Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/rpE0M3xlNKVJp1ftn1gGL7GTYfE.roa
File:                     rpE0M3xlNKVJp1ftn1gGL7GTYfE.roa (raw, json)
Hash identifier:          aywEOaH1E1/43suab9yptHYbWgF5bMpSyv2X8trbD3s=
Subject key identifier:   AE:91:34:33:7C:65:34:A5:49:A7:57:ED:9F:58:06:2F:B1:93:61:F1
Certificate issuer:       /CN=d93da2019909d9fc37829fd9ec29d948ecff7c92
Certificate serial:       018DEE1E7012E8DD7244B78D294A86C2DEAC
Authority key identifier: D9:3D:A2:01:99:09:D9:FC:37:82:9F:D9:EC:29:D9:48:EC:FF:7C:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/rpE0M3xlNKVJp1ftn1gGL7GTYfE.roa
Signing time:             Wed 28 Feb 2024 05:09:48 +0000
ROA not before:           Wed 28 Feb 2024 05:09:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31898
IP address blocks:        188.209.132.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 15:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ee:1e:70:12:e8:dd:72:44:b7:8d:29:4a:86:c2:de:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d93da2019909d9fc37829fd9ec29d948ecff7c92
        Validity
            Not Before: Feb 28 05:09:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae9134337c6534a549a757ed9f58062fb19361f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:62:c5:a2:c2:8c:64:37:19:24:e2:76:c9:c7:
                    f2:99:64:de:4b:c4:8b:08:db:1c:d4:0c:85:9c:fd:
                    45:cd:bb:0e:66:65:e6:25:98:8f:9d:25:a7:c6:d2:
                    8a:30:dd:4b:24:fa:8d:0d:c4:2c:6e:34:71:67:6e:
                    8f:57:29:7b:cf:95:05:bb:ae:ae:fa:38:d6:9c:20:
                    37:67:be:ee:9b:27:d8:f2:c2:09:bc:dd:db:6d:4f:
                    2b:40:09:b5:02:98:ae:f0:2a:8b:4c:5b:56:9c:0b:
                    9f:20:ec:d8:33:43:a7:f1:dc:61:51:4b:82:c9:bd:
                    ca:0b:fe:1b:db:f7:f7:4a:23:c7:17:de:ea:c1:49:
                    67:7a:40:ab:eb:8e:cf:73:90:63:3c:91:d3:74:8a:
                    c3:4a:22:a6:96:07:40:c5:a6:0a:4b:69:1f:59:3c:
                    28:dc:69:45:14:2c:78:38:f7:b1:fb:38:80:22:fe:
                    25:a7:57:55:4b:c3:58:52:cf:58:55:94:a1:16:63:
                    83:e9:22:99:2c:6d:cd:0d:f9:94:7b:80:1c:7a:e9:
                    04:f8:bd:89:b1:d1:a7:d7:d5:99:4a:df:9a:07:94:
                    1b:7c:12:fd:a7:cd:c7:b8:d9:c8:1c:c0:be:4f:69:
                    6a:b5:e8:4c:3d:37:50:f8:f5:e6:1f:ea:16:eb:c9:
                    69:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:91:34:33:7C:65:34:A5:49:A7:57:ED:9F:58:06:2F:B1:93:61:F1
            X509v3 Authority Key Identifier:
