Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/d28e01-ad19-48e2-9689-e659d1af68fe/1/iPiwsmlf1rH2EPsk6fLPEKI8zgk.roa
File:                     iPiwsmlf1rH2EPsk6fLPEKI8zgk.roa (raw, json)
Hash identifier:          HEK+snEMm6LUTQyQQSBxHaP2/pNnax46exjNdpcjZeg=
Subject key identifier:   88:F8:B0:B2:69:5F:D6:B1:F6:10:FB:24:E9:F2:CF:10:A2:3C:CE:09
Certificate issuer:       /CN=4568316500ba6538420a9d55c65d9c88dd32a99e
Certificate serial:       0193207E04F82320C71437CAADA4A41D2735
Authority key identifier: 45:68:31:65:00:BA:65:38:42:0A:9D:55:C6:5D:9C:88:DD:32:A9:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RWgxZQC6ZThCCp1Vxl2ciN0yqZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/d28e01-ad19-48e2-9689-e659d1af68fe/1/iPiwsmlf1rH2EPsk6fLPEKI8zgk.roa
Signing time:             Tue 12 Nov 2024 13:09:09 +0000
ROA not before:           Tue 12 Nov 2024 13:09:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21022
IP address blocks:        193.26.136.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/d28e01-ad19-48e2-9689-e659d1af68fe/1/RWgxZQC6ZThCCp1Vxl2ciN0yqZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/d28e01-ad19-48e2-9689-e659d1af68fe/1/RWgxZQC6ZThCCp1Vxl2ciN0yqZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RWgxZQC6ZThCCp1Vxl2ciN0yqZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 16:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:20:7e:04:f8:23:20:c7:14:37:ca:ad:a4:a4:1d:27:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4568316500ba6538420a9d55c65d9c88dd32a99e
        Validity
            Not Before: Nov 12 13:09:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=88f8b0b2695fd6b1f610fb24e9f2cf10a23cce09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:fd:2e:4b:21:3b:2a:af:b8:a9:67:92:c4:dd:
                    84:54:91:5c:f5:01:cb:c4:24:08:06:db:a6:ba:4b:
                    10:56:e3:a1:b3:de:20:72:49:d9:e0:fb:4d:7b:d5:
                    d2:ab:1f:2c:ad:9a:79:37:7b:65:6b:04:90:8a:32:
                    2a:d1:56:a1:db:8b:72:f2:b5:0d:87:96:1d:97:4c:
                    07:66:67:1f:e7:98:4b:24:0d:0b:15:07:64:cb:06:
                    2c:c1:e8:b9:57:64:6a:fd:96:e3:2f:ef:58:2b:1d:
                    9e:0b:d2:85:ec:5b:b4:d8:93:87:0e:6d:79:35:67:
                    e3:2c:7a:77:e0:61:2f:77:91:54:f0:9d:ae:37:cb:
                    55:78:e0:48:c7:5f:8f:b9:6c:1a:cd:b9:fc:d5:b0:
                    74:c1:0b:58:dd:cf:1d:b5:1e:94:ec:da:1e:73:d0:
                    ec:a6:a2:a9:31:f3:46:fa:ce:13:c0:62:bb:e3:c4:
                    d9:b6:85:e4:9e:72:63:b9:08:e5:1e:a3:c5:8a:63:
                    22:71:46:c9:8e:55:7d:89:13:54:89:6e:c6:db:24:
                    a9:d9:59:a0:5b:20:a7:89:70:80:7c:d0:41:4b:17:
                    11:60:55:25:58:4a:ac:1a:2a:73:1c:58:f5:81:4c:
                    63:bb:33:58:68:ce:c5:89:3a:68:6c:95:33:0c:4b:
                    ea:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:F8:B0:B2:69:5F:D6:B1:F6:10:FB:24:E9:F2:CF:10:A2:3C:CE:09
            X509v3 Authority Key Identifier:
