Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/0sbmV52naqRuwI-IpvBtj2_bAZI.roa
File:                     0sbmV52naqRuwI-IpvBtj2_bAZI.roa (raw, json)
Hash identifier:          mQpfsqPbErFSFWz4gNNt3+re99ob8CcA3UXJx+Vu4e4=
Subject key identifier:   D2:C6:E6:57:9D:A7:6A:A4:6E:C0:8F:88:A6:F0:6D:8F:6F:DB:01:92
Certificate issuer:       /CN=d93da2019909d9fc37829fd9ec29d948ecff7c92
Certificate serial:       01935269DD95F610382120EF37FECBF9B190
Authority key identifier: D9:3D:A2:01:99:09:D9:FC:37:82:9F:D9:EC:29:D9:48:EC:FF:7C:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/0sbmV52naqRuwI-IpvBtj2_bAZI.roa
Signing time:             Fri 22 Nov 2024 05:48:09 +0000
ROA not before:           Fri 22 Nov 2024 05:48:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        188.209.132.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:52:69:dd:95:f6:10:38:21:20:ef:37:fe:cb:f9:b1:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d93da2019909d9fc37829fd9ec29d948ecff7c92
        Validity
            Not Before: Nov 22 05:48:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d2c6e6579da76aa46ec08f88a6f06d8f6fdb0192
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:7d:5a:c4:4e:65:2d:49:d4:7e:8a:f4:42:77:
                    15:cb:cc:d0:2b:6d:f8:f7:56:d3:c5:2e:da:c1:4f:
                    fc:8c:b0:b2:7d:1c:83:b6:78:f5:e2:3a:fd:f8:6c:
                    df:46:1a:0a:5e:07:cf:e1:02:85:d0:b1:8b:2a:d3:
                    3c:1c:97:09:5f:e7:de:a8:4e:dc:a9:e3:a6:8e:64:
                    41:da:d1:41:2c:66:50:ff:88:8d:90:f2:7c:a4:c5:
                    29:99:f0:09:c3:a2:8e:80:93:6e:50:fe:d3:0d:47:
                    d5:f3:eb:24:64:c2:a5:d0:29:34:42:66:95:8e:11:
                    81:33:72:e9:2d:d6:30:33:17:51:f9:8a:d9:29:74:
                    df:5c:86:e6:34:74:de:fd:09:18:64:43:da:8f:93:
                    47:96:de:98:cb:bd:80:d9:7e:ab:33:ea:eb:cc:dc:
                    cd:37:7e:32:a5:9c:dd:15:d5:6e:b5:6a:87:e3:ff:
                    e0:b7:57:64:08:6a:23:2f:b6:c9:fd:27:ee:45:6f:
                    b5:28:f8:69:29:2b:a1:6c:e9:0f:30:73:89:f1:4d:
                    b2:cd:db:c6:a0:4e:95:6c:d9:b3:f7:e3:c1:91:48:
                    14:7c:a9:6b:3e:e6:18:16:7f:39:1b:ae:22:c9:1c:
                    fe:ae:0c:49:9e:2f:61:9f:72:de:95:2a:64:a8:c4:
                    5e:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:C6:E6:57:9D:A7:6A:A4:6E:C0:8F:88:A6:F0:6D:8F:6F:DB:01:92
            X509v3 Authority Key Identifier:
                keyid:D9:3D:A2:01:99:09:D9:FC:37:82:9F:D9:EC:29:D9:48:EC:FF:7C:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/0sbmV52naqRuwI-IpvBtj2_bAZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.209.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0e:d2:27:ce:e9:87:15:01:42:8b:7e:46:ce:68:5f:cb:e2:73:
         e4:4a:53:c3:99:79:26:ac:0f:d0:91:74:81:ed:b8:53:6b:39:
         08:3e:1b:c3:aa:24:58:19:7a:36:a4:e7:cd:64:06:3d:04:2e:
         ac:50:d0:7e:a4:88:2d:69:ac:0b:8e:38:d8:d2:63:b5:bf:dc:
         2c:b8:16:12:26:bb:67:c3:5e:43:46:43:a1:05:d9:d3:a4:75:
         02:66:ea:5c:ae:e8:9e:4d:cc:f6:0c:83:0e:6d:4a:f9:73:42:
         d7:16:de:bc:87:b5:1b:0f:79:61:be:83:83:48:33:1d:08:f1:
         35:fb:f2:75:89:a5:59:db:be:90:73:26:80:d1:86:d2:8f:11:
         64:e4:24:ae:32:10:3f:1f:31:e8:6c:20:5b:c3:a2:b1:d4:8a:
         10:0b:06:73:8e:f9:79:4b:09:97:18:c1:cb:65:ee:6c:b4:ad:
         1d:35:6c:3a:dc:c6:d5:51:34:46:fa:09:73:5b:b5:c3:f1:61:
         67:27:f8:61:33:a8:65:df:21:23:93:08:b1:be:84:48:d7:98:
         94:4f:9d:bc:ea:3f:36:a7:68:d8:e2:55:b0:38:52:ff:63:87:
         dc:bb:d3:c7:ab:be:21:3e:ad:11:96:92:55:03:cf:00:01:69:
         fe:1e:a6:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNSad2V9hA4ISDvN/7L+bGQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5M2RhMjAxOTkwOWQ5ZmMzNzgyOWZkOWVjMjlkOTQ4ZWNm
ZjdjOTIwHhcNMjQxMTIyMDU0ODA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmM2ZTY1NzlkYTc2YWE0NmVjMDhmODhhNmYwNmQ4ZjZmZGIwMTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp31axE5lLUnUfor0QncVy8zQK234
91bTxS7awU/8jLCyfRyDtnj14jr9+GzfRhoKXgfP4QKF0LGLKtM8HJcJX+feqE7c
qeOmjmRB2tFBLGZQ/4iNkPJ8pMUpmfAJw6KOgJNuUP7TDUfV8+skZMKl0Ck0QmaV
jhGBM3LpLdYwMxdR+YrZKXTfXIbmNHTe/QkYZEPaj5NHlt6Yy72A2X6rM+rrzNzN
N34ypZzdFdVutWqH4//gt1dkCGojL7bJ/SfuRW+1KPhpKSuhbOkPMHOJ8U2yzdvG
oE6VbNmz9+PBkUgUfKlrPuYYFn85G64iyRz+rgxJni9hn3LelSpkqMRe1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNLG5ledp2qkbsCPiKbwbY9v2wGSMB8GA1UdIwQY
MBaAFNk9ogGZCdn8N4Kf2ewp2Ujs/3ySMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlQyaUFaa0oyZnczZ3BfWjdDblpTT3pfZkpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi80N2FmYTMtY2UzMS00MDYwLWEwNzgt
ZjVhZGRkZGYxZWM1LzEvMHNibVY1Mm5hcVJ1d0ktSXB2QnRqMl9iQVpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi80N2FmYTMtY2UzMS00MDYwLWEwNzgtZjVhZGRkZGYxZWM1
LzEvMlQyaUFaa0oyZnczZ3BfWjdDblpTT3pfZkpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCvNGEMA0G
CSqGSIb3DQEBCwUAA4IBAQAO0ifO6YcVAUKLfkbOaF/L4nPkSlPDmXkmrA/QkXSB
7bhTazkIPhvDqiRYGXo2pOfNZAY9BC6sUNB+pIgtaawLjjjY0mO1v9wsuBYSJrtn
w15DRkOhBdnTpHUCZupcruieTcz2DIMObUr5c0LXFt68h7UbD3lhvoODSDMdCPE1
+/J1iaVZ276QcyaA0YbSjxFk5CSuMhA/HzHobCBbw6Kx1IoQCwZzjvl5SwmXGMHL
Ze5stK0dNWw63MbVUTRG+glzW7XD8WFnJ/hhM6hl3yEjkwixvoRI15iUT5286j82
p2jY4lWwOFL/Y4fcu9PHq74hPq0RlpJVA88AAWn+HqaG
-----END CERTIFICATE-----