Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/32779d-3656-44c0-8ab5-981fbb3442dd/1/ICSlgYUBIsNUhAoxm7YEke5o6bU.roa
File:                     ICSlgYUBIsNUhAoxm7YEke5o6bU.roa (raw, json)
Hash identifier:          R036PFfI9QmIVAucTOeNJDlM2WIYxyE3g2TN4gFGqD0=
Subject key identifier:   20:24:A5:81:85:01:22:C3:54:84:0A:31:9B:B6:04:91:EE:68:E9:B5
Certificate issuer:       /CN=ecf7ca9ffafe72a30966f7e43d92b58e774ce741
Certificate serial:       018E4FAFCCDB38C7839D7C50476ECF402439
Authority key identifier: EC:F7:CA:9F:FA:FE:72:A3:09:66:F7:E4:3D:92:B5:8E:77:4C:E7:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7PfKn_r-cqMJZvfkPZK1jndM50E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/32779d-3656-44c0-8ab5-981fbb3442dd/1/ICSlgYUBIsNUhAoxm7YEke5o6bU.roa
Signing time:             Mon 18 Mar 2024 03:51:45 +0000
ROA not before:           Mon 18 Mar 2024 03:51:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215540
IP address blocks:        193.32.176.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/32779d-3656-44c0-8ab5-981fbb3442dd/1/7PfKn_r-cqMJZvfkPZK1jndM50E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/32779d-3656-44c0-8ab5-981fbb3442dd/1/7PfKn_r-cqMJZvfkPZK1jndM50E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7PfKn_r-cqMJZvfkPZK1jndM50E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:4f:af:cc:db:38:c7:83:9d:7c:50:47:6e:cf:40:24:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ecf7ca9ffafe72a30966f7e43d92b58e774ce741
        Validity
            Not Before: Mar 18 03:51:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2024a581850122c354840a319bb60491ee68e9b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:e3:4a:2a:51:b0:b5:a5:a7:f5:61:50:20:97:
                    d3:eb:79:e5:6b:e8:f6:52:92:4d:e9:4b:78:65:04:
                    ab:09:a0:14:69:3a:13:a4:15:68:05:d4:dc:3e:0a:
                    19:eb:a4:e6:79:69:51:1a:0e:97:7d:57:0c:34:7c:
                    26:c5:f1:9f:f3:73:a8:97:60:f2:ad:8d:95:ef:fb:
                    43:f7:19:93:40:f6:c0:d9:3d:6f:bd:18:da:98:f7:
                    15:1b:cc:dd:f4:24:66:7d:f9:1b:fc:e3:a1:2a:b9:
                    ac:62:cd:58:d5:60:0b:43:31:9b:c3:49:30:eb:2f:
                    7e:7b:43:20:c3:0c:46:73:d2:31:c5:fe:d5:77:49:
                    9c:b4:19:b0:51:09:36:96:11:10:4b:aa:33:b3:dd:
                    0c:a5:65:46:b7:5a:9f:1e:9a:78:92:5e:a5:20:84:
                    e7:a1:e8:bd:e1:e6:7c:09:f9:a3:4d:4d:0e:cb:87:
                    b1:3b:7b:bc:c5:0f:e0:63:18:19:93:c1:2e:4f:b0:
                    59:3b:4d:80:83:b1:6b:e7:5a:84:16:fc:72:82:73:
                    c7:af:79:76:d6:f5:f7:e9:8e:96:25:1b:39:36:eb:
                    fd:2c:80:7d:42:76:f4:e1:c6:81:41:f4:87:3b:5e:
                    ac:45:4e:f1:d6:89:4b:40:b4:cd:d6:83:ec:47:86:
                    53:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:24:A5:81:85:01:22:C3:54:84:0A:31:9B:B6:04:91:EE:68:E9:B5
            X509v3 Authority Key Identifier:
                keyid:EC:F7:CA:9F:FA:FE:72:A3:09:66:F7:E4:3D:92:B5:8E:77:4C:E7:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7PfKn_r-cqMJZvfkPZK1jndM50E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/32779d-3656-44c0-8ab5-981fbb3442dd/1/ICSlgYUBIsNUhAoxm7YEke5o6bU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/32779d-3656-44c0-8ab5-981fbb3442dd/1/7PfKn_r-cqMJZvfkPZK1jndM50E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:49:5a:fe:a1:5a:b1:1b:fd:e3:b4:ef:ba:37:7d:79:6d:a8:
         4b:dd:bd:77:39:0a:3b:56:28:4f:56:83:69:52:31:5c:59:db:
         5a:3b:dd:3e:bf:45:0a:b7:12:64:d6:98:2c:26:14:bd:35:09:
         20:63:3c:39:75:fe:87:5c:f4:dd:0d:a7:ae:7f:78:67:f6:7f:
         fc:38:e5:23:05:7f:93:a8:54:72:c1:9e:81:6e:8d:10:4c:0a:
         ec:22:1e:9f:27:41:7e:e3:73:0d:98:5f:4a:80:05:51:e4:3e:
         d3:4d:ca:c5:62:0b:d4:d8:fb:07:68:a2:70:07:d5:21:5e:a8:
         74:d8:39:fa:50:75:fb:ca:ed:27:b0:03:7b:8a:c0:a0:62:73:
         85:d0:7d:59:0f:30:00:31:0f:cf:3f:7d:e5:1f:9e:1e:cb:16:
         a9:56:79:ab:75:9f:87:fc:05:e2:c7:c0:53:dd:52:0a:2b:70:
         93:f0:06:d7:6e:21:13:6c:27:8a:b0:58:73:33:e3:65:1e:04:
         58:db:55:03:1e:89:86:25:08:b4:d5:b5:1d:55:6d:36:13:e4:
         53:e9:fb:0a:43:e9:5c:6b:62:08:0e:98:64:e2:39:7f:1b:34:
         c5:09:94:64:a1:00:1e:60:db:94:fd:3d:fe:5b:e3:b0:13:7c:
         6d:39:5c:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5Pr8zbOMeDnXxQR27PQCQ5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjZjdjYTlmZmFmZTcyYTMwOTY2ZjdlNDNkOTJiNThlNzc0
Y2U3NDEwHhcNMjQwMzE4MDM1MTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDI0YTU4MTg1MDEyMmMzNTQ4NDBhMzE5YmI2MDQ5MWVlNjhlOWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsuNKKlGwtaWn9WFQIJfT63nla+j2
UpJN6Ut4ZQSrCaAUaToTpBVoBdTcPgoZ66TmeWlRGg6XfVcMNHwmxfGf83Ool2Dy
rY2V7/tD9xmTQPbA2T1vvRjamPcVG8zd9CRmffkb/OOhKrmsYs1Y1WALQzGbw0kw
6y9+e0MgwwxGc9Ixxf7Vd0mctBmwUQk2lhEQS6ozs90MpWVGt1qfHpp4kl6lIITn
oei94eZ8CfmjTU0Oy4exO3u8xQ/gYxgZk8EuT7BZO02Ag7Fr51qEFvxygnPHr3l2
1vX36Y6WJRs5Nuv9LIB9Qnb04caBQfSHO16sRU7x1olLQLTN1oPsR4ZTHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCAkpYGFASLDVIQKMZu2BJHuaOm1MB8GA1UdIwQY
MBaAFOz3yp/6/nKjCWb35D2StY53TOdBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1BmS25fci1jcU1KWnZma1BaSzFqbmRNNTBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy8zMjc3OWQtMzY1Ni00NGMwLThhYjUt
OTgxZmJiMzQ0MmRkLzEvSUNTbGdZVUJJc05VaEFveG03WUVrZTVvNmJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy8zMjc3OWQtMzY1Ni00NGMwLThhYjUtOTgxZmJiMzQ0MmRk
LzEvN1BmS25fci1jcU1KWnZma1BaSzFqbmRNNTBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSCwMA0G
CSqGSIb3DQEBCwUAA4IBAQAiSVr+oVqxG/3jtO+6N315bahL3b13OQo7VihPVoNp
UjFcWdtaO90+v0UKtxJk1pgsJhS9NQkgYzw5df6HXPTdDaeuf3hn9n/8OOUjBX+T
qFRywZ6Bbo0QTArsIh6fJ0F+43MNmF9KgAVR5D7TTcrFYgvU2PsHaKJwB9UhXqh0
2Dn6UHX7yu0nsAN7isCgYnOF0H1ZDzAAMQ/PP33lH54eyxapVnmrdZ+H/AXix8BT
3VIKK3CT8AbXbiETbCeKsFhzM+NlHgRY21UDHomGJQi01bUdVW02E+RT6fsKQ+lc
a2IIDphk4jl/GzTFCZRkoQAeYNuU/T3+W+OwE3xtOVzU
-----END CERTIFICATE-----