Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/b688da-765c-4481-8eb3-730383211f25/1/KvZ5C7GGXpsnDIXFK9w1aA1xkeQ.roa
File:                     KvZ5C7GGXpsnDIXFK9w1aA1xkeQ.roa (raw, json)
Hash identifier:          2xkPC934TFyqLBsVBMeVEQzNzEo6Q8YWu+gSYwwm5GU=
Subject key identifier:   2A:F6:79:0B:B1:86:5E:9B:27:0C:85:C5:2B:DC:35:68:0D:71:91:E4
Certificate issuer:       /CN=e3a898ba1250c8989cc76d9f8b53d1dbc62b2890
Certificate serial:       018CC56DF2DBB200A60A10EA489CF67770EB
Authority key identifier: E3:A8:98:BA:12:50:C8:98:9C:C7:6D:9F:8B:53:D1:DB:C6:2B:28:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/46iYuhJQyJicx22fi1PR28YrKJA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/b688da-765c-4481-8eb3-730383211f25/1/KvZ5C7GGXpsnDIXFK9w1aA1xkeQ.roa
Signing time:             Mon 01 Jan 2024 14:29:26 +0000
ROA not before:           Mon 01 Jan 2024 14:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25321
IP address blocks:        193.201.78.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/b688da-765c-4481-8eb3-730383211f25/1/46iYuhJQyJicx22fi1PR28YrKJA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/b688da-765c-4481-8eb3-730383211f25/1/46iYuhJQyJicx22fi1PR28YrKJA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/46iYuhJQyJicx22fi1PR28YrKJA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:f2:db:b2:00:a6:0a:10:ea:48:9c:f6:77:70:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3a898ba1250c8989cc76d9f8b53d1dbc62b2890
        Validity
            Not Before: Jan  1 14:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2af6790bb1865e9b270c85c52bdc35680d7191e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:e1:21:b6:c6:13:3f:cd:91:a9:ab:5c:36:08:
                    6f:3e:51:54:03:82:2b:df:a7:e5:37:97:54:03:0e:
                    42:f0:ec:d1:76:2b:3f:50:09:07:0e:28:40:83:67:
                    f2:f6:20:c8:3d:f9:62:de:d8:8b:62:f6:94:bf:e7:
                    23:2a:aa:93:38:9d:39:0b:35:68:b3:cf:07:3a:0d:
                    b2:b5:ca:57:0d:30:29:53:19:5b:09:1c:43:6f:a1:
                    53:cd:15:8e:98:e9:8f:43:e6:af:41:c7:7d:dc:08:
                    54:2a:a1:22:2f:aa:d5:3c:b8:22:56:05:71:9c:dc:
                    a6:94:51:13:e9:b7:95:5b:2d:b2:e0:36:e3:6a:69:
                    09:a8:1e:84:75:68:0f:74:1a:1e:fd:11:8e:ea:1e:
                    f8:8f:a0:2c:17:9f:e0:24:d3:a4:74:8c:6b:08:7a:
                    9b:55:b7:56:32:29:8b:b3:9b:6b:94:e2:38:a4:25:
                    1f:54:de:4f:c0:ca:2f:01:cc:dd:a5:7c:d5:a6:af:
                    97:51:78:94:34:7d:74:8e:a2:58:74:ab:08:b8:d5:
                    63:ea:0d:32:f9:50:44:21:84:68:9e:a6:6c:f8:31:
                    00:66:24:fe:58:42:2e:67:78:16:4c:75:64:33:d5:
                    43:4c:80:0f:4a:9f:9a:5d:8a:bf:87:f6:b5:db:9c:
                    1c:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:F6:79:0B:B1:86:5E:9B:27:0C:85:C5:2B:DC:35:68:0D:71:91:E4
            X509v3 Authority Key Identifier:
