Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/ikEQoCRbVW_OKU864WfmN_VOWdE.roa
File:                     ikEQoCRbVW_OKU864WfmN_VOWdE.roa (raw, json)
Hash identifier:          sP+viU1Svr20yw0X/OUOenW192+Ms9QSkTU2OY4SrBo=
Subject key identifier:   8A:41:10:A0:24:5B:55:6F:CE:29:4F:3A:E1:67:E6:37:F5:4E:59:D1
Certificate issuer:       /CN=fd37cc8f16b3c6cbd3346aa3ed61771f3e83ac97
Certificate serial:       018DF6414296F3DB0781D18DCF3BE31F0B54
Authority key identifier: FD:37:CC:8F:16:B3:C6:CB:D3:34:6A:A3:ED:61:77:1F:3E:83:AC:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_TfMjxazxsvTNGqj7WF3Hz6DrJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/ikEQoCRbVW_OKU864WfmN_VOWdE.roa
Signing time:             Thu 29 Feb 2024 19:04:48 +0000
ROA not before:           Thu 29 Feb 2024 19:04:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58325
IP address blocks:        93.118.40.0/22 maxlen: 24
                          2a01:4020:40::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/_TfMjxazxsvTNGqj7WF3Hz6DrJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/_TfMjxazxsvTNGqj7WF3Hz6DrJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_TfMjxazxsvTNGqj7WF3Hz6DrJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f6:41:42:96:f3:db:07:81:d1:8d:cf:3b:e3:1f:0b:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd37cc8f16b3c6cbd3346aa3ed61771f3e83ac97
        Validity
            Not Before: Feb 29 19:04:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a4110a0245b556fce294f3ae167e637f54e59d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:db:a2:c1:46:7c:52:d7:66:d5:28:43:e7:5b:
                    c9:88:61:05:17:a1:30:12:43:2b:4c:ae:04:32:4f:
                    25:31:e1:58:05:4d:2a:34:05:d4:e0:68:cb:40:d2:
                    36:13:dd:5f:85:b0:a1:44:2b:38:de:2d:b0:6d:eb:
                    e7:88:14:93:18:9b:2b:af:d9:4c:66:e2:cc:d8:f1:
                    1b:9c:1c:8e:f4:83:e9:aa:f2:ad:62:f8:5e:43:43:
                    d8:98:95:fa:ad:22:42:12:96:d4:46:97:f6:1a:8f:
                    d8:4d:c4:a2:ca:24:a6:ad:2e:5b:8d:b4:06:34:0a:
                    2d:3b:cb:1a:4f:7b:ce:40:46:20:d7:c3:ca:7c:04:
                    ee:34:d1:5f:ce:16:b6:8e:9c:a4:2d:a6:8b:4d:74:
                    5c:7b:39:3e:d8:cc:73:fe:dd:69:9f:b7:f5:c5:d6:
                    fb:18:58:35:52:a0:33:e6:8e:82:b6:37:8a:d6:08:
                    68:89:b5:16:29:76:9c:f8:c1:c5:ae:03:f6:d9:29:
                    e2:08:42:fe:59:d6:11:dd:74:a5:1c:bf:73:43:07:
                    3b:ce:59:71:89:fd:22:89:8e:e0:f5:64:10:38:a0:
                    6f:02:3f:5d:4e:e1:15:62:cc:33:e5:a6:75:32:d9:
                    f6:6b:5f:cb:77:7a:8e:f9:29:18:ca:34:5a:b2:e7:
                    6a:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:41:10:A0:24:5B:55:6F:CE:29:4F:3A:E1:67:E6:37:F5:4E:59:D1
            X509v3 Authority Key Identifier:
