Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/5a3FaVm9a7KOKpT7TxBa2LxhtKc.roa
File:                     5a3FaVm9a7KOKpT7TxBa2LxhtKc.roa (raw, json)
Hash identifier:          eMJ9qBXkyhWW9/mKDDZudINoNodyzLmEMxKeZ/wlzBM=
Subject key identifier:   E5:AD:C5:69:59:BD:6B:B2:8E:2A:94:FB:4F:10:5A:D8:BC:61:B4:A7
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019639FE538586775328F2527772667443C2
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/5a3FaVm9a7KOKpT7TxBa2LxhtKc.roa
Signing time:             Tue 15 Apr 2025 15:08:10 +0000
ROA not before:           Tue 15 Apr 2025 15:08:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211557
IP address blocks:        93.88.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 01 May 2025 04:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:39:fe:53:85:86:77:53:28:f2:52:77:72:66:74:43:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Apr 15 15:08:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e5adc56959bd6bb28e2a94fb4f105ad8bc61b4a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:24:3d:1d:3f:48:78:f0:75:89:f8:6e:10:a8:
                    70:60:85:cc:25:1e:9a:d0:8a:fc:f9:87:74:0d:25:
                    6d:d5:f2:bd:b1:08:ae:f7:fb:ac:c5:89:ab:9f:03:
                    8e:15:48:db:24:ee:2b:bb:6d:59:bd:5d:1e:b9:5b:
                    d3:b0:9c:dc:e7:66:77:4b:f1:9d:00:cf:7f:87:86:
                    d1:4f:4f:31:8b:23:4c:de:62:e9:66:40:50:ea:8e:
                    65:f9:1f:96:db:c3:54:28:da:7a:f0:1f:70:05:97:
                    8e:b7:bd:c5:c3:8a:48:14:0f:4e:77:01:d8:67:d8:
                    9d:d7:e0:86:99:17:e0:f8:fb:99:ad:af:cb:9d:38:
                    e3:4b:37:69:42:26:f5:65:b3:9d:a4:fb:18:67:65:
                    b6:0a:5c:21:42:45:cb:0d:cb:30:2f:98:e2:49:09:
                    d9:22:6a:9a:1a:b8:4b:41:b9:ef:f8:53:ee:51:26:
                    0f:5c:72:45:f3:f8:74:f9:1c:a1:a3:7c:ae:a9:5e:
                    a1:6a:bb:b7:49:21:39:ba:d6:0e:bf:02:05:8b:6e:
                    d1:ac:4e:1f:9a:05:c0:48:f5:e7:a5:f6:cc:96:d8:
                    ea:01:8b:95:05:26:43:95:aa:e6:df:84:fe:a3:53:
                    a4:b9:e7:d0:e3:d9:42:c0:51:93:b6:ed:82:fc:79:
                    32:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:AD:C5:69:59:BD:6B:B2:8E:2A:94:FB:4F:10:5A:D8:BC:61:B4:A7
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/5a3FaVm9a7KOKpT7TxBa2LxhtKc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.88.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:8c:29:bf:a3:bb:fd:bd:d3:9a:8b:66:0f:30:de:5c:b2:e2:
         0b:ba:52:15:9d:d1:22:b5:02:b0:05:91:6a:70:1c:14:19:c1:
         fe:08:e5:e6:ee:bb:76:ed:e0:38:0c:28:10:16:9c:85:e9:d6:
         71:f6:6c:ec:ef:02:0b:8a:dd:65:b6:d5:7b:56:43:a6:01:1f:
         80:96:a3:66:9e:77:65:0e:60:e2:0f:25:91:65:cc:ee:b3:b8:
         ba:ef:c3:58:92:11:8b:fd:7a:c0:c3:c3:8b:28:d7:c2:d7:e2:
         1f:90:ca:8d:df:a9:0b:30:49:0b:5c:a3:20:93:23:23:c5:a7:
         0a:65:db:50:af:6e:f0:b1:d0:c5:bb:1c:20:2a:9c:90:c3:ed:
         3d:22:aa:da:4a:7a:c9:bb:c9:2b:43:b0:14:de:d8:09:84:6b:
         19:14:b0:04:45:4a:1e:6c:a8:e8:c2:a5:78:be:cf:a3:e5:80:
         da:6d:0c:72:ef:a8:63:66:bd:ca:c6:7a:69:d1:47:7f:f2:70:
         4e:47:5e:a4:46:29:59:ba:a9:c6:3c:1f:3f:f5:ce:46:79:a0:
         36:12:c7:2a:11:e4:ff:35:44:30:d1:a4:3b:9b:d6:19:5a:9d:
         4f:c4:b7:76:ae:e5:69:62:6f:e0:e8:f8:3a:2c:43:59:3b:7a:
         18:21:5c:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZY5/lOFhndTKPJSd3JmdEPCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwNDE1MTUwODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWFkYzU2OTU5YmQ2YmIyOGUyYTk0ZmI0ZjEwNWFkOGJjNjFiNGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuyQ9HT9IePB1ifhuEKhwYIXMJR6a
0Ir8+Yd0DSVt1fK9sQiu9/usxYmrnwOOFUjbJO4ru21ZvV0euVvTsJzc52Z3S/Gd
AM9/h4bRT08xiyNM3mLpZkBQ6o5l+R+W28NUKNp68B9wBZeOt73Fw4pIFA9OdwHY
Z9id1+CGmRfg+PuZra/LnTjjSzdpQib1ZbOdpPsYZ2W2ClwhQkXLDcswL5jiSQnZ
ImqaGrhLQbnv+FPuUSYPXHJF8/h0+Ryho3yuqV6haru3SSE5utYOvwIFi27RrE4f
mgXASPXnpfbMltjqAYuVBSZDlarm34T+o1OkuefQ49lCwFGTtu2C/HkyWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOWtxWlZvWuyjiqU+08QWti8YbSnMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvNWEzRmFWbTlhN0tPS3BUN1R4QmEyTHhodEtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXVjJMA0G
CSqGSIb3DQEBCwUAA4IBAQAujCm/o7v9vdOai2YPMN5csuILulIVndEitQKwBZFq
cBwUGcH+COXm7rt27eA4DCgQFpyF6dZx9mzs7wILit1lttV7VkOmAR+AlqNmnndl
DmDiDyWRZczus7i678NYkhGL/XrAw8OLKNfC1+IfkMqN36kLMEkLXKMgkyMjxacK
ZdtQr27wsdDFuxwgKpyQw+09IqraSnrJu8krQ7AU3tgJhGsZFLAERUoebKjowqV4
vs+j5YDabQxy76hjZr3Kxnpp0Ud/8nBOR16kRilZuqnGPB8/9c5GeaA2EscqEeT/
NUQw0aQ7m9YZWp1PxLd2ruVpYm/g6Pg6LENZO3oYIVyj
-----END CERTIFICATE-----