Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/b688da-765c-4481-8eb3-730383211f25/1/iPsc5cdyBdI5OoAXm1WxUyXcwKs.roa
File:                     iPsc5cdyBdI5OoAXm1WxUyXcwKs.roa (raw, json)
Hash identifier:          uev/ryB2qmGhnPuUk4GEhG25G76cZsNfJpVAjKwYXdQ=
Subject key identifier:   88:FB:1C:E5:C7:72:05:D2:39:3A:80:17:9B:55:B1:53:25:DC:C0:AB
Certificate issuer:       /CN=e3a898ba1250c8989cc76d9f8b53d1dbc62b2890
Certificate serial:       0194206873EC53AFE1E6520F6C45CCD5CA7E
Authority key identifier: E3:A8:98:BA:12:50:C8:98:9C:C7:6D:9F:8B:53:D1:DB:C6:2B:28:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/46iYuhJQyJicx22fi1PR28YrKJA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/b688da-765c-4481-8eb3-730383211f25/1/iPsc5cdyBdI5OoAXm1WxUyXcwKs.roa
Signing time:             Wed 01 Jan 2025 05:48:23 +0000
ROA not before:           Wed 01 Jan 2025 05:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25321
IP address blocks:        193.201.78.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/b688da-765c-4481-8eb3-730383211f25/1/46iYuhJQyJicx22fi1PR28YrKJA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/b688da-765c-4481-8eb3-730383211f25/1/46iYuhJQyJicx22fi1PR28YrKJA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/46iYuhJQyJicx22fi1PR28YrKJA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:73:ec:53:af:e1:e6:52:0f:6c:45:cc:d5:ca:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3a898ba1250c8989cc76d9f8b53d1dbc62b2890
        Validity
            Not Before: Jan  1 05:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=88fb1ce5c77205d2393a80179b55b15325dcc0ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:20:dc:a6:f8:d6:90:90:0b:88:a1:95:ad:73:
                    a3:e3:58:aa:00:5c:38:e0:e4:3b:90:64:c6:9b:78:
                    55:a3:e9:7d:f4:6a:6a:d9:b1:e1:19:60:ec:d9:d6:
                    36:a3:14:73:a3:8a:04:cd:79:8f:9a:5f:0a:f3:31:
                    31:e6:a6:8c:4c:81:2a:ae:81:ef:04:35:e6:db:6d:
                    f9:04:5e:38:50:94:93:1c:b7:88:7d:e2:af:ae:7c:
                    2f:51:c2:17:e3:30:90:17:19:e4:88:92:b6:c5:88:
                    2e:c8:27:18:d9:cc:d6:b4:c3:e0:81:62:5c:da:30:
                    68:c9:40:15:9d:33:6c:d0:d4:af:b3:4b:9d:b9:92:
                    29:f0:64:bb:47:e4:8d:4b:7c:87:b6:ca:44:3e:4e:
                    74:4f:65:c8:48:52:35:cb:2b:01:43:11:4e:59:e6:
                    0e:70:b7:14:34:64:05:33:b6:52:f9:5b:a1:c5:f5:
                    97:ad:cc:f5:af:5a:a5:b6:e9:2d:b5:c8:ba:e5:60:
                    9e:40:02:7c:28:fa:63:72:cb:8f:3e:2d:71:b2:fe:
                    38:6f:fd:ad:27:08:5c:4b:5f:09:72:3d:c6:cc:5c:
                    ac:c0:95:fe:a2:e3:8e:3d:6e:38:41:9e:b5:49:5c:
                    34:3c:47:e3:b8:7d:52:1e:e0:b8:ea:60:3b:63:7c:
                    3a:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:FB:1C:E5:C7:72:05:D2:39:3A:80:17:9B:55:B1:53:25:DC:C0:AB
            X509v3 Authority Key Identifier:
                keyid:E3:A8:98:BA:12:50:C8:98:9C:C7:6D:9F:8B:53:D1:DB:C6:2B:28:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/46iYuhJQyJicx22fi1PR28YrKJA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/b688da-765c-4481-8eb3-730383211f25/1/iPsc5cdyBdI5OoAXm1WxUyXcwKs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/b688da-765c-4481-8eb3-730383211f25/1/46iYuhJQyJicx22fi1PR28YrKJA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.201.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b0:d8:de:90:e5:3b:09:23:ef:67:a9:69:6e:8c:f5:9c:43:72:
         a0:26:81:1a:ac:93:ef:ff:8b:f3:be:85:08:8e:43:97:83:9e:
         6e:c3:e7:22:48:5b:a6:e3:1b:1e:86:5c:90:3f:4a:0e:08:d7:
         b8:2f:18:d1:1a:0a:0c:10:c7:b6:c3:20:a6:f6:fc:f0:1a:ce:
         90:a6:b9:3e:2f:99:9a:ea:97:18:57:7c:05:b8:fd:35:07:20:
         41:a1:ef:77:d6:01:9d:6e:94:21:73:a9:d8:d9:5b:97:bc:6b:
         19:8c:dd:a6:0f:16:a2:33:25:3f:5b:4c:3f:e3:30:ab:f0:e8:
         36:03:8e:ab:87:df:cf:87:ba:a3:f1:48:96:6b:95:61:5d:98:
         a6:86:1b:34:a9:58:90:76:30:ea:91:6d:fb:f6:7e:5f:64:24:
         c8:21:c8:72:fe:0e:a8:6b:91:08:0a:fb:f4:16:f5:44:ad:ed:
         47:9f:dd:f0:0a:e9:3f:cb:e2:9d:4d:9a:c7:f3:16:24:8d:89:
         8f:21:f2:1f:4b:9c:5d:41:0f:52:24:fc:55:06:fa:7d:54:7b:
         c8:24:86:91:00:5c:b5:27:9a:e1:26:c4:31:d7:e1:81:46:b6:
         62:ca:0a:24:bd:b2:48:ed:d3:2b:5b:63:c9:18:70:35:39:3b:
         c5:8c:14:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaHPsU6/h5lIPbEXM1cp+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzYTg5OGJhMTI1MGM4OTg5Y2M3NmQ5ZjhiNTNkMWRiYzYy
YjI4OTAwHhcNMjUwMTAxMDU0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGZiMWNlNWM3NzIwNWQyMzkzYTgwMTc5YjU1YjE1MzI1ZGNjMGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnSDcpvjWkJALiKGVrXOj41iqAFw4
4OQ7kGTGm3hVo+l99Gpq2bHhGWDs2dY2oxRzo4oEzXmPml8K8zEx5qaMTIEqroHv
BDXm2235BF44UJSTHLeIfeKvrnwvUcIX4zCQFxnkiJK2xYguyCcY2czWtMPggWJc
2jBoyUAVnTNs0NSvs0uduZIp8GS7R+SNS3yHtspEPk50T2XISFI1yysBQxFOWeYO
cLcUNGQFM7ZS+VuhxfWXrcz1r1qltukttci65WCeQAJ8KPpjcsuPPi1xsv44b/2t
JwhcS18Jcj3GzFyswJX+ouOOPW44QZ61SVw0PEfjuH1SHuC46mA7Y3w64wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIj7HOXHcgXSOTqAF5tVsVMl3MCrMB8GA1UdIwQY
MBaAFOOomLoSUMiYnMdtn4tT0dvGKyiQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDZpWXVoSlF5SmljeDIyZmkxUFIyOFlyS0pBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My9iNjg4ZGEtNzY1Yy00NDgxLThlYjMt
NzMwMzgzMjExZjI1LzEvaVBzYzVjZHlCZEk1T29BWG0xV3hVeVhjd0tzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My9iNjg4ZGEtNzY1Yy00NDgxLThlYjMtNzMwMzgzMjExZjI1
LzEvNDZpWXVoSlF5SmljeDIyZmkxUFIyOFlyS0pBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwclOMA0G
CSqGSIb3DQEBCwUAA4IBAQCw2N6Q5TsJI+9nqWlujPWcQ3KgJoEarJPv/4vzvoUI
jkOXg55uw+ciSFum4xsehlyQP0oOCNe4LxjRGgoMEMe2wyCm9vzwGs6Qprk+L5ma
6pcYV3wFuP01ByBBoe931gGdbpQhc6nY2VuXvGsZjN2mDxaiMyU/W0w/4zCr8Og2
A46rh9/Ph7qj8UiWa5VhXZimhhs0qViQdjDqkW379n5fZCTIIchy/g6oa5EICvv0
FvVEre1Hn93wCuk/y+KdTZrH8xYkjYmPIfIfS5xdQQ9SJPxVBvp9VHvIJIaRAFy1
J5rhJsQx1+GBRrZiygokvbJI7dMrW2PJGHA1OTvFjBTw
-----END CERTIFICATE-----