Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/ab5500-f623-4a54-9ae2-ffe21ef98674/1/0_VEKJrftYI-EHvTCLarg2lwsBA.roa
File:                     0_VEKJrftYI-EHvTCLarg2lwsBA.roa (raw, json)
Hash identifier:          kfpPpXA7rFVv7oH2r9JbqI4VMxVD5WROc79GogJD5qg=
Subject key identifier:   D3:F5:44:28:9A:DF:B5:82:3E:10:7B:D3:08:B6:AB:83:69:70:B0:10
Certificate issuer:       /CN=eb23a5f47ec67e925a92491ab99b24ba371183f1
Certificate serial:       0194266C3862F92696649A61EE84DCE5F500
Authority key identifier: EB:23:A5:F4:7E:C6:7E:92:5A:92:49:1A:B9:9B:24:BA:37:11:83:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yOl9H7GfpJakkkauZskujcRg_E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/ab5500-f623-4a54-9ae2-ffe21ef98674/1/0_VEKJrftYI-EHvTCLarg2lwsBA.roa
Signing time:             Thu 02 Jan 2025 09:50:14 +0000
ROA not before:           Thu 02 Jan 2025 09:50:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6661
IP address blocks:        193.168.10.0/23 maxlen: 24
                          193.168.14.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/ab5500-f623-4a54-9ae2-ffe21ef98674/1/6yOl9H7GfpJakkkauZskujcRg_E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/ab5500-f623-4a54-9ae2-ffe21ef98674/1/6yOl9H7GfpJakkkauZskujcRg_E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yOl9H7GfpJakkkauZskujcRg_E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:38:62:f9:26:96:64:9a:61:ee:84:dc:e5:f5:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb23a5f47ec67e925a92491ab99b24ba371183f1
        Validity
            Not Before: Jan  2 09:50:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d3f544289adfb5823e107bd308b6ab836970b010
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:1e:81:e5:9e:8a:99:46:98:02:79:e5:42:94:
                    08:d4:a5:2d:06:2a:f7:2e:90:13:e6:6a:03:1b:9a:
                    59:17:87:44:b4:06:46:a5:18:92:fc:0f:85:de:23:
                    f7:48:5f:30:ac:e0:40:b0:70:33:80:02:cd:f9:62:
                    72:c6:ed:9d:f5:1a:be:27:88:ab:a1:3f:10:40:c2:
                    66:f8:82:17:92:fb:0d:42:77:0f:db:e6:b4:c8:55:
                    a0:eb:d3:f7:c8:f3:13:4a:83:ba:ec:18:6a:84:df:
                    a3:1f:a4:4e:73:f9:08:b6:e6:82:0b:1f:fb:6b:8a:
                    c1:be:c5:04:cf:2f:81:54:3c:0e:ab:ab:cb:d4:fe:
                    5d:e4:7e:a3:1c:e7:93:c9:74:88:b7:8f:9c:b6:52:
                    8e:f2:44:34:ef:6c:88:4a:49:81:a2:f5:6e:1a:b0:
                    f6:4f:fb:60:a4:a5:97:c2:9f:02:0f:dd:bf:04:8b:
                    ce:80:e6:49:f4:69:27:82:f3:cd:13:ef:1b:2f:3c:
                    8b:53:a4:45:c8:94:04:20:9f:e4:50:74:bb:b9:2a:
                    ba:1d:9e:54:26:4e:c4:dc:51:b2:94:b5:9c:19:0f:
                    6d:41:a7:e1:6e:bd:dc:89:b9:5f:81:cd:1a:df:4f:
                    74:f5:c2:23:ea:e4:9c:de:cf:03:0b:ea:b7:9f:5e:
                    00:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:F5:44:28:9A:DF:B5:82:3E:10:7B:D3:08:B6:AB:83:69:70:B0:10
            X509v3 Authority Key Identifier:
                keyid:EB:23:A5:F4:7E:C6:7E:92:5A:92:49:1A:B9:9B:24:BA:37:11:83:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yOl9H7GfpJakkkauZskujcRg_E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/ab5500-f623-4a54-9ae2-ffe21ef98674/1/0_VEKJrftYI-EHvTCLarg2lwsBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/ab5500-f623-4a54-9ae2-ffe21ef98674/1/6yOl9H7GfpJakkkauZskujcRg_E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.168.10.0/23
                  193.168.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         69:9e:6b:02:ee:a3:72:83:36:b4:56:99:66:ad:0b:4b:fa:d5:
         c8:b6:4d:78:bd:72:a9:3b:d1:af:34:b0:37:be:c9:b4:4f:53:
         72:34:43:bc:8e:70:67:a4:8f:cc:de:87:a6:9a:64:59:a8:c5:
         9c:85:eb:98:03:77:16:fd:69:39:26:44:94:86:a0:e0:fe:d8:
         ae:d5:fc:54:f5:13:71:61:25:ca:ca:6a:d1:40:71:66:37:2f:
         2c:71:80:b6:17:4f:9c:d6:08:fc:ad:7c:5d:cb:36:09:6b:0d:
         51:f0:c3:fe:a8:e6:8a:6d:b8:11:29:47:c2:b4:65:7f:81:c9:
         46:3a:3b:44:9c:dc:f3:75:87:89:e7:04:95:8e:19:4b:bb:a4:
         ec:ae:39:e8:86:9c:18:e0:12:18:fe:f1:29:a6:f1:2d:36:b3:
         57:4a:eb:9e:81:3b:d5:98:c2:ce:11:17:36:7f:c6:91:73:84:
         02:03:c9:58:1e:5e:a8:ca:3d:4d:ee:27:4b:e6:e0:39:5c:c7:
         bd:44:a1:a5:c4:20:60:a8:85:7f:ea:2a:fc:02:f4:a5:f5:e0:
         63:80:c5:c3:bf:6b:f9:cc:a1:47:82:4c:3b:6d:e0:66:84:f5:
         06:a5:97:db:eb:8b:a5:6a:5e:23:1b:c5:53:21:59:ab:db:f9:
         1c:b6:6c:ee
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQmbDhi+SaWZJph7oTc5fUAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMjNhNWY0N2VjNjdlOTI1YTkyNDkxYWI5OWIyNGJhMzcx
MTgzZjEwHhcNMjUwMTAyMDk1MDE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2Y1NDQyODlhZGZiNTgyM2UxMDdiZDMwOGI2YWI4MzY5NzBiMDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlx6B5Z6KmUaYAnnlQpQI1KUtBir3
LpAT5moDG5pZF4dEtAZGpRiS/A+F3iP3SF8wrOBAsHAzgALN+WJyxu2d9Rq+J4ir
oT8QQMJm+IIXkvsNQncP2+a0yFWg69P3yPMTSoO67BhqhN+jH6ROc/kItuaCCx/7
a4rBvsUEzy+BVDwOq6vL1P5d5H6jHOeTyXSIt4+ctlKO8kQ072yISkmBovVuGrD2
T/tgpKWXwp8CD92/BIvOgOZJ9GkngvPNE+8bLzyLU6RFyJQEIJ/kUHS7uSq6HZ5U
Jk7E3FGylLWcGQ9tQafhbr3ciblfgc0a30909cIj6uSc3s8DC+q3n14AuQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNP1RCia37WCPhB70wi2q4NpcLAQMB8GA1UdIwQY
MBaAFOsjpfR+xn6SWpJJGrmbJLo3EYPxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnlPbDlIN0dmcEpha2trYXVac2t1amNSZ19FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9hYjU1MDAtZjYyMy00YTU0LTlhZTIt
ZmZlMjFlZjk4Njc0LzEvMF9WRUtKcmZ0WUktRUh2VENMYXJnMmx3c0JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9hYjU1MDAtZjYyMy00YTU0LTlhZTItZmZlMjFlZjk4Njc0
LzEvNnlPbDlIN0dmcEpha2trYXVac2t1amNSZ19FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwagKAwQB
wagOMA0GCSqGSIb3DQEBCwUAA4IBAQBpnmsC7qNygza0VplmrQtL+tXItk14vXKp
O9GvNLA3vsm0T1NyNEO8jnBnpI/M3oemmmRZqMWcheuYA3cW/Wk5JkSUhqDg/tiu
1fxU9RNxYSXKymrRQHFmNy8scYC2F0+c1gj8rXxdyzYJaw1R8MP+qOaKbbgRKUfC
tGV/gclGOjtEnNzzdYeJ5wSVjhlLu6TsrjnohpwY4BIY/vEppvEtNrNXSuuegTvV
mMLOERc2f8aRc4QCA8lYHl6oyj1N7idL5uA5XMe9RKGlxCBgqIV/6ir8AvSl9eBj
gMXDv2v5zKFHgkw7beBmhPUGpZfb64ulal4jG8VTIVmr2/kctmzu
-----END CERTIFICATE-----