Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/C0wIEmn0n6KioaQWnJaET-4k0Ak.roa
File:                     C0wIEmn0n6KioaQWnJaET-4k0Ak.roa (raw, json)
Hash identifier:          5VEOoamBD0RldWabpgRVVu/EuswIWqd77PgKPU3ZDmg=
Subject key identifier:   0B:4C:08:12:69:F4:9F:A2:A2:A1:A4:16:9C:96:84:4F:EE:24:D0:09
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       01963EC920956CFA8D3896E20F4EF8FE1215
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/C0wIEmn0n6KioaQWnJaET-4k0Ak.roa
Signing time:             Wed 16 Apr 2025 13:28:10 +0000
ROA not before:           Wed 16 Apr 2025 13:28:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60721
IP address blocks:        85.93.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:3e:c9:20:95:6c:fa:8d:38:96:e2:0f:4e:f8:fe:12:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Apr 16 13:28:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0b4c081269f49fa2a2a1a4169c96844fee24d009
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:7b:35:8a:72:17:97:fb:a9:0d:9c:8a:49:76:
                    f5:de:27:55:25:7e:d3:01:66:d9:0f:7b:64:38:f5:
                    c4:b2:12:45:01:a8:e9:74:08:fe:65:92:73:35:41:
                    a6:40:ba:b1:ec:e3:61:eb:22:9a:07:01:74:2c:68:
                    e7:f1:d9:b4:a2:7d:e0:81:9e:f4:64:e3:e2:bf:01:
                    78:b1:48:7c:c2:d7:0f:fb:83:49:75:88:88:12:69:
                    91:29:5d:68:3b:6e:cd:37:49:ae:2e:ea:17:65:3b:
                    9a:23:1c:18:e1:59:e1:6b:7a:82:cd:e6:c3:e6:ec:
                    0b:99:e7:66:c9:a3:71:da:7f:31:62:08:b1:a8:9b:
                    00:53:10:87:af:ba:62:4e:c4:c4:31:67:e2:52:87:
                    0c:7d:f3:94:a6:1d:d6:4d:42:0e:16:84:45:86:91:
                    f2:13:96:d3:71:59:dd:97:b3:df:4f:ab:68:90:50:
                    8c:ff:e7:35:d2:c6:6a:8b:69:d7:3e:4f:08:46:21:
                    6a:96:80:07:1c:9c:14:53:8f:cc:d4:9f:fb:dd:5d:
                    53:c8:56:b9:53:22:fc:04:07:e1:3f:d8:92:67:1d:
                    54:6e:30:a7:e2:00:52:54:ee:9e:16:83:71:21:c2:
                    73:9f:bb:f2:a0:85:00:33:00:b1:e1:69:28:27:94:
                    27:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:4C:08:12:69:F4:9F:A2:A2:A1:A4:16:9C:96:84:4F:EE:24:D0:09
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/C0wIEmn0n6KioaQWnJaET-4k0Ak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.93.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:f6:a1:ac:df:57:7a:b5:ec:1d:45:1b:85:99:c7:4d:29:34:
         b3:2b:ef:8a:13:7a:ee:04:fa:8b:c4:b0:19:89:3d:7a:ea:b3:
         af:b9:fc:13:19:75:93:b4:d8:f4:f4:62:19:02:47:4a:d0:c2:
         4d:7d:38:41:8f:e5:fb:17:8f:93:01:ef:6d:0c:54:ae:59:be:
         89:a2:66:36:2f:3a:7e:4c:47:92:a5:23:05:dc:65:0d:f9:c4:
         bb:dd:40:b7:9a:91:6b:ea:ae:ac:4c:6a:da:54:53:7b:63:c6:
         48:e3:f0:31:a0:d0:49:4c:d0:91:00:d8:7b:5e:60:ab:b3:16:
         31:88:ea:d7:e1:d9:54:62:55:08:87:13:c5:39:12:c3:1f:61:
         ef:09:bc:92:d4:7a:12:97:47:16:1e:cf:08:78:f8:07:fe:f0:
         d1:5f:37:58:83:aa:52:c1:a0:6f:42:17:0c:e4:bb:2d:e3:e1:
         07:e7:b0:2a:88:a4:ee:c6:72:aa:41:ff:b1:b8:5c:8c:af:78:
         ea:0c:8a:77:0b:16:3a:a1:84:5e:11:5d:15:8f:83:ae:2f:b5:
         70:b2:20:82:00:d3:42:2e:7e:b7:54:2f:fb:25:14:60:e2:18:
         c1:08:6d:77:df:a6:6a:8a:b8:0a:75:97:77:6a:e7:6d:88:3f:
         8d:95:47:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZY+ySCVbPqNOJbiD074/hIVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNDE2MTMyODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjRjMDgxMjY5ZjQ5ZmEyYTJhMWE0MTY5Yzk2ODQ0ZmVlMjRkMDA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy3s1inIXl/upDZyKSXb13idVJX7T
AWbZD3tkOPXEshJFAajpdAj+ZZJzNUGmQLqx7ONh6yKaBwF0LGjn8dm0on3ggZ70
ZOPivwF4sUh8wtcP+4NJdYiIEmmRKV1oO27NN0muLuoXZTuaIxwY4Vnha3qCzebD
5uwLmedmyaNx2n8xYgixqJsAUxCHr7piTsTEMWfiUocMffOUph3WTUIOFoRFhpHy
E5bTcVndl7PfT6tokFCM/+c10sZqi2nXPk8IRiFqloAHHJwUU4/M1J/73V1TyFa5
UyL8BAfhP9iSZx1UbjCn4gBSVO6eFoNxIcJzn7vyoIUAMwCx4WkoJ5QnFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAtMCBJp9J+ioqGkFpyWhE/uJNAJMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvQzB3SUVtbjBuNktpb2FRV25KYUVULTRrMEFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVV0UMA0G
CSqGSIb3DQEBCwUAA4IBAQAO9qGs31d6tewdRRuFmcdNKTSzK++KE3ruBPqLxLAZ
iT166rOvufwTGXWTtNj09GIZAkdK0MJNfThBj+X7F4+TAe9tDFSuWb6JomY2Lzp+
TEeSpSMF3GUN+cS73UC3mpFr6q6sTGraVFN7Y8ZI4/AxoNBJTNCRANh7XmCrsxYx
iOrX4dlUYlUIhxPFORLDH2HvCbyS1HoSl0cWHs8IePgH/vDRXzdYg6pSwaBvQhcM
5Lst4+EH57AqiKTuxnKqQf+xuFyMr3jqDIp3CxY6oYReEV0Vj4OuL7VwsiCCANNC
Ln63VC/7JRRg4hjBCG1336ZqirgKdZd3audtiD+NlUcj
-----END CERTIFICATE-----