Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/bb3e71-d308-4b1c-b68a-34bd2a1dd80a/1/Et5dSxuAi_KihXUlNVsAbWbHrTo.roa
File:                     Et5dSxuAi_KihXUlNVsAbWbHrTo.roa (raw, json)
Hash identifier:          xCLuycrSgiM/xyh0qJcxYCnQMVMP0r4rUs9JwW6rQ68=
Subject key identifier:   12:DE:5D:4B:1B:80:8B:F2:A2:85:75:25:35:5B:00:6D:66:C7:AD:3A
Certificate issuer:       /CN=d53392f390b42dad7003674ebc2d01df3ded81bc
Certificate serial:       018CC3B6E78F7E0A4B8A1179770C4F5B01AE
Authority key identifier: D5:33:92:F3:90:B4:2D:AD:70:03:67:4E:BC:2D:01:DF:3D:ED:81:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1TOS85C0La1wA2dOvC0B3z3tgbw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/bb3e71-d308-4b1c-b68a-34bd2a1dd80a/1/Et5dSxuAi_KihXUlNVsAbWbHrTo.roa
Signing time:             Mon 01 Jan 2024 06:29:53 +0000
ROA not before:           Mon 01 Jan 2024 06:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208164
IP address blocks:        193.27.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/bb3e71-d308-4b1c-b68a-34bd2a1dd80a/1/1TOS85C0La1wA2dOvC0B3z3tgbw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/bb3e71-d308-4b1c-b68a-34bd2a1dd80a/1/1TOS85C0La1wA2dOvC0B3z3tgbw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1TOS85C0La1wA2dOvC0B3z3tgbw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:e7:8f:7e:0a:4b:8a:11:79:77:0c:4f:5b:01:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d53392f390b42dad7003674ebc2d01df3ded81bc
        Validity
            Not Before: Jan  1 06:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=12de5d4b1b808bf2a2857525355b006d66c7ad3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:6c:3c:8f:d8:81:a5:47:96:60:57:51:42:bc:
                    5e:e7:88:02:6c:26:1b:0a:ea:cb:1e:e9:9e:b9:39:
                    c9:5d:68:de:10:03:a7:84:6a:78:e3:bb:5e:85:d2:
                    c4:13:54:39:1e:98:5a:6e:f8:18:f2:cd:4b:75:ae:
                    b3:5c:e8:55:f5:82:fa:9e:4c:6f:96:1a:f3:c3:9e:
                    24:5c:b6:ee:97:a3:04:67:42:a3:9a:36:f5:33:2d:
                    dd:56:56:a7:03:07:ff:dc:e7:6e:fd:18:8b:2e:6e:
                    72:79:d0:25:ba:e1:7d:9b:9e:26:53:3b:d7:72:4e:
                    3d:08:ea:5d:35:d1:00:79:e5:ba:bd:43:b5:7f:8e:
                    f4:ef:c5:cd:28:92:15:8b:bb:b8:b2:e5:eb:49:b6:
                    6f:9f:11:0f:8f:c0:f2:b7:d6:9b:a4:8d:e5:54:87:
                    88:e9:9d:15:a8:3e:e5:ee:b0:0b:18:e9:56:1d:b9:
                    17:f6:f9:19:52:b2:3c:77:2f:0e:05:3e:1d:91:37:
                    e6:7b:9a:6e:a4:03:6f:5e:6a:8a:ea:87:7c:53:a6:
                    cb:4e:6d:fc:1d:30:9c:03:59:0b:7e:ce:16:9a:59:
                    c4:c3:34:d9:af:3a:c5:d2:c8:96:5f:ee:02:a1:37:
                    db:81:0b:33:25:60:81:3c:1f:83:37:7a:26:26:a0:
                    57:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:DE:5D:4B:1B:80:8B:F2:A2:85:75:25:35:5B:00:6D:66:C7:AD:3A
            X509v3 Authority Key Identifier:
