Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/5c97a8-0a72-4646-bbef-4a58f6f4a520/1/Pbp1eciHO-UhIJpPdZFn8wF63FI.roa
File:                     Pbp1eciHO-UhIJpPdZFn8wF63FI.roa (raw, json)
Hash identifier:          EiHHNAaeKbw5gHhaTNQ4Y0I8tatl+hRLFmyR/dbGoU0=
Subject key identifier:   3D:BA:75:79:C8:87:3B:E5:21:20:9A:4F:75:91:67:F3:01:7A:DC:52
Certificate issuer:       /CN=893cfa5278774a711e44be1d6b0c2797f22f2b77
Certificate serial:       018CC86F25A5C956CC3523DB0BD238C5A315
Authority key identifier: 89:3C:FA:52:78:77:4A:71:1E:44:BE:1D:6B:0C:27:97:F2:2F:2B:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iTz6Unh3SnEeRL4dawwnl_IvK3c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/5c97a8-0a72-4646-bbef-4a58f6f4a520/1/Pbp1eciHO-UhIJpPdZFn8wF63FI.roa
Signing time:             Tue 02 Jan 2024 04:29:36 +0000
ROA not before:           Tue 02 Jan 2024 04:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6735
IP address blocks:        194.88.160.0/19 maxlen: 19
                          2a05:e140::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/5c97a8-0a72-4646-bbef-4a58f6f4a520/1/iTz6Unh3SnEeRL4dawwnl_IvK3c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/5c97a8-0a72-4646-bbef-4a58f6f4a520/1/iTz6Unh3SnEeRL4dawwnl_IvK3c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iTz6Unh3SnEeRL4dawwnl_IvK3c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 01:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:25:a5:c9:56:cc:35:23:db:0b:d2:38:c5:a3:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=893cfa5278774a711e44be1d6b0c2797f22f2b77
        Validity
            Not Before: Jan  2 04:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3dba7579c8873be521209a4f759167f3017adc52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:c3:60:af:bd:d1:ed:d2:ce:14:f4:a8:d9:a6:
                    1a:d8:6e:69:9c:e0:ea:b8:ac:d6:ee:2f:96:e9:73:
                    39:8c:15:ee:5c:6f:0b:7e:81:ba:71:7d:bd:2e:5e:
                    7d:1b:c7:33:a4:99:f5:54:a1:78:c2:0c:94:14:ff:
                    3f:de:eb:6d:09:57:8f:6f:8c:72:db:24:71:a1:4e:
                    ff:ce:19:c5:59:9e:04:75:4a:bf:fd:4b:44:9d:ec:
                    1a:94:b3:bb:79:13:b6:28:e9:65:23:ed:52:26:64:
                    d9:2f:d1:c4:11:ea:a4:87:7d:c0:ea:ae:df:ef:cf:
                    ef:22:61:d5:82:7e:68:f5:4c:53:e6:9f:f6:f8:be:
                    3d:95:13:55:8b:3f:3b:b3:65:1c:22:89:ae:69:38:
                    77:22:47:96:ad:35:7d:a4:02:59:38:22:fe:01:26:
                    ba:e2:a0:4c:10:68:9b:e2:16:50:cd:c7:54:b9:40:
                    07:04:d4:f7:c2:f1:fc:f9:4b:93:77:64:2b:83:2c:
                    b9:f3:8b:de:ba:bf:45:65:e2:4f:c8:c9:ee:93:32:
                    85:f9:7e:de:c0:af:3a:aa:0c:67:7d:d5:33:fe:48:
                    cd:c7:b6:02:51:49:ee:2b:86:2b:b3:ef:b8:2f:4e:
                    46:92:35:54:29:47:76:69:7d:fd:74:f3:33:e3:48:
                    30:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:BA:75:79:C8:87:3B:E5:21:20:9A:4F:75:91:67:F3:01:7A:DC:52
            X509v3 Authority Key Identifier:
