx8r/zEK2JefLo1UZq
S4lbfGyPBkOSpAfJBdAJLoEif8ZDYtI7PH5xrZOAKiPD1qV83vMYfGEzK8XdPMsQ
Qg8j8xw5gMByTus9Gn8mEbnrxf6zdiebSJh0ZHYo430hYyAoMFQqqP3dCHVR905u
5gLsWein5yt3s3Zq7nuOo6guD2xRF8uwECnmyVZrE+6VDzXn2Fj+C9qPWtvqoamU
2tuf/+ZKwFIZI42NrNVwTOx4OQ9j+B6tQo4RCtnhaR0HPCV+qs8dgMphNQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOwdQyiTwHQ7ihq0yfyMPjZVLFdyMB8GA1UdIwQY
MBaAFMXj9/QMEA3/2xgSHHJhmehYBMWFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGVQMzlBd1FEZl9iR0JJY2NtR1o2RmdFeFlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9lYWY2ZWQtYmFmNC00MWJmLTlmMjIt
N2Q5NzJlMWQyZTYxLzEvN0IxREtKUEFkRHVLR3JUSl9Jdy1ObFVzVjNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9lYWY2ZWQtYmFmNC00MWJmLTlmMjItN2Q5NzJlMWQyZTYx
LzEveGVQMzlBd1FEZl9iR0JJY2NtR1o2RmdFeFlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCXVpEMA0E
AgACMAcDBQAqDTpAMA0GCSqGSIb3DQEBCwUAA4IBAQB5ZnzP5N5OoqXjsugblYQu
tInnrYoXf7XfjkkKEfWu3wl4Q/v0ETy5WG4/cRTgRfRdoCW+7RhTpiEmH28KlIIr
sSrnyhuQMKacZjYL8a4l75EcG31b2lLxzfFIb9ylbqz7BgpRvQ2xfp4nXWNlZlDi
m7JuMNNNG42t4PJ5HcRdD5fQLm3jcU8a+88APTJ+Zs5hPgGcyr/ThqnF70WTIOZp
ugoq5fFFPucSqVKF1TOVIEqwGoFrXtARJ1zwpLtC4CcEqo+E6fr3NJ3ZDD0xpQlh
4vpHI1jqKgW5kKFZ64dJr6P+MyPyg032wWZyDvhUZ5Vl6ckuwJlyvl1gdv3cjLif
-----END CERTIFICATE-----