Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/9a50f1-294b-48e4-beaf-1dcad8e68ed9/1/32jwGQJzRdxlQWCeGI4evBCFqk0.roa
File:                     32jwGQJzRdxlQWCeGI4evBCFqk0.roa (raw, json)
Hash identifier:          bCCRBdC4enVsfJ0TECvJhY8sYZH4VQTZEinFO6w01fs=
Subject key identifier:   DF:68:F0:19:02:73:45:DC:65:41:60:9E:18:8E:1E:BC:10:85:AA:4D
Certificate issuer:       /CN=9ed0c4ff4a90073288b97674694142721f5b8435
Certificate serial:       018F802259493894921819BC39C9D821583A
Authority key identifier: 9E:D0:C4:FF:4A:90:07:32:88:B9:76:74:69:41:42:72:1F:5B:84:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ntDE_0qQBzKIuXZ0aUFCch9bhDU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/9a50f1-294b-48e4-beaf-1dcad8e68ed9/1/32jwGQJzRdxlQWCeGI4evBCFqk0.roa
Signing time:             Thu 16 May 2024 06:41:25 +0000
ROA not before:           Thu 16 May 2024 06:41:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207645
IP address blocks:        185.190.92.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/9a50f1-294b-48e4-beaf-1dcad8e68ed9/1/ntDE_0qQBzKIuXZ0aUFCch9bhDU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/9a50f1-294b-48e4-beaf-1dcad8e68ed9/1/ntDE_0qQBzKIuXZ0aUFCch9bhDU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ntDE_0qQBzKIuXZ0aUFCch9bhDU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 09:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:80:22:59:49:38:94:92:18:19:bc:39:c9:d8:21:58:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ed0c4ff4a90073288b97674694142721f5b8435
        Validity
            Not Before: May 16 06:41:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df68f019027345dc6541609e188e1ebc1085aa4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:ef:c5:ff:07:43:b5:2d:87:30:13:00:5b:8b:
                    21:ce:fa:bb:77:60:9a:c8:77:20:1c:52:06:3a:76:
                    8e:e2:42:6d:52:fe:ad:43:99:fa:be:0a:4d:b9:e4:
                    59:d0:40:47:3d:c7:45:d4:5d:8d:9e:00:30:43:28:
                    eb:05:0d:fe:83:d5:6a:d7:dd:05:39:c5:28:9f:0d:
                    57:cf:b9:ce:ff:ae:91:86:ad:ab:cc:11:27:c1:73:
                    85:52:ad:3a:62:f4:60:a0:3c:17:6b:9a:c8:09:60:
                    5c:06:88:bc:af:83:78:af:fd:2a:de:75:90:2c:d0:
                    33:e9:38:7c:e9:d0:7b:a9:4c:75:fc:09:ed:2e:1a:
                    06:69:2b:3f:f1:54:b4:22:1b:90:47:cb:ed:63:b9:
                    80:7e:db:10:50:81:ac:32:69:bb:75:79:60:c8:ce:
                    10:71:ea:6d:d6:e2:31:fc:11:0d:cc:78:aa:86:e8:
                    e2:0f:8c:a9:7f:65:3f:19:b7:e2:4d:df:be:93:dd:
                    ad:49:17:2d:0d:c9:76:d2:28:69:ce:53:cd:ae:17:
                    16:e2:ce:b5:a7:37:06:1a:35:4a:f0:fd:d9:af:93:
                    3c:7d:82:74:61:61:15:8f:04:78:20:3f:57:92:25:
                    64:f1:af:94:3b:16:15:c6:db:98:89:e9:10:18:a6:
                    df:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:68:F0:19:02:73:45:DC:65:41:60:9E:18:8E:1E:BC:10:85:AA:4D
            X509v3 Authority Key Identifier:
                keyid:9E:D0:C4:FF:4A:90:07:32:88:B9:76:74:69:41:42:72:1F:5B:84:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ntDE_0qQBzKIuXZ0aUFCch9bhDU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/9a50f1-294b-48e4-beaf-1dcad8e68ed9/1/32jwGQJzRdxlQWCeGI4evBCFqk0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/9a50f1-294b-48e4-beaf-1dcad8e68ed9/1/ntDE_0qQBzKIuXZ0aUFCch9bhDU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.190.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         77:62:24:57:8e:c1:1b:90:be:61:77:26:13:29:a1:69:41:44:
         64:1b:4a:31:68:5a:38:4c:b0:7c:9f:6a:b2:88:cd:30:46:5a:
         e3:2a:e7:ed:63:aa:52:07:38:ae:c9:d2:df:bc:ee:24:77:93:
         4e:0e:95:fe:72:04:ae:8e:97:2b:b6:da:1c:ac:c1:d8:47:17:
         2a:c1:fe:d5:65:ba:4c:ae:26:9a:aa:b5:00:8f:a1:75:7c:4e:
         58:c5:2e:66:58:cc:0e:d6:60:71:76:76:d6:9e:00:f8:fe:ce:
         43:27:27:c6:c2:bc:09:0f:14:e8:6e:ae:0c:04:a8:ab:cd:b9:
         33:d5:80:58:9a:cf:d6:68:8d:ee:de:79:1b:ab:d6:66:a2:ba:
         b1:1b:5d:a2:5e:48:16:20:76:b0:fe:b2:03:1b:ba:c4:d7:84:
         af:f9:72:d0:15:2d:56:03:d0:1d:d1:7b:ff:bc:a8:a6:1f:ed:
         29:ca:7c:33:bc:0a:39:d2:7d:24:34:34:3f:a3:75:18:f2:ec:
         80:0e:55:9e:18:d2:76:f4:11:5f:fa:90:87:b8:0c:7f:06:af:
         8a:2d:05:97:d2:b3:34:27:49:a5:ad:14:76:3a:dc:bb:1d:44:
         cd:59:3e:49:36:33:87:b4:a2:23:cb:17:e0:32:62:e3:5b:3c:
         03:e1:a0:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+AIllJOJSSGBm8OcnYIVg6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllZDBjNGZmNGE5MDA3MzI4OGI5NzY3NDY5NDE0MjcyMWY1
Yjg0MzUwHhcNMjQwNTE2MDY0MTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjY4ZjAxOTAyNzM0NWRjNjU0MTYwOWUxODhlMWViYzEwODVhYTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApe/F/wdDtS2HMBMAW4shzvq7d2Ca
yHcgHFIGOnaO4kJtUv6tQ5n6vgpNueRZ0EBHPcdF1F2NngAwQyjrBQ3+g9Vq190F
OcUonw1Xz7nO/66Rhq2rzBEnwXOFUq06YvRgoDwXa5rICWBcBoi8r4N4r/0q3nWQ
LNAz6Th86dB7qUx1/AntLhoGaSs/8VS0IhuQR8vtY7mAftsQUIGsMmm7dXlgyM4Q
cept1uIx/BENzHiqhujiD4ypf2U/GbfiTd++k92tSRctDcl20ihpzlPNrhcW4s61
pzcGGjVK8P3Zr5M8fYJ0YWEVjwR4ID9XkiVk8a+UOxYVxtuYiekQGKbfWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN9o8BkCc0XcZUFgnhiOHrwQhapNMB8GA1UdIwQY
MBaAFJ7QxP9KkAcyiLl2dGlBQnIfW4Q1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnRERV8wcVFCektJdVhaMGFVRkNjaDliaERVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi85YTUwZjEtMjk0Yi00OGU0LWJlYWYt
MWRjYWQ4ZTY4ZWQ5LzEvMzJqd0dRSnpSZHhsUVdDZUdJNGV2QkNGcWswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi85YTUwZjEtMjk0Yi00OGU0LWJlYWYtMWRjYWQ4ZTY4ZWQ5
LzEvbnRERV8wcVFCektJdVhaMGFVRkNjaDliaERVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCub5cMA0G
CSqGSIb3DQEBCwUAA4IBAQB3YiRXjsEbkL5hdyYTKaFpQURkG0oxaFo4TLB8n2qy
iM0wRlrjKuftY6pSBziuydLfvO4kd5NODpX+cgSujpcrttocrMHYRxcqwf7VZbpM
riaaqrUAj6F1fE5YxS5mWMwO1mBxdnbWngD4/s5DJyfGwrwJDxTobq4MBKirzbkz
1YBYms/WaI3u3nkbq9ZmorqxG12iXkgWIHaw/rIDG7rE14Sv+XLQFS1WA9Ad0Xv/
vKimH+0pynwzvAo50n0kNDQ/o3UY8uyADlWeGNJ29BFf+pCHuAx/Bq+KLQWX0rM0
J0mlrRR2Oty7HUTNWT5JNjOHtKIjyxfgMmLjWzwD4aCO
-----END CERTIFICATE-----