Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/d5f9aa-337b-4d60-8f5e-02125e44e3a8/1/c-zuOwPENbj2Xgue9dnJEreGYvw.roa
File:                     c-zuOwPENbj2Xgue9dnJEreGYvw.roa (raw, json)
Hash identifier:          cGfEOARxixGPvVWrKf/JvKs2WOe59XaTrFTLWFxep/E=
Subject key identifier:   73:EC:EE:3B:03:C4:35:B8:F6:5E:0B:9E:F5:D9:C9:12:B7:86:62:FC
Certificate issuer:       /CN=bb57561ca2dbf750e8f5e0b7389ef09ce9b5bcea
Certificate serial:       018CC64A38378224685207660497DD13EBC4
Authority key identifier: BB:57:56:1C:A2:DB:F7:50:E8:F5:E0:B7:38:9E:F0:9C:E9:B5:BC:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u1dWHKLb91Do9eC3OJ7wnOm1vOo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/d5f9aa-337b-4d60-8f5e-02125e44e3a8/1/c-zuOwPENbj2Xgue9dnJEreGYvw.roa
Signing time:             Mon 01 Jan 2024 18:30:01 +0000
ROA not before:           Mon 01 Jan 2024 18:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2852
IP address blocks:        193.84.32.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/d5f9aa-337b-4d60-8f5e-02125e44e3a8/1/u1dWHKLb91Do9eC3OJ7wnOm1vOo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/d5f9aa-337b-4d60-8f5e-02125e44e3a8/1/u1dWHKLb91Do9eC3OJ7wnOm1vOo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u1dWHKLb91Do9eC3OJ7wnOm1vOo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:38:37:82:24:68:52:07:66:04:97:dd:13:eb:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb57561ca2dbf750e8f5e0b7389ef09ce9b5bcea
        Validity
            Not Before: Jan  1 18:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=73ecee3b03c435b8f65e0b9ef5d9c912b78662fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:3c:22:77:26:f5:86:68:62:49:69:53:86:c0:
                    6d:dc:2b:35:ba:13:8e:fa:02:8e:54:b9:7c:34:16:
                    36:ae:e3:46:b2:c2:30:c8:e2:c4:c1:e3:b4:f5:15:
                    7c:af:68:f6:5a:65:f6:c4:66:40:be:2d:80:82:13:
                    08:c1:4c:ed:e7:45:05:10:58:0d:f6:2c:d8:5f:2c:
                    62:ae:c3:70:2d:8d:a8:ba:6a:3d:08:db:dc:e5:da:
                    c3:45:a0:5f:11:d9:ce:df:4a:ae:c1:db:c3:ab:a2:
                    f4:e7:0f:7b:4c:5a:9a:42:83:30:b8:4d:2a:6b:ab:
                    37:55:79:83:77:d6:b2:1c:52:ab:2f:82:5f:26:78:
                    6c:1f:45:2f:f1:a5:b2:fb:51:67:21:6a:4c:19:a4:
                    af:02:af:f4:43:cc:e7:8f:4c:5e:f0:46:45:c3:c4:
                    95:0d:38:25:77:55:0c:c7:48:84:72:34:0d:a5:c9:
                    83:6e:ec:52:4b:9b:af:e0:74:38:ba:33:01:18:3e:
                    8d:f5:96:75:63:9b:e1:0d:83:e5:da:c4:23:08:22:
                    5c:79:80:e2:86:8b:79:f9:7a:74:97:17:63:53:23:
                    26:b9:d8:61:f3:ef:a6:dc:d6:75:0a:be:e6:71:c9:
                    2f:3f:ae:36:97:02:77:60:e2:1a:61:c8:88:d4:95:
                    54:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:EC:EE:3B:03:C4:35:B8:F6:5E:0B:9E:F5:D9:C9:12:B7:86:62:FC
            X509v3 Authority Key Identifier:
