Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/0dbe12-e5d2-41b1-ab18-31245bbacd2f/1/juH6oPzzlRDlnUuWdsW0rXDhKjg.roa
File:                     juH6oPzzlRDlnUuWdsW0rXDhKjg.roa (raw, json)
Hash identifier:          j7hqDKfJiYscMfvlMHHqL3/RvelIFmNkYUb+LtvY9MM=
Subject key identifier:   8E:E1:FA:A0:FC:F3:95:10:E5:9D:4B:96:76:C5:B4:AD:70:E1:2A:38
Certificate issuer:       /CN=32697cbd221ccf61ec34fd0627b2bfebe3b41acb
Certificate serial:       018CC86F4921E4BC9F708F4E8C647F810426
Authority key identifier: 32:69:7C:BD:22:1C:CF:61:EC:34:FD:06:27:B2:BF:EB:E3:B4:1A:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mml8vSIcz2HsNP0GJ7K_6-O0Gss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/0dbe12-e5d2-41b1-ab18-31245bbacd2f/1/juH6oPzzlRDlnUuWdsW0rXDhKjg.roa
Signing time:             Tue 02 Jan 2024 04:29:45 +0000
ROA not before:           Tue 02 Jan 2024 04:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211448
IP address blocks:        193.30.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/0dbe12-e5d2-41b1-ab18-31245bbacd2f/1/Mml8vSIcz2HsNP0GJ7K_6-O0Gss.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/0dbe12-e5d2-41b1-ab18-31245bbacd2f/1/Mml8vSIcz2HsNP0GJ7K_6-O0Gss.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mml8vSIcz2HsNP0GJ7K_6-O0Gss.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:49:21:e4:bc:9f:70:8f:4e:8c:64:7f:81:04:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32697cbd221ccf61ec34fd0627b2bfebe3b41acb
        Validity
            Not Before: Jan  2 04:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ee1faa0fcf39510e59d4b9676c5b4ad70e12a38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:bd:4c:51:ff:66:49:1e:bb:c0:1e:21:a3:0a:
                    95:56:06:d5:e8:bb:5c:88:bd:5b:df:67:43:48:cf:
                    b9:d9:5a:8d:88:c9:3c:83:1b:74:3c:69:41:55:90:
                    3a:2a:56:79:54:96:09:9c:9c:e7:19:48:0c:cc:7e:
                    f6:29:52:e8:73:d3:a7:9a:ea:bd:8b:bb:9f:04:88:
                    25:02:dc:56:77:ba:ee:31:d6:0a:40:cc:e7:f2:08:
                    01:8f:16:f5:ac:e4:ff:26:52:58:89:fa:d2:d7:af:
                    75:f8:c7:61:7b:a5:ce:60:6b:3b:61:d3:b9:c1:1f:
                    07:bc:90:a1:02:e3:dd:f4:06:05:70:24:96:10:9e:
                    62:6b:62:3c:c0:7a:e3:7b:f8:dc:f4:cd:69:cc:13:
                    28:5b:15:0f:b9:49:42:a9:27:c7:c0:af:56:79:1b:
                    5b:72:8a:d1:3c:92:ff:bc:9f:9b:a5:fc:76:be:ab:
                    47:8d:0d:c7:6c:81:e7:9f:75:9e:b4:eb:e2:d1:c8:
                    42:ef:0f:70:f6:e0:e2:9d:12:b6:2d:7f:c2:8e:60:
                    50:8a:c4:43:15:17:76:9c:b6:1f:11:c8:a3:ef:2e:
                    c9:a8:85:ee:10:40:bc:4f:10:a0:aa:7a:61:47:5b:
                    d9:09:b7:cc:8d:46:89:d8:43:45:e6:4c:62:38:32:
                    9d:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:E1:FA:A0:FC:F3:95:10:E5:9D:4B:96:76:C5:B4:AD:70:E1:2A:38
            X509v3 Authority Key Identifier:
