Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/psSMAPrm7IBfQSQEAAAazwdhlbk.roa
File:                     psSMAPrm7IBfQSQEAAAazwdhlbk.roa (raw, json)
Hash identifier:          tt1PR36YfQA9QAu52+huES0pgX67NgGR1xtX4xh/Xkc=
Subject key identifier:   A6:C4:8C:00:FA:E6:EC:80:5F:41:24:04:00:00:1A:CF:07:61:95:B9
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0190683B0F521603452FD56787171A7FDC7C
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/psSMAPrm7IBfQSQEAAAazwdhlbk.roa
Signing time:             Sun 30 Jun 2024 08:20:19 +0000
ROA not before:           Sun 30 Jun 2024 08:20:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21859
IP address blocks:        193.163.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:68:3b:0f:52:16:03:45:2f:d5:67:87:17:1a:7f:dc:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jun 30 08:20:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a6c48c00fae6ec805f41240400001acf076195b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:d0:bb:ef:54:24:0b:a1:d0:d9:2b:3f:80:73:
                    15:50:2e:8c:6c:5b:10:6b:0d:2c:33:1c:97:01:49:
                    d2:67:dc:95:17:27:26:c0:26:c5:c1:58:4e:89:2e:
                    2f:c1:72:39:91:4d:8d:a5:e8:c2:44:23:ae:63:28:
                    9f:ae:57:d9:27:e0:47:39:af:0c:4d:aa:20:74:8b:
                    93:59:04:43:1d:8e:b8:e2:b4:91:bd:46:b7:80:bd:
                    fb:84:b6:66:f2:ea:71:51:fe:1d:b2:61:03:f1:81:
                    e8:93:59:b0:b8:ed:d9:44:ff:6e:45:27:d5:84:2c:
                    04:f3:03:4b:bc:93:0a:59:85:c8:52:1e:8d:b9:6e:
                    1f:fc:6d:81:92:2a:70:9d:f9:b8:41:6c:f2:23:2d:
                    3c:f6:32:d4:0c:c3:eb:86:0c:10:31:49:8e:f0:7d:
                    63:2b:b4:a5:fa:7e:ef:40:9c:73:61:7b:9c:38:92:
                    8e:1e:a5:6a:db:43:ac:f1:9c:40:a6:08:d3:71:c2:
                    0d:2e:1d:90:82:df:25:ac:bd:97:9b:d5:63:1b:a7:
                    dc:7b:24:e3:f9:7d:2d:4f:b2:4a:5d:41:1c:3d:99:
                    11:24:9d:fe:de:1f:a6:40:94:6f:34:c2:88:2e:f8:
                    32:15:ed:d0:14:e7:84:f3:3f:f2:ec:8c:dd:87:70:
                    e2:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:C4:8C:00:FA:E6:EC:80:5F:41:24:04:00:00:1A:CF:07:61:95:B9
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/psSMAPrm7IBfQSQEAAAazwdhlbk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:d4:03:33:0e:8a:7b:29:11:02:f7:e3:d8:19:41:3f:fb:8a:
         df:a4:e2:18:4c:48:17:b3:87:82:ce:5f:a6:49:e0:b5:de:cd:
         fc:b2:4b:1b:16:42:7d:ca:f0:51:29:c0:bf:e8:84:21:af:1d:
         c6:ad:6e:f0:66:5c:6f:b5:e7:96:b3:73:34:18:f0:fa:46:d7:
         79:2f:68:13:b9:b0:52:46:97:bc:bd:21:60:9d:84:f6:0f:01:
         ff:45:13:01:30:d4:4b:cd:5e:f5:7d:f7:84:97:bd:5f:89:20:
         62:58:05:61:b6:94:e9:51:14:6f:d5:db:41:4a:93:fb:b9:8e:
         80:ba:11:f4:60:48:8b:97:ed:dc:a0:4d:4f:95:eb:78:45:74:
         ad:78:28:1e:57:f6:a3:94:3d:59:c7:7c:c0:6d:5d:92:52:c1:
         4d:d6:39:46:06:ec:c4:c4:e4:e8:5f:af:d5:27:ad:d6:0f:bf:
         15:26:6b:d2:cd:6e:54:e1:10:29:6d:1e:b7:7c:51:ca:81:ea:
         ca:73:22:c0:61:05:e9:96:5d:61:c5:07:88:5b:f6:4b:02:d9:
         2a:50:17:e4:c2:aa:f4:1f:02:6a:82:3b:cd:0a:60:5f:1d:1f:
         a0:42:d7:de:a9:9d:cb:38:83:35:73:d8:80:3d:0b:cb:2c:5b:
         6f:d2:cb:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBoOw9SFgNFL9Vnhxcaf9x8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwNjMwMDgyMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmM0OGMwMGZhZTZlYzgwNWY0MTI0MDQwMDAwMWFjZjA3NjE5NWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2dC771QkC6HQ2Ss/gHMVUC6MbFsQ
aw0sMxyXAUnSZ9yVFycmwCbFwVhOiS4vwXI5kU2NpejCRCOuYyifrlfZJ+BHOa8M
TaogdIuTWQRDHY644rSRvUa3gL37hLZm8upxUf4dsmED8YHok1mwuO3ZRP9uRSfV
hCwE8wNLvJMKWYXIUh6NuW4f/G2Bkipwnfm4QWzyIy089jLUDMPrhgwQMUmO8H1j
K7Sl+n7vQJxzYXucOJKOHqVq20Os8ZxApgjTccINLh2Qgt8lrL2Xm9VjG6fceyTj
+X0tT7JKXUEcPZkRJJ3+3h+mQJRvNMKILvgyFe3QFOeE8z/y7Izdh3DigwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKbEjAD65uyAX0EkBAAAGs8HYZW5MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvcHNTTUFQcm03SUJmUVNRRUFBQWF6d2RobGJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaNVMA0G
CSqGSIb3DQEBCwUAA4IBAQAd1AMzDop7KREC9+PYGUE/+4rfpOIYTEgXs4eCzl+m
SeC13s38sksbFkJ9yvBRKcC/6IQhrx3GrW7wZlxvteeWs3M0GPD6Rtd5L2gTubBS
Rpe8vSFgnYT2DwH/RRMBMNRLzV71ffeEl71fiSBiWAVhtpTpURRv1dtBSpP7uY6A
uhH0YEiLl+3coE1Plet4RXSteCgeV/ajlD1Zx3zAbV2SUsFN1jlGBuzExOToX6/V
J63WD78VJmvSzW5U4RApbR63fFHKgerKcyLAYQXpll1hxQeIW/ZLAtkqUBfkwqr0
HwJqgjvNCmBfHR+gQtfeqZ3LOIM1c9iAPQvLLFtv0ste
-----END CERTIFICATE-----