Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/3k5KocYIr80OnJc2ic4sa7iWpgw.roa
File:                     3k5KocYIr80OnJc2ic4sa7iWpgw.roa (raw, json)
Hash identifier:          JBu+Yohgx5TevSJUTBHLkdrgkzUuYXJVINIn7LcqRXA=
Subject key identifier:   DE:4E:4A:A1:C6:08:AF:CD:0E:9C:97:36:89:CE:2C:6B:B8:96:A6:0C
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       018CC86FB000327491C913A278B6F8B7083B
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/3k5KocYIr80OnJc2ic4sa7iWpgw.roa
Signing time:             Tue 02 Jan 2024 04:30:11 +0000
ROA not before:           Tue 02 Jan 2024 04:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60218
IP address blocks:        185.32.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:b0:00:32:74:91:c9:13:a2:78:b6:f8:b7:08:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Jan  2 04:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de4e4aa1c608afcd0e9c973689ce2c6bb896a60c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:d9:89:a7:1d:d7:ad:8c:6b:15:29:7b:44:12:
                    01:37:63:4a:bd:87:de:bd:13:3a:7e:d4:8b:ee:b4:
                    a0:6d:ba:ac:9f:1c:55:27:21:05:58:a8:e2:d3:eb:
                    b2:d6:f9:5f:41:cf:72:29:1c:d2:ec:cc:b8:d2:c5:
                    f7:d8:90:08:c2:b9:a1:d7:8b:87:d3:50:b9:e9:3e:
                    76:2a:c8:8d:bf:d9:d1:48:47:d7:e3:fe:c4:be:7c:
                    17:29:46:21:84:1e:1a:50:3d:e5:ee:8f:0e:1f:59:
                    df:ae:16:f0:e3:a3:41:ba:a0:d6:3a:d2:1f:e3:9f:
                    b9:ae:b6:e7:ef:d1:02:bd:a5:48:21:63:d3:7f:31:
                    a9:2e:1d:95:52:df:a4:1d:83:93:39:f3:fd:10:14:
                    48:46:6e:33:67:21:d3:53:bd:30:4d:ca:08:7a:31:
                    81:f1:87:4c:94:7d:be:08:ed:ba:38:26:99:a8:90:
                    c2:47:7a:a3:ac:05:3b:b2:9a:c2:7d:9a:5a:f5:45:
                    38:51:c9:2d:8a:64:96:66:d8:ce:41:04:3a:cf:5a:
                    2d:ae:9e:32:0d:55:bd:e0:7e:a0:f0:b1:e5:ad:9b:
                    84:fb:bf:46:46:db:92:1a:6b:d8:06:fb:a7:b1:ed:
                    d9:53:e0:6e:d3:9b:01:07:b7:e2:1b:c5:b8:81:68:
                    be:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:4E:4A:A1:C6:08:AF:CD:0E:9C:97:36:89:CE:2C:6B:B8:96:A6:0C
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/3k5KocYIr80OnJc2ic4sa7iWpgw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.32.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:74:97:b6:c2:42:9e:44:63:72:29:45:af:6a:f8:8c:84:f7:
         8b:aa:35:6a:c2:ed:cb:b0:9a:03:f6:bf:92:f0:c6:43:c6:79:
         04:f7:da:5a:8c:8d:13:de:dc:95:7e:5a:58:13:d4:9f:1c:d9:
         04:8b:67:40:21:25:f0:12:67:23:44:11:75:ef:54:a3:f8:44:
         17:c0:78:fc:cd:63:22:53:67:b5:65:0f:62:00:42:3b:a7:9b:
         a3:ee:42:29:ec:94:1a:f8:39:50:f6:d0:cb:af:ac:6c:3d:a9:
         a3:e5:e9:13:cd:96:4d:5c:d4:48:36:4e:62:9c:18:3e:7d:d2:
         2a:bc:3b:da:6e:b4:0d:df:ce:a7:09:b2:92:21:28:cd:00:28:
         20:aa:43:14:be:22:33:1d:d9:cf:74:5b:4b:c8:f1:91:aa:10:
         6b:10:5e:87:37:c6:57:d2:ff:01:2c:ed:06:49:43:6c:16:6c:
         9c:3e:a0:02:07:4b:69:bf:26:f3:10:59:b7:2c:a6:ce:85:16:
         4d:a4:7a:a5:f1:20:4c:f4:e7:b3:5e:22:21:91:bc:d5:9e:f3:
         d3:71:57:96:ec:8f:b9:f3:a5:04:04:ba:ab:af:16:f7:4b:c2:
         d5:2f:37:97:bd:d5:b2:c1:7e:53:c3:35:22:be:3d:a8:a9:bc:
         a4:fd:9a:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb7AAMnSRyROieLb4twg7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTNkM2JhMTk3ZjVjZTMwOThiZmE3NzAwYjQzODU0ZWFh
ODBlOWUwHhcNMjQwMTAyMDQzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTRlNGFhMWM2MDhhZmNkMGU5Yzk3MzY4OWNlMmM2YmI4OTZhNjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAodmJpx3XrYxrFSl7RBIBN2NKvYfe
vRM6ftSL7rSgbbqsnxxVJyEFWKji0+uy1vlfQc9yKRzS7My40sX32JAIwrmh14uH
01C56T52KsiNv9nRSEfX4/7EvnwXKUYhhB4aUD3l7o8OH1nfrhbw46NBuqDWOtIf
45+5rrbn79ECvaVIIWPTfzGpLh2VUt+kHYOTOfP9EBRIRm4zZyHTU70wTcoIejGB
8YdMlH2+CO26OCaZqJDCR3qjrAU7sprCfZpa9UU4UcktimSWZtjOQQQ6z1otrp4y
DVW94H6g8LHlrZuE+79GRtuSGmvYBvunse3ZU+Bu05sBB7fiG8W4gWi+0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN5OSqHGCK/NDpyXNonOLGu4lqYMMB8GA1UdIwQY
MBaAFC+T07oZf1zjCYv6dwC0OFTqqA6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUt
OWU3MWRjMjRhNjgzLzEvM2s1S29jWUlyODBPbkpjMmljNHNhN2lXcGd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUtOWU3MWRjMjRhNjgz
LzEvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSBAMA0G
CSqGSIb3DQEBCwUAA4IBAQCldJe2wkKeRGNyKUWvaviMhPeLqjVqwu3LsJoD9r+S
8MZDxnkE99pajI0T3tyVflpYE9SfHNkEi2dAISXwEmcjRBF171Sj+EQXwHj8zWMi
U2e1ZQ9iAEI7p5uj7kIp7JQa+DlQ9tDLr6xsPamj5ekTzZZNXNRINk5inBg+fdIq
vDvabrQN386nCbKSISjNACggqkMUviIzHdnPdFtLyPGRqhBrEF6HN8ZX0v8BLO0G
SUNsFmycPqACB0tpvybzEFm3LKbOhRZNpHql8SBM9OezXiIhkbzVnvPTcVeW7I+5
86UEBLqrrxb3S8LVLzeXvdWywX5TwzUivj2oqbyk/ZrH
-----END CERTIFICATE-----