Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/9062e2-95ae-4656-b2ee-984a8eb51e45/1/yTiEtYptXvB0BTg1nySDb_BXwyM.roa
File:                     yTiEtYptXvB0BTg1nySDb_BXwyM.roa (raw, json)
Hash identifier:          rx7KFJmZoHLiA0GZAQJhxPb6ORIiGjs3/tTqkH9fvyU=
Subject key identifier:   C9:38:84:B5:8A:6D:5E:F0:74:05:38:35:9F:24:83:6F:F0:57:C3:23
Certificate issuer:       /CN=32cb3c05d6a2c51c2ff52dd9dcb9e2b55c4048f9
Certificate serial:       018CC34905BAA128D12EA0584307ED8FB76A
Authority key identifier: 32:CB:3C:05:D6:A2:C5:1C:2F:F5:2D:D9:DC:B9:E2:B5:5C:40:48:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mss8BdaixRwv9S3Z3LnitVxASPk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/9062e2-95ae-4656-b2ee-984a8eb51e45/1/yTiEtYptXvB0BTg1nySDb_BXwyM.roa
Signing time:             Mon 01 Jan 2024 04:29:51 +0000
ROA not before:           Mon 01 Jan 2024 04:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202054
IP address blocks:        185.14.56.0/22 maxlen: 24
                          46.16.132.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/9062e2-95ae-4656-b2ee-984a8eb51e45/1/Mss8BdaixRwv9S3Z3LnitVxASPk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/9062e2-95ae-4656-b2ee-984a8eb51e45/1/Mss8BdaixRwv9S3Z3LnitVxASPk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mss8BdaixRwv9S3Z3LnitVxASPk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:05:ba:a1:28:d1:2e:a0:58:43:07:ed:8f:b7:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32cb3c05d6a2c51c2ff52dd9dcb9e2b55c4048f9
        Validity
            Not Before: Jan  1 04:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c93884b58a6d5ef0740538359f24836ff057c323
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:bd:b9:13:1c:3c:80:f2:84:81:fc:15:db:43:
                    2b:a9:5e:0f:51:bf:70:e0:f2:74:d3:bc:eb:db:37:
                    e3:f1:cd:2f:b1:b3:7d:d4:53:1f:cb:05:bd:43:b1:
                    15:da:eb:e2:3c:88:c5:5f:2a:07:dc:2e:0b:82:b8:
                    fc:00:5d:00:b1:d4:4e:cc:7b:77:fc:18:d0:6c:c8:
                    76:c4:04:42:b1:2e:e9:fd:c4:0b:d2:a2:04:7c:a0:
                    fc:af:88:32:aa:08:49:03:8c:1b:e0:76:c2:9d:1b:
                    33:0b:15:ed:8a:d7:ae:53:67:15:f0:e9:70:11:ed:
                    88:d2:78:cf:d1:20:69:04:ac:0f:2c:48:e9:b2:40:
                    ff:af:03:44:fd:61:04:d6:f9:60:36:a2:03:15:54:
                    0f:b9:8d:7a:d2:f6:f8:5f:b8:17:c6:e4:d6:c5:84:
                    e5:e3:ad:40:a8:35:b7:f7:9b:18:21:4a:c5:bc:4f:
                    e7:29:ce:9a:97:45:2d:1b:a1:92:af:07:06:d2:d2:
                    24:f4:d0:28:42:95:74:d5:71:94:c2:75:03:4d:ab:
                    b6:5f:37:b9:d3:bf:a1:61:65:fc:1e:a2:49:09:4d:
                    f2:34:6b:34:ac:56:09:b8:bd:01:bb:ce:65:e4:7f:
                    75:16:92:a4:d2:49:fa:25:e5:be:f7:82:c9:02:b1:
                    47:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:38:84:B5:8A:6D:5E:F0:74:05:38:35:9F:24:83:6F:F0:57:C3:23
            X509v3 Authority Key Identifier:
                keyid:32:CB:3C:05:D6:A2:C5:1C:2F:F5:2D:D9:DC:B9:E2:B5:5C:40:48:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mss8BdaixRwv9S3Z3LnitVxASPk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/9062e2-95ae-4656-b2ee-984a8eb51e45/1/yTiEtYptXvB0BTg1nySDb_BXwyM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/9062e2-95ae-4656-b2ee-984a8eb51e45/1/Mss8BdaixRwv9S3Z3LnitVxASPk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.16.132.0/22
                  185.14.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2a:ef:9b:cb:98:72:d8:db:eb:d2:08:5f:af:db:9e:54:8d:6a:
         3f:a6:2d:26:80:82:bd:0a:d2:bc:f2:a1:9c:77:57:88:6a:b6:
         4d:8d:19:89:69:18:e0:f0:37:ff:b0:3b:a5:77:40:cf:2f:10:
         bc:58:d7:f0:68:86:da:c6:81:81:6b:b9:de:43:7f:f6:a3:41:
         f0:f7:18:34:d1:14:d4:79:fd:98:ef:18:56:e6:70:df:d1:89:
         63:b4:9f:44:97:a7:4b:ea:23:38:2c:81:f7:d2:e1:b5:8b:eb:
         69:44:aa:74:24:fe:f8:9d:55:ea:c4:25:38:f2:9a:1a:16:22:
         11:df:ec:cb:a3:3c:a6:02:65:5c:08:18:3e:70:b7:98:77:86:
         03:7b:90:c2:b4:af:5c:79:30:8d:02:31:9d:d1:d9:f0:bc:7c:
         17:62:33:74:ee:95:05:e9:08:04:95:7c:b9:40:10:7c:9e:71:
         f4:6d:54:70:25:fb:97:1b:08:ec:7d:8b:26:5f:51:d1:64:9d:
         1f:3a:0a:68:ac:e7:3c:ea:b7:5b:77:a7:ae:a3:ee:02:b1:bd:
         6e:5a:8f:83:d9:4d:ee:a3:61:fb:b1:94:cc:a4:57:d0:db:73:
         88:4f:e4:51:9b:c4:c4:30:13:a3:d0:e8:c5:c2:1a:0b:de:44:
         d9:58:e0:ce
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSQW6oSjRLqBYQwftj7dqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyY2IzYzA1ZDZhMmM1MWMyZmY1MmRkOWRjYjllMmI1NWM0
MDQ4ZjkwHhcNMjQwMTAxMDQyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTM4ODRiNThhNmQ1ZWYwNzQwNTM4MzU5ZjI0ODM2ZmYwNTdjMzIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk725Exw8gPKEgfwV20MrqV4PUb9w
4PJ007zr2zfj8c0vsbN91FMfywW9Q7EV2uviPIjFXyoH3C4Lgrj8AF0AsdROzHt3
/BjQbMh2xARCsS7p/cQL0qIEfKD8r4gyqghJA4wb4HbCnRszCxXtiteuU2cV8Olw
Ee2I0njP0SBpBKwPLEjpskD/rwNE/WEE1vlgNqIDFVQPuY160vb4X7gXxuTWxYTl
461AqDW395sYIUrFvE/nKc6al0UtG6GSrwcG0tIk9NAoQpV01XGUwnUDTau2Xze5
07+hYWX8HqJJCU3yNGs0rFYJuL0Bu85l5H91FpKk0kn6JeW+94LJArFHvwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMk4hLWKbV7wdAU4NZ8kg2/wV8MjMB8GA1UdIwQY
MBaAFDLLPAXWosUcL/Ut2dy54rVcQEj5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXNzOEJkYWl4Und2OVMzWjNMbml0VnhBU1BrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy85MDYyZTItOTVhZS00NjU2LWIyZWUt
OTg0YThlYjUxZTQ1LzEveVRpRXRZcHRYdkIwQlRnMW55U0RiX0JYd3lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy85MDYyZTItOTVhZS00NjU2LWIyZWUtOTg0YThlYjUxZTQ1
LzEvTXNzOEJkYWl4Und2OVMzWjNMbml0VnhBU1BrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLhCEAwQC
uQ44MA0GCSqGSIb3DQEBCwUAA4IBAQAq75vLmHLY2+vSCF+v255UjWo/pi0mgIK9
CtK88qGcd1eIarZNjRmJaRjg8Df/sDuld0DPLxC8WNfwaIbaxoGBa7neQ3/2o0Hw
9xg00RTUef2Y7xhW5nDf0YljtJ9El6dL6iM4LIH30uG1i+tpRKp0JP74nVXqxCU4
8poaFiIR3+zLozymAmVcCBg+cLeYd4YDe5DCtK9ceTCNAjGd0dnwvHwXYjN07pUF
6QgElXy5QBB8nnH0bVRwJfuXGwjsfYsmX1HRZJ0fOgporOc86rdbd6euo+4Csb1u
Wo+D2U3uo2H7sZTMpFfQ23OIT+RRm8TEMBOj0OjFwhoL3kTZWODO
-----END CERTIFICATE-----