Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/60ed2d-16d5-4d0c-a947-bde6448b786c/1/tcqr6H6Pn502mTgeU25gh-yg-WA.roa
File:                     tcqr6H6Pn502mTgeU25gh-yg-WA.roa (raw, json)
Hash identifier:          QhLc2H9EaqNLDU7Kj5x0GBXca3GxqWVwHOT+AHVwWnY=
Subject key identifier:   B5:CA:AB:E8:7E:8F:9F:9D:36:99:38:1E:53:6E:60:87:EC:A0:F9:60
Certificate issuer:       /CN=23ba1ec4f035a72dfa39e930ad8ec54368eb7af4
Certificate serial:       018CC5DC847FCF4D2656F6B577E64AA22E35
Authority key identifier: 23:BA:1E:C4:F0:35:A7:2D:FA:39:E9:30:AD:8E:C5:43:68:EB:7A:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I7oexPA1py36OekwrY7FQ2jrevQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/60ed2d-16d5-4d0c-a947-bde6448b786c/1/tcqr6H6Pn502mTgeU25gh-yg-WA.roa
Signing time:             Mon 01 Jan 2024 16:30:12 +0000
ROA not before:           Mon 01 Jan 2024 16:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     53856
IP address blocks:        93.157.24.0/22 maxlen: 22
                          93.157.28.0/22 maxlen: 22
                          93.157.28.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/60ed2d-16d5-4d0c-a947-bde6448b786c/1/I7oexPA1py36OekwrY7FQ2jrevQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/60ed2d-16d5-4d0c-a947-bde6448b786c/1/I7oexPA1py36OekwrY7FQ2jrevQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I7oexPA1py36OekwrY7FQ2jrevQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:84:7f:cf:4d:26:56:f6:b5:77:e6:4a:a2:2e:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23ba1ec4f035a72dfa39e930ad8ec54368eb7af4
        Validity
            Not Before: Jan  1 16:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5caabe87e8f9f9d3699381e536e6087eca0f960
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:1f:9e:30:90:d9:c2:29:49:60:2c:64:08:1a:
                    be:9a:35:ad:71:9e:22:6a:a2:dd:90:d9:1a:11:9c:
                    62:e1:48:43:26:83:63:fa:27:b5:ce:86:93:98:5d:
                    47:a1:09:c7:98:67:c9:ed:5f:68:3b:8d:2a:4c:4f:
                    cb:a7:47:51:0c:df:2d:f0:5e:96:d1:ce:3f:38:68:
                    75:9f:57:ab:8c:79:00:fa:23:a4:e1:2b:0a:66:45:
                    be:a4:7d:98:dc:d3:99:f9:e7:e2:63:6f:55:73:c2:
                    24:a5:0d:1a:81:3a:20:d4:68:1f:29:2a:b3:ed:0d:
                    89:e8:62:1f:fc:d6:72:87:4e:52:a7:77:6d:b7:46:
                    b4:6f:e3:2e:f1:70:0b:0e:7d:0c:66:d1:d5:91:e8:
                    38:9b:d0:cb:ee:0d:30:30:da:df:10:df:97:7c:07:
                    83:72:f4:cc:bd:e8:19:68:38:db:1b:ee:de:2a:39:
                    95:84:b4:4f:19:82:41:a2:9f:e2:f1:dc:78:75:52:
                    76:2c:ae:bf:61:e3:a4:72:67:a3:0c:c5:03:ef:8e:
                    ec:8b:48:40:ce:18:b0:d4:6b:01:8d:3c:0a:20:a5:
                    27:49:c5:f5:69:43:78:6a:56:19:94:23:1c:04:35:
                    25:e1:f8:bd:70:4b:22:b4:74:f7:8b:da:96:02:42:
                    32:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:CA:AB:E8:7E:8F:9F:9D:36:99:38:1E:53:6E:60:87:EC:A0:F9:60
            X509v3 Authority Key Identifier:
                keyid:23:BA:1E:C4:F0:35:A7:2D:FA:39:E9:30:AD:8E:C5:43:68:EB:7A:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I7oexPA1py36OekwrY7FQ2jrevQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/60ed2d-16d5-4d0c-a947-bde6448b786c/1/tcqr6H6Pn502mTgeU25gh-yg-WA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/60ed2d-16d5-4d0c-a947-bde6448b786c/1/I7oexPA1py36OekwrY7FQ2jrevQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.157.24.0/21

    Signature Algorithm: sha256WithRSAEncryption
         39:0b:f7:cd:00:a1:39:77:bb:d1:c5:17:82:a1:1b:bb:f7:9f:
         0c:ac:26:8a:32:01:9c:c8:e4:e3:3c:25:1f:c7:bf:24:88:ff:
         e0:71:ed:bf:b9:12:bc:37:fe:b6:19:d1:df:80:ce:28:71:23:
         d6:03:09:16:88:7f:00:52:41:46:8c:2a:a8:5d:9e:86:4d:a2:
         14:29:33:b4:d5:ec:2b:54:de:20:42:74:63:fe:6e:8f:9d:44:
         00:d1:29:5b:9b:c6:3f:95:9f:4e:8c:d3:6e:21:d6:a0:a4:ba:
         30:7e:f0:19:17:fc:35:b5:51:fb:45:fe:7c:67:ce:dc:d3:25:
         6e:99:4f:24:82:2f:c0:1e:0d:89:36:c3:84:45:f0:34:9c:61:
         78:ad:fb:e9:0e:53:ce:58:02:30:d6:e0:89:52:04:0e:b3:14:
         71:66:64:2b:ef:93:29:af:7a:a4:2f:26:3f:b2:61:8a:4f:8f:
         93:fb:72:24:79:d2:b0:ae:4a:e9:75:ad:d1:93:a0:24:b8:a3:
         45:bc:70:23:6b:83:27:88:48:94:94:80:8b:12:8f:8c:bd:5b:
         d6:63:85:b8:2b:ad:33:e1:16:8b:9b:16:35:a0:64:48:23:e8:
         f6:e0:b4:5a:b1:31:11:68:0e:50:e2:af:a9:8f:25:69:43:ec:
         71:0e:86:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3IR/z00mVva1d+ZKoi41MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzYmExZWM0ZjAzNWE3MmRmYTM5ZTkzMGFkOGVjNTQzNjhl
YjdhZjQwHhcNMjQwMTAxMTYzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWNhYWJlODdlOGY5ZjlkMzY5OTM4MWU1MzZlNjA4N2VjYTBmOTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkR+eMJDZwilJYCxkCBq+mjWtcZ4i
aqLdkNkaEZxi4UhDJoNj+ie1zoaTmF1HoQnHmGfJ7V9oO40qTE/Lp0dRDN8t8F6W
0c4/OGh1n1erjHkA+iOk4SsKZkW+pH2Y3NOZ+efiY29Vc8IkpQ0agTog1GgfKSqz
7Q2J6GIf/NZyh05Sp3dtt0a0b+Mu8XALDn0MZtHVkeg4m9DL7g0wMNrfEN+XfAeD
cvTMvegZaDjbG+7eKjmVhLRPGYJBop/i8dx4dVJ2LK6/YeOkcmejDMUD747si0hA
zhiw1GsBjTwKIKUnScX1aUN4alYZlCMcBDUl4fi9cEsitHT3i9qWAkIy7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLXKq+h+j5+dNpk4HlNuYIfsoPlgMB8GA1UdIwQY
MBaAFCO6HsTwNact+jnpMK2OxUNo63r0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTdvZXhQQTFweTM2T2Vrd3JZN0ZRMmpyZXZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC82MGVkMmQtMTZkNS00ZDBjLWE5NDct
YmRlNjQ0OGI3ODZjLzEvdGNxcjZINlBuNTAybVRnZVUyNWdoLXlnLVdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC82MGVkMmQtMTZkNS00ZDBjLWE5NDctYmRlNjQ0OGI3ODZj
LzEvSTdvZXhQQTFweTM2T2Vrd3JZN0ZRMmpyZXZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDXZ0YMA0G
CSqGSIb3DQEBCwUAA4IBAQA5C/fNAKE5d7vRxReCoRu7958MrCaKMgGcyOTjPCUf
x78kiP/gce2/uRK8N/62GdHfgM4ocSPWAwkWiH8AUkFGjCqoXZ6GTaIUKTO01ewr
VN4gQnRj/m6PnUQA0Slbm8Y/lZ9OjNNuIdagpLowfvAZF/w1tVH7Rf58Z87c0yVu
mU8kgi/AHg2JNsOERfA0nGF4rfvpDlPOWAIw1uCJUgQOsxRxZmQr75Mpr3qkLyY/
smGKT4+T+3IkedKwrkrpda3Rk6AkuKNFvHAja4MniEiUlICLEo+MvVvWY4W4K60z
4RaLmxY1oGRII+j24LRasTERaA5Q4q+pjyVpQ+xxDobO
-----END CERTIFICATE-----