Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/05ab16-2228-488e-b152-eb0921895714/1/kBsht6KNIVIdqBo-LjM3rdj9_48.roa
File:                     kBsht6KNIVIdqBo-LjM3rdj9_48.roa (raw, json)
Hash identifier:          yvy0FENQOdTgUPrF3X0q20Rd17JBcuTbTmhNZ8raWkU=
Subject key identifier:   90:1B:21:B7:A2:8D:21:52:1D:A8:1A:3E:2E:33:37:AD:D8:FD:FF:8F
Certificate issuer:       /CN=960c6d787e6b5eb64248dd9a7a1065b1053f7458
Certificate serial:       019424B28CA30796DD60BF8AFC0F19486275
Authority key identifier: 96:0C:6D:78:7E:6B:5E:B6:42:48:DD:9A:7A:10:65:B1:05:3F:74:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lgxteH5rXrZCSN2aehBlsQU_dFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/05ab16-2228-488e-b152-eb0921895714/1/kBsht6KNIVIdqBo-LjM3rdj9_48.roa
Signing time:             Thu 02 Jan 2025 01:47:48 +0000
ROA not before:           Thu 02 Jan 2025 01:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29641
IP address blocks:        193.8.106.0/23 maxlen: 23
                          193.8.108.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/05ab16-2228-488e-b152-eb0921895714/1/lgxteH5rXrZCSN2aehBlsQU_dFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/05ab16-2228-488e-b152-eb0921895714/1/lgxteH5rXrZCSN2aehBlsQU_dFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lgxteH5rXrZCSN2aehBlsQU_dFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:8c:a3:07:96:dd:60:bf:8a:fc:0f:19:48:62:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=960c6d787e6b5eb64248dd9a7a1065b1053f7458
        Validity
            Not Before: Jan  2 01:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=901b21b7a28d21521da81a3e2e3337add8fdff8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:5d:70:8b:dc:d7:c2:f7:bf:69:77:0d:10:57:
                    30:f2:da:28:6d:cd:6a:a5:33:70:c1:6a:1f:10:ee:
                    1e:ae:ba:c3:9d:6e:20:5a:03:ae:5d:90:0e:d9:77:
                    97:d1:49:76:1a:25:80:7b:2c:78:c9:73:16:39:17:
                    53:bb:d6:86:5d:69:25:13:61:55:63:62:95:46:f2:
                    29:6d:92:d9:37:17:0c:c1:a4:37:99:d9:5e:19:6d:
                    5b:88:81:fa:17:11:27:c4:43:87:22:7b:f3:ef:9a:
                    d9:57:8c:67:2b:78:8b:7f:64:83:cd:65:01:fb:00:
                    f8:04:59:24:4f:ab:b4:bf:25:5b:57:07:d4:7f:72:
                    41:99:25:30:f0:f9:47:5f:5e:b9:d5:c5:be:bb:df:
                    97:4e:c0:27:82:0b:78:80:35:c5:a7:ac:38:61:f0:
                    0c:43:d1:2b:28:26:5b:79:ad:c2:4d:de:e3:71:da:
                    3e:39:84:56:10:4f:7b:28:d9:06:bd:9c:22:91:2a:
                    93:a3:c5:0a:b6:86:4f:76:15:9d:e2:b8:41:49:b5:
                    6e:51:02:8a:58:cc:52:fd:f9:26:5a:8f:02:b2:12:
                    82:a7:09:b7:2f:6f:ff:de:5d:9b:b0:5e:df:f6:af:
                    09:4b:99:43:9f:b8:cf:0c:0b:a1:44:0b:d2:4e:4d:
                    c8:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:1B:21:B7:A2:8D:21:52:1D:A8:1A:3E:2E:33:37:AD:D8:FD:FF:8F
            X509v3 Authority Key Identifier:
