Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/12dd2c-4d0c-420a-98a5-02e6422c4181/1/t-acL3hicY-F1wnVGVJq_j_EcJo.roa
File:                     t-acL3hicY-F1wnVGVJq_j_EcJo.roa (raw, json)
Hash identifier:          ksY1vekQCl/vrWqBmKAkVbt9TtTOI74JbabmK9UdGZo=
Subject key identifier:   B7:E6:9C:2F:78:62:71:8F:85:D7:09:D5:19:52:6A:FE:3F:C4:70:9A
Certificate issuer:       /CN=c032495b89dce81b0c7f886ddfc3604bde06d8a6
Certificate serial:       018CC6B7ECE6ED3B981B4080714C78C91CE8
Authority key identifier: C0:32:49:5B:89:DC:E8:1B:0C:7F:88:6D:DF:C3:60:4B:DE:06:D8:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wDJJW4nc6BsMf4ht38NgS94G2KY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/12dd2c-4d0c-420a-98a5-02e6422c4181/1/t-acL3hicY-F1wnVGVJq_j_EcJo.roa
Signing time:             Mon 01 Jan 2024 20:29:51 +0000
ROA not before:           Mon 01 Jan 2024 20:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41785
IP address blocks:        193.161.140.0/24 maxlen: 24
                          2a0c:9f40::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/12dd2c-4d0c-420a-98a5-02e6422c4181/1/wDJJW4nc6BsMf4ht38NgS94G2KY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/12dd2c-4d0c-420a-98a5-02e6422c4181/1/wDJJW4nc6BsMf4ht38NgS94G2KY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wDJJW4nc6BsMf4ht38NgS94G2KY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:ec:e6:ed:3b:98:1b:40:80:71:4c:78:c9:1c:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c032495b89dce81b0c7f886ddfc3604bde06d8a6
        Validity
            Not Before: Jan  1 20:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b7e69c2f7862718f85d709d519526afe3fc4709a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:08:26:fb:33:ab:7a:8d:9f:69:c9:ce:7e:1c:
                    e3:7d:f1:bd:12:e9:b5:42:61:7b:1b:70:da:0e:02:
                    9a:0d:60:a0:42:93:85:65:3f:75:8a:e9:86:44:2a:
                    cc:44:1c:85:81:5d:9b:3c:40:cb:19:ae:b5:5a:8a:
                    b3:64:57:fa:db:f5:32:1d:ca:81:c5:47:43:89:40:
                    76:d0:ad:5e:f8:25:c4:84:41:b0:f7:df:cb:97:d4:
                    8f:33:27:fa:b0:47:51:65:b5:e4:21:d6:4e:ef:44:
                    af:3a:f8:79:06:74:e3:ed:fe:fb:4d:2e:12:2b:45:
                    58:7b:3e:a7:5b:18:05:b5:75:3b:d3:b8:f9:f8:67:
                    e8:3b:db:e5:f3:38:6f:a8:d4:49:64:a4:bc:a7:10:
                    0c:78:b4:a9:6f:2d:ae:93:4f:97:bf:b2:71:ae:2b:
                    0a:ba:42:04:2f:9f:9f:ad:75:e5:72:36:ef:34:e8:
                    a0:1a:f6:69:9e:f0:36:64:eb:b9:ec:67:c6:b6:d6:
                    fa:39:5d:3a:d8:04:0d:78:51:f1:5a:ec:a1:79:4c:
                    d4:5b:e7:23:f6:be:cd:3f:93:5d:2a:f0:50:53:ff:
                    cc:be:9a:65:4d:26:6c:b4:48:b4:34:27:dd:b9:de:
                    6b:43:62:99:13:cf:4f:76:1a:f1:20:7d:ed:40:51:
                    64:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:E6:9C:2F:78:62:71:8F:85:D7:09:D5:19:52:6A:FE:3F:C4:70:9A
            X509v3 Authority Key Identifier:
                keyid:C0:32:49:5B:89:DC:E8:1B:0C:7F:88:6D:DF:C3:60:4B:DE:06:D8:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wDJJW4nc6BsMf4ht38NgS94G2KY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/12dd2c-4d0c-420a-98a5-02e6422c4181/1/t-acL3hicY-F1wnVGVJq_j_EcJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/12dd2c-4d0c-420a-98a5-02e6422c4181/1/wDJJW4nc6BsMf4ht38NgS94G2KY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.161.140.0/24
                IPv6:
                  2a0c:9f40::/32

    Signature Algorithm: sha256WithRSAEncryption
         9d:08:9e:80:c2:fe:bd:d9:2a:21:73:23:95:0a:cf:3a:70:33:
         df:1c:2b:d2:75:4e:55:1e:90:2c:b5:56:01:91:76:59:bf:69:
         56:2f:84:8a:a3:61:4c:f4:56:1e:4b:40:d4:76:86:1f:50:0f:
         51:7b:f7:c1:81:d3:3b:76:53:c7:41:3c:e6:98:e2:b0:85:dd:
         89:d8:58:08:bb:c7:5e:8a:56:b3:c9:c8:11:0c:c7:c1:7e:75:
         20:dc:0f:c9:f3:75:de:9e:ed:db:a1:3d:77:f5:92:5a:a9:01:
         7f:79:5a:80:60:fc:a2:28:b0:12:92:46:a4:a7:e8:0d:10:99:
         24:c8:2f:d3:85:11:91:a2:d9:36:93:0a:12:ac:16:0e:7c:12:
         2a:c8:f1:17:6e:1b:b2:0b:d2:4d:44:05:41:f6:63:2e:68:ac:
         6a:62:a4:18:14:a4:b1:cb:36:8c:83:8b:8c:3f:2d:fa:66:76:
         90:86:ec:48:c5:84:05:50:7e:bf:03:d1:42:42:06:bc:ab:38:
         f1:0a:30:39:65:38:65:b9:38:8a:40:14:4d:3b:8d:25:62:b1:
         37:23:8c:c1:24:8c:1c:d1:0a:32:1b:6e:cd:35:ad:c1:2e:3a:
         19:73:56:8a:cd:33:e1:c1:2c:c3:ee:e2:0b:11:e5:01:a6:d6:
         e7:f6:2a:02
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGt+zm7TuYG0CAcUx4yRzoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwMzI0OTViODlkY2U4MWIwYzdmODg2ZGRmYzM2MDRiZGUw
NmQ4YTYwHhcNMjQwMTAxMjAyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2U2OWMyZjc4NjI3MThmODVkNzA5ZDUxOTUyNmFmZTNmYzQ3MDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwgm+zOreo2facnOfhzjffG9Eum1
QmF7G3DaDgKaDWCgQpOFZT91iumGRCrMRByFgV2bPEDLGa61WoqzZFf62/UyHcqB
xUdDiUB20K1e+CXEhEGw99/Ll9SPMyf6sEdRZbXkIdZO70SvOvh5BnTj7f77TS4S
K0VYez6nWxgFtXU707j5+GfoO9vl8zhvqNRJZKS8pxAMeLSpby2uk0+Xv7JxrisK
ukIEL5+frXXlcjbvNOigGvZpnvA2ZOu57GfGttb6OV062AQNeFHxWuyheUzUW+cj
9r7NP5NdKvBQU//MvpplTSZstEi0NCfdud5rQ2KZE89PdhrxIH3tQFFkFwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLfmnC94YnGPhdcJ1RlSav4/xHCaMB8GA1UdIwQY
MBaAFMAySVuJ3OgbDH+Ibd/DYEveBtimMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0RKSlc0bmM2QnNNZjRodDM4TmdTOTRHMktZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8xMmRkMmMtNGQwYy00MjBhLTk4YTUt
MDJlNjQyMmM0MTgxLzEvdC1hY0wzaGljWS1GMXduVkdWSnFfal9FY0pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8xMmRkMmMtNGQwYy00MjBhLTk4YTUtMDJlNjQyMmM0MTgx
LzEvd0RKSlc0bmM2QnNNZjRodDM4TmdTOTRHMktZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwaGMMA0E
AgACMAcDBQAqDJ9AMA0GCSqGSIb3DQEBCwUAA4IBAQCdCJ6Awv692SohcyOVCs86
cDPfHCvSdU5VHpAstVYBkXZZv2lWL4SKo2FM9FYeS0DUdoYfUA9Re/fBgdM7dlPH
QTzmmOKwhd2J2FgIu8deilazycgRDMfBfnUg3A/J83Xenu3boT139ZJaqQF/eVqA
YPyiKLASkkakp+gNEJkkyC/ThRGRotk2kwoSrBYOfBIqyPEXbhuyC9JNRAVB9mMu
aKxqYqQYFKSxyzaMg4uMPy36ZnaQhuxIxYQFUH6/A9FCQga8qzjxCjA5ZThluTiK
QBRNO40lYrE3I4zBJIwc0QoyG27NNa3BLjoZc1aKzTPhwSzD7uILEeUBptbn9ioC
-----END CERTIFICATE-----