Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/XAbWFnoo_N2tg1-kinth3h8kz6I.roa
File:                     XAbWFnoo_N2tg1-kinth3h8kz6I.roa (raw, json)
Hash identifier:          5uBmYBcUEbAfkgcExYnl6e3dvWkuVKUV/o4Lb/EvDy0=
Subject key identifier:   5C:06:D6:16:7A:28:FC:DD:AD:83:5F:A4:8A:7B:61:DE:1F:24:CF:A2
Certificate issuer:       /CN=3263787fd0f94b37813eef16bc8137423ee3fef3
Certificate serial:       018CC6B7FD15F16040FB34C43BCE18B78B22
Authority key identifier: 32:63:78:7F:D0:F9:4B:37:81:3E:EF:16:BC:81:37:42:3E:E3:FE:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/XAbWFnoo_N2tg1-kinth3h8kz6I.roa
Signing time:             Mon 01 Jan 2024 20:29:55 +0000
ROA not before:           Mon 01 Jan 2024 20:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396356
IP address blocks:        194.15.32.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 07:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:fd:15:f1:60:40:fb:34:c4:3b:ce:18:b7:8b:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3263787fd0f94b37813eef16bc8137423ee3fef3
        Validity
            Not Before: Jan  1 20:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c06d6167a28fcddad835fa48a7b61de1f24cfa2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:56:31:42:4b:9e:e8:3d:73:a4:3f:00:1b:e2:
                    47:59:f7:2b:5d:8e:81:54:eb:82:7e:85:70:e4:f4:
                    d5:f8:94:83:20:c8:18:20:a5:8b:9a:79:3c:ee:fc:
                    5d:e6:42:60:f4:59:2c:29:aa:55:c1:0a:41:48:74:
                    5f:cb:b0:84:b5:77:e4:40:46:8c:2d:89:62:ef:a3:
                    a9:cf:b6:4c:7e:f2:35:c1:2a:00:e3:d7:10:00:d5:
                    fa:53:e2:e9:24:7d:25:bb:ce:85:6c:98:94:26:15:
                    f8:44:3e:84:82:e5:c7:a6:2c:87:fd:fc:fc:e6:9d:
                    3e:db:15:c6:0e:7c:28:51:d2:c8:75:d2:af:f0:18:
                    01:5b:ba:d6:82:e5:1c:17:7c:2c:ed:a7:91:0b:b8:
                    8f:80:7c:b3:d2:2c:a9:11:7b:29:a6:be:02:92:8d:
                    ba:13:60:6f:53:c8:aa:55:dc:41:ee:d4:34:66:61:
                    a9:47:52:76:69:99:c4:e8:7d:bf:5e:b4:da:81:80:
                    41:3f:70:fe:98:a5:a3:59:37:3f:e6:52:89:48:f9:
                    97:69:23:28:e9:72:07:3a:04:c8:24:db:bd:e7:48:
                    b6:95:7d:90:49:c1:17:91:23:2f:16:02:28:1c:7b:
                    b7:39:90:e2:f2:c0:65:6d:a9:c5:82:ac:8a:94:01:
                    bd:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:06:D6:16:7A:28:FC:DD:AD:83:5F:A4:8A:7B:61:DE:1F:24:CF:A2
            X509v3 Authority Key Identifier:
                keyid:32:63:78:7F:D0:F9:4B:37:81:3E:EF:16:BC:81:37:42:3E:E3:FE:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/XAbWFnoo_N2tg1-kinth3h8kz6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.15.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         72:23:45:02:4a:7c:9c:ae:75:12:29:ad:0c:32:43:40:b9:e7:
         f2:94:ce:cb:70:2e:d4:6b:78:3b:6a:c7:ad:e9:2d:64:00:e1:
         26:d1:3e:ff:90:db:7c:60:a0:75:ad:1a:2e:02:01:ec:d9:db:
         06:f3:01:a5:92:7c:f2:92:ad:c1:29:46:6c:7d:09:4e:3f:8e:
         1c:0f:55:e9:ed:35:8b:52:c8:15:20:4c:39:42:24:67:48:a5:
         13:d3:83:5e:45:a2:44:f2:b6:3c:01:bb:c6:95:98:5b:b0:c9:
         18:9b:45:88:29:41:ea:55:44:fb:5a:ec:00:4e:3f:30:49:68:
         8e:52:ee:0b:0d:fd:af:45:d9:e1:f6:94:80:da:fe:f4:6b:b5:
         67:99:52:13:46:e8:cd:56:41:b0:4e:6a:f3:17:0d:cd:12:9e:
         ab:1b:07:08:cc:7a:e3:c1:bc:a4:04:ee:4c:36:99:e6:9e:dd:
         9e:b4:72:e6:89:f3:4a:66:d1:97:d7:12:81:c3:72:57:52:43:
         f8:33:b7:2b:e4:02:51:50:be:22:aa:db:0c:30:b6:9a:71:3b:
         c6:72:42:e8:ab:20:a5:60:fc:9a:3b:98:18:35:c4:97:e2:cc:
         2a:67:30:1c:c2:66:f9:49:9e:a9:71:c0:1c:c7:1e:23:3b:3a:
         67:af:c4:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt/0V8WBA+zTEO84Yt4siMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNjM3ODdmZDBmOTRiMzc4MTNlZWYxNmJjODEzNzQyM2Vl
M2ZlZjMwHhcNMjQwMTAxMjAyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzA2ZDYxNjdhMjhmY2RkYWQ4MzVmYTQ4YTdiNjFkZTFmMjRjZmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhVYxQkue6D1zpD8AG+JHWfcrXY6B
VOuCfoVw5PTV+JSDIMgYIKWLmnk87vxd5kJg9FksKapVwQpBSHRfy7CEtXfkQEaM
LYli76Opz7ZMfvI1wSoA49cQANX6U+LpJH0lu86FbJiUJhX4RD6EguXHpiyH/fz8
5p0+2xXGDnwoUdLIddKv8BgBW7rWguUcF3ws7aeRC7iPgHyz0iypEXsppr4Cko26
E2BvU8iqVdxB7tQ0ZmGpR1J2aZnE6H2/XrTagYBBP3D+mKWjWTc/5lKJSPmXaSMo
6XIHOgTIJNu950i2lX2QScEXkSMvFgIoHHu3OZDi8sBlbanFgqyKlAG9vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFwG1hZ6KPzdrYNfpIp7Yd4fJM+iMB8GA1UdIwQY
MBaAFDJjeH/Q+Us3gT7vFryBN0I+4/7zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTW1ONGY5RDVTemVCUHU4V3ZJRTNRajdqX3ZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83NzAzZWYtMjQyMi00MzdjLWI5M2Qt
NTk1ZTBiZjVjNjEzLzEvWEFiV0Zub29fTjJ0ZzEta2ludGgzaDhrejZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS83NzAzZWYtMjQyMi00MzdjLWI5M2QtNTk1ZTBiZjVjNjEz
LzEvTW1ONGY5RDVTemVCUHU4V3ZJRTNRajdqX3ZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwg8gMA0G
CSqGSIb3DQEBCwUAA4IBAQByI0UCSnycrnUSKa0MMkNAuefylM7LcC7Ua3g7aset
6S1kAOEm0T7/kNt8YKB1rRouAgHs2dsG8wGlknzykq3BKUZsfQlOP44cD1Xp7TWL
UsgVIEw5QiRnSKUT04NeRaJE8rY8AbvGlZhbsMkYm0WIKUHqVUT7WuwATj8wSWiO
Uu4LDf2vRdnh9pSA2v70a7VnmVITRujNVkGwTmrzFw3NEp6rGwcIzHrjwbykBO5M
Npnmnt2etHLmifNKZtGX1xKBw3JXUkP4M7cr5AJRUL4iqtsMMLaacTvGckLoqyCl
YPyaO5gYNcSX4swqZzAcwmb5SZ6pccAcxx4jOzpnr8SK
-----END CERTIFICATE-----