                keyid:E3:A8:98:BA:12:50:C8:98:9C:C7:6D:9F:8B:53:D1:DB:C6:2B:28:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/46iYuhJQyJicx22fi1PR28YrKJA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/b688da-765c-4481-8eb3-730383211f25/1/KvZ5C7GGXpsnDIXFK9w1aA1xkeQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/b688da-765c-4481-8eb3-730383211f25/1/46iYuhJQyJicx22fi1PR28YrKJA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.201.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ad:71:2b:0f:a1:cd:51:0b:a9:30:8e:e6:37:8d:bb:92:79:6e:
         2e:79:a9:f0:59:52:84:17:3c:ba:6d:63:e9:f1:50:0c:46:92:
         f2:36:db:59:c7:24:68:88:06:75:b8:31:e7:22:ad:d6:36:40:
         b4:81:d6:93:62:37:f7:ad:de:d7:e9:d7:e2:91:22:3e:92:c3:
         2f:8b:75:a4:4b:a2:63:f1:f5:d4:cb:c9:35:ff:27:b8:96:09:
         1f:7f:74:3c:45:82:d9:86:ef:81:2c:10:1e:18:e6:59:33:ea:
         ad:2e:e5:bf:64:09:41:2a:31:e8:43:3f:d9:fa:b3:ef:3c:19:
         64:ee:72:e4:c8:4c:f7:ef:0e:c6:32:61:62:25:1f:64:5b:c8:
         dc:ac:19:ea:cd:62:c8:e2:a3:1a:e9:b2:26:b3:74:1e:d7:ea:
         e6:79:a3:29:53:64:92:26:d7:47:f0:0f:51:96:9e:de:22:fd:
         12:f8:8e:e7:67:95:25:f9:31:75:69:38:20:6b:2c:93:81:e1:
         4a:86:43:4b:29:81:dd:04:00:6e:43:a2:bd:71:5a:73:1c:6f:
         c5:ae:78:2d:89:89:8e:6f:87:29:e9:f0:27:ac:12:ea:83:39:
         fe:f7:f5:33:f7:74:f9:a0:2e:20:64:75:0e:60:8f:23:69:5b:
         44:14:bb:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbfLbsgCmChDqSJz2d3DrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzYTg5OGJhMTI1MGM4OTg5Y2M3NmQ5ZjhiNTNkMWRiYzYy
YjI4OTAwHhcNMjQwMTAxMTQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWY2NzkwYmIxODY1ZTliMjcwYzg1YzUyYmRjMzU2ODBkNzE5MWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl+EhtsYTP82RqatcNghvPlFUA4Ir
36flN5dUAw5C8OzRdis/UAkHDihAg2fy9iDIPfli3tiLYvaUv+cjKqqTOJ05CzVo
s88HOg2ytcpXDTApUxlbCRxDb6FTzRWOmOmPQ+avQcd93AhUKqEiL6rVPLgiVgVx
nNymlFET6beVWy2y4DbjamkJqB6EdWgPdBoe/RGO6h74j6AsF5/gJNOkdIxrCHqb
VbdWMimLs5trlOI4pCUfVN5PwMovAczdpXzVpq+XUXiUNH10jqJYdKsIuNVj6g0y
+VBEIYRonqZs+DEAZiT+WEIuZ3gWTHVkM9VDTIAPSp+aXYq/h/a125wcUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCr2eQuxhl6bJwyFxSvcNWgNcZHkMB8GA1UdIwQY
MBaAFOOomLoSUMiYnMdtn4tT0dvGKyiQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDZpWXVoSlF5SmljeDIyZmkxUFIyOFlyS0pBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My9iNjg4ZGEtNzY1Yy00NDgxLThlYjMt
NzMwMzgzMjExZjI1LzEvS3ZaNUM3R0dYcHNuRElYRks5dzFhQTF4a2VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My9iNjg4ZGEtNzY1Yy00NDgxLThlYjMtNzMwMzgzMjExZjI1
LzEvNDZpWXVoSlF5SmljeDIyZmkxUFIyOFlyS0pBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwclOMA0G
CSqGSIb3DQEBCwUAA4IBAQCtcSsPoc1RC6kwjuY3jbuSeW4ueanwWVKEFzy6bWPp
8VAMRpLyNttZxyRoiAZ1uDHnIq3WNkC0gdaTYjf3rd7X6dfikSI+ksMvi3WkS6Jj
8fXUy8k1/ye4lgkff3Q8RYLZhu+BLBAeGOZZM+qtLuW/ZAlBKjHoQz/Z+rPvPBlk
7nLkyEz37w7GMmFiJR9kW8jcrBnqzWLI4qMa6bIms3Qe1+rmeaMpU2SSJtdH8A9R
lp7eIv0S+I7nZ5Ul+TF1aTggayyTgeFKhkNLKYHdBABuQ6K9cVpzHG/FrngtiYmO
b4cp6fAnrBLqgzn+9/Uz93T5oC4gZHUOYI8jaVtEFLv5
-----END CERTIFICATE-----