                keyid:45:68:31:65:00:BA:65:38:42:0A:9D:55:C6:5D:9C:88:DD:32:A9:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RWgxZQC6ZThCCp1Vxl2ciN0yqZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/d28e01-ad19-48e2-9689-e659d1af68fe/1/iPiwsmlf1rH2EPsk6fLPEKI8zgk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/d28e01-ad19-48e2-9689-e659d1af68fe/1/RWgxZQC6ZThCCp1Vxl2ciN0yqZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.26.136.0/21

    Signature Algorithm: sha256WithRSAEncryption
         5a:09:43:5e:9e:6a:6e:ee:07:8d:bc:c9:01:fc:f1:98:ef:f4:
         b6:5c:56:c2:0c:9b:f8:03:4e:c8:c1:45:aa:2a:04:62:bf:47:
         93:32:5b:fd:6e:f1:0f:e3:39:a8:e6:13:81:78:44:ae:e2:e0:
         af:dc:b2:99:f6:0f:65:6d:30:d3:bb:e3:eb:b2:75:c0:8d:21:
         a9:3e:35:03:3d:0a:fe:9c:03:e7:26:ce:2e:ea:f2:e3:55:d8:
         98:43:11:72:51:d3:57:e9:3f:95:b4:7a:71:23:7a:9b:b4:1f:
         21:f0:70:f1:cc:d4:72:ee:a1:69:d0:2e:da:ce:99:28:d7:70:
         64:da:f6:46:9c:1e:dc:0e:2c:24:96:3e:55:94:59:a7:8b:e6:
         2c:54:c3:f8:6c:a7:a7:42:8d:ce:aa:cf:4d:99:59:ed:8d:0e:
         15:43:9e:94:9b:15:7d:01:ef:ab:f6:c9:94:70:29:4f:ce:56:
         6a:5a:59:35:84:11:ec:e4:08:9f:98:67:b4:47:42:2f:de:ea:
         28:4b:35:2e:69:04:74:d0:c8:6d:18:77:54:3c:c1:f2:5e:58:
         46:f9:21:68:cc:d9:a3:2f:9b:c9:7e:9f:7f:1f:b1:3c:85:3d:
         ec:26:c8:e7:34:fd:86:4d:66:c0:f9:6c:bf:8c:c3:8f:cc:1a:
         2f:92:9a:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMgfgT4IyDHFDfKraSkHSc1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1NjgzMTY1MDBiYTY1Mzg0MjBhOWQ1NWM2NWQ5Yzg4ZGQz
MmE5OWUwHhcNMjQxMTEyMTMwOTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGY4YjBiMjY5NWZkNmIxZjYxMGZiMjRlOWYyY2YxMGEyM2NjZTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5/0uSyE7Kq+4qWeSxN2EVJFc9QHL
xCQIBtumuksQVuOhs94gcknZ4PtNe9XSqx8srZp5N3tlawSQijIq0Vah24ty8rUN
h5Ydl0wHZmcf55hLJA0LFQdkywYswei5V2Rq/ZbjL+9YKx2eC9KF7Fu02JOHDm15
NWfjLHp34GEvd5FU8J2uN8tVeOBIx1+PuWwazbn81bB0wQtY3c8dtR6U7Noec9Ds
pqKpMfNG+s4TwGK748TZtoXknnJjuQjlHqPFimMicUbJjlV9iRNUiW7G2ySp2Vmg
WyCniXCAfNBBSxcRYFUlWEqsGipzHFj1gUxjuzNYaM7FiTpobJUzDEvqLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIj4sLJpX9ax9hD7JOnyzxCiPM4JMB8GA1UdIwQY
MBaAFEVoMWUAumU4QgqdVcZdnIjdMqmeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUldneFpRQzZaVGhDQ3AxVnhsMmNpTjB5cVo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9kMjhlMDEtYWQxOS00OGUyLTk2ODkt
ZTY1OWQxYWY2OGZlLzEvaVBpd3NtbGYxckgyRVBzazZmTFBFS0k4emdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9kMjhlMDEtYWQxOS00OGUyLTk2ODktZTY1OWQxYWY2OGZl
LzEvUldneFpRQzZaVGhDQ3AxVnhsMmNpTjB5cVo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwRqIMA0G
CSqGSIb3DQEBCwUAA4IBAQBaCUNenmpu7geNvMkB/PGY7/S2XFbCDJv4A07IwUWq
KgRiv0eTMlv9bvEP4zmo5hOBeESu4uCv3LKZ9g9lbTDTu+PrsnXAjSGpPjUDPQr+
nAPnJs4u6vLjVdiYQxFyUdNX6T+VtHpxI3qbtB8h8HDxzNRy7qFp0C7azpko13Bk
2vZGnB7cDiwklj5VlFmni+YsVMP4bKenQo3Oqs9NmVntjQ4VQ56UmxV9Ae+r9smU
cClPzlZqWlk1hBHs5AifmGe0R0Iv3uooSzUuaQR00MhtGHdUPMHyXlhG+SFozNmj
L5vJfp9/H7E8hT3sJsjnNP2GTWbA+Wy/jMOPzBovkprf
-----END CERTIFICATE-----