Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/ab5500-f623-4a54-9ae2-ffe21ef98674/1/T7ZlH4AyToBkH-riZHo5Ukhy694.roa
File:                     T7ZlH4AyToBkH-riZHo5Ukhy694.roa (raw, json)
Hash identifier:          ufP7DI0SNisHGUGe/Sb4iUXnHyS97c3DteqcvqgPimw=
Subject key identifier:   4F:B6:65:1F:80:32:4E:80:64:1F:EA:E2:64:7A:39:52:48:72:EB:DE
Certificate issuer:       /CN=eb23a5f47ec67e925a92491ab99b24ba371183f1
Certificate serial:       018CC8010C71FB670E543F52785556378143
Authority key identifier: EB:23:A5:F4:7E:C6:7E:92:5A:92:49:1A:B9:9B:24:BA:37:11:83:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yOl9H7GfpJakkkauZskujcRg_E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/ab5500-f623-4a54-9ae2-ffe21ef98674/1/T7ZlH4AyToBkH-riZHo5Ukhy694.roa
Signing time:             Tue 02 Jan 2024 02:29:21 +0000
ROA not before:           Tue 02 Jan 2024 02:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6661
IP address blocks:        193.168.10.0/23 maxlen: 24
                          193.168.14.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/ab5500-f623-4a54-9ae2-ffe21ef98674/1/6yOl9H7GfpJakkkauZskujcRg_E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/ab5500-f623-4a54-9ae2-ffe21ef98674/1/6yOl9H7GfpJakkkauZskujcRg_E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yOl9H7GfpJakkkauZskujcRg_E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:0c:71:fb:67:0e:54:3f:52:78:55:56:37:81:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb23a5f47ec67e925a92491ab99b24ba371183f1
        Validity
            Not Before: Jan  2 02:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4fb6651f80324e80641feae2647a39524872ebde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:fa:97:a2:f9:5c:9d:38:e9:0d:dd:24:03:3d:
                    b8:fd:e3:88:7c:90:36:71:b8:5a:ed:76:1e:a6:d6:
                    94:95:29:7f:ca:8a:65:fe:28:a0:d4:16:2a:8a:1d:
                    0b:33:0c:91:1c:6b:ea:e7:7e:d1:60:5e:c0:46:10:
                    db:22:9f:a5:a9:c7:6f:f4:60:2e:06:d1:ae:2e:68:
                    a7:75:99:e7:49:da:93:87:22:a1:85:75:09:a0:c4:
                    6c:5a:0a:7d:22:7e:42:57:9f:88:2e:ae:61:a3:b1:
                    35:f6:9f:b8:11:0b:9b:cc:b0:0d:c9:a3:92:b0:e0:
                    b1:dc:e0:84:f3:7c:bf:be:f5:0f:85:58:b9:2a:5e:
                    98:4d:b8:af:cb:33:44:88:fa:86:8a:83:91:ff:72:
                    fd:a3:cc:c8:7c:1c:4e:56:d7:8d:d6:d8:c3:a1:42:
                    92:1d:ef:2a:eb:86:94:b8:c2:53:18:6b:b9:6d:1c:
                    06:31:ca:e7:20:3e:22:74:91:ee:a9:2a:5b:9a:0b:
                    22:18:76:3e:7f:3d:fa:d9:68:38:45:07:f2:27:6f:
                    ac:c5:61:ab:43:5d:14:6d:44:80:cf:12:7f:0f:2a:
                    c6:7f:f3:23:6a:fd:a0:fa:b3:8a:be:64:b3:1a:3e:
                    75:d1:59:c6:f1:7c:7f:5e:a3:4f:d3:ba:12:f9:8a:
                    e0:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:B6:65:1F:80:32:4E:80:64:1F:EA:E2:64:7A:39:52:48:72:EB:DE
            X509v3 Authority Key Identifier:
