Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/d28e01-ad19-48e2-9689-e659d1af68fe/1/avJbMkRskX4F9XD7k3EqzlAfb6Y.roa
File:                     avJbMkRskX4F9XD7k3EqzlAfb6Y.roa (raw, json)
Hash identifier:          OzhNq76WW1OpyRFwGSNAnNIq4tRvrBl2I9SY8p/OvoU=
Subject key identifier:   6A:F2:5B:32:44:6C:91:7E:05:F5:70:FB:93:71:2A:CE:50:1F:6F:A6
Certificate issuer:       /CN=4568316500ba6538420a9d55c65d9c88dd32a99e
Certificate serial:       018F85561EBC6496584AE356E1E45F3F19D4
Authority key identifier: 45:68:31:65:00:BA:65:38:42:0A:9D:55:C6:5D:9C:88:DD:32:A9:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RWgxZQC6ZThCCp1Vxl2ciN0yqZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/d28e01-ad19-48e2-9689-e659d1af68fe/1/avJbMkRskX4F9XD7k3EqzlAfb6Y.roa
Signing time:             Fri 17 May 2024 06:56:04 +0000
ROA not before:           Fri 17 May 2024 06:56:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49203
IP address blocks:        194.32.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/d28e01-ad19-48e2-9689-e659d1af68fe/1/RWgxZQC6ZThCCp1Vxl2ciN0yqZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/d28e01-ad19-48e2-9689-e659d1af68fe/1/RWgxZQC6ZThCCp1Vxl2ciN0yqZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RWgxZQC6ZThCCp1Vxl2ciN0yqZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:85:56:1e:bc:64:96:58:4a:e3:56:e1:e4:5f:3f:19:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4568316500ba6538420a9d55c65d9c88dd32a99e
        Validity
            Not Before: May 17 06:56:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6af25b32446c917e05f570fb93712ace501f6fa6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:99:3f:9b:e9:5c:ef:70:63:68:b9:46:c2:7b:
                    41:d3:b4:7d:61:8a:c4:4c:f4:61:61:71:ef:c3:63:
                    19:fc:ee:cf:40:fb:9e:e7:2a:a6:fc:8f:ed:97:ea:
                    75:d0:58:b5:b6:98:65:92:f3:b8:fa:0d:f3:7c:05:
                    f1:2d:81:df:0b:e3:ab:bd:b8:3f:35:22:08:d6:55:
                    92:14:aa:00:0a:37:7d:ba:99:72:a9:1d:79:24:a2:
                    58:be:a9:bf:b1:32:d4:fa:df:0f:21:41:a5:18:e7:
                    73:0f:5c:b0:bd:5f:3d:aa:65:36:97:8e:80:36:af:
                    5d:bd:a1:2d:9b:54:7e:45:89:c7:70:01:74:16:b6:
                    94:1c:dd:1a:76:f1:f7:f2:4b:6c:cc:d1:ca:84:0a:
                    aa:04:4e:f1:3a:24:8a:6a:5e:99:f6:0b:9a:7d:62:
                    10:98:50:e1:e5:69:44:3a:89:54:2a:0b:0b:8e:e6:
                    cb:a7:f9:61:1d:ee:15:87:c4:dd:b1:d0:4a:c4:cc:
                    65:dc:c9:a4:6f:47:d2:7d:81:ab:10:f7:af:b0:5b:
                    b0:27:ae:58:a1:4d:66:9e:31:28:38:bc:91:80:e7:
                    26:b0:37:f5:0f:c5:48:04:59:de:a0:cf:8f:da:fd:
                    59:28:24:95:91:e6:b8:66:d3:47:f7:e5:10:e6:45:
                    04:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:F2:5B:32:44:6C:91:7E:05:F5:70:FB:93:71:2A:CE:50:1F:6F:A6
            X509v3 Authority Key Identifier:
                keyid:45:68:31:65:00:BA:65:38:42:0A:9D:55:C6:5D:9C:88:DD:32:A9:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RWgxZQC6ZThCCp1Vxl2ciN0yqZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/d28e01-ad19-48e2-9689-e659d1af68fe/1/avJbMkRskX4F9XD7k3EqzlAfb6Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/d28e01-ad19-48e2-9689-e659d1af68fe/1/RWgxZQC6ZThCCp1Vxl2ciN0yqZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.32.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:d5:96:5e:2a:02:b7:4a:ee:20:d2:16:6c:84:3d:ec:46:c6:
         7d:96:79:56:bf:82:f0:9a:10:c7:47:92:48:79:60:3c:95:a4:
         a3:de:a7:37:06:3a:7c:2c:3d:1a:de:37:ec:43:71:70:7c:44:
         8f:4b:a0:db:00:0e:3f:ba:e2:0a:85:5b:d6:b3:05:92:0e:61:
         2f:db:cb:95:3b:a1:6c:d9:c4:37:a4:05:d9:a8:62:a0:7c:be:
         6b:c9:5c:83:e9:7b:a8:48:38:30:ea:19:24:4e:ce:ef:0c:6a:
         85:11:d0:f0:87:d9:b2:cd:f7:c2:70:21:41:5e:7d:c6:3b:00:
         9f:a6:29:7d:bb:ef:4f:bc:49:c7:1f:a3:01:c9:2d:55:71:65:
         f6:b7:87:61:69:cb:2e:c9:f4:f8:44:00:17:6a:5e:1c:0c:6f:
         7a:93:24:58:29:67:3a:bb:32:bc:da:75:b5:6d:d1:eb:98:57:
         f0:12:70:c3:b6:01:1b:e9:dc:d4:54:b6:56:fa:a0:2d:10:b0:
         7d:11:62:e9:cd:7b:60:2e:72:88:0b:c5:05:70:ff:79:fa:3b:
         7e:50:01:6e:3a:bf:ef:ef:9b:2b:84:d3:46:6a:9b:d6:4b:ef:
         20:c8:31:ed:bf:cf:50:6d:29:29:87:3a:df:ea:a4:e2:b9:08:
         7d:1b:2d:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+FVh68ZJZYSuNW4eRfPxnUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1NjgzMTY1MDBiYTY1Mzg0MjBhOWQ1NWM2NWQ5Yzg4ZGQz
MmE5OWUwHhcNMjQwNTE3MDY1NjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWYyNWIzMjQ0NmM5MTdlMDVmNTcwZmI5MzcxMmFjZTUwMWY2ZmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtpk/m+lc73BjaLlGwntB07R9YYrE
TPRhYXHvw2MZ/O7PQPue5yqm/I/tl+p10Fi1tphlkvO4+g3zfAXxLYHfC+Orvbg/
NSII1lWSFKoACjd9uplyqR15JKJYvqm/sTLU+t8PIUGlGOdzD1ywvV89qmU2l46A
Nq9dvaEtm1R+RYnHcAF0FraUHN0advH38ktszNHKhAqqBE7xOiSKal6Z9guafWIQ
mFDh5WlEOolUKgsLjubLp/lhHe4Vh8TdsdBKxMxl3Mmkb0fSfYGrEPevsFuwJ65Y
oU1mnjEoOLyRgOcmsDf1D8VIBFneoM+P2v1ZKCSVkea4ZtNH9+UQ5kUExwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGryWzJEbJF+BfVw+5NxKs5QH2+mMB8GA1UdIwQY
MBaAFEVoMWUAumU4QgqdVcZdnIjdMqmeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUldneFpRQzZaVGhDQ3AxVnhsMmNpTjB5cVo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9kMjhlMDEtYWQxOS00OGUyLTk2ODkt
ZTY1OWQxYWY2OGZlLzEvYXZKYk1rUnNrWDRGOVhEN2szRXF6bEFmYjZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9kMjhlMDEtYWQxOS00OGUyLTk2ODktZTY1OWQxYWY2OGZl
LzEvUldneFpRQzZaVGhDQ3AxVnhsMmNpTjB5cVo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiBSMA0G
CSqGSIb3DQEBCwUAA4IBAQB+1ZZeKgK3Su4g0hZshD3sRsZ9lnlWv4LwmhDHR5JI
eWA8laSj3qc3Bjp8LD0a3jfsQ3FwfESPS6DbAA4/uuIKhVvWswWSDmEv28uVO6Fs
2cQ3pAXZqGKgfL5ryVyD6XuoSDgw6hkkTs7vDGqFEdDwh9myzffCcCFBXn3GOwCf
pil9u+9PvEnHH6MByS1VcWX2t4dhacsuyfT4RAAXal4cDG96kyRYKWc6uzK82nW1
bdHrmFfwEnDDtgEb6dzUVLZW+qAtELB9EWLpzXtgLnKIC8UFcP95+jt+UAFuOr/v
75srhNNGapvWS+8gyDHtv89QbSkphzrf6qTiuQh9Gy1k
-----END CERTIFICATE-----