Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/d012f0-6b89-40dc-bd56-b354c039375a/1/q32fJRV_ZmnFiC6omwel6ivupk8.roa
File:                     q32fJRV_ZmnFiC6omwel6ivupk8.roa (raw, json)
Hash identifier:          S4K8XnSQAQP4221DfSnTkv1/Z69NEPcGEYOltK4r7Ok=
Subject key identifier:   AB:7D:9F:25:15:7F:66:69:C5:88:2E:A8:9B:07:A5:EA:2B:EE:A6:4F
Certificate issuer:       /CN=403d63b32e71c1c169243efdb6d56ed5ca6b824e
Certificate serial:       018CC5DC1A523420BCCC09F06EF125A403CE
Authority key identifier: 40:3D:63:B3:2E:71:C1:C1:69:24:3E:FD:B6:D5:6E:D5:CA:6B:82:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QD1jsy5xwcFpJD79ttVu1cprgk4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/d012f0-6b89-40dc-bd56-b354c039375a/1/q32fJRV_ZmnFiC6omwel6ivupk8.roa
Signing time:             Mon 01 Jan 2024 16:29:45 +0000
ROA not before:           Mon 01 Jan 2024 16:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15576
IP address blocks:        193.47.190.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/d012f0-6b89-40dc-bd56-b354c039375a/1/QD1jsy5xwcFpJD79ttVu1cprgk4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/d012f0-6b89-40dc-bd56-b354c039375a/1/QD1jsy5xwcFpJD79ttVu1cprgk4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QD1jsy5xwcFpJD79ttVu1cprgk4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:1a:52:34:20:bc:cc:09:f0:6e:f1:25:a4:03:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=403d63b32e71c1c169243efdb6d56ed5ca6b824e
        Validity
            Not Before: Jan  1 16:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab7d9f25157f6669c5882ea89b07a5ea2beea64f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:d9:4c:14:81:39:41:ec:e9:cc:7b:67:00:aa:
                    bc:ad:f4:54:4e:2c:26:7e:a3:b3:d8:b8:bc:d5:d0:
                    ff:8d:87:fe:db:90:de:31:ef:04:14:8f:0e:08:60:
                    46:80:ce:a5:31:e6:a2:3b:1f:80:23:10:0e:1d:53:
                    4c:f3:1c:c0:a3:58:60:f0:80:fa:dd:89:f1:4f:3f:
                    9d:d6:8d:92:fe:b7:53:8f:db:42:a4:c8:0d:2a:40:
                    16:d1:be:a9:7a:85:43:f5:4a:d0:80:5e:27:d2:e8:
                    54:fa:95:e3:9c:28:f5:49:8f:79:86:db:31:be:f0:
                    3b:16:b1:0f:7e:74:01:d6:b8:4b:8c:fa:10:b7:7e:
                    04:ba:f7:eb:1e:4d:ca:ec:f0:11:04:3a:7c:ec:e0:
                    b0:71:a6:41:91:b9:e3:55:6a:f5:c4:ae:0b:5f:59:
                    aa:23:6c:50:43:92:8b:cc:db:9a:ef:9f:bf:cb:7c:
                    9d:71:1a:74:27:a6:c0:b1:d4:63:03:a1:1b:be:d1:
                    04:86:9d:6a:4e:ba:38:b9:ae:0b:01:c7:f1:03:a9:
                    59:37:38:20:0e:ad:53:44:3c:19:ba:4a:c8:56:1c:
                    2e:9f:25:20:07:68:a9:98:c1:8e:3f:45:80:9a:2b:
                    44:ef:53:06:8b:9d:1d:fe:1a:13:57:86:34:78:f0:
                    54:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:7D:9F:25:15:7F:66:69:C5:88:2E:A8:9B:07:A5:EA:2B:EE:A6:4F
            X509v3 Authority Key Identifier:
                keyid:40:3D:63:B3:2E:71:C1:C1:69:24:3E:FD:B6:D5:6E:D5:CA:6B:82:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QD1jsy5xwcFpJD79ttVu1cprgk4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/d012f0-6b89-40dc-bd56-b354c039375a/1/q32fJRV_ZmnFiC6omwel6ivupk8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/d012f0-6b89-40dc-bd56-b354c039375a/1/QD1jsy5xwcFpJD79ttVu1cprgk4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.47.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:05:bd:c9:13:d4:81:d8:95:f0:63:4a:4d:9c:40:0b:1b:a3:
         fd:53:14:9e:d8:5a:cd:cc:d9:c8:10:6d:a1:56:77:6d:48:80:
         37:e0:3e:98:cf:ca:9e:cf:81:51:58:b7:6d:db:a2:46:ac:56:
         ad:36:46:5d:1a:51:f9:13:4c:64:96:d5:18:f4:54:d9:2e:32:
         cf:6d:79:eb:6e:32:8a:5b:a2:8f:72:3a:01:fe:3c:92:d4:ca:
         db:45:05:72:92:51:7e:c3:e1:28:1f:13:f2:25:8a:61:2e:b2:
         42:4c:f2:9f:13:10:5e:c0:49:db:87:28:84:47:18:80:d3:8a:
         20:2a:2d:bd:a2:62:e7:64:43:c8:47:f1:aa:95:f4:8d:4e:4b:
         6f:94:88:89:8e:0d:a3:6f:8b:be:35:4a:13:ba:e6:34:00:87:
         ea:47:bf:7c:93:f2:d2:71:23:55:ec:e0:9e:44:a8:30:5f:9a:
         64:89:65:0b:a7:e4:77:da:97:8e:eb:e4:eb:01:0d:71:40:af:
         a9:ca:d7:a0:8f:c2:50:47:1c:ef:cc:e9:e7:41:d4:df:33:ad:
         a0:22:36:f9:96:cf:de:c8:0f:61:1d:1c:74:61:88:0f:8a:e4:
         2b:31:aa:b8:fd:4d:51:98:43:20:51:c9:d4:2d:02:71:22:39:
         25:76:32:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3BpSNCC8zAnwbvElpAPOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwM2Q2M2IzMmU3MWMxYzE2OTI0M2VmZGI2ZDU2ZWQ1Y2E2
YjgyNGUwHhcNMjQwMTAxMTYyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjdkOWYyNTE1N2Y2NjY5YzU4ODJlYTg5YjA3YTVlYTJiZWVhNjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAutlMFIE5QezpzHtnAKq8rfRUTiwm
fqOz2Li81dD/jYf+25DeMe8EFI8OCGBGgM6lMeaiOx+AIxAOHVNM8xzAo1hg8ID6
3YnxTz+d1o2S/rdTj9tCpMgNKkAW0b6peoVD9UrQgF4n0uhU+pXjnCj1SY95htsx
vvA7FrEPfnQB1rhLjPoQt34EuvfrHk3K7PARBDp87OCwcaZBkbnjVWr1xK4LX1mq
I2xQQ5KLzNua75+/y3ydcRp0J6bAsdRjA6EbvtEEhp1qTro4ua4LAcfxA6lZNzgg
Dq1TRDwZukrIVhwunyUgB2ipmMGOP0WAmitE71MGi50d/hoTV4Y0ePBUFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKt9nyUVf2ZpxYguqJsHpeor7qZPMB8GA1UdIwQY
MBaAFEA9Y7MuccHBaSQ+/bbVbtXKa4JOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUQxanN5NXh3Y0ZwSkQ3OXR0VnUxY3ByZ2s0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9kMDEyZjAtNmI4OS00MGRjLWJkNTYt
YjM1NGMwMzkzNzVhLzEvcTMyZkpSVl9abW5GaUM2b213ZWw2aXZ1cGs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9kMDEyZjAtNmI4OS00MGRjLWJkNTYtYjM1NGMwMzkzNzVh
LzEvUUQxanN5NXh3Y0ZwSkQ3OXR0VnUxY3ByZ2s0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwS++MA0G
CSqGSIb3DQEBCwUAA4IBAQAyBb3JE9SB2JXwY0pNnEALG6P9UxSe2FrNzNnIEG2h
VndtSIA34D6Yz8qez4FRWLdt26JGrFatNkZdGlH5E0xkltUY9FTZLjLPbXnrbjKK
W6KPcjoB/jyS1MrbRQVyklF+w+EoHxPyJYphLrJCTPKfExBewEnbhyiERxiA04og
Ki29omLnZEPIR/GqlfSNTktvlIiJjg2jb4u+NUoTuuY0AIfqR798k/LScSNV7OCe
RKgwX5pkiWULp+R32peO6+TrAQ1xQK+pytegj8JQRxzvzOnnQdTfM62gIjb5ls/e
yA9hHRx0YYgPiuQrMaq4/U1RmEMgUcnULQJxIjkldjJH
-----END CERTIFICATE-----