                keyid:FD:37:CC:8F:16:B3:C6:CB:D3:34:6A:A3:ED:61:77:1F:3E:83:AC:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_TfMjxazxsvTNGqj7WF3Hz6DrJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/ikEQoCRbVW_OKU864WfmN_VOWdE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/_TfMjxazxsvTNGqj7WF3Hz6DrJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.118.40.0/22
                IPv6:
                  2a01:4020:40::/44

    Signature Algorithm: sha256WithRSAEncryption
         b1:86:06:c9:4e:4e:b5:7b:6f:01:59:a8:81:19:ab:cd:c2:b9:
         91:5f:1b:b3:b3:bc:4a:b9:ca:50:0c:d2:8d:4e:f5:26:71:5b:
         fd:48:3e:93:4d:7c:95:78:04:4c:c0:e2:28:e4:43:69:fb:11:
         4b:96:bf:9e:86:b3:97:b8:97:8a:4b:0e:9e:84:5a:49:44:58:
         83:a5:80:85:fd:e6:a1:c2:14:22:51:52:8c:f2:f3:fd:02:db:
         3e:e7:e4:a2:16:42:2c:6e:78:5b:a1:a2:47:7d:04:17:83:87:
         da:0f:c3:07:cc:5b:ca:1e:f2:12:7e:1e:7f:da:a9:8e:3d:ce:
         13:7a:0c:ea:da:0e:52:51:36:38:d4:e1:50:68:22:ba:55:02:
         f8:a9:2b:08:48:18:38:39:7f:3e:8f:fb:47:31:67:85:fa:fd:
         d1:09:93:cf:91:83:fa:22:8e:7e:7b:94:30:51:60:d3:76:41:
         e2:9b:0d:8f:e2:ca:dd:83:a4:55:58:a7:48:d8:93:e7:b2:d4:
         fe:c1:a3:a7:d2:3f:dd:dd:b9:f4:b5:0a:f7:2b:07:14:0b:67:
         19:3e:c9:a1:30:96:b3:e7:1a:8f:c1:b3:2e:5c:f8:41:d1:c1:
         01:61:69:ba:75:bb:79:ba:1e:88:d2:ae:6b:cd:db:4a:ae:63:
         67:73:b5:fe
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY32QUKW89sHgdGNzzvjHwtUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkMzdjYzhmMTZiM2M2Y2JkMzM0NmFhM2VkNjE3NzFmM2U4
M2FjOTcwHhcNMjQwMjI5MTkwNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTQxMTBhMDI0NWI1NTZmY2UyOTRmM2FlMTY3ZTYzN2Y1NGU1OWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhNuiwUZ8Utdm1ShD51vJiGEFF6Ew
EkMrTK4EMk8lMeFYBU0qNAXU4GjLQNI2E91fhbChRCs43i2wbevniBSTGJsrr9lM
ZuLM2PEbnByO9IPpqvKtYvheQ0PYmJX6rSJCEpbURpf2Go/YTcSiyiSmrS5bjbQG
NAotO8saT3vOQEYg18PKfATuNNFfzha2jpykLaaLTXRcezk+2Mxz/t1pn7f1xdb7
GFg1UqAz5o6CtjeK1ghoibUWKXac+MHFrgP22SniCEL+WdYR3XSlHL9zQwc7zllx
if0iiY7g9WQQOKBvAj9dTuEVYswz5aZ1Mtn2a1/Ld3qO+SkYyjRasudqeQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIpBEKAkW1VvzilPOuFn5jf1TlnRMB8GA1UdIwQY
MBaAFP03zI8Ws8bL0zRqo+1hdx8+g6yXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1RmTWp4YXp4c3ZUTkdxajdXRjNIejZEckpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8wNWUxN2YtZDMxZi00MzFmLWE4YmMt
N2UwNWFiNDFiNmU0LzEvaWtFUW9DUmJWV19PS1U4NjRXZm1OX1ZPV2RFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8wNWUxN2YtZDMxZi00MzFmLWE4YmMtN2UwNWFiNDFiNmU0
LzEvX1RmTWp4YXp4c3ZUTkdxajdXRjNIejZEckpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCXXYoMA8E
AgACMAkDBwQqAUAgAEAwDQYJKoZIhvcNAQELBQADggEBALGGBslOTrV7bwFZqIEZ
q83CuZFfG7OzvEq5ylAM0o1O9SZxW/1IPpNNfJV4BEzA4ijkQ2n7EUuWv56Gs5e4
l4pLDp6EWklEWIOlgIX95qHCFCJRUozy8/0C2z7n5KIWQixueFuhokd9BBeDh9oP
wwfMW8oe8hJ+Hn/aqY49zhN6DOraDlJRNjjU4VBoIrpVAvipKwhIGDg5fz6P+0cx
Z4X6/dEJk8+Rg/oijn57lDBRYNN2QeKbDY/iyt2DpFVYp0jYk+ey1P7Bo6fSP93d
ufS1CvcrBxQLZxk+yaEwlrPnGo/Bsy5c+EHRwQFhabp1u3m6HojSrmvN20quY2dz
tf4=
-----END CERTIFICATE-----