Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/EpncmF5RzI343YLnzj0Rfuv-kmA.roa
File:                     EpncmF5RzI343YLnzj0Rfuv-kmA.roa (raw, json)
Hash identifier:          OemKUTItMRIHlnukBI2nPH40zDycw06/x9leeda4fKI=
Subject key identifier:   12:99:DC:98:5E:51:CC:8D:F8:DD:82:E7:CE:3D:11:7E:EB:FE:92:60
Certificate issuer:       /CN=c378bc3bd350eedc4f377c224556b250da6dde6f
Certificate serial:       01929ED03044186E1CC01007EAD4113B9669
Authority key identifier: C3:78:BC:3B:D3:50:EE:DC:4F:37:7C:22:45:56:B2:50:DA:6D:DE:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/EpncmF5RzI343YLnzj0Rfuv-kmA.roa
Signing time:             Fri 18 Oct 2024 08:48:16 +0000
ROA not before:           Fri 18 Oct 2024 08:48:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47447
IP address blocks:        93.127.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:9e:d0:30:44:18:6e:1c:c0:10:07:ea:d4:11:3b:96:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c378bc3bd350eedc4f377c224556b250da6dde6f
        Validity
            Not Before: Oct 18 08:48:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1299dc985e51cc8df8dd82e7ce3d117eebfe9260
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:0c:7f:c3:77:d8:99:9e:37:89:24:5f:ae:5c:
                    64:cb:2e:78:57:15:20:98:ba:e7:83:75:c8:18:88:
                    00:d8:ab:b8:17:55:9a:97:8a:37:02:d5:ea:6b:a8:
                    d7:67:04:af:a6:d5:b4:69:49:70:a1:1b:1b:69:bc:
                    15:f4:91:29:be:be:71:de:64:ac:ab:3e:4a:31:35:
                    94:d0:94:1d:8b:d2:05:3f:ea:fb:bc:35:58:61:0d:
                    b7:0b:d5:bc:d7:35:a4:71:67:c1:f4:9c:4d:05:3a:
                    93:aa:54:64:94:5e:5c:68:36:2f:14:13:2e:99:42:
                    b2:b5:88:36:26:6d:47:3a:e5:f3:f7:a2:1a:d2:b5:
                    b9:b7:85:95:c9:bb:35:b3:1e:a8:3a:25:d8:3e:47:
                    0a:a9:05:1d:75:31:0d:62:1d:20:ad:a3:4b:3c:4d:
                    f7:34:62:d7:eb:60:3a:cf:77:6a:b6:f9:b2:60:87:
                    18:e8:6b:69:15:aa:e9:95:ee:5a:b6:d2:41:60:1e:
                    6e:58:d7:02:17:3e:a3:c5:c3:85:d0:b2:b9:30:f3:
                    fd:c4:21:7b:d8:dc:ea:53:1a:96:7e:f8:f2:f3:62:
                    e2:75:81:8a:2c:aa:e9:4c:99:6b:a7:a9:eb:a3:fd:
                    d1:51:69:ec:0f:ee:19:a4:f3:6e:b4:9f:ee:41:aa:
                    c9:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:99:DC:98:5E:51:CC:8D:F8:DD:82:E7:CE:3D:11:7E:EB:FE:92:60
            X509v3 Authority Key Identifier:
                keyid:C3:78:BC:3B:D3:50:EE:DC:4F:37:7C:22:45:56:B2:50:DA:6D:DE:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/EpncmF5RzI343YLnzj0Rfuv-kmA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.127.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:62:b1:f4:de:bc:02:d5:1c:0c:c1:42:7e:61:ac:e2:29:80:
         86:77:a2:a7:7a:79:ed:99:e8:45:e3:16:97:af:4e:1d:42:fe:
         a8:f7:9f:7c:51:dd:6b:6e:a7:e4:f3:31:b9:2d:98:75:a7:98:
         5e:5e:0d:b0:fa:cd:60:23:51:b5:47:37:3e:8d:87:eb:9f:55:
         0f:0d:8d:b0:c4:3a:39:6f:48:24:05:7e:69:79:49:ca:78:94:
         0d:6c:8d:b1:cb:07:52:2e:cb:af:a0:7f:e5:f0:e6:60:59:08:
         04:46:e9:77:69:0d:e0:7d:21:82:0b:fa:13:ec:9b:32:f9:b0:
         d1:af:65:06:f8:78:2f:03:09:e5:3a:57:58:3a:9f:2c:9e:49:
         9c:41:73:e3:c1:59:aa:15:97:9a:dd:7f:f9:0a:63:60:26:5f:
         fe:de:a3:d7:c0:c0:a9:42:9b:eb:1e:ac:7c:bc:ec:ee:44:b9:
         49:9d:e2:c9:64:e6:8d:e2:ff:3e:58:d0:4e:15:d8:41:92:ec:
         5f:96:e5:70:9c:8c:74:9d:80:03:10:ff:a3:29:81:bc:4a:96:
         61:39:3a:f6:85:5d:5f:cb:e4:6f:5d:53:4f:e6:5d:b2:64:61:
         5d:79:4d:d0:60:5d:a0:72:71:47:d1:2c:54:33:86:e3:86:cb:
         15:50:b6:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKe0DBEGG4cwBAH6tQRO5ZpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNzhiYzNiZDM1MGVlZGM0ZjM3N2MyMjQ1NTZiMjUwZGE2
ZGRlNmYwHhcNMjQxMDE4MDg0ODE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjk5ZGM5ODVlNTFjYzhkZjhkZDgyZTdjZTNkMTE3ZWViZmU5MjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgx/w3fYmZ43iSRfrlxkyy54VxUg
mLrng3XIGIgA2Ku4F1Wal4o3AtXqa6jXZwSvptW0aUlwoRsbabwV9JEpvr5x3mSs
qz5KMTWU0JQdi9IFP+r7vDVYYQ23C9W81zWkcWfB9JxNBTqTqlRklF5caDYvFBMu
mUKytYg2Jm1HOuXz96Ia0rW5t4WVybs1sx6oOiXYPkcKqQUddTENYh0graNLPE33
NGLX62A6z3dqtvmyYIcY6GtpFarple5attJBYB5uWNcCFz6jxcOF0LK5MPP9xCF7
2NzqUxqWfvjy82LidYGKLKrpTJlrp6nro/3RUWnsD+4ZpPNutJ/uQarJUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBKZ3JheUcyN+N2C5849EX7r/pJgMB8GA1UdIwQY
MBaAFMN4vDvTUO7cTzd8IkVWslDabd5vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzNpOE85TlE3dHhQTjN3aVJWYXlVTnB0M204LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9iZTY2ZTQtZjE0Yi00YjMxLWJkYWYt
NDQxNDU1OGZkY2JiLzEvRXBuY21GNVJ6STM0M1lMbnpqMFJmdXYta21BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9iZTY2ZTQtZjE0Yi00YjMxLWJkYWYtNDQxNDU1OGZkY2Ji
LzEvdzNpOE85TlE3dHhQTjN3aVJWYXlVTnB0M204LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXX+gMA0G
CSqGSIb3DQEBCwUAA4IBAQBOYrH03rwC1RwMwUJ+YaziKYCGd6KnenntmehF4xaX
r04dQv6o9598Ud1rbqfk8zG5LZh1p5heXg2w+s1gI1G1Rzc+jYfrn1UPDY2wxDo5
b0gkBX5peUnKeJQNbI2xywdSLsuvoH/l8OZgWQgERul3aQ3gfSGCC/oT7Jsy+bDR
r2UG+HgvAwnlOldYOp8snkmcQXPjwVmqFZea3X/5CmNgJl/+3qPXwMCpQpvrHqx8
vOzuRLlJneLJZOaN4v8+WNBOFdhBkuxfluVwnIx0nYADEP+jKYG8SpZhOTr2hV1f
y+RvXVNP5l2yZGFdeU3QYF2gcnFH0SxUM4bjhssVULaD
-----END CERTIFICATE-----