Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/6363ce-c8a0-4961-ae80-d5a785517bbf/1/G5Dr2RNwPGFwAwTeNB-9AS_pm0Q.roa
File:                     G5Dr2RNwPGFwAwTeNB-9AS_pm0Q.roa (raw, json)
Hash identifier:          0MjYAJyBV4+bo72HSaSmqLthye1AQFWyhQOJxf+19uc=
Subject key identifier:   1B:90:EB:D9:13:70:3C:61:70:03:04:DE:34:1F:BD:01:2F:E9:9B:44
Certificate issuer:       /CN=a79f3ad3142a2c02f992b96ab0b9b6390af7fe02
Certificate serial:       01941FFA5D2A9772D874BFA266D0780BDE15
Authority key identifier: A7:9F:3A:D3:14:2A:2C:02:F9:92:B9:6A:B0:B9:B6:39:0A:F7:FE:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p5860xQqLAL5krlqsLm2OQr3_gI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/6363ce-c8a0-4961-ae80-d5a785517bbf/1/G5Dr2RNwPGFwAwTeNB-9AS_pm0Q.roa
Signing time:             Wed 01 Jan 2025 03:48:09 +0000
ROA not before:           Wed 01 Jan 2025 03:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14907
IP address blocks:        193.46.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/6363ce-c8a0-4961-ae80-d5a785517bbf/1/p5860xQqLAL5krlqsLm2OQr3_gI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/6363ce-c8a0-4961-ae80-d5a785517bbf/1/p5860xQqLAL5krlqsLm2OQr3_gI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p5860xQqLAL5krlqsLm2OQr3_gI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:5d:2a:97:72:d8:74:bf:a2:66:d0:78:0b:de:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a79f3ad3142a2c02f992b96ab0b9b6390af7fe02
        Validity
            Not Before: Jan  1 03:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b90ebd913703c61700304de341fbd012fe99b44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:72:e0:47:f9:de:e4:84:c3:4e:0b:28:37:ef:
                    2e:e8:0f:6e:66:ca:f4:db:4f:84:b7:e0:2f:c7:b2:
                    40:b1:c6:0d:70:46:4e:8f:07:27:44:4e:04:d4:24:
                    b6:f7:84:a6:8b:64:40:7b:28:11:7d:a1:ce:1c:4b:
                    98:b6:eb:b3:2a:2b:09:27:cd:b6:0b:db:4a:5a:35:
                    dc:20:c3:89:b6:bf:2b:49:e2:0d:b8:9c:05:a8:1e:
                    a4:af:57:64:b0:4c:23:46:b3:3f:3b:d1:df:e3:c9:
                    0d:4a:90:1c:72:96:85:03:8d:38:41:14:18:bd:b4:
                    4b:b4:11:99:18:66:ad:6e:49:99:7c:c1:1d:21:e1:
                    23:3e:6b:e7:40:e2:6d:28:c7:c7:cd:3c:44:31:26:
                    01:46:02:06:f4:33:9d:71:0c:2f:c2:0e:af:c0:e3:
                    af:d3:18:02:b9:d9:9e:2e:aa:ae:27:0b:09:64:fa:
                    65:8b:fc:47:da:a5:b0:32:c9:b5:40:5b:c4:9c:b0:
                    21:1e:8e:69:54:5f:5a:e7:d6:f8:ca:5f:35:a6:e3:
                    c5:b4:17:f1:58:cd:b2:0a:01:73:42:5a:1b:eb:21:
                    9c:70:37:8d:54:d1:15:82:56:63:df:39:0b:49:3e:
                    9f:b8:34:94:f5:58:c6:53:52:23:a5:26:86:83:bd:
                    ed:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:90:EB:D9:13:70:3C:61:70:03:04:DE:34:1F:BD:01:2F:E9:9B:44
            X509v3 Authority Key Identifier:
                keyid:A7:9F:3A:D3:14:2A:2C:02:F9:92:B9:6A:B0:B9:B6:39:0A:F7:FE:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p5860xQqLAL5krlqsLm2OQr3_gI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/6363ce-c8a0-4961-ae80-d5a785517bbf/1/G5Dr2RNwPGFwAwTeNB-9AS_pm0Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/6363ce-c8a0-4961-ae80-d5a785517bbf/1/p5860xQqLAL5krlqsLm2OQr3_gI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.46.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:9e:f0:88:15:9b:1b:12:6a:a7:b7:51:f8:07:e4:0e:b8:61:
         ff:66:3b:09:89:6f:5d:59:8c:5c:02:e4:f0:bd:9d:85:6e:b6:
         a3:c9:b6:58:7b:4c:35:32:99:2c:9b:51:84:7a:b3:84:2b:9e:
         18:ed:e4:ad:13:04:45:84:25:5e:c5:ea:1a:40:4b:13:fb:81:
         96:ec:af:06:18:13:22:57:51:ee:4f:fe:ac:a7:ce:43:6c:9a:
         51:63:95:54:a0:f5:44:ab:b7:0b:09:a0:5a:99:bf:50:c3:86:
         a8:c3:e4:65:f7:9f:c9:de:12:0f:90:35:ee:e1:3a:f5:3d:45:
         10:34:2f:06:c6:1f:ea:ee:55:eb:d5:77:d4:fe:3b:93:13:9c:
         21:4f:65:cb:9c:84:00:78:0d:8b:d9:21:cf:f7:02:13:1d:26:
         a6:ca:ad:3a:9d:07:9d:4e:fd:3e:7b:f9:d5:0f:a8:22:45:19:
         61:f0:1e:75:30:c3:d3:b8:2f:a2:17:21:57:5e:2f:1e:df:cb:
         ee:24:13:a7:33:99:01:23:12:3c:06:39:ac:9d:17:3e:ec:96:
         d3:e2:40:d6:50:35:a6:a7:04:6e:67:6f:87:87:53:8d:b9:89:
         37:26:3b:1e:e9:c1:50:24:91:3f:98:55:8c:4f:21:df:f4:bc:
         e6:25:02:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+l0ql3LYdL+iZtB4C94VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3OWYzYWQzMTQyYTJjMDJmOTkyYjk2YWIwYjliNjM5MGFm
N2ZlMDIwHhcNMjUwMTAxMDM0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjkwZWJkOTEzNzAzYzYxNzAwMzA0ZGUzNDFmYmQwMTJmZTk5YjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqHLgR/ne5ITDTgsoN+8u6A9uZsr0
20+Et+Avx7JAscYNcEZOjwcnRE4E1CS294Smi2RAeygRfaHOHEuYtuuzKisJJ822
C9tKWjXcIMOJtr8rSeINuJwFqB6kr1dksEwjRrM/O9Hf48kNSpAccpaFA404QRQY
vbRLtBGZGGatbkmZfMEdIeEjPmvnQOJtKMfHzTxEMSYBRgIG9DOdcQwvwg6vwOOv
0xgCudmeLqquJwsJZPpli/xH2qWwMsm1QFvEnLAhHo5pVF9a59b4yl81puPFtBfx
WM2yCgFzQlob6yGccDeNVNEVglZj3zkLST6fuDSU9VjGU1IjpSaGg73tDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBuQ69kTcDxhcAME3jQfvQEv6ZtEMB8GA1UdIwQY
MBaAFKefOtMUKiwC+ZK5arC5tjkK9/4CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDU4NjB4UXFMQUw1a3JscXNMbTJPUXIzX2dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi82MzYzY2UtYzhhMC00OTYxLWFlODAt
ZDVhNzg1NTE3YmJmLzEvRzVEcjJSTndQR0Z3QXdUZU5CLTlBU19wbTBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi82MzYzY2UtYzhhMC00OTYxLWFlODAtZDVhNzg1NTE3YmJm
LzEvcDU4NjB4UXFMQUw1a3JscXNMbTJPUXIzX2dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwS5aMA0G
CSqGSIb3DQEBCwUAA4IBAQB+nvCIFZsbEmqnt1H4B+QOuGH/ZjsJiW9dWYxcAuTw
vZ2FbrajybZYe0w1Mpksm1GEerOEK54Y7eStEwRFhCVexeoaQEsT+4GW7K8GGBMi
V1HuT/6sp85DbJpRY5VUoPVEq7cLCaBamb9Qw4aow+Rl95/J3hIPkDXu4Tr1PUUQ
NC8Gxh/q7lXr1XfU/juTE5whT2XLnIQAeA2L2SHP9wITHSamyq06nQedTv0+e/nV
D6giRRlh8B51MMPTuC+iFyFXXi8e38vuJBOnM5kBIxI8BjmsnRc+7JbT4kDWUDWm
pwRuZ2+Hh1ONuYk3Jjse6cFQJJE/mFWMTyHf9LzmJQKM
-----END CERTIFICATE-----