Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/0de0b4-c99a-4360-a44a-19a1999d9d7e/1/5jr7nQhASWkkTclSyAP4YljHjwE.roa
File:                     5jr7nQhASWkkTclSyAP4YljHjwE.roa (raw, json)
Hash identifier:          uLPyYuBoYB2Ih096fYxfnb5FeveyhF44ud5IUeuPyq4=
Subject key identifier:   E6:3A:FB:9D:08:40:49:69:24:4D:C9:52:C8:03:F8:62:58:C7:8F:01
Certificate issuer:       /CN=363497200400b0f1aae7a87fca36f077e0ed62ce
Certificate serial:       018CC7273E8DCDCB122CFC1DBBCF0611D301
Authority key identifier: 36:34:97:20:04:00:B0:F1:AA:E7:A8:7F:CA:36:F0:77:E0:ED:62:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NjSXIAQAsPGq56h_yjbwd-DtYs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/0de0b4-c99a-4360-a44a-19a1999d9d7e/1/5jr7nQhASWkkTclSyAP4YljHjwE.roa
Signing time:             Mon 01 Jan 2024 22:31:27 +0000
ROA not before:           Mon 01 Jan 2024 22:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210755
IP address blocks:        193.200.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/0de0b4-c99a-4360-a44a-19a1999d9d7e/1/NjSXIAQAsPGq56h_yjbwd-DtYs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/0de0b4-c99a-4360-a44a-19a1999d9d7e/1/NjSXIAQAsPGq56h_yjbwd-DtYs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NjSXIAQAsPGq56h_yjbwd-DtYs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:3e:8d:cd:cb:12:2c:fc:1d:bb:cf:06:11:d3:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=363497200400b0f1aae7a87fca36f077e0ed62ce
        Validity
            Not Before: Jan  1 22:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e63afb9d08404969244dc952c803f86258c78f01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:40:57:ff:5f:1d:11:d4:7b:22:7e:10:f6:4c:
                    e3:15:59:b8:30:aa:5b:93:ae:1e:29:6b:17:81:05:
                    6a:75:2b:27:38:97:d3:3f:15:6a:f2:eb:2c:5f:9d:
                    89:31:ed:c2:59:ec:85:7c:dd:75:97:98:71:ae:d8:
                    cb:9c:e4:e8:27:52:df:c2:4b:b9:42:6f:9a:eb:98:
                    9a:cb:60:9b:69:fd:0d:47:02:13:3f:bd:0c:84:0e:
                    14:12:1b:26:33:f1:00:e4:ac:1b:e7:4d:a7:c1:36:
                    fc:17:ec:9f:d3:eb:be:18:03:0a:58:65:59:d0:af:
                    4a:2b:e3:55:8d:23:d4:f1:96:e9:a9:2c:20:14:a5:
                    dc:9a:4f:40:ef:73:d9:54:32:d3:4b:72:3d:cf:28:
                    02:e0:16:5e:62:43:81:45:80:7c:f7:5e:e2:1d:b4:
                    22:5a:82:54:53:7e:9f:d0:a8:18:5d:6d:e6:5d:86:
                    be:51:7e:44:23:66:da:a0:07:2c:3b:2b:55:b8:1b:
                    b0:c2:8d:f2:9e:36:2c:f8:bc:8a:66:c4:7b:73:a7:
                    80:9c:25:45:39:0d:7c:98:64:55:3f:7b:79:08:28:
                    fd:d4:8e:99:47:b5:60:f7:58:a4:1a:7c:9f:91:50:
                    e8:f9:a4:a9:b9:27:83:0f:8c:00:5d:14:04:8e:bb:
                    c3:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:3A:FB:9D:08:40:49:69:24:4D:C9:52:C8:03:F8:62:58:C7:8F:01
            X509v3 Authority Key Identifier:
                keyid:36:34:97:20:04:00:B0:F1:AA:E7:A8:7F:CA:36:F0:77:E0:ED:62:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NjSXIAQAsPGq56h_yjbwd-DtYs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/0de0b4-c99a-4360-a44a-19a1999d9d7e/1/5jr7nQhASWkkTclSyAP4YljHjwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/0de0b4-c99a-4360-a44a-19a1999d9d7e/1/NjSXIAQAsPGq56h_yjbwd-DtYs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:c4:33:94:a5:36:66:28:08:17:9e:e1:e4:d4:9f:62:e3:6a:
         ce:c7:e1:20:6c:60:91:4b:d7:6f:af:39:02:14:85:53:74:ad:
         26:7d:1f:ff:71:cf:00:72:d4:cf:c1:3c:ca:3a:b8:04:c8:81:
         23:e5:16:36:3d:27:e0:36:fc:cc:ba:d5:dd:21:63:9f:25:78:
         a1:bd:13:be:e3:3d:e2:78:fd:a9:2e:4c:2f:fa:e7:2c:8e:b3:
         05:10:7e:7a:89:c4:7a:50:1b:ec:c5:b7:61:93:93:98:8f:09:
         47:d5:cc:05:70:eb:95:45:51:de:20:62:59:b6:9e:0f:28:f7:
         54:b1:3a:98:4e:0d:5b:63:70:60:6f:be:74:f7:16:4d:c7:1a:
         78:4f:81:88:7d:9a:88:a2:ce:9d:54:d5:13:1f:69:cf:10:c0:
         5f:ed:f8:e5:79:3c:43:f5:9b:3f:65:7b:2f:4a:1b:e3:ae:d2:
         8f:de:98:2e:8f:24:2e:5c:5f:1e:ea:b4:77:5b:4d:f5:08:01:
         e3:3e:88:f1:a3:69:3c:bb:da:33:a9:93:ad:45:df:54:bc:7c:
         fb:51:3d:d0:ca:c5:53:cd:9b:52:a6:20:02:a7:76:f9:45:14:
         2a:0e:8c:82:4f:81:6c:d0:a8:af:ed:b0:5f:3d:84:7f:7e:8d:
         89:1c:e6:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJz6NzcsSLPwdu88GEdMBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MzQ5NzIwMDQwMGIwZjFhYWU3YTg3ZmNhMzZmMDc3ZTBl
ZDYyY2UwHhcNMjQwMTAxMjIzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjNhZmI5ZDA4NDA0OTY5MjQ0ZGM5NTJjODAzZjg2MjU4Yzc4ZjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0BX/18dEdR7In4Q9kzjFVm4MKpb
k64eKWsXgQVqdSsnOJfTPxVq8ussX52JMe3CWeyFfN11l5hxrtjLnOToJ1Lfwku5
Qm+a65iay2Cbaf0NRwITP70MhA4UEhsmM/EA5Kwb502nwTb8F+yf0+u+GAMKWGVZ
0K9KK+NVjSPU8ZbpqSwgFKXcmk9A73PZVDLTS3I9zygC4BZeYkOBRYB8917iHbQi
WoJUU36f0KgYXW3mXYa+UX5EI2baoAcsOytVuBuwwo3ynjYs+LyKZsR7c6eAnCVF
OQ18mGRVP3t5CCj91I6ZR7Vg91ikGnyfkVDo+aSpuSeDD4wAXRQEjrvDmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOY6+50IQElpJE3JUsgD+GJYx48BMB8GA1UdIwQY
MBaAFDY0lyAEALDxqueof8o28Hfg7WLOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmpTWElBUUFzUEdxNTZoX3lqYndkLUR0WXM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC8wZGUwYjQtYzk5YS00MzYwLWE0NGEt
MTlhMTk5OWQ5ZDdlLzEvNWpyN25RaEFTV2trVGNsU3lBUDRZbGpIandFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC8wZGUwYjQtYzk5YS00MzYwLWE0NGEtMTlhMTk5OWQ5ZDdl
LzEvTmpTWElBUUFzUEdxNTZoX3lqYndkLUR0WXM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcggMA0G
CSqGSIb3DQEBCwUAA4IBAQAIxDOUpTZmKAgXnuHk1J9i42rOx+EgbGCRS9dvrzkC
FIVTdK0mfR//cc8ActTPwTzKOrgEyIEj5RY2PSfgNvzMutXdIWOfJXihvRO+4z3i
eP2pLkwv+ucsjrMFEH56icR6UBvsxbdhk5OYjwlH1cwFcOuVRVHeIGJZtp4PKPdU
sTqYTg1bY3Bgb7509xZNxxp4T4GIfZqIos6dVNUTH2nPEMBf7fjleTxD9Zs/ZXsv
ShvjrtKP3pgujyQuXF8e6rR3W031CAHjPojxo2k8u9ozqZOtRd9UvHz7UT3QysVT
zZtSpiACp3b5RRQqDoyCT4Fs0Kiv7bBfPYR/fo2JHOaU
-----END CERTIFICATE-----