Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/00adb0-890d-47ad-a18c-4ad0abec275e/1/Ym8s3j80kVWot2HbzyVgjwwn2zY.roa
File:                     Ym8s3j80kVWot2HbzyVgjwwn2zY.roa (raw, json)
Hash identifier:          flkATb7DCUTmJaFqFYs4GC3wtBicQnOSsAHOavTD40w=
Subject key identifier:   62:6F:2C:DE:3F:34:91:55:A8:B7:61:DB:CF:25:60:8F:0C:27:DB:36
Certificate issuer:       /CN=1aa19c92e96677f5f96f68f1ca0aad9fa311eb45
Certificate serial:       018CC9BBE90261B5D9E199EA2F1B2539A4DA
Authority key identifier: 1A:A1:9C:92:E9:66:77:F5:F9:6F:68:F1:CA:0A:AD:9F:A3:11:EB:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GqGckulmd_X5b2jxygqtn6MR60U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/00adb0-890d-47ad-a18c-4ad0abec275e/1/Ym8s3j80kVWot2HbzyVgjwwn2zY.roa
Signing time:             Tue 02 Jan 2024 10:33:04 +0000
ROA not before:           Tue 02 Jan 2024 10:33:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49859
IP address blocks:        194.32.111.0/24 maxlen: 24
                          2a00:e780:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/00adb0-890d-47ad-a18c-4ad0abec275e/1/GqGckulmd_X5b2jxygqtn6MR60U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/00adb0-890d-47ad-a18c-4ad0abec275e/1/GqGckulmd_X5b2jxygqtn6MR60U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GqGckulmd_X5b2jxygqtn6MR60U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:e9:02:61:b5:d9:e1:99:ea:2f:1b:25:39:a4:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aa19c92e96677f5f96f68f1ca0aad9fa311eb45
        Validity
            Not Before: Jan  2 10:33:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=626f2cde3f349155a8b761dbcf25608f0c27db36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:0b:6a:c7:e1:c7:34:d3:d9:ed:33:33:07:d9:
                    06:f1:4d:40:5e:60:1f:60:b7:c4:92:45:ef:1a:e8:
                    d2:47:f3:44:11:c9:e3:19:07:1b:51:90:37:dc:d1:
                    be:aa:84:7d:15:28:0b:8f:85:f2:be:11:cc:cc:a1:
                    5a:d8:ba:a7:39:86:f3:51:0c:df:56:f5:77:bc:08:
                    11:69:0a:d1:45:36:2b:99:1e:61:a1:78:7c:1a:1c:
                    de:65:20:68:53:94:8e:87:dc:13:d9:99:cf:c4:3c:
                    9c:11:83:e5:ee:14:5c:ac:4c:de:11:7c:cc:6b:30:
                    27:db:cd:7d:11:e1:e8:1c:6f:86:9e:cd:26:fd:b9:
                    da:a5:2a:0b:fe:93:7c:fc:9f:39:e5:45:f7:70:f1:
                    19:cb:81:97:8f:72:eb:df:53:b7:ff:00:04:d5:86:
                    f6:95:65:b6:67:6f:ff:55:89:c2:14:06:d3:64:89:
                    8d:e6:70:22:e8:4c:b4:55:0d:e4:7b:26:8a:9d:58:
                    27:19:70:11:43:6b:80:24:79:1a:ac:99:18:d1:16:
                    81:84:76:f6:f1:67:d5:78:6d:87:44:09:c5:d4:08:
                    e3:8f:b2:34:b8:1a:f2:d1:dd:c1:a0:1b:5e:56:97:
                    fc:a0:a5:ec:7a:89:ef:15:f0:cd:a8:b5:a1:ec:35:
                    8b:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:6F:2C:DE:3F:34:91:55:A8:B7:61:DB:CF:25:60:8F:0C:27:DB:36
            X509v3 Authority Key Identifier:
                keyid:1A:A1:9C:92:E9:66:77:F5:F9:6F:68:F1:CA:0A:AD:9F:A3:11:EB:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GqGckulmd_X5b2jxygqtn6MR60U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/00adb0-890d-47ad-a18c-4ad0abec275e/1/Ym8s3j80kVWot2HbzyVgjwwn2zY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/00adb0-890d-47ad-a18c-4ad0abec275e/1/GqGckulmd_X5b2jxygqtn6MR60U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.32.111.0/24
                IPv6:
                  2a00:e780:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         09:16:76:ae:9f:34:0a:ed:18:94:93:0c:82:f0:09:d9:5c:25:
         1a:31:28:28:b0:53:5d:1a:5c:ed:a9:d7:c7:ad:2c:3d:ed:b6:
         29:8e:e9:6e:9a:51:5b:1d:20:1d:94:e5:06:dd:d8:40:c0:28:
         22:a7:b9:55:18:2c:48:a0:23:b7:ed:92:a0:6f:07:9c:36:81:
         d4:85:7e:55:b8:af:aa:d4:1a:1f:d5:b8:1a:85:8c:a0:28:75:
         b5:b1:00:fb:9c:42:b2:83:55:29:19:fa:b2:1c:ee:f6:b3:96:
         b8:7e:89:d1:96:83:98:a6:ba:78:c9:17:b8:cf:a3:6d:22:3e:
         c2:e0:b7:be:3a:4c:4e:a6:04:23:0e:46:d6:fe:59:13:f0:7c:
         03:e3:bf:75:c5:48:32:51:0c:5e:cc:7a:25:db:ce:66:92:8d:
         47:7d:56:cd:44:fe:70:88:0f:d4:c4:76:c7:7c:c8:41:94:21:
         f0:a7:76:46:42:61:85:5b:05:1a:6f:f6:cf:11:23:64:00:70:
         f7:62:34:e1:cb:72:8a:ec:fc:72:be:65:b6:f9:e9:dc:2b:0a:
         de:b5:1e:91:62:d8:44:e9:02:7f:a8:20:d6:4c:85:6e:36:a0:
         0c:e1:aa:db:19:55:1f:bb:39:81:fa:2c:63:e3:fb:d5:4c:7f:
         cd:53:e7:20
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJu+kCYbXZ4ZnqLxslOaTaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhYTE5YzkyZTk2Njc3ZjVmOTZmNjhmMWNhMGFhZDlmYTMx
MWViNDUwHhcNMjQwMTAyMTAzMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjZmMmNkZTNmMzQ5MTU1YThiNzYxZGJjZjI1NjA4ZjBjMjdkYjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkQtqx+HHNNPZ7TMzB9kG8U1AXmAf
YLfEkkXvGujSR/NEEcnjGQcbUZA33NG+qoR9FSgLj4XyvhHMzKFa2LqnOYbzUQzf
VvV3vAgRaQrRRTYrmR5hoXh8GhzeZSBoU5SOh9wT2ZnPxDycEYPl7hRcrEzeEXzM
azAn2819EeHoHG+Gns0m/bnapSoL/pN8/J855UX3cPEZy4GXj3Lr31O3/wAE1Yb2
lWW2Z2//VYnCFAbTZImN5nAi6Ey0VQ3keyaKnVgnGXARQ2uAJHkarJkY0RaBhHb2
8WfVeG2HRAnF1Ajjj7I0uBry0d3BoBteVpf8oKXseonvFfDNqLWh7DWL6QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGJvLN4/NJFVqLdh288lYI8MJ9s2MB8GA1UdIwQY
MBaAFBqhnJLpZnf1+W9o8coKrZ+jEetFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3FHY2t1bG1kX1g1YjJqeHlncXRuNk1SNjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS8wMGFkYjAtODkwZC00N2FkLWExOGMt
NGFkMGFiZWMyNzVlLzEvWW04czNqODBrVldvdDJIYnp5Vmdqd3duMnpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS8wMGFkYjAtODkwZC00N2FkLWExOGMtNGFkMGFiZWMyNzVl
LzEvR3FHY2t1bG1kX1g1YjJqeHlncXRuNk1SNjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwiBvMA8E
AgACMAkDBwAqAOeAAAEwDQYJKoZIhvcNAQELBQADggEBAAkWdq6fNArtGJSTDILw
CdlcJRoxKCiwU10aXO2p18etLD3ttimO6W6aUVsdIB2U5Qbd2EDAKCKnuVUYLEig
I7ftkqBvB5w2gdSFflW4r6rUGh/VuBqFjKAodbWxAPucQrKDVSkZ+rIc7vazlrh+
idGWg5imunjJF7jPo20iPsLgt746TE6mBCMORtb+WRPwfAPjv3XFSDJRDF7MeiXb
zmaSjUd9Vs1E/nCID9TEdsd8yEGUIfCndkZCYYVbBRpv9s8RI2QAcPdiNOHLcors
/HK+Zbb56dwrCt61HpFi2ETpAn+oINZMhW42oAzhqtsZVR+7OYH6LGPj+9VMf81T
5yA=
-----END CERTIFICATE-----