                keyid:32:69:7C:BD:22:1C:CF:61:EC:34:FD:06:27:B2:BF:EB:E3:B4:1A:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mml8vSIcz2HsNP0GJ7K_6-O0Gss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/0dbe12-e5d2-41b1-ab18-31245bbacd2f/1/juH6oPzzlRDlnUuWdsW0rXDhKjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/0dbe12-e5d2-41b1-ab18-31245bbacd2f/1/Mml8vSIcz2HsNP0GJ7K_6-O0Gss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.30.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:5f:bc:2f:85:9c:71:9c:1f:49:d0:9e:89:7a:35:0e:69:d9:
         22:83:22:f9:d1:b8:a3:ea:97:82:d4:e5:2d:63:28:4a:bd:11:
         0d:c6:2d:30:e6:1a:3d:36:9a:c8:23:3c:77:03:6a:8a:2c:6a:
         2c:37:cb:97:f4:b8:90:e7:79:47:7b:8f:02:3e:30:2c:1a:d2:
         04:6d:1b:81:0e:d4:a2:07:1d:3d:35:b4:25:c0:c3:f6:a9:55:
         8e:97:bc:0d:49:d6:64:d1:13:ba:9e:e0:27:64:14:45:5c:c1:
         34:7c:3d:24:aa:f5:e5:ad:ba:5f:35:b7:25:c4:98:d2:78:12:
         8a:00:64:00:3f:7d:85:4c:b4:23:f3:2a:b2:72:73:0d:c9:9f:
         2f:c2:41:ef:40:c4:fc:e4:6f:9e:98:25:95:8e:1d:2a:64:fc:
         25:80:20:ec:18:be:02:90:fa:32:9e:fc:d0:3f:27:0a:d0:ae:
         a8:4e:84:07:2c:ee:95:22:1f:d4:16:e2:71:50:74:84:2b:db:
         8b:aa:3a:8c:a9:4f:96:bd:ce:84:22:73:ce:9b:2c:4b:74:f8:
         78:36:cc:cb:56:20:ca:b1:bd:1e:b9:c2:8d:b8:f7:d8:fb:df:
         84:00:48:a9:fa:2b:36:35:8c:b7:51:c6:34:0e:f7:58:c6:99:
         88:a6:62:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb0kh5LyfcI9OjGR/gQQmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNjk3Y2JkMjIxY2NmNjFlYzM0ZmQwNjI3YjJiZmViZTNi
NDFhY2IwHhcNMjQwMTAyMDQyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWUxZmFhMGZjZjM5NTEwZTU5ZDRiOTY3NmM1YjRhZDcwZTEyYTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjL1MUf9mSR67wB4howqVVgbV6Ltc
iL1b32dDSM+52VqNiMk8gxt0PGlBVZA6KlZ5VJYJnJznGUgMzH72KVLoc9Onmuq9
i7ufBIglAtxWd7ruMdYKQMzn8ggBjxb1rOT/JlJYifrS1691+Mdhe6XOYGs7YdO5
wR8HvJChAuPd9AYFcCSWEJ5ia2I8wHrje/jc9M1pzBMoWxUPuUlCqSfHwK9WeRtb
corRPJL/vJ+bpfx2vqtHjQ3HbIHnn3WetOvi0chC7w9w9uDinRK2LX/CjmBQisRD
FRd2nLYfEcij7y7JqIXuEEC8TxCgqnphR1vZCbfMjUaJ2ENF5kxiODKd0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI7h+qD885UQ5Z1LlnbFtK1w4So4MB8GA1UdIwQY
MBaAFDJpfL0iHM9h7DT9Bieyv+vjtBrLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTW1sOHZTSWN6MkhzTlAwR0o3S182LU8wR3NzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wZGJlMTItZTVkMi00MWIxLWFiMTgt
MzEyNDViYmFjZDJmLzEvanVINm9QenpsUkRsblV1V2RzVzByWERoS2pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wZGJlMTItZTVkMi00MWIxLWFiMTgtMzEyNDViYmFjZDJm
LzEvTW1sOHZTSWN6MkhzTlAwR0o3S182LU8wR3NzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR5+MA0G
CSqGSIb3DQEBCwUAA4IBAQBDX7wvhZxxnB9J0J6JejUOadkigyL50bij6peC1OUt
YyhKvRENxi0w5ho9NprIIzx3A2qKLGosN8uX9LiQ53lHe48CPjAsGtIEbRuBDtSi
Bx09NbQlwMP2qVWOl7wNSdZk0RO6nuAnZBRFXME0fD0kqvXlrbpfNbclxJjSeBKK
AGQAP32FTLQj8yqycnMNyZ8vwkHvQMT85G+emCWVjh0qZPwlgCDsGL4CkPoynvzQ
PycK0K6oToQHLO6VIh/UFuJxUHSEK9uLqjqMqU+Wvc6EInPOmyxLdPh4NszLViDK
sb0eucKNuPfY+9+EAEip+is2NYy3UcY0DvdYxpmIpmLz
-----END CERTIFICATE-----