Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/c339dd-443f-4ba9-a959-66db25e1990c/1/S590SXJakiMm1tsWzi1G9Qgs-eo.roa
File:                     S590SXJakiMm1tsWzi1G9Qgs-eo.roa (raw, json)
Hash identifier:          3PI1IRmRMy2Dl683V5IPqONj9wz5d+QDZfRjIsrHO1I=
Subject key identifier:   4B:9F:74:49:72:5A:92:23:26:D6:DB:16:CE:2D:46:F5:08:2C:F9:EA
Certificate issuer:       /CN=a3c8a0ca78984283fab986c9b80a5b040977e556
Certificate serial:       019420686798AC546105D5E409926A55C05A
Authority key identifier: A3:C8:A0:CA:78:98:42:83:FA:B9:86:C9:B8:0A:5B:04:09:77:E5:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o8igyniYQoP6uYbJuApbBAl35VY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/c339dd-443f-4ba9-a959-66db25e1990c/1/S590SXJakiMm1tsWzi1G9Qgs-eo.roa
Signing time:             Wed 01 Jan 2025 05:48:20 +0000
ROA not before:           Wed 01 Jan 2025 05:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39257
IP address blocks:        193.110.178.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/c339dd-443f-4ba9-a959-66db25e1990c/1/o8igyniYQoP6uYbJuApbBAl35VY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/c339dd-443f-4ba9-a959-66db25e1990c/1/o8igyniYQoP6uYbJuApbBAl35VY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o8igyniYQoP6uYbJuApbBAl35VY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:67:98:ac:54:61:05:d5:e4:09:92:6a:55:c0:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3c8a0ca78984283fab986c9b80a5b040977e556
        Validity
            Not Before: Jan  1 05:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4b9f7449725a922326d6db16ce2d46f5082cf9ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:0c:d5:cc:a3:68:0e:1a:80:72:4c:60:3b:26:
                    27:96:9a:69:d9:dc:4a:28:bb:d5:18:fa:03:78:12:
                    4b:34:5d:aa:2e:38:ff:be:a4:54:24:b9:0e:92:d3:
                    f4:0c:89:7c:6b:a0:d7:12:2b:1f:dd:38:30:ae:08:
                    c3:73:5d:af:25:c1:9a:95:33:56:ec:c7:11:45:6d:
                    33:ea:b8:94:42:eb:eb:42:9f:40:4d:6a:04:fc:df:
                    1b:23:d7:9e:36:76:ed:54:fe:07:8c:b2:b1:b6:80:
                    56:59:bc:f3:e2:2a:aa:ba:29:23:47:a9:50:15:96:
                    a4:60:bb:6d:82:c7:f4:4d:87:45:1b:e7:b7:96:75:
                    e6:04:64:b2:bc:23:e4:34:83:1f:df:c3:7f:ac:d8:
                    82:33:93:1d:0a:9a:97:67:ef:04:2d:30:ab:65:e3:
                    91:26:90:c7:b3:f9:96:a9:bf:17:e3:74:b7:eb:45:
                    36:5b:f6:ae:d6:9b:5d:84:80:b0:91:22:14:d1:a9:
                    5d:aa:b6:68:68:59:8c:7c:c0:a0:c1:5e:37:1b:89:
                    c8:4a:b6:86:48:0b:21:99:ec:20:f7:22:15:12:9d:
                    86:2d:62:d5:23:80:77:20:1b:9a:2c:a1:05:82:16:
                    13:6b:26:2d:1a:df:8e:1d:3d:e1:e3:71:1d:7f:e3:
                    9f:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:9F:74:49:72:5A:92:23:26:D6:DB:16:CE:2D:46:F5:08:2C:F9:EA
            X509v3 Authority Key Identifier:
                keyid:A3:C8:A0:CA:78:98:42:83:FA:B9:86:C9:B8:0A:5B:04:09:77:E5:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o8igyniYQoP6uYbJuApbBAl35VY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/c339dd-443f-4ba9-a959-66db25e1990c/1/S590SXJakiMm1tsWzi1G9Qgs-eo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/c339dd-443f-4ba9-a959-66db25e1990c/1/o8igyniYQoP6uYbJuApbBAl35VY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.110.178.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6e:dd:bc:ce:80:49:c7:03:f7:cb:83:c6:48:d4:51:1f:27:db:
         62:cf:59:a7:99:39:7e:4d:00:61:76:67:8b:3d:d4:db:c7:76:
         d7:b5:ea:4e:16:9e:e8:f2:38:5b:13:22:88:2f:5f:46:83:be:
         78:13:33:0f:94:a6:b9:b3:31:bf:bc:4e:46:d8:ab:2b:86:ed:
         cd:10:75:41:46:cc:ba:3f:a3:df:42:f9:b9:7f:93:8b:2d:e7:
         a9:ed:dc:95:58:2f:a7:f5:07:34:a5:bf:b7:dc:b5:d3:49:b9:
         96:1b:46:b2:ae:a6:68:0f:ab:2e:53:2e:e3:d0:68:56:bf:44:
         cd:d8:77:92:73:f7:48:d0:e6:78:48:75:00:53:d9:a0:2e:e0:
         62:0a:cb:ca:cf:e7:bd:4f:48:81:68:5b:ae:57:b3:82:20:61:
         ed:14:c2:70:cc:4f:ae:8f:f6:db:7b:11:e0:ec:ab:68:87:b6:
         a6:a8:3d:fd:93:ae:33:c7:ed:6f:90:46:ca:d0:a9:fd:02:05:
         42:80:e1:fe:e0:d0:08:13:90:76:96:08:91:e2:b7:73:94:24:
         c5:a4:2a:32:83:a1:0a:e2:9b:29:2e:16:d7:1e:94:51:c1:2f:
         ea:15:80:c4:c6:2c:be:1c:af:48:2c:30:bc:6d:19:e1:61:af:
         14:fb:64:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaGeYrFRhBdXkCZJqVcBaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzYzhhMGNhNzg5ODQyODNmYWI5ODZjOWI4MGE1YjA0MDk3
N2U1NTYwHhcNMjUwMTAxMDU0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjlmNzQ0OTcyNWE5MjIzMjZkNmRiMTZjZTJkNDZmNTA4MmNmOWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuAzVzKNoDhqAckxgOyYnlppp2dxK
KLvVGPoDeBJLNF2qLjj/vqRUJLkOktP0DIl8a6DXEisf3TgwrgjDc12vJcGalTNW
7McRRW0z6riUQuvrQp9ATWoE/N8bI9eeNnbtVP4HjLKxtoBWWbzz4iqquikjR6lQ
FZakYLttgsf0TYdFG+e3lnXmBGSyvCPkNIMf38N/rNiCM5MdCpqXZ+8ELTCrZeOR
JpDHs/mWqb8X43S360U2W/au1ptdhICwkSIU0aldqrZoaFmMfMCgwV43G4nISraG
SAshmewg9yIVEp2GLWLVI4B3IBuaLKEFghYTayYtGt+OHT3h43Edf+OfZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEufdElyWpIjJtbbFs4tRvUILPnqMB8GA1UdIwQY
MBaAFKPIoMp4mEKD+rmGybgKWwQJd+VWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzhpZ3luaVlRb1A2dVliSnVBcGJCQWwzNVZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9jMzM5ZGQtNDQzZi00YmE5LWE5NTkt
NjZkYjI1ZTE5OTBjLzEvUzU5MFNYSmFraU1tMXRzV3ppMUc5UWdzLWVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9jMzM5ZGQtNDQzZi00YmE5LWE5NTktNjZkYjI1ZTE5OTBj
LzEvbzhpZ3luaVlRb1A2dVliSnVBcGJCQWwzNVZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwW6yMA0G
CSqGSIb3DQEBCwUAA4IBAQBu3bzOgEnHA/fLg8ZI1FEfJ9tiz1mnmTl+TQBhdmeL
PdTbx3bXtepOFp7o8jhbEyKIL19Gg754EzMPlKa5szG/vE5G2Ksrhu3NEHVBRsy6
P6PfQvm5f5OLLeep7dyVWC+n9Qc0pb+33LXTSbmWG0ayrqZoD6suUy7j0GhWv0TN
2HeSc/dI0OZ4SHUAU9mgLuBiCsvKz+e9T0iBaFuuV7OCIGHtFMJwzE+uj/bbexHg
7Ktoh7amqD39k64zx+1vkEbK0Kn9AgVCgOH+4NAIE5B2lgiR4rdzlCTFpCoyg6EK
4pspLhbXHpRRwS/qFYDExiy+HK9ILDC8bRnhYa8U+2Tn
-----END CERTIFICATE-----