                keyid:BB:57:56:1C:A2:DB:F7:50:E8:F5:E0:B7:38:9E:F0:9C:E9:B5:BC:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u1dWHKLb91Do9eC3OJ7wnOm1vOo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/d5f9aa-337b-4d60-8f5e-02125e44e3a8/1/c-zuOwPENbj2Xgue9dnJEreGYvw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/d5f9aa-337b-4d60-8f5e-02125e44e3a8/1/u1dWHKLb91Do9eC3OJ7wnOm1vOo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.84.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         63:27:c8:36:df:91:a6:f9:fa:51:a8:08:d0:ae:46:fe:47:52:
         f1:87:48:f8:57:3e:6b:4d:4b:14:ef:9b:55:5a:46:d4:52:a4:
         af:eb:48:da:7d:9f:6d:ce:0a:46:0c:3a:ca:b4:21:2d:67:de:
         c2:68:98:ee:e0:c7:18:c9:a2:80:c7:3c:58:f4:77:50:cc:27:
         9c:3f:d6:d8:88:6a:ec:f9:33:a2:b7:56:04:98:e2:c1:65:5d:
         9c:6f:49:36:52:cf:a1:b7:8b:c8:7f:4a:43:92:46:85:3a:e2:
         5e:9e:a8:de:6f:88:43:45:6a:32:ec:7d:4d:22:63:87:a4:cc:
         59:c1:e1:91:e9:b2:af:8b:83:15:dd:2c:28:24:12:3e:2c:47:
         1a:2e:dd:a5:3d:41:be:fc:e5:e2:c8:64:ef:24:02:ea:fb:a2:
         68:f4:66:b1:47:8f:f7:3f:e7:a7:68:ba:20:8c:0d:42:ef:fc:
         ac:62:cb:65:9e:29:fa:f6:13:68:03:aa:43:6f:de:77:57:ee:
         a1:10:a9:59:6a:f6:24:2a:53:53:43:e4:06:5d:e8:a5:d2:79:
         74:0e:cd:1f:9e:c5:7f:bc:b1:78:d0:54:ac:91:d7:ef:2a:8d:
         78:b2:17:a1:0a:6c:76:27:22:d7:a5:61:a2:b5:43:8d:00:e2:
         44:d3:7b:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSjg3giRoUgdmBJfdE+vEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiNTc1NjFjYTJkYmY3NTBlOGY1ZTBiNzM4OWVmMDljZTli
NWJjZWEwHhcNMjQwMTAxMTgzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2VjZWUzYjAzYzQzNWI4ZjY1ZTBiOWVmNWQ5YzkxMmI3ODY2MmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAijwidyb1hmhiSWlThsBt3Cs1uhOO
+gKOVLl8NBY2ruNGssIwyOLEweO09RV8r2j2WmX2xGZAvi2AghMIwUzt50UFEFgN
9izYXyxirsNwLY2oumo9CNvc5drDRaBfEdnO30quwdvDq6L05w97TFqaQoMwuE0q
a6s3VXmDd9ayHFKrL4JfJnhsH0Uv8aWy+1FnIWpMGaSvAq/0Q8znj0xe8EZFw8SV
DTgld1UMx0iEcjQNpcmDbuxSS5uv4HQ4ujMBGD6N9ZZ1Y5vhDYPl2sQjCCJceYDi
hot5+Xp0lxdjUyMmudhh8++m3NZ1Cr7mcckvP642lwJ3YOIaYciI1JVUSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHPs7jsDxDW49l4LnvXZyRK3hmL8MB8GA1UdIwQY
MBaAFLtXVhyi2/dQ6PXgtzie8JzptbzqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTFkV0hLTGI5MURvOWVDM09KN3duT20xdk9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9kNWY5YWEtMzM3Yi00ZDYwLThmNWUt
MDIxMjVlNDRlM2E4LzEvYy16dU93UEVOYmoyWGd1ZTlkbkpFcmVHWXZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9kNWY5YWEtMzM3Yi00ZDYwLThmNWUtMDIxMjVlNDRlM2E4
LzEvdTFkV0hLTGI5MURvOWVDM09KN3duT20xdk9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEwVQgMA0G
CSqGSIb3DQEBCwUAA4IBAQBjJ8g235Gm+fpRqAjQrkb+R1Lxh0j4Vz5rTUsU75tV
WkbUUqSv60jafZ9tzgpGDDrKtCEtZ97CaJju4McYyaKAxzxY9HdQzCecP9bYiGrs
+TOit1YEmOLBZV2cb0k2Us+ht4vIf0pDkkaFOuJenqjeb4hDRWoy7H1NImOHpMxZ
weGR6bKvi4MV3SwoJBI+LEcaLt2lPUG+/OXiyGTvJALq+6Jo9GaxR4/3P+enaLog
jA1C7/ysYstlnin69hNoA6pDb953V+6hEKlZavYkKlNTQ+QGXeil0nl0Ds0fnsV/
vLF40FSskdfvKo14shehCmx2JyLXpWGitUONAOJE03vG
-----END CERTIFICATE-----