Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/cae91b-9e0e-4d5c-afc4-55118f8bd5f2/1/kCyQt7Whal9jpczYqZEgp_6R7I8.roa
File:                     kCyQt7Whal9jpczYqZEgp_6R7I8.roa (raw, json)
Hash identifier:          n1a/gr72TAJYtCLagxMczcE5bhfp27aRgchPH5Xb118=
Subject key identifier:   90:2C:90:B7:B5:A1:6A:5F:63:A5:CC:D8:A9:91:20:A7:FE:91:EC:8F
Certificate issuer:       /CN=e96a769beca3b1932955158135596365c43c83b1
Certificate serial:       018CC3B7051FB0B603A12BEEA7BA4B44AB8D
Authority key identifier: E9:6A:76:9B:EC:A3:B1:93:29:55:15:81:35:59:63:65:C4:3C:83:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6Wp2m-yjsZMpVRWBNVljZcQ8g7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/cae91b-9e0e-4d5c-afc4-55118f8bd5f2/1/kCyQt7Whal9jpczYqZEgp_6R7I8.roa
Signing time:             Mon 01 Jan 2024 06:30:00 +0000
ROA not before:           Mon 01 Jan 2024 06:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211701
IP address blocks:        193.169.136.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/cae91b-9e0e-4d5c-afc4-55118f8bd5f2/1/6Wp2m-yjsZMpVRWBNVljZcQ8g7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/cae91b-9e0e-4d5c-afc4-55118f8bd5f2/1/6Wp2m-yjsZMpVRWBNVljZcQ8g7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6Wp2m-yjsZMpVRWBNVljZcQ8g7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:05:1f:b0:b6:03:a1:2b:ee:a7:ba:4b:44:ab:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e96a769beca3b1932955158135596365c43c83b1
        Validity
            Not Before: Jan  1 06:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=902c90b7b5a16a5f63a5ccd8a99120a7fe91ec8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:b5:18:c1:fe:ac:5a:77:2f:00:1f:7e:37:d3:
                    9c:79:fc:1c:c5:ee:8c:a2:2f:5f:90:f1:b7:23:6a:
                    96:45:c7:a4:39:95:e7:30:e3:f0:6f:67:ad:72:8f:
                    9a:63:4b:3d:8b:73:d2:8e:6e:c5:49:0f:69:d9:6c:
                    5c:58:fa:58:d8:c3:e1:1a:c7:4a:d2:13:ac:ff:5b:
                    dd:5f:3a:3e:39:6a:56:8d:a5:43:76:e4:22:d1:21:
                    b6:65:c4:2a:05:f9:0a:6f:72:3f:e1:93:5f:26:c7:
                    f9:d3:dd:d5:95:a9:e1:81:14:40:1a:5b:23:a1:35:
                    a8:6d:2d:7b:82:1b:b4:a7:0a:63:f9:bd:01:19:d1:
                    78:18:d0:24:d3:da:f7:0d:7a:dc:81:da:f4:9e:6e:
                    b4:f1:23:5e:ef:2d:cc:57:76:78:6b:60:fa:4c:a6:
                    b3:cd:71:3d:98:4c:5c:23:16:65:73:ca:2e:7f:ac:
                    db:7b:67:b2:94:31:f7:f1:ec:35:d9:96:2d:4d:28:
                    b6:4d:70:cc:39:cb:ff:fa:e7:fc:11:e6:8f:46:84:
                    38:fd:28:67:53:2b:9e:c8:d8:84:18:44:26:c6:3e:
                    f6:30:d5:2e:17:4c:f9:a5:cf:59:f7:a5:21:25:9a:
                    4d:6d:28:91:ee:af:1f:94:97:fc:3d:7e:0d:69:26:
                    48:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:2C:90:B7:B5:A1:6A:5F:63:A5:CC:D8:A9:91:20:A7:FE:91:EC:8F
            X509v3 Authority Key Identifier:
                keyid:E9:6A:76:9B:EC:A3:B1:93:29:55:15:81:35:59:63:65:C4:3C:83:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6Wp2m-yjsZMpVRWBNVljZcQ8g7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/cae91b-9e0e-4d5c-afc4-55118f8bd5f2/1/kCyQt7Whal9jpczYqZEgp_6R7I8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/cae91b-9e0e-4d5c-afc4-55118f8bd5f2/1/6Wp2m-yjsZMpVRWBNVljZcQ8g7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.169.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:60:b8:66:74:c6:bc:57:bf:8c:77:57:07:b1:f5:e1:45:e1:
         43:e6:ee:20:ce:0f:2e:2b:01:16:d3:83:c3:0f:33:e1:2d:a2:
         ee:71:fc:94:f7:a7:28:3c:f3:ef:79:0e:69:4e:f5:09:05:52:
         31:02:ca:ab:b8:3d:96:2c:78:45:dc:ae:86:e6:da:75:31:90:
         7f:ff:23:e2:e5:c7:97:84:be:3d:c1:c0:c1:25:6b:bf:dd:8e:
         4a:23:a6:97:02:73:69:a8:59:65:1b:70:f8:4c:cb:9b:a9:f6:
         67:e2:2c:20:7f:82:33:fd:3b:55:99:8a:20:ed:bc:0a:dd:07:
         22:e4:09:3c:4e:74:fa:64:17:36:9d:3f:4b:fd:c1:df:d1:d5:
         d1:49:f3:e5:9d:5d:9a:65:c4:7f:a7:2c:a1:b7:9d:77:84:68:
         69:0e:da:f1:88:aa:b2:5c:b6:f5:48:11:d8:49:1f:ce:78:fe:
         cb:54:0e:b9:94:c0:d9:13:42:91:4e:bd:6c:43:d3:53:16:8c:
         b6:09:8a:5b:58:d4:91:a5:71:6a:dc:94:2d:c4:3b:52:3f:ee:
         5e:9c:9a:16:b2:f2:50:02:47:99:a3:d6:0a:9a:09:1e:78:f0:
         68:2b:fc:61:97:56:f2:e3:e6:d3:c5:7b:59:4c:54:75:e1:d7:
         31:79:cb:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtwUfsLYDoSvup7pLRKuNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NmE3NjliZWNhM2IxOTMyOTU1MTU4MTM1NTk2MzY1YzQz
YzgzYjEwHhcNMjQwMTAxMDYzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDJjOTBiN2I1YTE2YTVmNjNhNWNjZDhhOTkxMjBhN2ZlOTFlYzhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk7UYwf6sWncvAB9+N9Ocefwcxe6M
oi9fkPG3I2qWRcekOZXnMOPwb2etco+aY0s9i3PSjm7FSQ9p2WxcWPpY2MPhGsdK
0hOs/1vdXzo+OWpWjaVDduQi0SG2ZcQqBfkKb3I/4ZNfJsf5093VlanhgRRAGlsj
oTWobS17ghu0pwpj+b0BGdF4GNAk09r3DXrcgdr0nm608SNe7y3MV3Z4a2D6TKaz
zXE9mExcIxZlc8ouf6zbe2eylDH38ew12ZYtTSi2TXDMOcv/+uf8EeaPRoQ4/Shn
UyueyNiEGEQmxj72MNUuF0z5pc9Z96UhJZpNbSiR7q8flJf8PX4NaSZI7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJAskLe1oWpfY6XM2KmRIKf+keyPMB8GA1UdIwQY
MBaAFOlqdpvso7GTKVUVgTVZY2XEPIOxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNldwMm0teWpzWk1wVlJXQk5WbGpaY1E4ZzdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi9jYWU5MWItOWUwZS00ZDVjLWFmYzQt
NTUxMThmOGJkNWYyLzEva0N5UXQ3V2hhbDlqcGN6WXFaRWdwXzZSN0k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi9jYWU5MWItOWUwZS00ZDVjLWFmYzQtNTUxMThmOGJkNWYy
LzEvNldwMm0teWpzWk1wVlJXQk5WbGpaY1E4ZzdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwamIMA0G
CSqGSIb3DQEBCwUAA4IBAQCIYLhmdMa8V7+Md1cHsfXhReFD5u4gzg8uKwEW04PD
DzPhLaLucfyU96coPPPveQ5pTvUJBVIxAsqruD2WLHhF3K6G5tp1MZB//yPi5ceX
hL49wcDBJWu/3Y5KI6aXAnNpqFllG3D4TMubqfZn4iwgf4Iz/TtVmYog7bwK3Qci
5Ak8TnT6ZBc2nT9L/cHf0dXRSfPlnV2aZcR/pyyht513hGhpDtrxiKqyXLb1SBHY
SR/OeP7LVA65lMDZE0KRTr1sQ9NTFoy2CYpbWNSRpXFq3JQtxDtSP+5enJoWsvJQ
AkeZo9YKmgkeePBoK/xhl1by4+bTxXtZTFR14dcxectE
-----END CERTIFICATE-----