                keyid:96:0C:6D:78:7E:6B:5E:B6:42:48:DD:9A:7A:10:65:B1:05:3F:74:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lgxteH5rXrZCSN2aehBlsQU_dFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/05ab16-2228-488e-b152-eb0921895714/1/kBsht6KNIVIdqBo-LjM3rdj9_48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/05ab16-2228-488e-b152-eb0921895714/1/lgxteH5rXrZCSN2aehBlsQU_dFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.106.0-193.8.109.255

    Signature Algorithm: sha256WithRSAEncryption
         22:23:2f:03:7e:00:a2:ff:9a:f7:a4:d0:e7:87:ea:1d:03:a4:
         9d:3f:8c:69:4b:17:98:48:4c:76:75:10:9c:59:13:00:76:86:
         86:ed:40:22:51:11:7d:4e:20:9f:9a:34:0e:bb:41:10:24:06:
         e7:a5:8b:00:f7:28:a8:c2:81:a0:38:00:d8:62:f8:de:69:c7:
         e4:f0:57:18:79:6d:30:97:ea:38:9e:78:bf:f0:3c:b8:1a:28:
         82:8d:d5:9c:d1:ec:58:66:0a:04:e3:b4:f9:83:87:22:b8:ce:
         78:c4:ba:1e:82:c5:1a:f5:15:5d:2a:36:33:79:08:3d:9b:c8:
         c8:f8:c3:ad:3f:b3:3d:3e:4c:ec:35:b6:9f:68:8b:10:7f:10:
         b4:d7:f3:e0:bd:84:6c:ea:16:ec:73:76:81:d1:61:1f:bd:34:
         90:73:e3:b0:84:45:42:0f:69:72:09:c6:4f:f9:81:07:a6:48:
         b2:8c:71:eb:7d:9a:d8:cc:5f:1e:ce:f6:36:69:c8:a9:89:b0:
         04:df:ef:11:aa:0f:1b:4a:f1:2b:f0:c9:ae:d5:84:c6:f5:89:
         8f:d2:da:87:51:d8:cc:f3:90:4d:2b:63:b2:35:06:88:2c:99:
         4b:65:7f:4f:4b:eb:69:9e:83:fb:5b:13:19:b9:c1:dd:ca:cc:
         5a:5b:4c:9c
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQksoyjB5bdYL+K/A8ZSGJ1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2MGM2ZDc4N2U2YjVlYjY0MjQ4ZGQ5YTdhMTA2NWIxMDUz
Zjc0NTgwHhcNMjUwMTAyMDE0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDFiMjFiN2EyOGQyMTUyMWRhODFhM2UyZTMzMzdhZGQ4ZmRmZjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7F1wi9zXwve/aXcNEFcw8toobc1q
pTNwwWofEO4errrDnW4gWgOuXZAO2XeX0Ul2GiWAeyx4yXMWORdTu9aGXWklE2FV
Y2KVRvIpbZLZNxcMwaQ3mdleGW1biIH6FxEnxEOHInvz75rZV4xnK3iLf2SDzWUB
+wD4BFkkT6u0vyVbVwfUf3JBmSUw8PlHX1651cW+u9+XTsAnggt4gDXFp6w4YfAM
Q9ErKCZbea3CTd7jcdo+OYRWEE97KNkGvZwikSqTo8UKtoZPdhWd4rhBSbVuUQKK
WMxS/fkmWo8CshKCpwm3L2//3l2bsF7f9q8JS5lDn7jPDAuhRAvSTk3IswIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJAbIbeijSFSHagaPi4zN63Y/f+PMB8GA1UdIwQY
MBaAFJYMbXh+a162QkjdmnoQZbEFP3RYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGd4dGVINXJYclpDU04yYWVoQmxzUVVfZEZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wNWFiMTYtMjIyOC00ODhlLWIxNTIt
ZWIwOTIxODk1NzE0LzEva0JzaHQ2S05JVklkcUJvLUxqTTNyZGo5XzQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wNWFiMTYtMjIyOC00ODhlLWIxNTItZWIwOTIxODk1NzE0
LzEvbGd4dGVINXJYclpDU04yYWVoQmxzUVVfZEZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAHBCGoD
BAHBCGwwDQYJKoZIhvcNAQELBQADggEBACIjLwN+AKL/mvek0OeH6h0DpJ0/jGlL
F5hITHZ1EJxZEwB2hobtQCJREX1OIJ+aNA67QRAkBueliwD3KKjCgaA4ANhi+N5p
x+TwVxh5bTCX6jieeL/wPLgaKIKN1ZzR7FhmCgTjtPmDhyK4znjEuh6CxRr1FV0q
NjN5CD2byMj4w60/sz0+TOw1tp9oixB/ELTX8+C9hGzqFuxzdoHRYR+9NJBz47CE
RUIPaXIJxk/5gQemSLKMcet9mtjMXx7O9jZpyKmJsATf7xGqDxtK8Svwya7VhMb1
iY/S2odR2MzzkE0rY7I1BogsmUtlf09L62meg/tbExm5wd3KzFpbTJw=
-----END CERTIFICATE-----