Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/5edf7a-ab9a-45e7-a612-d169c088b412/1/93kabwqQ9zbFLdwN9dtXb0NiXo4.roa
File:                     93kabwqQ9zbFLdwN9dtXb0NiXo4.roa (raw, json)
Hash identifier:          NQV92hweSMfzDtgTcgv2vSKYT+J6XTYPO0CbvgiCWZE=
Subject key identifier:   F7:79:1A:6F:0A:90:F7:36:C5:2D:DC:0D:F5:DB:57:6F:43:62:5E:8E
Certificate issuer:       /CN=11b69b59d19f2987e49f1852d60bb1777f80a301
Certificate serial:       018CCA2B11FC2D6A4DB1D6D1A1ACE48E7CC9
Authority key identifier: 11:B6:9B:59:D1:9F:29:87:E4:9F:18:52:D6:0B:B1:77:7F:80:A3:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EbabWdGfKYfknxhS1guxd3-AowE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/5edf7a-ab9a-45e7-a612-d169c088b412/1/93kabwqQ9zbFLdwN9dtXb0NiXo4.roa
Signing time:             Tue 02 Jan 2024 12:34:29 +0000
ROA not before:           Tue 02 Jan 2024 12:34:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     32780
IP address blocks:        5.188.196.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/5edf7a-ab9a-45e7-a612-d169c088b412/1/EbabWdGfKYfknxhS1guxd3-AowE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/5edf7a-ab9a-45e7-a612-d169c088b412/1/EbabWdGfKYfknxhS1guxd3-AowE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EbabWdGfKYfknxhS1guxd3-AowE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:11:fc:2d:6a:4d:b1:d6:d1:a1:ac:e4:8e:7c:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11b69b59d19f2987e49f1852d60bb1777f80a301
        Validity
            Not Before: Jan  2 12:34:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7791a6f0a90f736c52ddc0df5db576f43625e8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:2d:b2:ea:9a:2a:7e:69:fb:c0:0f:8d:1d:d8:
                    f7:65:3e:c1:04:00:cf:24:ed:12:91:08:0f:c6:01:
                    ca:60:95:6f:a8:fe:2f:6a:d9:4e:3b:cf:eb:7c:07:
                    98:5a:81:04:cd:32:7d:61:f0:85:2d:3e:ab:b7:fa:
                    cc:cd:d1:38:a2:25:c5:1d:6e:9c:c4:ef:f4:84:4f:
                    4d:5a:7f:fc:25:6c:9f:00:62:02:29:e2:f4:c1:ad:
                    cb:74:90:86:42:a7:fe:4a:37:6d:d6:71:16:10:82:
                    21:4f:09:44:17:13:05:ee:33:98:ce:cd:31:f1:2e:
                    46:14:0a:dd:02:c2:6f:16:77:f9:9d:f6:54:03:27:
                    35:3e:b6:a6:0e:cd:d1:0f:41:24:77:74:ec:0a:18:
                    6f:a1:25:a1:2f:47:f6:20:ec:9e:ba:0d:fb:f6:1a:
                    cf:77:88:e0:ef:8f:fd:97:b7:87:2d:a5:a6:b7:b6:
                    d1:30:df:69:5c:28:50:74:48:8e:bc:ed:39:75:99:
                    fb:2e:24:44:49:9e:66:b2:bd:88:75:f5:ea:fd:4b:
                    28:94:4f:4f:eb:5c:af:23:8c:d0:65:8b:a4:cd:6e:
                    80:cf:c4:db:81:30:ff:0d:31:ba:6f:7a:b2:87:3f:
                    ad:bd:19:fe:a3:54:e8:a7:28:d7:d3:1e:7d:60:0e:
                    a4:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:79:1A:6F:0A:90:F7:36:C5:2D:DC:0D:F5:DB:57:6F:43:62:5E:8E
            X509v3 Authority Key Identifier:
                keyid:11:B6:9B:59:D1:9F:29:87:E4:9F:18:52:D6:0B:B1:77:7F:80:A3:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EbabWdGfKYfknxhS1guxd3-AowE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/5edf7a-ab9a-45e7-a612-d169c088b412/1/93kabwqQ9zbFLdwN9dtXb0NiXo4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/5edf7a-ab9a-45e7-a612-d169c088b412/1/EbabWdGfKYfknxhS1guxd3-AowE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.188.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         af:8d:d0:5f:52:8c:2e:2f:ec:d8:ec:65:b4:d5:2b:ed:ed:b8:
         59:8c:75:b0:12:ee:35:c9:81:52:8d:d8:fe:26:58:46:3d:a8:
         66:4a:65:06:eb:53:b8:9e:6b:0c:92:b8:0f:65:10:78:14:79:
         3c:5e:dd:04:ab:4d:9d:80:a0:b5:94:5f:05:1a:23:d1:d5:d8:
         71:80:a0:9b:f7:c2:9d:cd:2a:24:63:00:d3:d1:27:22:3e:ac:
         4a:1a:54:99:cc:c9:6c:98:18:3d:97:24:7e:39:43:3b:d5:e5:
         17:6a:75:70:c3:e4:7f:a0:c5:90:09:0c:1b:2e:0b:f2:f0:39:
         ef:b8:61:57:bb:4f:76:7f:7f:2d:c0:d6:31:ce:5a:ae:82:ef:
         24:0a:d1:e4:ba:19:76:9c:cc:34:30:a7:35:ff:1d:40:a8:6c:
         e8:24:de:6e:b9:fd:1f:42:bc:44:e0:15:75:90:d7:c3:77:63:
         fb:e4:3f:70:c1:0c:cb:ab:ab:4f:e1:c2:57:32:ea:7e:4d:e8:
         b9:5f:bc:d2:e1:ea:2e:ff:45:c4:19:92:da:5a:94:42:1a:4c:
         8d:d0:9b:c7:f5:c5:e7:94:03:68:9e:8f:b4:21:68:c8:5e:65:
         43:48:16:19:be:91:c2:94:de:7d:7a:f9:47:07:0e:52:42:15:
         86:99:b8:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKxH8LWpNsdbRoazkjnzJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYjY5YjU5ZDE5ZjI5ODdlNDlmMTg1MmQ2MGJiMTc3N2Y4
MGEzMDEwHhcNMjQwMTAyMTIzNDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzc5MWE2ZjBhOTBmNzM2YzUyZGRjMGRmNWRiNTc2ZjQzNjI1ZThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiy2y6poqfmn7wA+NHdj3ZT7BBADP
JO0SkQgPxgHKYJVvqP4vatlOO8/rfAeYWoEEzTJ9YfCFLT6rt/rMzdE4oiXFHW6c
xO/0hE9NWn/8JWyfAGICKeL0wa3LdJCGQqf+Sjdt1nEWEIIhTwlEFxMF7jOYzs0x
8S5GFArdAsJvFnf5nfZUAyc1PramDs3RD0Ekd3TsChhvoSWhL0f2IOyeug379hrP
d4jg74/9l7eHLaWmt7bRMN9pXChQdEiOvO05dZn7LiRESZ5msr2IdfXq/UsolE9P
61yvI4zQZYukzW6Az8TbgTD/DTG6b3qyhz+tvRn+o1TopyjX0x59YA6kIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPd5Gm8KkPc2xS3cDfXbV29DYl6OMB8GA1UdIwQY
MBaAFBG2m1nRnymH5J8YUtYLsXd/gKMBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWJhYldkR2ZLWWZrbnhoUzFndXhkMy1Bb3dFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC81ZWRmN2EtYWI5YS00NWU3LWE2MTIt
ZDE2OWMwODhiNDEyLzEvOTNrYWJ3cVE5emJGTGR3TjlkdFhiME5pWG80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC81ZWRmN2EtYWI5YS00NWU3LWE2MTItZDE2OWMwODhiNDEy
LzEvRWJhYldkR2ZLWWZrbnhoUzFndXhkMy1Bb3dFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBbzEMA0G
CSqGSIb3DQEBCwUAA4IBAQCvjdBfUowuL+zY7GW01Svt7bhZjHWwEu41yYFSjdj+
JlhGPahmSmUG61O4nmsMkrgPZRB4FHk8Xt0Eq02dgKC1lF8FGiPR1dhxgKCb98Kd
zSokYwDT0SciPqxKGlSZzMlsmBg9lyR+OUM71eUXanVww+R/oMWQCQwbLgvy8Dnv
uGFXu092f38twNYxzlqugu8kCtHkuhl2nMw0MKc1/x1AqGzoJN5uuf0fQrxE4BV1
kNfDd2P75D9wwQzLq6tP4cJXMup+Tei5X7zS4eou/0XEGZLaWpRCGkyN0JvH9cXn
lANono+0IWjIXmVDSBYZvpHClN59evlHBw5SQhWGmbgH
-----END CERTIFICATE-----