Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/ooUKIDwaBNnLDwUE8C-3Dew7RDw.roa
File:                     ooUKIDwaBNnLDwUE8C-3Dew7RDw.roa (raw, json)
Hash identifier:          fV7wR0rgNo9v5hk0fkqiWy/znCMYX55x3bhW7c+/pHw=
Subject key identifier:   A2:85:0A:20:3C:1A:04:D9:CB:0F:05:04:F0:2F:B7:0D:EC:3B:44:3C
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       0192EE52DFB5B1B6C58AD2F0C2F420AEA3C4
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/ooUKIDwaBNnLDwUE8C-3Dew7RDw.roa
Signing time:             Sat 02 Nov 2024 19:21:01 +0000
ROA not before:           Sat 02 Nov 2024 19:21:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213937
IP address blocks:        194.32.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:09:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:ee:52:df:b5:b1:b6:c5:8a:d2:f0:c2:f4:20:ae:a3:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Nov  2 19:21:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2850a203c1a04d9cb0f0504f02fb70dec3b443c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:fc:27:30:0c:01:83:d1:b1:82:93:46:4a:84:
                    04:de:14:c4:a0:f2:77:43:44:f7:53:1d:b0:44:78:
                    76:2d:91:bb:1a:f4:9b:59:ee:53:01:5e:25:b3:88:
                    a4:6a:ac:08:59:d0:29:b1:a8:49:7d:4c:89:3d:8e:
                    30:44:af:0f:81:5c:91:74:f8:21:9c:33:1e:26:06:
                    08:86:10:32:28:a3:c2:54:31:8f:ce:60:e2:91:ab:
                    b1:4d:67:cc:ef:60:17:62:1f:6d:4e:0a:8a:8d:03:
                    d0:81:1a:2d:5a:5b:d9:79:09:0c:10:05:b2:29:eb:
                    cd:68:bb:9b:42:2a:b2:c4:10:89:be:b1:02:42:c4:
                    53:02:b2:dd:d6:6c:97:55:8e:9e:71:07:22:94:49:
                    8b:e6:27:ce:b2:4d:74:e5:9d:f4:4f:b2:72:82:8c:
                    7f:45:7b:6e:32:5a:c3:13:fd:ee:42:87:46:69:67:
                    e3:32:f6:9b:be:c8:df:a3:c5:33:2d:e3:bc:c0:cd:
                    81:5b:4f:6d:4b:30:1a:07:ce:f2:5e:b8:7d:3d:af:
                    8f:0a:98:dd:50:e7:48:59:ed:28:cf:4f:c6:31:5c:
                    71:de:69:ef:ee:10:37:f3:f5:10:51:5f:d3:db:e5:
                    f1:05:a1:78:82:e0:27:5d:3a:c5:60:34:cc:43:a2:
                    e7:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:85:0A:20:3C:1A:04:D9:CB:0F:05:04:F0:2F:B7:0D:EC:3B:44:3C
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/ooUKIDwaBNnLDwUE8C-3Dew7RDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.32.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:10:c5:71:ef:52:96:22:10:ca:de:91:b6:c7:4c:c5:3b:04:
         dc:2a:ac:45:66:a9:7d:4c:96:c5:83:23:f3:3e:0a:27:fc:6e:
         06:0d:35:1e:16:2d:29:e5:68:45:a4:5d:e6:4e:76:cf:e2:9d:
         55:dc:92:ba:71:90:2d:d9:b5:c3:f6:3e:46:8e:98:4e:93:38:
         a9:44:93:3f:51:3b:7c:e1:1c:c0:ee:53:2a:3c:53:26:1f:ab:
         96:55:57:95:29:47:45:5b:8c:3e:c1:6a:7c:c0:27:4a:6d:40:
         d1:f5:d7:01:ba:75:00:ed:c0:ff:1c:21:99:74:ea:89:f7:4a:
         dd:cd:a9:b2:bf:7f:d3:d2:7d:25:5c:a0:33:9b:f1:df:7b:56:
         e4:c9:68:bc:8a:db:9c:ee:6a:3f:2c:e7:55:04:14:1d:b9:6a:
         7c:00:db:66:6e:b2:fa:50:57:7d:47:09:90:b7:e3:4c:4e:a1:
         ca:c6:32:63:7f:7d:7e:d0:06:23:43:65:4d:28:17:f2:0b:a2:
         ca:d5:38:b4:81:4c:c5:0d:93:e1:1f:01:3a:54:16:b0:c6:03:
         f3:76:6d:d7:5f:a2:a5:d3:9c:2f:4a:ed:f5:cf:4f:6d:ad:d2:
         90:6c:c4:76:b3:7d:00:e3:4c:b6:fa:70:6a:12:53:b9:a8:59:
         e8:46:e9:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLuUt+1sbbFitLwwvQgrqPEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQxMTAyMTkyMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjg1MGEyMDNjMWEwNGQ5Y2IwZjA1MDRmMDJmYjcwZGVjM2I0NDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0vwnMAwBg9GxgpNGSoQE3hTEoPJ3
Q0T3Ux2wRHh2LZG7GvSbWe5TAV4ls4ikaqwIWdApsahJfUyJPY4wRK8PgVyRdPgh
nDMeJgYIhhAyKKPCVDGPzmDikauxTWfM72AXYh9tTgqKjQPQgRotWlvZeQkMEAWy
KevNaLubQiqyxBCJvrECQsRTArLd1myXVY6ecQcilEmL5ifOsk105Z30T7Jygox/
RXtuMlrDE/3uQodGaWfjMvabvsjfo8UzLeO8wM2BW09tSzAaB87yXrh9Pa+PCpjd
UOdIWe0oz0/GMVxx3mnv7hA38/UQUV/T2+XxBaF4guAnXTrFYDTMQ6LnLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKKFCiA8GgTZyw8FBPAvtw3sO0Q8MB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvb29VS0lEd2FCTm5MRHdVRThDLTNEZXc3UkR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiDyMA0G
CSqGSIb3DQEBCwUAA4IBAQAmEMVx71KWIhDK3pG2x0zFOwTcKqxFZql9TJbFgyPz
Pgon/G4GDTUeFi0p5WhFpF3mTnbP4p1V3JK6cZAt2bXD9j5GjphOkzipRJM/UTt8
4RzA7lMqPFMmH6uWVVeVKUdFW4w+wWp8wCdKbUDR9dcBunUA7cD/HCGZdOqJ90rd
zamyv3/T0n0lXKAzm/Hfe1bkyWi8ituc7mo/LOdVBBQduWp8ANtmbrL6UFd9RwmQ
t+NMTqHKxjJjf31+0AYjQ2VNKBfyC6LK1Ti0gUzFDZPhHwE6VBawxgPzdm3XX6Kl
05wvSu31z09trdKQbMR2s30A40y2+nBqElO5qFnoRunz
-----END CERTIFICATE-----