Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6f5128-7cba-49c5-9b25-99c1b0cfc3a8/1/Ts3FuibHBhs53WK-kxyENqvIMjE.roa
File:                     Ts3FuibHBhs53WK-kxyENqvIMjE.roa (raw, json)
Hash identifier:          E6JoUHmQOssoTS647IfFUQY+u0qvnySSEL3k3XwE7/w=
Subject key identifier:   4E:CD:C5:BA:26:C7:06:1B:39:DD:62:BE:93:1C:84:36:AB:C8:32:31
Certificate issuer:       /CN=ea583d61f2e57a6b16ea4b1a9ca27bb250d748ef
Certificate serial:       018CC5DC127E9BCA85B76C3184D2F4969C11
Authority key identifier: EA:58:3D:61:F2:E5:7A:6B:16:EA:4B:1A:9C:A2:7B:B2:50:D7:48:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6lg9YfLlemsW6ksanKJ7slDXSO8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6f5128-7cba-49c5-9b25-99c1b0cfc3a8/1/Ts3FuibHBhs53WK-kxyENqvIMjE.roa
Signing time:             Mon 01 Jan 2024 16:29:43 +0000
ROA not before:           Mon 01 Jan 2024 16:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60295
IP address blocks:        193.25.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6f5128-7cba-49c5-9b25-99c1b0cfc3a8/1/6lg9YfLlemsW6ksanKJ7slDXSO8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6f5128-7cba-49c5-9b25-99c1b0cfc3a8/1/6lg9YfLlemsW6ksanKJ7slDXSO8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6lg9YfLlemsW6ksanKJ7slDXSO8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 08:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:12:7e:9b:ca:85:b7:6c:31:84:d2:f4:96:9c:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea583d61f2e57a6b16ea4b1a9ca27bb250d748ef
        Validity
            Not Before: Jan  1 16:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ecdc5ba26c7061b39dd62be931c8436abc83231
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:2c:45:36:e2:97:56:4c:cb:e7:1b:35:b3:fc:
                    87:01:23:7b:95:0b:03:60:26:3d:a0:5e:a6:60:80:
                    97:92:1a:11:3d:5f:b4:ca:45:27:b0:40:78:7c:ea:
                    ec:0d:b2:47:e2:18:88:2d:52:bd:59:b6:93:24:80:
                    cc:15:40:96:87:70:3c:44:79:82:95:f7:e0:c4:61:
                    fa:fa:7b:e4:82:27:c7:79:2a:28:b7:15:0e:4d:02:
                    b5:5b:bf:71:93:3d:6b:5d:25:fa:8d:56:cf:af:fd:
                    e4:06:63:98:36:0a:e8:ac:6d:4d:c1:38:10:ce:c8:
                    17:51:c3:0c:99:8f:b5:db:c0:5d:f6:ba:f6:29:59:
                    66:cb:e0:4f:4b:f1:1e:12:06:70:0e:12:12:7b:54:
                    7e:64:0e:ba:22:65:ac:44:ca:df:c1:a3:01:bc:ef:
                    c7:49:0a:04:0a:8f:38:ff:87:a1:c4:2e:fb:20:8d:
                    59:71:9e:ba:ce:7f:92:4a:74:87:b5:0e:a7:46:c4:
                    84:4d:4d:c2:60:43:b1:3d:82:08:20:b6:57:9e:15:
                    cd:05:c2:6b:da:e0:f1:89:67:9c:4d:f3:45:11:ce:
                    4f:cd:52:ef:13:81:36:86:a0:1f:be:7d:3b:f8:69:
                    b9:ae:71:14:ba:ea:c8:e5:be:04:63:cd:71:3d:28:
                    83:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:CD:C5:BA:26:C7:06:1B:39:DD:62:BE:93:1C:84:36:AB:C8:32:31
            X509v3 Authority Key Identifier:
                keyid:EA:58:3D:61:F2:E5:7A:6B:16:EA:4B:1A:9C:A2:7B:B2:50:D7:48:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6lg9YfLlemsW6ksanKJ7slDXSO8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6f5128-7cba-49c5-9b25-99c1b0cfc3a8/1/Ts3FuibHBhs53WK-kxyENqvIMjE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6f5128-7cba-49c5-9b25-99c1b0cfc3a8/1/6lg9YfLlemsW6ksanKJ7slDXSO8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.25.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:a3:a0:c0:f6:d4:ff:fa:23:2e:6f:2f:b0:7d:f1:ab:73:32:
         69:3e:04:2a:70:67:f5:c2:ff:64:92:30:fd:ad:86:49:f2:68:
         59:5b:a1:06:fe:8e:1a:c2:65:db:fc:b2:f3:07:66:52:6e:6e:
         f3:99:e6:8e:30:96:d7:ec:80:f0:d6:dc:68:1b:8d:8e:06:15:
         72:84:40:a9:33:c7:88:7c:b3:76:cb:68:57:06:31:62:ac:06:
         ef:7e:21:c5:b1:ec:ec:e2:a8:52:64:b2:3d:4b:90:d8:a6:c9:
         4d:cc:19:fc:39:15:95:fd:40:43:82:a3:8a:2d:a1:a5:b6:ad:
         13:96:70:3c:51:f2:0c:40:68:e2:e5:82:ad:a7:b4:1d:83:d4:
         3d:41:0f:b1:51:a4:49:2c:0c:9f:04:f1:9e:8b:8a:a3:47:99:
         48:f8:95:0b:b6:dc:f7:ed:72:b2:6e:fa:3d:ac:f8:0d:a0:3c:
         a5:7b:dc:ba:63:0f:ef:03:f1:51:e2:fc:3b:43:c0:08:d3:61:
         3a:c3:0c:b1:3f:d9:0c:8a:b4:d8:23:e2:c3:1a:89:9f:83:98:
         2c:bc:18:2b:77:46:88:b0:c9:c4:b0:24:4a:bf:ce:6b:67:0c:
         fa:5b:d2:8f:63:f4:09:79:c5:66:aa:4b:c3:ec:49:2e:36:93:
         f5:90:92:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3BJ+m8qFt2wxhNL0lpwRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhNTgzZDYxZjJlNTdhNmIxNmVhNGIxYTljYTI3YmIyNTBk
NzQ4ZWYwHhcNMjQwMTAxMTYyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWNkYzViYTI2YzcwNjFiMzlkZDYyYmU5MzFjODQzNmFiYzgzMjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnCxFNuKXVkzL5xs1s/yHASN7lQsD
YCY9oF6mYICXkhoRPV+0ykUnsEB4fOrsDbJH4hiILVK9WbaTJIDMFUCWh3A8RHmC
lffgxGH6+nvkgifHeSootxUOTQK1W79xkz1rXSX6jVbPr/3kBmOYNgrorG1NwTgQ
zsgXUcMMmY+128Bd9rr2KVlmy+BPS/EeEgZwDhISe1R+ZA66ImWsRMrfwaMBvO/H
SQoECo84/4ehxC77II1ZcZ66zn+SSnSHtQ6nRsSETU3CYEOxPYIIILZXnhXNBcJr
2uDxiWecTfNFEc5PzVLvE4E2hqAfvn07+Gm5rnEUuurI5b4EY81xPSiDYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE7NxbomxwYbOd1ivpMchDaryDIxMB8GA1UdIwQY
MBaAFOpYPWHy5XprFupLGpyie7JQ10jvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmxnOVlmTGxlbXNXNmtzYW5LSjdzbERYU084LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82ZjUxMjgtN2NiYS00OWM1LTliMjUt
OTljMWIwY2ZjM2E4LzEvVHMzRnVpYkhCaHM1M1dLLWt4eUVOcXZJTWpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82ZjUxMjgtN2NiYS00OWM1LTliMjUtOTljMWIwY2ZjM2E4
LzEvNmxnOVlmTGxlbXNXNmtzYW5LSjdzbERYU084LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRmtMA0G
CSqGSIb3DQEBCwUAA4IBAQC6o6DA9tT/+iMuby+wffGrczJpPgQqcGf1wv9kkjD9
rYZJ8mhZW6EG/o4awmXb/LLzB2ZSbm7zmeaOMJbX7IDw1txoG42OBhVyhECpM8eI
fLN2y2hXBjFirAbvfiHFsezs4qhSZLI9S5DYpslNzBn8ORWV/UBDgqOKLaGltq0T
lnA8UfIMQGji5YKtp7Qdg9Q9QQ+xUaRJLAyfBPGei4qjR5lI+JULttz37XKybvo9
rPgNoDyle9y6Yw/vA/FR4vw7Q8AI02E6wwyxP9kMirTYI+LDGomfg5gsvBgrd0aI
sMnEsCRKv85rZwz6W9KPY/QJecVmqkvD7EkuNpP1kJLl
-----END CERTIFICATE-----