Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/XDyF0xx4Q15ROgABJ0xvdubwFUQ.roa
File:                     XDyF0xx4Q15ROgABJ0xvdubwFUQ.roa (raw, json)
Hash identifier:          Vxj4wDJCaF4qBAuwd714sQtjLB/xmkD7KN5e1Toj9m0=
Subject key identifier:   5C:3C:85:D3:1C:78:43:5E:51:3A:00:01:27:4C:6F:76:E6:F0:15:44
Certificate issuer:       /CN=ceb86983547113359bade1f3f38104091e3a6439
Certificate serial:       0191B2EB2D3913E9CCC63C6F63DF2D4E042D
Authority key identifier: CE:B8:69:83:54:71:13:35:9B:AD:E1:F3:F3:81:04:09:1E:3A:64:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zrhpg1RxEzWbreHz84EECR46ZDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/XDyF0xx4Q15ROgABJ0xvdubwFUQ.roa
Signing time:             Mon 02 Sep 2024 13:27:22 +0000
ROA not before:           Mon 02 Sep 2024 13:27:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30722
IP address blocks:        94.32.32.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/zrhpg1RxEzWbreHz84EECR46ZDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/zrhpg1RxEzWbreHz84EECR46ZDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zrhpg1RxEzWbreHz84EECR46ZDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:b2:eb:2d:39:13:e9:cc:c6:3c:6f:63:df:2d:4e:04:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ceb86983547113359bade1f3f38104091e3a6439
        Validity
            Not Before: Sep  2 13:27:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c3c85d31c78435e513a0001274c6f76e6f01544
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:6e:c1:f2:1d:f0:3c:e8:f9:8a:4e:a3:17:8e:
                    27:cd:51:5b:44:6b:e6:68:a1:98:fb:71:83:aa:a8:
                    72:e2:62:51:5a:d2:1a:05:83:e2:c1:1d:e9:0e:5d:
                    d9:e8:32:bd:12:93:b4:a5:4b:57:4e:40:5c:6e:42:
                    e6:1f:24:21:d1:9c:d5:ec:03:57:13:3a:87:ee:fa:
                    5f:10:1a:e3:ca:95:3f:2e:8e:72:a9:58:91:71:77:
                    e2:e8:1e:d9:a1:96:70:2a:7b:08:40:80:ad:d8:10:
                    a8:14:28:0a:ee:04:22:e6:ab:76:23:7a:b5:d4:cd:
                    c5:37:4a:de:2b:f0:43:6b:b3:44:40:51:14:63:4a:
                    28:dd:c2:11:49:a5:b1:b4:23:6a:ca:26:1a:61:e7:
                    19:43:0c:d9:2c:f3:80:f2:34:0e:26:0e:06:52:f8:
                    7a:ed:7b:39:1c:72:2e:4e:51:35:7f:2b:cd:50:93:
                    c8:24:c5:81:24:da:40:a3:ef:33:d8:22:5b:71:be:
                    68:51:90:f4:c0:18:76:56:1e:b3:66:93:21:7f:f3:
                    af:87:e8:50:db:6d:e0:a8:db:e8:3d:af:f0:fe:27:
                    72:a2:23:52:73:01:4a:c9:2b:4c:97:41:8d:8c:45:
                    ac:05:34:74:fa:ad:e1:f8:b4:5c:14:12:12:35:0b:
                    52:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:3C:85:D3:1C:78:43:5E:51:3A:00:01:27:4C:6F:76:E6:F0:15:44
            X509v3 Authority Key Identifier:
                keyid:CE:B8:69:83:54:71:13:35:9B:AD:E1:F3:F3:81:04:09:1E:3A:64:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zrhpg1RxEzWbreHz84EECR46ZDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/XDyF0xx4Q15ROgABJ0xvdubwFUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/zrhpg1RxEzWbreHz84EECR46ZDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.32.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         28:96:2a:1c:e2:37:31:db:59:a0:c1:a0:07:1a:c3:44:30:eb:
         2d:fe:7b:35:f8:a1:03:75:ce:b8:6a:ea:66:dd:fc:c9:e2:fd:
         25:5a:ca:e2:1f:75:f3:99:c5:09:e0:02:e5:65:f3:af:96:5d:
         27:2b:8e:56:40:65:08:4c:66:c6:18:85:47:76:b3:bc:f3:55:
         13:a4:69:f5:6c:71:92:29:09:33:8c:10:ee:e3:30:a6:27:04:
         8b:94:f6:11:96:1f:5a:98:90:ab:ed:23:82:12:f2:3d:ee:c8:
         98:73:bf:7e:e7:7f:e6:75:d5:a5:59:83:02:85:c4:33:76:99:
         a8:1b:94:bf:a4:f4:da:c9:88:40:09:96:7a:49:7a:43:c3:2d:
         a8:18:36:8e:b7:1f:ce:62:55:7a:a3:63:a6:43:e9:17:5b:88:
         6b:11:89:9c:d4:1c:80:68:71:de:43:28:76:e3:86:55:37:15:
         2e:c1:c7:89:b8:37:10:74:bd:ab:9f:45:cc:5e:10:bd:45:77:
         8a:02:ee:04:e3:d8:a8:25:9b:13:1b:5e:66:fa:a0:b4:2b:7d:
         b0:89:79:68:df:27:48:5b:ab:ce:83:df:65:cb:86:b2:c5:2a:
         d3:96:ef:1a:72:3d:c8:19:2b:4c:4a:88:33:cf:09:fd:51:97:
         db:df:4d:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGy6y05E+nMxjxvY98tTgQtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYjg2OTgzNTQ3MTEzMzU5YmFkZTFmM2YzODEwNDA5MWUz
YTY0MzkwHhcNMjQwOTAyMTMyNzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzNjODVkMzFjNzg0MzVlNTEzYTAwMDEyNzRjNmY3NmU2ZjAxNTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuG7B8h3wPOj5ik6jF44nzVFbRGvm
aKGY+3GDqqhy4mJRWtIaBYPiwR3pDl3Z6DK9EpO0pUtXTkBcbkLmHyQh0ZzV7ANX
EzqH7vpfEBrjypU/Lo5yqViRcXfi6B7ZoZZwKnsIQICt2BCoFCgK7gQi5qt2I3q1
1M3FN0reK/BDa7NEQFEUY0oo3cIRSaWxtCNqyiYaYecZQwzZLPOA8jQOJg4GUvh6
7Xs5HHIuTlE1fyvNUJPIJMWBJNpAo+8z2CJbcb5oUZD0wBh2Vh6zZpMhf/Ovh+hQ
223gqNvoPa/w/idyoiNScwFKyStMl0GNjEWsBTR0+q3h+LRcFBISNQtSNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFw8hdMceENeUToAASdMb3bm8BVEMB8GA1UdIwQY
MBaAFM64aYNUcRM1m63h8/OBBAkeOmQ5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenJocGcxUnhFeldicmVIejg0RUVDUjQ2WkRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9mMzUzOWQtMzhjZC00NjVlLWE1N2Qt
ZGVlMmY2NTBkZDg2LzEvWER5RjB4eDRRMTVST2dBQkoweHZkdWJ3RlVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9mMzUzOWQtMzhjZC00NjVlLWE1N2QtZGVlMmY2NTBkZDg2
LzEvenJocGcxUnhFeldicmVIejg0RUVDUjQ2WkRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFXiAgMA0G
CSqGSIb3DQEBCwUAA4IBAQAolioc4jcx21mgwaAHGsNEMOst/ns1+KEDdc64aupm
3fzJ4v0lWsriH3XzmcUJ4ALlZfOvll0nK45WQGUITGbGGIVHdrO881UTpGn1bHGS
KQkzjBDu4zCmJwSLlPYRlh9amJCr7SOCEvI97siYc79+53/mddWlWYMChcQzdpmo
G5S/pPTayYhACZZ6SXpDwy2oGDaOtx/OYlV6o2OmQ+kXW4hrEYmc1ByAaHHeQyh2
44ZVNxUuwceJuDcQdL2rn0XMXhC9RXeKAu4E49ioJZsTG15m+qC0K32wiXlo3ydI
W6vOg99ly4ayxSrTlu8acj3IGStMSogzzwn9UZfb303N
-----END CERTIFICATE-----