Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/b60d50-552a-44af-8ba5-36e4fb56fdb4/1/PUpMBlY3y3LiEyvtN3mwZr7fC6o.roa
File:                     PUpMBlY3y3LiEyvtN3mwZr7fC6o.roa (raw, json)
Hash identifier:          83wzwEaj6Lu4SVxQ13wsJpRArhNJgziukBIbApzP3jM=
Subject key identifier:   3D:4A:4C:06:56:37:CB:72:E2:13:2B:ED:37:79:B0:66:BE:DF:0B:AA
Certificate issuer:       /CN=a6cb68246650bd58c22a2ae00ad066178a81eb6f
Certificate serial:       01941F8C31290AFCD9CB059C13A2B39A87DE
Authority key identifier: A6:CB:68:24:66:50:BD:58:C2:2A:2A:E0:0A:D0:66:17:8A:81:EB:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pstoJGZQvVjCKirgCtBmF4qB628.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/b60d50-552a-44af-8ba5-36e4fb56fdb4/1/PUpMBlY3y3LiEyvtN3mwZr7fC6o.roa
Signing time:             Wed 01 Jan 2025 01:47:48 +0000
ROA not before:           Wed 01 Jan 2025 01:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2116
IP address blocks:        193.160.176.0/21 maxlen: 21
                          193.160.176.0/24 maxlen: 24
                          193.160.184.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/b60d50-552a-44af-8ba5-36e4fb56fdb4/1/pstoJGZQvVjCKirgCtBmF4qB628.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/b60d50-552a-44af-8ba5-36e4fb56fdb4/1/pstoJGZQvVjCKirgCtBmF4qB628.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pstoJGZQvVjCKirgCtBmF4qB628.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 10:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:31:29:0a:fc:d9:cb:05:9c:13:a2:b3:9a:87:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a6cb68246650bd58c22a2ae00ad066178a81eb6f
        Validity
            Not Before: Jan  1 01:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3d4a4c065637cb72e2132bed3779b066bedf0baa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:f2:24:36:10:79:d5:32:26:bb:f9:0f:a4:2c:
                    c8:c4:e7:71:b1:21:37:e8:af:89:a8:b8:cd:03:1e:
                    71:f2:fe:35:c2:19:04:1b:9b:ca:4b:59:c9:f3:5c:
                    09:b7:db:d2:66:c7:91:05:d4:7c:fb:97:f0:f0:89:
                    f0:0f:41:9d:2c:98:0a:69:13:0a:22:9d:94:c1:50:
                    92:ea:53:03:fc:df:ac:1d:26:9a:0e:8c:fb:31:08:
                    73:8e:08:3d:cb:8f:58:de:4c:38:1f:df:8f:da:a3:
                    65:03:de:02:71:f7:8f:90:91:48:20:ec:aa:9c:4c:
                    73:cb:ee:99:2a:f4:cb:6d:36:9c:d0:3e:6a:c4:83:
                    c0:74:43:0f:8e:c1:42:e3:e7:db:90:40:48:a4:b1:
                    56:40:b4:cc:25:00:5a:b4:0d:26:99:d7:38:12:ee:
                    98:16:36:83:ea:49:89:a1:3f:ed:05:7c:7d:b9:c5:
                    df:a1:fa:b5:4d:ad:59:6d:a5:b7:a3:26:82:51:78:
                    14:f5:60:c0:43:d0:b5:7c:29:72:5a:0e:b2:d7:2c:
                    3a:63:de:a3:85:6a:f5:23:de:c8:34:d0:d5:a1:80:
                    14:7a:62:bb:03:3a:17:3f:35:8c:22:d3:41:43:38:
                    8d:3d:55:12:47:b5:d8:ae:27:dc:7e:ec:6e:6e:87:
                    d6:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:4A:4C:06:56:37:CB:72:E2:13:2B:ED:37:79:B0:66:BE:DF:0B:AA
            X509v3 Authority Key Identifier:
                keyid:A6:CB:68:24:66:50:BD:58:C2:2A:2A:E0:0A:D0:66:17:8A:81:EB:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pstoJGZQvVjCKirgCtBmF4qB628.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/b60d50-552a-44af-8ba5-36e4fb56fdb4/1/PUpMBlY3y3LiEyvtN3mwZr7fC6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/b60d50-552a-44af-8ba5-36e4fb56fdb4/1/pstoJGZQvVjCKirgCtBmF4qB628.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.160.176.0-193.160.187.255

    Signature Algorithm: sha256WithRSAEncryption
         28:bd:41:de:40:df:fc:cf:74:39:6a:cf:64:9c:89:11:20:67:
         8a:83:09:19:c3:7a:ea:b4:74:13:a5:b1:38:d7:c7:07:72:20:
         27:9a:4b:86:ef:a4:cd:a0:a8:51:7e:3f:8f:3c:da:7c:a9:31:
         82:ac:6c:fe:be:cc:c6:3e:92:2b:c9:67:57:52:ac:a0:cc:04:
         4a:cd:f4:3a:5b:ee:37:47:c3:90:fa:54:3b:3c:76:e9:d4:53:
         d2:c1:4a:8e:2b:33:df:69:7b:6b:5d:a6:af:a7:d9:bc:f0:0c:
         81:6b:34:0a:b6:54:52:f3:60:c4:be:86:fa:56:47:53:a0:2c:
         03:bc:9a:18:cc:1f:6b:d5:f7:b2:ac:de:60:c8:a2:83:f7:d9:
         1d:07:a0:80:a6:75:5f:4f:7d:e8:ed:8b:b8:bf:87:1e:4a:27:
         0e:a2:2d:a0:0c:47:e6:01:42:51:51:1a:3f:0f:73:ed:a1:cf:
         7a:af:02:42:2b:11:a0:e2:6d:5f:82:9a:bc:4b:4b:6e:e2:2e:
         24:2b:d6:c9:74:52:f2:83:cf:f0:74:f4:0e:94:4e:a8:b2:6a:
         6b:cc:6c:38:73:28:2d:a7:fc:4d:92:f0:ca:73:d0:3b:76:46:
         85:bc:e6:6b:d2:43:b0:84:12:fc:8b:7c:b9:4e:30:fe:fe:5b:
         2e:df:e6:c7
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQfjDEpCvzZywWcE6KzmofeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2Y2I2ODI0NjY1MGJkNThjMjJhMmFlMDBhZDA2NjE3OGE4
MWViNmYwHhcNMjUwMTAxMDE0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDRhNGMwNjU2MzdjYjcyZTIxMzJiZWQzNzc5YjA2NmJlZGYwYmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj/IkNhB51TImu/kPpCzIxOdxsSE3
6K+JqLjNAx5x8v41whkEG5vKS1nJ81wJt9vSZseRBdR8+5fw8InwD0GdLJgKaRMK
Ip2UwVCS6lMD/N+sHSaaDoz7MQhzjgg9y49Y3kw4H9+P2qNlA94CcfePkJFIIOyq
nExzy+6ZKvTLbTac0D5qxIPAdEMPjsFC4+fbkEBIpLFWQLTMJQBatA0mmdc4Eu6Y
FjaD6kmJoT/tBXx9ucXfofq1Ta1ZbaW3oyaCUXgU9WDAQ9C1fClyWg6y1yw6Y96j
hWr1I97INNDVoYAUemK7AzoXPzWMItNBQziNPVUSR7XYrifcfuxubofWmwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFD1KTAZWN8ty4hMr7Td5sGa+3wuqMB8GA1UdIwQY
MBaAFKbLaCRmUL1Ywioq4ArQZheKgetvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHN0b0pHWlF2VmpDS2lyZ0N0Qm1GNHFCNjI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9iNjBkNTAtNTUyYS00NGFmLThiYTUt
MzZlNGZiNTZmZGI0LzEvUFVwTUJsWTN5M0xpRXl2dE4zbXdacjdmQzZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9iNjBkNTAtNTUyYS00NGFmLThiYTUtMzZlNGZiNTZmZGI0
LzEvcHN0b0pHWlF2VmpDS2lyZ0N0Qm1GNHFCNjI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBATBoLAD
BALBoLgwDQYJKoZIhvcNAQELBQADggEBACi9Qd5A3/zPdDlqz2SciREgZ4qDCRnD
euq0dBOlsTjXxwdyICeaS4bvpM2gqFF+P4882nypMYKsbP6+zMY+kivJZ1dSrKDM
BErN9Dpb7jdHw5D6VDs8dunUU9LBSo4rM99pe2tdpq+n2bzwDIFrNAq2VFLzYMS+
hvpWR1OgLAO8mhjMH2vV97Ks3mDIooP32R0HoICmdV9Pfejti7i/hx5KJw6iLaAM
R+YBQlFRGj8Pc+2hz3qvAkIrEaDibV+CmrxLS27iLiQr1sl0UvKDz/B09A6UTqiy
amvMbDhzKC2n/E2S8Mpz0Dt2RoW85mvSQ7CEEvyLfLlOMP7+Wy7f5sc=
-----END CERTIFICATE-----