Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/a5a774-8553-4414-ac3c-dd170c1fd33c/1/zJXsooiC1wQ5j-HSuMGPSCL17s8.roa
File:                     zJXsooiC1wQ5j-HSuMGPSCL17s8.roa (raw, json)
Hash identifier:          CLqNpOJmkxnLJtINeSh4uPY0+Kiq+slGgcd75OmyL6w=
Subject key identifier:   CC:95:EC:A2:88:82:D7:04:39:8F:E1:D2:B8:C1:8F:48:22:F5:EE:CF
Certificate issuer:       /CN=07526589c5194f1e5fbb9fdc51667daf0562d6d9
Certificate serial:       018E7B6D9DD74578D5012511AA32896D6A25
Authority key identifier: 07:52:65:89:C5:19:4F:1E:5F:BB:9F:DC:51:66:7D:AF:05:62:D6:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B1JlicUZTx5fu5_cUWZ9rwVi1tk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/a5a774-8553-4414-ac3c-dd170c1fd33c/1/zJXsooiC1wQ5j-HSuMGPSCL17s8.roa
Signing time:             Tue 26 Mar 2024 15:42:45 +0000
ROA not before:           Tue 26 Mar 2024 15:42:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206041
IP address blocks:        185.32.69.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/a5a774-8553-4414-ac3c-dd170c1fd33c/1/B1JlicUZTx5fu5_cUWZ9rwVi1tk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/a5a774-8553-4414-ac3c-dd170c1fd33c/1/B1JlicUZTx5fu5_cUWZ9rwVi1tk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B1JlicUZTx5fu5_cUWZ9rwVi1tk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7b:6d:9d:d7:45:78:d5:01:25:11:aa:32:89:6d:6a:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07526589c5194f1e5fbb9fdc51667daf0562d6d9
        Validity
            Not Before: Mar 26 15:42:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc95eca28882d704398fe1d2b8c18f4822f5eecf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:0f:a2:cc:67:94:4b:61:1b:68:a2:57:51:8b:
                    c1:e0:26:cb:7a:6e:a9:99:61:a5:3d:fb:19:3a:6e:
                    42:fe:b3:aa:c8:3a:af:fb:06:a0:a1:3c:d6:c1:52:
                    af:4a:25:e2:c7:51:1e:59:ba:1e:6c:a2:79:70:e1:
                    6e:4c:97:85:aa:6a:40:02:9f:83:15:ae:8f:b9:10:
                    e9:8a:c9:5c:d2:0c:1b:90:3f:b2:95:df:88:2d:ab:
                    4c:07:3c:4c:ab:f2:25:dc:cb:94:b2:56:b7:2e:8e:
                    83:bb:a7:37:12:06:60:f1:20:1b:ac:42:67:0f:af:
                    8f:75:be:18:6d:37:87:e8:f6:67:49:53:88:cd:cb:
                    48:57:d7:d2:4b:15:e9:a5:8b:c1:82:64:4b:a6:75:
                    68:90:2a:a9:bf:db:a0:f0:ca:6b:db:8e:f6:23:7e:
                    05:62:f6:cc:64:31:3f:eb:5a:77:2b:a0:63:88:49:
                    fd:76:33:10:d3:8c:d7:ca:db:45:c2:8a:3a:61:74:
                    0c:87:73:aa:77:30:30:bc:ae:f0:63:96:70:fd:2e:
                    ea:5f:f9:48:f9:6f:a9:73:1e:98:2e:98:a0:1d:29:
                    4e:8d:e8:ed:34:f7:6a:21:e3:f9:b6:ed:0e:65:3e:
                    f2:e3:b0:34:e5:2f:4e:71:60:ea:cd:9d:d0:35:e4:
                    ac:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:95:EC:A2:88:82:D7:04:39:8F:E1:D2:B8:C1:8F:48:22:F5:EE:CF
            X509v3 Authority Key Identifier:
                keyid:07:52:65:89:C5:19:4F:1E:5F:BB:9F:DC:51:66:7D:AF:05:62:D6:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B1JlicUZTx5fu5_cUWZ9rwVi1tk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/a5a774-8553-4414-ac3c-dd170c1fd33c/1/zJXsooiC1wQ5j-HSuMGPSCL17s8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/a5a774-8553-4414-ac3c-dd170c1fd33c/1/B1JlicUZTx5fu5_cUWZ9rwVi1tk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.32.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:0c:21:f4:53:88:e3:4d:72:68:99:49:34:71:33:cf:cc:74:
         70:39:2c:df:9a:dc:8c:01:ef:43:be:bb:58:f8:16:a6:f7:7a:
         bf:04:72:87:e5:ee:26:dc:17:5e:ca:be:55:d0:32:b3:20:89:
         1e:07:f7:80:8b:92:3a:79:ee:95:95:aa:29:d0:8a:59:f3:45:
         e1:99:53:b6:9d:0e:55:ef:7b:02:fd:db:3b:71:38:95:92:37:
         2d:69:a4:3b:65:92:b8:5e:65:48:c9:e8:0c:83:89:6e:69:90:
         d6:61:70:19:e4:9a:82:80:9c:9b:be:6b:c5:14:c7:04:79:1f:
         fd:04:3f:5b:d2:bf:b7:92:60:78:d5:4e:7f:01:e6:81:19:c4:
         4e:52:88:0e:da:b3:57:e3:fb:0e:70:ae:8b:cb:88:70:24:d9:
         93:8c:f8:d8:45:29:8d:45:73:c7:05:66:0a:d1:9e:cf:03:84:
         8c:e1:85:28:84:29:16:e7:64:84:9d:58:77:2f:6c:ab:ce:1c:
         3c:4f:77:35:79:c3:ab:7d:9f:4f:61:40:de:eb:38:35:7d:85:
         ba:dd:60:7e:36:34:7d:47:75:e3:f2:85:43:8e:f7:10:2b:6c:
         34:99:8e:e9:aa:f7:2e:bc:fc:d4:08:b0:14:a7:9e:01:03:39:
         25:a8:bb:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY57bZ3XRXjVASURqjKJbWolMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3NTI2NTg5YzUxOTRmMWU1ZmJiOWZkYzUxNjY3ZGFmMDU2
MmQ2ZDkwHhcNMjQwMzI2MTU0MjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzk1ZWNhMjg4ODJkNzA0Mzk4ZmUxZDJiOGMxOGY0ODIyZjVlZWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjQ+izGeUS2EbaKJXUYvB4CbLem6p
mWGlPfsZOm5C/rOqyDqv+wagoTzWwVKvSiXix1EeWboebKJ5cOFuTJeFqmpAAp+D
Fa6PuRDpislc0gwbkD+yld+ILatMBzxMq/Il3MuUsla3Lo6Du6c3EgZg8SAbrEJn
D6+Pdb4YbTeH6PZnSVOIzctIV9fSSxXppYvBgmRLpnVokCqpv9ug8Mpr2472I34F
YvbMZDE/61p3K6BjiEn9djMQ04zXyttFwoo6YXQMh3OqdzAwvK7wY5Zw/S7qX/lI
+W+pcx6YLpigHSlOjejtNPdqIeP5tu0OZT7y47A05S9OcWDqzZ3QNeSsMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMyV7KKIgtcEOY/h0rjBj0gi9e7PMB8GA1UdIwQY
MBaAFAdSZYnFGU8eX7uf3FFmfa8FYtbZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjFKbGljVVpUeDVmdTVfY1VXWjlyd1ZpMXRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9hNWE3NzQtODU1My00NDE0LWFjM2Mt
ZGQxNzBjMWZkMzNjLzEvekpYc29vaUMxd1E1ai1IU3VNR1BTQ0wxN3M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9hNWE3NzQtODU1My00NDE0LWFjM2MtZGQxNzBjMWZkMzNj
LzEvQjFKbGljVVpUeDVmdTVfY1VXWjlyd1ZpMXRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSBFMA0G
CSqGSIb3DQEBCwUAA4IBAQAMDCH0U4jjTXJomUk0cTPPzHRwOSzfmtyMAe9DvrtY
+Bam93q/BHKH5e4m3Bdeyr5V0DKzIIkeB/eAi5I6ee6Vlaop0IpZ80XhmVO2nQ5V
73sC/ds7cTiVkjctaaQ7ZZK4XmVIyegMg4luaZDWYXAZ5JqCgJybvmvFFMcEeR/9
BD9b0r+3kmB41U5/AeaBGcROUogO2rNX4/sOcK6Ly4hwJNmTjPjYRSmNRXPHBWYK
0Z7PA4SM4YUohCkW52SEnVh3L2yrzhw8T3c1ecOrfZ9PYUDe6zg1fYW63WB+NjR9
R3Xj8oVDjvcQK2w0mY7pqvcuvPzUCLAUp54BAzklqLtv
-----END CERTIFICATE-----