Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/196689-2db7-4e80-b92c-3a2ad88deade/1/M1Zb7uwl6jel9-LympB2obGx-gI.roa
File:                     M1Zb7uwl6jel9-LympB2obGx-gI.roa (raw, json)
Hash identifier:          sJMW5VofdhLEu08b+4lUt+J9us3oLh8TusE1ZY86djk=
Subject key identifier:   33:56:5B:EE:EC:25:EA:37:A5:F7:E2:F2:9A:90:76:A1:B1:B1:FA:02
Certificate issuer:       /CN=bda61043542485096b0df4351cc0da977f3770dd
Certificate serial:       018CCA2A58BE556319DF2691C2A3545529E0
Authority key identifier: BD:A6:10:43:54:24:85:09:6B:0D:F4:35:1C:C0:DA:97:7F:37:70:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vaYQQ1QkhQlrDfQ1HMDal383cN0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/196689-2db7-4e80-b92c-3a2ad88deade/1/M1Zb7uwl6jel9-LympB2obGx-gI.roa
Signing time:             Tue 02 Jan 2024 12:33:41 +0000
ROA not before:           Tue 02 Jan 2024 12:33:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2852
IP address blocks:        147.32.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/196689-2db7-4e80-b92c-3a2ad88deade/1/vaYQQ1QkhQlrDfQ1HMDal383cN0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/196689-2db7-4e80-b92c-3a2ad88deade/1/vaYQQ1QkhQlrDfQ1HMDal383cN0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vaYQQ1QkhQlrDfQ1HMDal383cN0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:58:be:55:63:19:df:26:91:c2:a3:54:55:29:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bda61043542485096b0df4351cc0da977f3770dd
        Validity
            Not Before: Jan  2 12:33:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33565beeec25ea37a5f7e2f29a9076a1b1b1fa02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:d2:b9:6c:c4:b7:05:02:d4:ca:77:77:98:38:
                    15:8e:36:5b:32:0a:c9:10:c9:08:71:19:99:49:9f:
                    00:9a:e4:8c:a2:ea:8e:ca:a8:6e:d2:5c:d4:3d:bd:
                    ae:3a:b4:28:89:f8:9e:6e:e1:a0:6e:15:6b:60:30:
                    d4:fe:35:0c:ed:5c:4d:9b:31:0e:11:98:d5:80:b4:
                    5b:32:4a:d1:3a:c6:e8:f2:bf:24:98:b0:a7:00:c3:
                    bb:11:10:37:ff:c0:fa:02:9e:0d:76:cd:37:5f:9e:
                    96:c5:f3:fb:03:20:c3:f6:eb:b7:4e:64:93:f9:c0:
                    26:e9:a6:02:b0:30:dc:68:c0:90:55:6e:8a:90:bf:
                    71:b8:11:82:c3:39:54:cc:1a:bf:56:d6:9f:97:e3:
                    75:e9:1e:fd:55:0c:39:5e:49:fb:87:83:df:ba:25:
                    28:6d:d5:95:2e:68:dc:52:20:41:22:2c:3c:2e:00:
                    86:f5:9d:53:5d:b1:78:b6:aa:50:8a:22:36:9b:81:
                    2f:35:c2:70:dc:92:82:cd:e5:69:bd:75:03:1d:b0:
                    0d:5d:3c:24:35:9b:ab:df:e1:cd:c6:6e:90:5a:73:
                    f3:08:49:25:0c:4c:0a:58:20:79:51:93:b9:ae:ad:
                    87:b5:5a:b7:97:ce:4d:6b:34:2c:34:fd:ba:8c:50:
                    bd:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:56:5B:EE:EC:25:EA:37:A5:F7:E2:F2:9A:90:76:A1:B1:B1:FA:02
            X509v3 Authority Key Identifier:
                keyid:BD:A6:10:43:54:24:85:09:6B:0D:F4:35:1C:C0:DA:97:7F:37:70:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vaYQQ1QkhQlrDfQ1HMDal383cN0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/196689-2db7-4e80-b92c-3a2ad88deade/1/M1Zb7uwl6jel9-LympB2obGx-gI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/196689-2db7-4e80-b92c-3a2ad88deade/1/vaYQQ1QkhQlrDfQ1HMDal383cN0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.32.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2d:a3:7d:8e:3c:dd:25:f8:7e:a9:b9:7c:63:2e:92:7c:b8:85:
         70:43:ba:14:8f:49:38:83:a8:ba:fa:50:29:fb:5e:d9:9c:b3:
         ff:0d:a8:83:93:ce:8d:6d:69:37:97:4e:bf:70:36:6d:94:96:
         d9:73:b9:87:b5:b1:bb:d3:a4:73:58:41:89:67:88:6a:ed:16:
         cb:5a:33:34:53:1b:90:2f:03:62:03:83:aa:97:ed:b2:41:27:
         01:74:ec:ee:81:5a:4c:79:8d:09:d5:b6:5c:14:9b:1d:74:32:
         90:d7:45:79:f4:b3:68:c7:21:83:e0:fc:57:b7:5c:b1:c0:35:
         fd:45:a9:1b:f2:67:09:5b:3a:43:f6:87:72:e4:2e:84:89:98:
         2c:d2:9a:61:4e:e4:b4:ab:a4:b4:3c:30:32:ba:dd:74:45:de:
         6a:0c:b9:6c:59:36:18:72:52:22:6b:6c:98:8e:08:80:a5:15:
         58:a8:6a:17:42:fe:3c:da:45:26:d1:f8:38:58:bf:24:57:32:
         d7:f3:01:cf:55:44:16:fe:54:02:d0:bb:91:d3:6f:60:d8:01:
         d8:1c:59:45:41:6e:fe:5c:38:63:78:0a:b9:80:d0:1b:86:25:
         95:0d:8a:11:9d:9c:3e:5b:a3:77:b7:03:7a:2d:ee:03:f2:03:
         c2:a7:91:df
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzKKli+VWMZ3yaRwqNUVSngMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkYTYxMDQzNTQyNDg1MDk2YjBkZjQzNTFjYzBkYTk3N2Yz
NzcwZGQwHhcNMjQwMTAyMTIzMzQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzU2NWJlZWVjMjVlYTM3YTVmN2UyZjI5YTkwNzZhMWIxYjFmYTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsdK5bMS3BQLUynd3mDgVjjZbMgrJ
EMkIcRmZSZ8AmuSMouqOyqhu0lzUPb2uOrQoifiebuGgbhVrYDDU/jUM7VxNmzEO
EZjVgLRbMkrROsbo8r8kmLCnAMO7ERA3/8D6Ap4Nds03X56WxfP7AyDD9uu3TmST
+cAm6aYCsDDcaMCQVW6KkL9xuBGCwzlUzBq/Vtafl+N16R79VQw5Xkn7h4PfuiUo
bdWVLmjcUiBBIiw8LgCG9Z1TXbF4tqpQiiI2m4EvNcJw3JKCzeVpvXUDHbANXTwk
NZur3+HNxm6QWnPzCEklDEwKWCB5UZO5rq2HtVq3l85NazQsNP26jFC9iwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFDNWW+7sJeo3pffi8pqQdqGxsfoCMB8GA1UdIwQY
MBaAFL2mEENUJIUJaw30NRzA2pd/N3DdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmFZUVExUWtoUWxyRGZRMUhNRGFsMzgzY04wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS8xOTY2ODktMmRiNy00ZTgwLWI5MmMt
M2EyYWQ4OGRlYWRlLzEvTTFaYjd1d2w2amVsOS1MeW1wQjJvYkd4LWdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS8xOTY2ODktMmRiNy00ZTgwLWI5MmMtM2EyYWQ4OGRlYWRl
LzEvdmFZUVExUWtoUWxyRGZRMUhNRGFsMzgzY04wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAkyAwDQYJ
KoZIhvcNAQELBQADggEBAC2jfY483SX4fqm5fGMukny4hXBDuhSPSTiDqLr6UCn7
Xtmcs/8NqIOTzo1taTeXTr9wNm2UltlzuYe1sbvTpHNYQYlniGrtFstaMzRTG5Av
A2IDg6qX7bJBJwF07O6BWkx5jQnVtlwUmx10MpDXRXn0s2jHIYPg/Fe3XLHANf1F
qRvyZwlbOkP2h3LkLoSJmCzSmmFO5LSrpLQ8MDK63XRF3moMuWxZNhhyUiJrbJiO
CIClFVioahdC/jzaRSbR+DhYvyRXMtfzAc9VRBb+VALQu5HTb2DYAdgcWUVBbv5c
OGN4CrmA0BuGJZUNihGdnD5bo3e3A3ot7gPyA8Knkd8=
-----END CERTIFICATE-----