Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/uk9UqWATpqXTmj7gXyCcWFewXwo.roa
File:                     uk9UqWATpqXTmj7gXyCcWFewXwo.roa (raw, json)
Hash identifier:          ALm7sAh2fVOlRWnlcNPEVLqFozMWoPzBQUfwIWEdY6Q=
Subject key identifier:   BA:4F:54:A9:60:13:A6:A5:D3:9A:3E:E0:5F:20:9C:58:57:B0:5F:0A
Certificate issuer:       /CN=94e59d245d150dc38c4896263dcbdcbbd67470a7
Certificate serial:       018CC72731ACFEE39C4407673935201ADF73
Authority key identifier: 94:E5:9D:24:5D:15:0D:C3:8C:48:96:26:3D:CB:DC:BB:D6:74:70:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/uk9UqWATpqXTmj7gXyCcWFewXwo.roa
Signing time:             Mon 01 Jan 2024 22:31:23 +0000
ROA not before:           Mon 01 Jan 2024 22:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211373
IP address blocks:        194.36.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:31:ac:fe:e3:9c:44:07:67:39:35:20:1a:df:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94e59d245d150dc38c4896263dcbdcbbd67470a7
        Validity
            Not Before: Jan  1 22:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba4f54a96013a6a5d39a3ee05f209c5857b05f0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:fa:78:81:06:21:38:00:1d:a5:a7:ec:cc:7d:
                    57:1e:f7:bf:2f:5f:2b:65:7b:9d:2d:68:c3:68:85:
                    9c:3f:50:5b:b1:4a:1c:4f:51:fc:a1:f4:ab:4a:85:
                    62:05:fd:d7:cb:bc:7f:56:f7:c9:15:9e:8d:05:ad:
                    ac:df:a9:0a:30:9a:5b:ca:c5:d4:80:b6:e2:91:5e:
                    cd:ec:61:f6:3b:93:ff:13:5b:d9:b3:dc:4c:04:b4:
                    11:96:30:24:62:cd:fd:f6:55:be:53:82:5b:3b:ef:
                    2d:78:dd:d6:03:29:18:df:1c:88:ca:bf:b6:a3:6a:
                    62:14:c4:7a:f1:5e:b0:f6:28:49:aa:c8:db:43:69:
                    a9:a4:c5:0e:15:ba:ad:a5:c9:3c:42:2e:61:04:23:
                    ed:c4:54:e9:c8:54:aa:ce:17:2e:99:20:64:8b:09:
                    14:f7:09:b4:96:f0:f5:55:1b:4a:bc:ad:a6:4f:e5:
                    00:ab:fe:04:05:22:a8:b8:a4:6a:fd:ac:ed:9f:d8:
                    dd:73:b1:cb:9c:cd:c9:39:94:95:03:6d:55:68:38:
                    80:10:3d:81:bb:26:a1:33:33:6f:48:57:b1:21:79:
                    7d:ce:96:92:5d:46:2f:66:f4:0d:99:2a:f7:2d:70:
                    5e:38:f8:36:e8:b6:1c:27:78:3b:d7:4b:76:51:8a:
                    ca:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:4F:54:A9:60:13:A6:A5:D3:9A:3E:E0:5F:20:9C:58:57:B0:5F:0A
            X509v3 Authority Key Identifier:
                keyid:94:E5:9D:24:5D:15:0D:C3:8C:48:96:26:3D:CB:DC:BB:D6:74:70:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/uk9UqWATpqXTmj7gXyCcWFewXwo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.36.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:eb:d6:f7:dc:42:60:82:d9:89:ac:8f:2b:02:0f:cd:cd:41:
         9b:c3:50:8c:d1:d3:15:52:dc:79:48:c7:4a:bb:51:c1:59:6c:
         34:d2:7c:5f:be:f7:f6:4f:d5:3a:91:36:8e:bd:21:cc:ad:7c:
         cb:38:23:ee:5b:ff:5a:35:65:86:6a:da:74:94:6f:d0:f6:87:
         38:23:7f:3c:48:b9:a1:01:92:1b:ad:e8:5c:27:cc:14:6f:cb:
         be:16:be:3b:9c:34:0d:5c:89:28:0b:a0:eb:b8:b5:ae:e7:b0:
         32:a3:ce:5b:3e:f2:6f:94:84:55:6a:52:2a:a5:fc:92:d5:36:
         0e:44:81:0e:f1:55:a3:2e:58:76:3c:af:cb:3b:04:66:0b:ff:
         2d:a0:ad:aa:82:5a:db:39:4f:5b:eb:01:6d:1f:16:03:ef:40:
         fe:9b:6f:4b:21:8a:8d:94:a5:fb:d3:d1:3d:d5:cc:6e:7e:83:
         60:8b:6d:c2:cf:ca:8d:45:fe:5a:87:ee:fc:29:74:69:4c:28:
         18:12:63:f1:ba:e8:96:8a:9d:82:7c:2c:72:df:57:69:23:41:
         f8:2a:8f:ed:c3:69:3b:3d:78:3a:4e:25:b7:11:3b:b8:08:a3:
         94:cc:38:3a:20:98:e3:14:fd:84:3b:a0:22:1f:f6:40:70:d7:
         0f:89:26:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJzGs/uOcRAdnOTUgGt9zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0ZTU5ZDI0NWQxNTBkYzM4YzQ4OTYyNjNkY2JkY2JiZDY3
NDcwYTcwHhcNMjQwMTAxMjIzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTRmNTRhOTYwMTNhNmE1ZDM5YTNlZTA1ZjIwOWM1ODU3YjA1ZjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjvp4gQYhOAAdpafszH1XHve/L18r
ZXudLWjDaIWcP1BbsUocT1H8ofSrSoViBf3Xy7x/VvfJFZ6NBa2s36kKMJpbysXU
gLbikV7N7GH2O5P/E1vZs9xMBLQRljAkYs399lW+U4JbO+8teN3WAykY3xyIyr+2
o2piFMR68V6w9ihJqsjbQ2mppMUOFbqtpck8Qi5hBCPtxFTpyFSqzhcumSBkiwkU
9wm0lvD1VRtKvK2mT+UAq/4EBSKouKRq/aztn9jdc7HLnM3JOZSVA21VaDiAED2B
uyahMzNvSFexIXl9zpaSXUYvZvQNmSr3LXBeOPg26LYcJ3g710t2UYrKfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLpPVKlgE6al05o+4F8gnFhXsF8KMB8GA1UdIwQY
MBaAFJTlnSRdFQ3DjEiWJj3L3LvWdHCnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbE9XZEpGMFZEY09NU0pZbVBjdmN1OVowY0tjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8yODdjZDItZjFkOC00NGE5LWJlZDIt
ZWU5NWI2Y2MzNDc0LzEvdWs5VXFXQVRwcVhUbWo3Z1h5Q2NXRmV3WHdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8yODdjZDItZjFkOC00NGE5LWJlZDItZWU5NWI2Y2MzNDc0
LzEvbE9XZEpGMFZEY09NU0pZbVBjdmN1OVowY0tjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiQgMA0G
CSqGSIb3DQEBCwUAA4IBAQBS69b33EJggtmJrI8rAg/NzUGbw1CM0dMVUtx5SMdK
u1HBWWw00nxfvvf2T9U6kTaOvSHMrXzLOCPuW/9aNWWGatp0lG/Q9oc4I388SLmh
AZIbrehcJ8wUb8u+Fr47nDQNXIkoC6DruLWu57Ayo85bPvJvlIRValIqpfyS1TYO
RIEO8VWjLlh2PK/LOwRmC/8toK2qglrbOU9b6wFtHxYD70D+m29LIYqNlKX709E9
1cxufoNgi23Cz8qNRf5ah+78KXRpTCgYEmPxuuiWip2CfCxy31dpI0H4Ko/tw2k7
PXg6TiW3ETu4CKOUzDg6IJjjFP2EO6AiH/ZAcNcPiSYd
-----END CERTIFICATE-----