                keyid:89:3C:FA:52:78:77:4A:71:1E:44:BE:1D:6B:0C:27:97:F2:2F:2B:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iTz6Unh3SnEeRL4dawwnl_IvK3c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/5c97a8-0a72-4646-bbef-4a58f6f4a520/1/Pbp1eciHO-UhIJpPdZFn8wF63FI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/5c97a8-0a72-4646-bbef-4a58f6f4a520/1/iTz6Unh3SnEeRL4dawwnl_IvK3c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.88.160.0/19
                IPv6:
                  2a05:e140::/29

    Signature Algorithm: sha256WithRSAEncryption
         5c:b2:37:46:ca:8e:71:80:f4:17:7f:16:e6:90:e2:08:cd:8d:
         ba:bf:ac:76:82:44:4d:f9:68:b7:61:00:17:d2:18:68:6b:3e:
         b0:55:1d:ce:a6:6f:59:93:12:99:3c:28:ff:86:19:29:94:02:
         d8:50:f4:be:ad:b2:bf:a0:90:0c:6f:83:2e:26:b1:0c:81:43:
         66:d7:ba:9a:8b:df:90:83:43:43:91:52:48:c5:a7:13:cf:76:
         e7:3b:ad:97:fa:18:f6:1c:f3:2c:59:d0:bf:ff:fd:a1:eb:c9:
         c5:3d:e8:5e:50:66:c8:ec:60:1c:29:5a:06:3b:d9:fa:c4:6a:
         a4:56:57:c0:3d:6d:3a:68:11:0f:fd:df:9d:89:e6:1e:dd:a1:
         cd:6c:54:c2:0c:76:31:f6:fb:a3:10:5a:63:54:e8:cf:eb:d3:
         bf:8d:e3:d7:36:da:08:ec:2a:7e:d7:28:f3:d4:eb:4c:6d:e9:
         1d:c7:f8:0e:64:9c:2c:62:25:09:26:bd:b9:87:e6:61:ec:1d:
         9b:ca:94:e6:1c:cc:54:a0:7a:8d:7f:0f:21:13:2b:4b:3a:85:
         30:99:49:f2:6e:87:17:39:bf:5b:3a:6c:e5:e6:ae:66:7d:02:
         85:5f:25:2b:b9:83:73:9d:2c:ee:e4:5c:6c:9c:8d:78:55:a5:
         d9:9a:04:33
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIbyWlyVbMNSPbC9I4xaMVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5M2NmYTUyNzg3NzRhNzExZTQ0YmUxZDZiMGMyNzk3ZjIy
ZjJiNzcwHhcNMjQwMTAyMDQyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGJhNzU3OWM4ODczYmU1MjEyMDlhNGY3NTkxNjdmMzAxN2FkYzUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAscNgr73R7dLOFPSo2aYa2G5pnODq
uKzW7i+W6XM5jBXuXG8LfoG6cX29Ll59G8czpJn1VKF4wgyUFP8/3uttCVePb4xy
2yRxoU7/zhnFWZ4EdUq//UtEnewalLO7eRO2KOllI+1SJmTZL9HEEeqkh33A6q7f
78/vImHVgn5o9UxT5p/2+L49lRNViz87s2UcIomuaTh3IkeWrTV9pAJZOCL+ASa6
4qBMEGib4hZQzcdUuUAHBNT3wvH8+UuTd2Qrgyy584veur9FZeJPyMnukzKF+X7e
wK86qgxnfdUz/kjNx7YCUUnuK4Yrs++4L05GkjVUKUd2aX39dPMz40gwVQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFD26dXnIhzvlISCaT3WRZ/MBetxSMB8GA1UdIwQY
MBaAFIk8+lJ4d0pxHkS+HWsMJ5fyLyt3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVR6NlVuaDNTbkVlUkw0ZGF3d25sX0l2SzNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS81Yzk3YTgtMGE3Mi00NjQ2LWJiZWYt
NGE1OGY2ZjRhNTIwLzEvUGJwMWVjaUhPLVVoSUpwUGRaRm44d0Y2M0ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS81Yzk3YTgtMGE3Mi00NjQ2LWJiZWYtNGE1OGY2ZjRhNTIw
LzEvaVR6NlVuaDNTbkVlUkw0ZGF3d25sX0l2SzNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFwligMA0E
AgACMAcDBQMqBeFAMA0GCSqGSIb3DQEBCwUAA4IBAQBcsjdGyo5xgPQXfxbmkOII
zY26v6x2gkRN+Wi3YQAX0hhoaz6wVR3Opm9ZkxKZPCj/hhkplALYUPS+rbK/oJAM
b4MuJrEMgUNm17qai9+Qg0NDkVJIxacTz3bnO62X+hj2HPMsWdC///2h68nFPehe
UGbI7GAcKVoGO9n6xGqkVlfAPW06aBEP/d+dieYe3aHNbFTCDHYx9vujEFpjVOjP
69O/jePXNtoI7Cp+1yjz1OtMbekdx/gOZJwsYiUJJr25h+Zh7B2bypTmHMxUoHqN
fw8hEytLOoUwmUnybocXOb9bOmzl5q5mfQKFXyUruYNznSzu5FxsnI14VaXZmgQz
-----END CERTIFICATE-----