Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/27ac32-afcf-4e28-abfe-4683bfed0038/1/xUHrYAg3-CFrcmiAnwT4QdLaBi8.roa
File:                     xUHrYAg3-CFrcmiAnwT4QdLaBi8.roa (raw, json)
Hash identifier:          3nuCd28+cUFwO1Cpv8+SpL3T8tKW1Zh/0PG6YL+JJgQ=
Subject key identifier:   C5:41:EB:60:08:37:F8:21:6B:72:68:80:9F:04:F8:41:D2:DA:06:2F
Certificate issuer:       /CN=e3fa1a0a88bbb54b3f82fc2597d252aff7613bc5
Certificate serial:       018CC8022A47CB0409F03A6BDEEE4E727AFE
Authority key identifier: E3:FA:1A:0A:88:BB:B5:4B:3F:82:FC:25:97:D2:52:AF:F7:61:3B:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4_oaCoi7tUs_gvwll9JSr_dhO8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/27ac32-afcf-4e28-abfe-4683bfed0038/1/xUHrYAg3-CFrcmiAnwT4QdLaBi8.roa
Signing time:             Tue 02 Jan 2024 02:30:34 +0000
ROA not before:           Tue 02 Jan 2024 02:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42831
IP address blocks:        194.32.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/27ac32-afcf-4e28-abfe-4683bfed0038/1/4_oaCoi7tUs_gvwll9JSr_dhO8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/27ac32-afcf-4e28-abfe-4683bfed0038/1/4_oaCoi7tUs_gvwll9JSr_dhO8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4_oaCoi7tUs_gvwll9JSr_dhO8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:2a:47:cb:04:09:f0:3a:6b:de:ee:4e:72:7a:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3fa1a0a88bbb54b3f82fc2597d252aff7613bc5
        Validity
            Not Before: Jan  2 02:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c541eb600837f8216b7268809f04f841d2da062f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:ed:6e:77:78:1b:e0:24:1d:2d:f5:24:99:4c:
                    d8:b5:37:e2:9b:2f:f7:d3:9c:24:00:47:8d:f4:ce:
                    79:50:3d:57:c9:72:1a:b0:57:98:06:6c:d4:36:37:
                    33:77:7d:c4:54:eb:3b:ad:ec:d9:ec:42:00:6a:8f:
                    a4:b9:71:39:78:79:01:ba:d3:60:84:29:20:9a:fb:
                    60:53:63:bc:12:35:92:0e:e7:d2:07:fd:8c:cc:89:
                    10:9f:16:96:1c:d4:fe:ed:50:81:95:01:54:85:ad:
                    23:1b:11:ce:45:d1:eb:7f:5a:75:af:7f:c7:48:ec:
                    9a:b7:3a:bc:cc:1d:57:49:c4:4e:d5:81:49:87:f5:
                    cc:b1:19:10:c4:9d:30:f8:93:49:62:ff:d0:ee:ed:
                    d7:53:40:df:0a:ab:0f:d9:c5:e8:ca:52:d3:56:a1:
                    e7:dc:e4:9e:08:9a:4f:7d:ff:f8:ce:9b:78:01:71:
                    4d:83:af:ed:1c:e2:f9:81:52:d0:a5:f8:9d:bc:dc:
                    f2:8d:7f:c0:48:1f:b3:72:f5:8f:b4:5b:53:f4:63:
                    1c:f0:2c:fa:a6:4b:d0:d7:f9:a8:06:6e:61:f8:6a:
                    62:a2:80:db:70:35:bd:54:9a:05:75:3b:57:18:2a:
                    3a:7f:75:e0:dc:83:e2:8e:8a:c5:26:df:20:15:e1:
                    f5:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:41:EB:60:08:37:F8:21:6B:72:68:80:9F:04:F8:41:D2:DA:06:2F
            X509v3 Authority Key Identifier:
                keyid:E3:FA:1A:0A:88:BB:B5:4B:3F:82:FC:25:97:D2:52:AF:F7:61:3B:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4_oaCoi7tUs_gvwll9JSr_dhO8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/27ac32-afcf-4e28-abfe-4683bfed0038/1/xUHrYAg3-CFrcmiAnwT4QdLaBi8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/27ac32-afcf-4e28-abfe-4683bfed0038/1/4_oaCoi7tUs_gvwll9JSr_dhO8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.32.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:27:ee:60:b7:81:ba:8e:ef:1b:bf:97:39:59:0d:c8:48:e4:
         7f:5b:ff:2a:c5:30:81:d7:1f:07:c2:38:fc:19:63:13:02:32:
         81:2e:29:98:00:fd:57:11:b4:64:d7:a6:af:09:6c:3a:c8:2f:
         4c:36:0a:96:54:8f:e5:07:8c:08:27:da:f7:03:3d:86:2b:52:
         84:60:27:1b:45:1b:25:ad:25:43:1b:f4:e5:34:87:3a:b2:cc:
         9e:b9:39:b8:9a:b3:08:25:72:3c:9a:35:f0:92:4e:0e:fa:a8:
         4d:71:77:eb:c7:f4:4b:81:0a:30:d6:78:d1:33:c8:08:b1:26:
         6a:17:c0:b4:03:27:87:77:4c:48:bd:2e:ee:3c:94:9c:77:a1:
         a8:76:3e:d6:d6:e2:8e:32:79:e8:25:5a:55:10:5d:55:1d:4a:
         10:0b:e7:f1:0d:34:15:5e:85:df:32:d0:75:ba:75:20:52:40:
         08:f7:61:33:6a:80:03:ea:72:e8:28:db:28:00:80:48:78:06:
         64:a8:3b:f7:7c:38:03:01:ea:d5:cd:70:07:1d:17:7d:83:b6:
         af:f1:b1:52:66:b8:70:0b:cc:df:2b:75:b6:48:2a:1b:ce:f3:
         88:61:ac:fd:3e:86:59:43:71:97:ec:b1:e8:ae:fd:28:ec:25:
         eb:c7:37:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAipHywQJ8Dpr3u5Ocnr+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZmExYTBhODhiYmI1NGIzZjgyZmMyNTk3ZDI1MmFmZjc2
MTNiYzUwHhcNMjQwMTAyMDIzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTQxZWI2MDA4MzdmODIxNmI3MjY4ODA5ZjA0Zjg0MWQyZGEwNjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgu1ud3gb4CQdLfUkmUzYtTfimy/3
05wkAEeN9M55UD1XyXIasFeYBmzUNjczd33EVOs7rezZ7EIAao+kuXE5eHkButNg
hCkgmvtgU2O8EjWSDufSB/2MzIkQnxaWHNT+7VCBlQFUha0jGxHORdHrf1p1r3/H
SOyatzq8zB1XScRO1YFJh/XMsRkQxJ0w+JNJYv/Q7u3XU0DfCqsP2cXoylLTVqHn
3OSeCJpPff/4zpt4AXFNg6/tHOL5gVLQpfidvNzyjX/ASB+zcvWPtFtT9GMc8Cz6
pkvQ1/moBm5h+GpiooDbcDW9VJoFdTtXGCo6f3Xg3IPijorFJt8gFeH1ZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMVB62AIN/gha3JogJ8E+EHS2gYvMB8GA1UdIwQY
MBaAFOP6GgqIu7VLP4L8JZfSUq/3YTvFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNF9vYUNvaTd0VXNfZ3Z3bGw5SlNyX2RoTzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS8yN2FjMzItYWZjZi00ZTI4LWFiZmUt
NDY4M2JmZWQwMDM4LzEveFVIcllBZzMtQ0ZyY21pQW53VDRRZExhQmk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS8yN2FjMzItYWZjZi00ZTI4LWFiZmUtNDY4M2JmZWQwMDM4
LzEvNF9vYUNvaTd0VXNfZ3Z3bGw5SlNyX2RoTzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiCkMA0G
CSqGSIb3DQEBCwUAA4IBAQAjJ+5gt4G6ju8bv5c5WQ3ISOR/W/8qxTCB1x8Hwjj8
GWMTAjKBLimYAP1XEbRk16avCWw6yC9MNgqWVI/lB4wIJ9r3Az2GK1KEYCcbRRsl
rSVDG/TlNIc6ssyeuTm4mrMIJXI8mjXwkk4O+qhNcXfrx/RLgQow1njRM8gIsSZq
F8C0AyeHd0xIvS7uPJScd6Godj7W1uKOMnnoJVpVEF1VHUoQC+fxDTQVXoXfMtB1
unUgUkAI92EzaoAD6nLoKNsoAIBIeAZkqDv3fDgDAerVzXAHHRd9g7av8bFSZrhw
C8zfK3W2SCobzvOIYaz9PoZZQ3GX7LHorv0o7CXrxzc3
-----END CERTIFICATE-----