                keyid:D5:33:92:F3:90:B4:2D:AD:70:03:67:4E:BC:2D:01:DF:3D:ED:81:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1TOS85C0La1wA2dOvC0B3z3tgbw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/bb3e71-d308-4b1c-b68a-34bd2a1dd80a/1/Et5dSxuAi_KihXUlNVsAbWbHrTo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/bb3e71-d308-4b1c-b68a-34bd2a1dd80a/1/1TOS85C0La1wA2dOvC0B3z3tgbw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.27.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:91:bd:f6:63:a4:75:9d:62:ec:5e:75:b1:e0:a3:54:a6:f7:
         15:7e:d4:fc:0f:1d:58:19:81:7a:22:51:74:4b:bd:a0:2f:4a:
         c4:4d:a4:2e:d9:96:b4:d4:80:03:c5:6d:5e:58:36:e5:8f:e9:
         8a:ca:0b:83:b3:6f:c4:b6:1e:85:45:32:c5:1f:3b:cc:04:3b:
         ec:d7:da:7d:ae:f5:20:64:26:c2:8d:6a:2d:43:04:f3:63:c6:
         ca:d1:df:aa:98:54:0b:68:53:16:70:39:51:d9:fb:90:15:cc:
         e3:48:17:8a:87:43:6f:50:af:59:d3:65:30:3c:da:4e:3d:10:
         3a:a1:43:9f:80:fb:f1:c7:63:e3:58:11:19:3a:7e:45:a0:a4:
         04:30:6d:60:78:47:17:e2:27:2b:ca:f3:ea:a3:88:f4:53:4a:
         06:bd:d1:0f:7c:62:2d:22:64:37:60:8d:2c:5d:96:58:de:a0:
         5d:8e:f8:f5:fe:50:30:83:78:83:b4:e5:61:a1:78:18:a2:5c:
         df:d1:f7:42:a4:89:a0:81:a2:48:1e:90:10:2f:ce:29:bf:cf:
         a7:c5:f7:27:45:c5:ae:dc:ab:10:3c:d9:59:ad:33:b2:d0:6d:
         39:28:11:18:d2:7c:c7:38:db:77:7f:74:c4:cc:44:23:12:88:
         bc:7b:6a:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtuePfgpLihF5dwxPWwGuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1MzM5MmYzOTBiNDJkYWQ3MDAzNjc0ZWJjMmQwMWRmM2Rl
ZDgxYmMwHhcNMjQwMTAxMDYyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmRlNWQ0YjFiODA4YmYyYTI4NTc1MjUzNTViMDA2ZDY2YzdhZDNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqWw8j9iBpUeWYFdRQrxe54gCbCYb
CurLHumeuTnJXWjeEAOnhGp447tehdLEE1Q5HphabvgY8s1Lda6zXOhV9YL6nkxv
lhrzw54kXLbul6MEZ0Kjmjb1My3dVlanAwf/3Odu/RiLLm5yedAluuF9m54mUzvX
ck49COpdNdEAeeW6vUO1f47078XNKJIVi7u4suXrSbZvnxEPj8Dyt9abpI3lVIeI
6Z0VqD7l7rALGOlWHbkX9vkZUrI8dy8OBT4dkTfme5pupANvXmqK6od8U6bLTm38
HTCcA1kLfs4WmlnEwzTZrzrF0siWX+4CoTfbgQszJWCBPB+DN3omJqBXSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBLeXUsbgIvyooV1JTVbAG1mx606MB8GA1UdIwQY
MBaAFNUzkvOQtC2tcANnTrwtAd897YG8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVRPUzg1QzBMYTF3QTJkT3ZDMEIzejN0Z2J3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9iYjNlNzEtZDMwOC00YjFjLWI2OGEt
MzRiZDJhMWRkODBhLzEvRXQ1ZFN4dUFpX0tpaFhVbE5Wc0FiV2JIclRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9iYjNlNzEtZDMwOC00YjFjLWI2OGEtMzRiZDJhMWRkODBh
LzEvMVRPUzg1QzBMYTF3QTJkT3ZDMEIzejN0Z2J3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRtbMA0G
CSqGSIb3DQEBCwUAA4IBAQCJkb32Y6R1nWLsXnWx4KNUpvcVftT8Dx1YGYF6IlF0
S72gL0rETaQu2Za01IADxW1eWDblj+mKyguDs2/Eth6FRTLFHzvMBDvs19p9rvUg
ZCbCjWotQwTzY8bK0d+qmFQLaFMWcDlR2fuQFczjSBeKh0NvUK9Z02UwPNpOPRA6
oUOfgPvxx2PjWBEZOn5FoKQEMG1geEcX4icryvPqo4j0U0oGvdEPfGItImQ3YI0s
XZZY3qBdjvj1/lAwg3iDtOVhoXgYolzf0fdCpImggaJIHpAQL84pv8+nxfcnRcWu
3KsQPNlZrTOy0G05KBEY0nzHONt3f3TEzEQjEoi8e2oY
-----END CERTIFICATE-----