                keyid:EB:23:A5:F4:7E:C6:7E:92:5A:92:49:1A:B9:9B:24:BA:37:11:83:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yOl9H7GfpJakkkauZskujcRg_E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/ab5500-f623-4a54-9ae2-ffe21ef98674/1/T7ZlH4AyToBkH-riZHo5Ukhy694.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/ab5500-f623-4a54-9ae2-ffe21ef98674/1/6yOl9H7GfpJakkkauZskujcRg_E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.168.10.0/23
                  193.168.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4c:46:a8:77:80:c6:43:0d:27:89:36:36:b7:3d:48:6f:3d:3b:
         de:83:13:d3:68:08:8a:b9:d1:3b:ee:40:da:f3:88:18:93:df:
         76:eb:7c:24:1d:77:1a:e4:cb:99:e7:68:64:96:87:7b:0b:f3:
         2c:a1:11:62:33:a6:92:df:a9:3d:1b:26:59:9f:44:ed:8e:e9:
         34:1c:67:44:87:e0:e1:7b:23:a9:96:9c:2e:a2:fd:20:d8:67:
         6a:e4:7e:5a:3a:0c:ff:e2:39:ca:58:68:14:b2:f0:2d:b2:86:
         27:0a:06:bb:a8:b3:f4:93:b4:1f:ad:24:a9:5d:4a:53:53:b6:
         e6:37:57:95:53:33:8d:da:c3:39:5d:52:3b:6f:10:3e:5f:9d:
         d5:a6:73:ca:91:ad:65:0f:8f:43:6c:17:de:67:66:84:81:5e:
         89:a3:c9:17:38:7f:0b:0b:9c:1d:c9:1f:cc:38:e5:51:01:05:
         04:3f:24:ea:4e:93:98:61:24:30:63:f3:4e:30:2d:ed:10:cb:
         2b:28:d2:51:d3:c4:50:1a:0b:42:6a:8e:b2:4a:88:51:c8:e0:
         be:2d:e1:a1:f9:76:ca:9a:ed:b4:42:a9:17:ef:a4:59:df:04:
         82:e7:72:75:57:28:b0:11:1d:f0:2b:51:eb:48:d0:a3:d1:23:
         6d:d8:07:87
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAQxx+2cOVD9SeFVWN4FDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMjNhNWY0N2VjNjdlOTI1YTkyNDkxYWI5OWIyNGJhMzcx
MTgzZjEwHhcNMjQwMTAyMDIyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmI2NjUxZjgwMzI0ZTgwNjQxZmVhZTI2NDdhMzk1MjQ4NzJlYmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/qXovlcnTjpDd0kAz24/eOIfJA2
cbha7XYeptaUlSl/yopl/iig1BYqih0LMwyRHGvq537RYF7ARhDbIp+lqcdv9GAu
BtGuLmindZnnSdqThyKhhXUJoMRsWgp9In5CV5+ILq5ho7E19p+4EQubzLANyaOS
sOCx3OCE83y/vvUPhVi5Kl6YTbivyzNEiPqGioOR/3L9o8zIfBxOVteN1tjDoUKS
He8q64aUuMJTGGu5bRwGMcrnID4idJHuqSpbmgsiGHY+fz362Wg4RQfyJ2+sxWGr
Q10UbUSAzxJ/DyrGf/Mjav2g+rOKvmSzGj510VnG8Xx/XqNP07oS+YrgLwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE+2ZR+AMk6AZB/q4mR6OVJIcuveMB8GA1UdIwQY
MBaAFOsjpfR+xn6SWpJJGrmbJLo3EYPxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnlPbDlIN0dmcEpha2trYXVac2t1amNSZ19FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9hYjU1MDAtZjYyMy00YTU0LTlhZTIt
ZmZlMjFlZjk4Njc0LzEvVDdabEg0QXlUb0JrSC1yaVpIbzVVa2h5Njk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9hYjU1MDAtZjYyMy00YTU0LTlhZTItZmZlMjFlZjk4Njc0
LzEvNnlPbDlIN0dmcEpha2trYXVac2t1amNSZ19FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwagKAwQB
wagOMA0GCSqGSIb3DQEBCwUAA4IBAQBMRqh3gMZDDSeJNja3PUhvPTvegxPTaAiK
udE77kDa84gYk99263wkHXca5MuZ52hklod7C/MsoRFiM6aS36k9GyZZn0Ttjuk0
HGdEh+DheyOplpwuov0g2Gdq5H5aOgz/4jnKWGgUsvAtsoYnCga7qLP0k7QfrSSp
XUpTU7bmN1eVUzON2sM5XVI7bxA+X53VpnPKka1lD49DbBfeZ2aEgV6Jo8kXOH8L
C5wdyR/MOOVRAQUEPyTqTpOYYSQwY/NOMC3tEMsrKNJR08RQGgtCao6ySohRyOC+
LeGh+XbKmu20QqkX76RZ3wSC53J1VyiwER3wK1HrSNCj0SNt2AeH
-----END CERTIFICATE-----