                keyid:D9:3D:A2:01:99:09:D9:FC:37:82:9F:D9:EC:29:D9:48:EC:FF:7C:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/rpE0M3xlNKVJp1ftn1gGL7GTYfE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.209.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:5a:d9:b7:14:6e:55:69:7d:d7:04:52:f9:82:1c:ae:93:99:
         88:77:3e:d8:4c:90:4b:ac:12:b1:fd:f4:b1:20:ea:cd:dd:84:
         3b:22:86:4e:46:c5:94:c7:62:1c:29:80:0c:db:b2:9a:24:1f:
         4b:5c:87:79:aa:0f:0c:90:33:92:62:af:e6:17:ff:c8:49:f8:
         c2:d7:a1:70:4d:ee:55:73:75:85:46:8f:0b:02:6a:cd:fe:91:
         46:32:2a:00:84:6c:3a:78:29:21:44:57:7e:23:8b:a1:fd:a0:
         3f:c8:b5:c1:30:ad:11:34:6a:4a:a0:61:af:ed:22:e0:d6:81:
         9d:dc:9f:b9:05:55:54:08:2c:1f:26:a0:79:c1:01:d0:97:ab:
         94:fd:b8:3e:8d:d9:ea:8d:09:e2:b9:78:5e:48:84:f4:e3:da:
         83:10:1a:ee:fb:97:27:a3:d5:cd:0c:32:8b:43:31:ac:38:2e:
         ee:a1:47:f5:4a:13:45:f4:60:56:72:c6:d6:8d:e1:68:a8:cd:
         e4:49:6b:fd:02:f1:7d:59:a5:cc:46:2e:51:5d:f3:99:d8:1b:
         1a:a2:84:a4:88:10:ed:c1:38:db:59:36:d0:42:2f:96:20:ea:
         82:3a:1e:8a:95:98:61:99:22:4e:91:be:e1:d0:14:6b:04:be:
         b7:f6:56:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3uHnAS6N1yRLeNKUqGwt6sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5M2RhMjAxOTkwOWQ5ZmMzNzgyOWZkOWVjMjlkOTQ4ZWNm
ZjdjOTIwHhcNMjQwMjI4MDUwOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTkxMzQzMzdjNjUzNGE1NDlhNzU3ZWQ5ZjU4MDYyZmIxOTM2MWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumLFosKMZDcZJOJ2ycfymWTeS8SL
CNsc1AyFnP1FzbsOZmXmJZiPnSWnxtKKMN1LJPqNDcQsbjRxZ26PVyl7z5UFu66u
+jjWnCA3Z77umyfY8sIJvN3bbU8rQAm1Apiu8CqLTFtWnAufIOzYM0On8dxhUUuC
yb3KC/4b2/f3SiPHF97qwUlnekCr647Pc5BjPJHTdIrDSiKmlgdAxaYKS2kfWTwo
3GlFFCx4OPex+ziAIv4lp1dVS8NYUs9YVZShFmOD6SKZLG3NDfmUe4AceukE+L2J
sdGn19WZSt+aB5QbfBL9p83HuNnIHMC+T2lqtehMPTdQ+PXmH+oW68lpWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK6RNDN8ZTSlSadX7Z9YBi+xk2HxMB8GA1UdIwQY
MBaAFNk9ogGZCdn8N4Kf2ewp2Ujs/3ySMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlQyaUFaa0oyZnczZ3BfWjdDblpTT3pfZkpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi80N2FmYTMtY2UzMS00MDYwLWEwNzgt
ZjVhZGRkZGYxZWM1LzEvcnBFME0zeGxOS1ZKcDFmdG4xZ0dMN0dUWWZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi80N2FmYTMtY2UzMS00MDYwLWEwNzgtZjVhZGRkZGYxZWM1
LzEvMlQyaUFaa0oyZnczZ3BfWjdDblpTT3pfZkpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNGEMA0G
CSqGSIb3DQEBCwUAA4IBAQB9Wtm3FG5VaX3XBFL5ghyuk5mIdz7YTJBLrBKx/fSx
IOrN3YQ7IoZORsWUx2IcKYAM27KaJB9LXId5qg8MkDOSYq/mF//ISfjC16FwTe5V
c3WFRo8LAmrN/pFGMioAhGw6eCkhRFd+I4uh/aA/yLXBMK0RNGpKoGGv7SLg1oGd
3J+5BVVUCCwfJqB5wQHQl6uU/bg+jdnqjQniuXheSIT049qDEBru+5cno9XNDDKL
QzGsOC7uoUf1ShNF9GBWcsbWjeFoqM3kSWv9AvF9WaXMRi5RXfOZ2BsaooSkiBDt
wTjbWTbQQi+WIOqCOh6KlZhhmSJOkb7h0BRrBL639laO
-----END CERTIFICATE-----