Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/j3OvivYXXScuY3Tet8VxJLva2bw.roa
File:                     j3OvivYXXScuY3Tet8VxJLva2bw.roa (raw, json)
Hash identifier:          JwSGu0YT0FovxO0WFLRMvHo0MTGSIR5OzTSuaVfKsmI=
Subject key identifier:   8F:73:AF:8A:F6:17:5D:27:2E:63:74:DE:B7:C5:71:24:BB:DA:D9:BC
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       018CC801DA8E000B7DE9E8BAC5F39AE1719C
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/j3OvivYXXScuY3Tet8VxJLva2bw.roa
Signing time:             Tue 02 Jan 2024 02:30:13 +0000
ROA not before:           Tue 02 Jan 2024 02:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51087
IP address blocks:        193.32.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 May 2024 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:da:8e:00:0b:7d:e9:e8:ba:c5:f3:9a:e1:71:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jan  2 02:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f73af8af6175d272e6374deb7c57124bbdad9bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:00:f8:c2:c7:31:f8:d7:0d:6f:3f:19:13:81:
                    7c:77:7f:fd:4c:4c:1e:77:73:31:eb:3c:69:2d:02:
                    e2:18:1d:f8:74:d5:3f:28:31:ea:05:16:97:e1:7d:
                    25:30:8f:e0:82:44:bc:d3:7e:e6:28:67:49:a8:08:
                    0c:5b:56:4a:85:43:73:b4:d5:c7:5e:e5:6f:06:50:
                    54:57:a5:35:bf:ce:e9:42:b1:44:96:9c:b9:0b:f0:
                    be:4a:6f:50:5b:ab:13:e2:60:d6:1d:f8:e4:9d:fa:
                    be:27:79:b5:22:98:7f:0d:8a:d8:c2:7f:92:d1:a4:
                    dc:03:d8:b5:cd:75:0f:9c:be:84:dc:f1:f4:6e:1a:
                    36:8b:c7:4d:a4:d0:96:cf:8f:63:91:50:1a:5e:d5:
                    31:0f:6d:71:9c:36:40:ad:e1:6e:83:e4:ae:e3:b7:
                    cb:3e:9b:8f:c0:54:10:4e:07:b5:89:bb:11:06:3e:
                    46:4c:8f:80:e4:04:c7:5f:08:f4:d5:98:0e:da:8a:
                    16:0b:58:2b:94:1e:e2:13:b1:4e:b7:cf:c2:02:21:
                    3a:a5:6a:ce:17:1c:40:b7:5d:12:3b:9e:33:e9:23:
                    5c:e3:2b:e3:d9:d3:75:03:60:b2:d5:db:6a:16:b5:
                    f1:ac:87:ff:46:11:e2:ab:67:ba:a1:f2:49:30:30:
                    50:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:73:AF:8A:F6:17:5D:27:2E:63:74:DE:B7:C5:71:24:BB:DA:D9:BC
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/j3OvivYXXScuY3Tet8VxJLva2bw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:c9:22:c8:d9:ef:fd:2a:9b:dd:1b:d0:9b:d2:2b:3c:74:ff:
         44:51:81:46:10:25:3f:9d:75:c0:35:d6:39:b6:eb:c3:89:a2:
         d2:2f:79:76:9b:de:b1:65:3b:a1:e2:a7:cd:81:4e:4d:38:df:
         67:6e:f5:c7:b2:f0:80:9f:db:bd:2e:0f:87:47:5b:f6:3d:19:
         41:5d:f7:9a:32:45:d0:63:24:40:bd:53:cf:0d:10:44:4f:29:
         8e:9d:07:f0:d2:71:af:8b:8e:40:ff:c8:0f:14:fb:14:64:4a:
         81:91:fa:7a:f6:0a:6e:66:6c:4a:7f:5a:9a:6b:82:5a:2e:6a:
         4b:a7:7c:d7:c1:19:72:ab:8b:59:0b:39:69:64:7a:70:0a:87:
         c2:93:9a:99:cd:e7:c6:78:ae:a5:e6:ed:b1:1f:55:3c:0e:5b:
         85:7a:f0:da:e6:86:0e:24:9c:31:c5:fc:c4:27:41:0c:79:f0:
         96:66:8f:e5:2f:1c:20:28:72:e8:70:a8:26:fb:9d:b8:2e:74:
         dc:d4:6e:2e:30:48:52:ca:43:a8:b8:a3:ee:45:b7:90:db:76:
         1b:90:f6:b1:9f:f9:92:15:f3:39:60:26:22:9d:f3:4d:86:15:
         32:8c:64:be:ac:95:fe:83:a6:3b:d6:6f:7b:ad:5f:f0:62:a2:
         36:d4:80:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAdqOAAt96ei6xfOa4XGcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjQwMTAyMDIzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjczYWY4YWY2MTc1ZDI3MmU2Mzc0ZGViN2M1NzEyNGJiZGFkOWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnAD4wscx+NcNbz8ZE4F8d3/9TEwe
d3Mx6zxpLQLiGB34dNU/KDHqBRaX4X0lMI/ggkS8037mKGdJqAgMW1ZKhUNztNXH
XuVvBlBUV6U1v87pQrFElpy5C/C+Sm9QW6sT4mDWHfjknfq+J3m1Iph/DYrYwn+S
0aTcA9i1zXUPnL6E3PH0bho2i8dNpNCWz49jkVAaXtUxD21xnDZAreFug+Su47fL
PpuPwFQQTge1ibsRBj5GTI+A5ATHXwj01ZgO2ooWC1grlB7iE7FOt8/CAiE6pWrO
FxxAt10SO54z6SNc4yvj2dN1A2Cy1dtqFrXxrIf/RhHiq2e6ofJJMDBQ8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI9zr4r2F10nLmN03rfFcSS72tm8MB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvajNPdml2WVhYU2N1WTNUZXQ4VnhKTHZhMmJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSBWMA0G
CSqGSIb3DQEBCwUAA4IBAQArySLI2e/9KpvdG9Cb0is8dP9EUYFGECU/nXXANdY5
tuvDiaLSL3l2m96xZTuh4qfNgU5NON9nbvXHsvCAn9u9Lg+HR1v2PRlBXfeaMkXQ
YyRAvVPPDRBETymOnQfw0nGvi45A/8gPFPsUZEqBkfp69gpuZmxKf1qaa4JaLmpL
p3zXwRlyq4tZCzlpZHpwCofCk5qZzefGeK6l5u2xH1U8DluFevDa5oYOJJwxxfzE
J0EMefCWZo/lLxwgKHLocKgm+524LnTc1G4uMEhSykOouKPuRbeQ23YbkPaxn/mS
FfM5YCYinfNNhhUyjGS+rJX+g6Y71m97rV/wYqI21ID+
-----END CERTIFICATE-----