Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/AXsJkgj9v0Il8ryAZHBP1_gwizM.roa
File:                     AXsJkgj9v0Il8ryAZHBP1_gwizM.roa (raw, json)
Hash identifier:          L8yAhFz9Zw282KZGPXswi15c7t1gZVX0drhPW+9deZY=
Subject key identifier:   01:7B:09:92:08:FD:BF:42:25:F2:BC:80:64:70:4F:D7:F8:30:8B:33
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       018DD1E8C6E401F673D38B0DFB624A5EB78E
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/AXsJkgj9v0Il8ryAZHBP1_gwizM.roa
Signing time:             Thu 22 Feb 2024 17:41:49 +0000
ROA not before:           Thu 22 Feb 2024 17:41:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210512
IP address blocks:        193.32.152.0/22 maxlen: 22
                          213.232.68.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d1:e8:c6:e4:01:f6:73:d3:8b:0d:fb:62:4a:5e:b7:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Feb 22 17:41:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=017b099208fdbf4225f2bc8064704fd7f8308b33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:e7:1d:d9:1a:27:31:ea:94:18:b7:da:d9:bf:
                    3b:4e:14:fd:35:fa:b3:72:3f:6d:da:80:1f:28:02:
                    0f:6d:e5:50:44:32:c9:84:4c:8d:9e:e3:ab:82:c8:
                    0d:3d:29:fd:2e:d3:75:2c:33:97:81:7f:19:95:f8:
                    58:f0:da:5e:c0:07:db:4a:4f:7e:1b:b7:e8:55:33:
                    71:c6:97:22:1f:7d:4c:d9:95:07:e5:a5:26:5f:94:
                    18:78:bf:92:94:e3:2c:2e:ba:f5:83:49:32:0c:9f:
                    7b:56:6f:25:bd:83:c1:62:1c:9c:9e:39:84:fb:de:
                    8b:4e:fa:a2:f6:0e:29:2a:d3:f1:ff:54:6c:f3:6f:
                    72:d2:8b:e7:f4:85:16:47:97:0f:96:04:64:b3:c4:
                    2f:bb:b9:d2:8e:66:a5:92:33:09:2b:6c:0e:e0:99:
                    9c:a5:bf:c8:8a:fe:cc:bf:35:af:b6:82:bf:2d:0e:
                    b7:1e:32:5d:89:94:cd:08:00:41:eb:7b:c8:2b:5a:
                    5a:ba:7a:5c:8c:af:98:af:e9:bf:36:22:75:f0:10:
                    3a:0e:65:4e:35:a7:c1:36:94:33:40:89:90:ae:d5:
                    ef:8c:96:73:a8:6f:c6:5e:b8:cb:2b:fa:0a:60:eb:
                    7f:76:82:2e:4f:bb:84:d9:74:12:e6:ff:f1:bb:3f:
                    16:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:7B:09:92:08:FD:BF:42:25:F2:BC:80:64:70:4F:D7:F8:30:8B:33
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/AXsJkgj9v0Il8ryAZHBP1_gwizM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.152.0/22
                  213.232.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         86:2f:13:a6:52:34:a6:7c:78:5b:e4:5f:0d:71:d1:f4:6e:3a:
         0b:7a:06:aa:d2:20:38:dd:7d:ef:56:07:df:4a:5c:4a:67:0e:
         1a:51:59:18:a6:f5:f5:0f:39:11:c5:6a:16:df:a7:23:9c:36:
         02:48:60:13:2f:0a:82:3b:23:25:af:b9:e9:d5:a9:09:3b:24:
         95:6b:ff:fb:63:52:27:ae:cf:5c:91:88:69:a6:c8:e0:43:02:
         08:3b:a5:b1:2b:cb:bb:42:6d:c9:e5:83:fb:08:e7:06:26:c5:
         f8:3b:a1:b3:15:09:74:58:77:b4:bb:70:b9:43:15:c8:65:6f:
         50:d9:c1:df:de:93:95:63:ec:c0:94:0f:be:e0:53:80:1e:6a:
         f4:8a:41:f1:cb:5f:67:9c:25:76:bb:3a:71:d6:bf:8b:e8:da:
         64:04:b9:80:f2:d3:c1:2d:2f:5e:90:1d:81:7d:58:97:a0:5d:
         4e:5f:42:60:30:e7:9d:e2:55:e1:89:0e:9d:ad:fb:8c:fe:3c:
         d3:57:0f:bb:8a:df:c5:29:63:dd:5f:ae:e1:ca:21:37:80:d6:
         9c:ed:e5:02:4f:ac:42:d8:22:71:f5:8f:c3:2b:ee:f0:9b:fe:
         6f:28:31:af:81:18:56:4f:b8:c3:96:77:b1:4b:9a:ca:27:30:
         0c:2b:1c:60
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY3R6MbkAfZz04sN+2JKXreOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwMjIyMTc0MTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTdiMDk5MjA4ZmRiZjQyMjVmMmJjODA2NDcwNGZkN2Y4MzA4YjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwucd2RonMeqUGLfa2b87ThT9Nfqz
cj9t2oAfKAIPbeVQRDLJhEyNnuOrgsgNPSn9LtN1LDOXgX8ZlfhY8NpewAfbSk9+
G7foVTNxxpciH31M2ZUH5aUmX5QYeL+SlOMsLrr1g0kyDJ97Vm8lvYPBYhycnjmE
+96LTvqi9g4pKtPx/1Rs829y0ovn9IUWR5cPlgRks8Qvu7nSjmalkjMJK2wO4Jmc
pb/Iiv7MvzWvtoK/LQ63HjJdiZTNCABB63vIK1paunpcjK+Yr+m/NiJ18BA6DmVO
NafBNpQzQImQrtXvjJZzqG/GXrjLK/oKYOt/doIuT7uE2XQS5v/xuz8W7wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAF7CZII/b9CJfK8gGRwT9f4MIszMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvQVhzSmtnajl2MElsOHJ5QVpIQlAxX2d3aXpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCwSCYAwQC
1ehEMA0GCSqGSIb3DQEBCwUAA4IBAQCGLxOmUjSmfHhb5F8NcdH0bjoLegaq0iA4
3X3vVgffSlxKZw4aUVkYpvX1DzkRxWoW36cjnDYCSGATLwqCOyMlr7np1akJOySV
a//7Y1Inrs9ckYhppsjgQwIIO6WxK8u7Qm3J5YP7COcGJsX4O6GzFQl0WHe0u3C5
QxXIZW9Q2cHf3pOVY+zAlA++4FOAHmr0ikHxy19nnCV2uzpx1r+L6NpkBLmA8tPB
LS9ekB2BfViXoF1OX0JgMOed4lXhiQ6drfuM/jzTVw+7it/FKWPdX67hyiE3gNac
7eUCT6xC2CJx9Y/DK+7wm/5vKDGvgRhWT7jDlnexS5rKJzAMKxxg
-----END CERTIFICATE-----