Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/Z32CAJehgk7rySfiQJAurqsn3YA.roa
File:                     Z32CAJehgk7rySfiQJAurqsn3YA.roa (raw, json)
Hash identifier:          NWLrVak/N1nDaRCBSrmr5W2qya1LT5YsaouMRSYw/Kw=
Subject key identifier:   67:7D:82:00:97:A1:82:4E:EB:C9:27:E2:40:90:2E:AE:AB:27:DD:80
Certificate issuer:       /CN=ba9d30e6035be8b8386061f271481c707e04ce2b
Certificate serial:       018CC56E92EEFA5FE76696E80DC21C271470
Authority key identifier: BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/Z32CAJehgk7rySfiQJAurqsn3YA.roa
Signing time:             Mon 01 Jan 2024 14:30:07 +0000
ROA not before:           Mon 01 Jan 2024 14:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51206
IP address blocks:        92.45.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:92:ee:fa:5f:e7:66:96:e8:0d:c2:1c:27:14:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba9d30e6035be8b8386061f271481c707e04ce2b
        Validity
            Not Before: Jan  1 14:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=677d820097a1824eebc927e240902eaeab27dd80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:7b:ec:a1:5c:ef:fd:d5:82:43:f2:c8:e5:57:
                    87:9f:33:ff:b1:9a:87:74:3f:26:ea:25:1a:19:70:
                    30:42:45:dc:a1:43:25:ae:76:64:71:41:c0:4b:c8:
                    eb:40:a3:81:cf:bb:91:60:67:1c:a1:55:9a:be:3d:
                    c0:bc:e0:43:fb:52:0b:ae:26:d7:d9:0c:b5:d3:31:
                    a0:8d:23:7e:64:41:36:42:bf:9e:59:98:12:30:7c:
                    24:3d:84:ab:4c:e3:73:be:3c:21:39:7b:88:35:88:
                    82:1b:70:d1:60:f2:73:07:ef:88:10:9a:80:a0:39:
                    3a:76:6f:ec:0e:81:32:a8:00:3a:3b:8c:23:e9:2d:
                    98:99:36:82:ad:0e:d0:2d:7f:4d:87:33:31:ff:f2:
                    91:d9:e9:78:77:c8:f0:41:07:ad:13:27:ff:14:9e:
                    11:4a:b5:39:cb:5b:23:59:5f:90:7d:cc:37:a8:99:
                    de:be:bd:44:c7:3d:78:eb:cb:69:8b:a8:21:0a:b8:
                    9a:b1:bb:72:c4:bc:04:7d:98:5c:54:a9:04:3e:0c:
                    6d:1d:ba:be:e2:1e:69:4a:da:b6:38:85:2f:78:03:
                    3f:b0:02:29:b6:20:77:d3:0b:45:4b:24:95:99:b2:
                    97:aa:b8:c6:73:2d:8d:5f:e0:c1:3c:f1:ba:9e:88:
                    6c:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:7D:82:00:97:A1:82:4E:EB:C9:27:E2:40:90:2E:AE:AB:27:DD:80
            X509v3 Authority Key Identifier:
                keyid:BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/Z32CAJehgk7rySfiQJAurqsn3YA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.45.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:fd:45:0d:c0:cf:f0:7d:ca:9e:cd:13:d0:1e:57:73:de:4b:
         d5:75:1d:45:b1:d0:df:ab:8f:90:b0:d6:11:31:55:10:2a:0f:
         33:58:4f:ae:58:07:e7:b0:8d:18:c6:c5:87:8e:04:d0:c4:89:
         62:1b:36:c8:e5:be:14:fa:0f:15:0a:84:e1:55:69:7e:46:9f:
         64:cd:9e:1d:78:38:3b:63:17:83:7d:61:92:d7:43:12:03:93:
         ef:4d:df:26:de:db:8f:b2:ab:5c:5a:f1:70:65:eb:d0:8e:9c:
         ff:47:e2:4d:48:bd:3d:64:b7:6a:db:7c:81:0d:11:c3:3e:fe:
         f2:8a:3a:2a:e2:93:48:b3:93:9c:ab:cc:88:50:30:bc:eb:a4:
         c7:16:95:a8:91:f9:e2:f7:c4:03:4b:fb:5d:3a:09:fb:d9:55:
         33:0f:c3:42:d4:f9:ab:ef:a7:21:99:19:82:39:0f:d3:e0:a0:
         b8:65:28:60:86:2d:75:9d:5e:1d:c9:cd:fd:ac:2f:7d:b2:49:
         75:20:ba:08:d9:07:93:d2:65:ae:a5:2b:63:e4:61:70:be:ea:
         45:57:3c:9f:1c:19:3e:c7:35:8d:4f:f9:5c:b6:db:ba:e7:2b:
         cd:87:7e:4d:67:d8:97:1b:80:ba:2b:0d:47:87:88:ce:2b:54:
         42:a4:20:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbpLu+l/nZpboDcIcJxRwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhOWQzMGU2MDM1YmU4YjgzODYwNjFmMjcxNDgxYzcwN2Uw
NGNlMmIwHhcNMjQwMTAxMTQzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzdkODIwMDk3YTE4MjRlZWJjOTI3ZTI0MDkwMmVhZWFiMjdkZDgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXvsoVzv/dWCQ/LI5VeHnzP/sZqH
dD8m6iUaGXAwQkXcoUMlrnZkcUHAS8jrQKOBz7uRYGccoVWavj3AvOBD+1ILribX
2Qy10zGgjSN+ZEE2Qr+eWZgSMHwkPYSrTONzvjwhOXuINYiCG3DRYPJzB++IEJqA
oDk6dm/sDoEyqAA6O4wj6S2YmTaCrQ7QLX9NhzMx//KR2el4d8jwQQetEyf/FJ4R
SrU5y1sjWV+Qfcw3qJnevr1Exz1468tpi6ghCriasbtyxLwEfZhcVKkEPgxtHbq+
4h5pStq2OIUveAM/sAIptiB30wtFSySVmbKXqrjGcy2NX+DBPPG6nohsAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGd9ggCXoYJO68kn4kCQLq6rJ92AMB8GA1UdIwQY
MBaAFLqdMOYDW+i4OGBh8nFIHHB+BM4rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgt
NWQ1ODRmYmM1ZDI3LzEvWjMyQ0FKZWhnazdyeVNmaVFKQXVycXNuM1lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgtNWQ1ODRmYmM1ZDI3
LzEvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXC0DMA0G
CSqGSIb3DQEBCwUAA4IBAQCX/UUNwM/wfcqezRPQHldz3kvVdR1FsdDfq4+QsNYR
MVUQKg8zWE+uWAfnsI0YxsWHjgTQxIliGzbI5b4U+g8VCoThVWl+Rp9kzZ4deDg7
YxeDfWGS10MSA5PvTd8m3tuPsqtcWvFwZevQjpz/R+JNSL09ZLdq23yBDRHDPv7y
ijoq4pNIs5Ocq8yIUDC866THFpWokfni98QDS/tdOgn72VUzD8NC1Pmr76chmRmC
OQ/T4KC4ZShghi11nV4dyc39rC99skl1ILoI2QeT0mWupStj5GFwvupFVzyfHBk+
xzWNT/lcttu65yvNh35NZ9iXG4C6Kw1Hh4jOK1RCpCBX
-----END CERTIFICATE-----