Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/70c477-a8cd-4a72-b669-1f93c239a012/1/a1bvuYGbC7o5KebnAPFfLCZNR_Y.roa
File:                     a1bvuYGbC7o5KebnAPFfLCZNR_Y.roa (raw, json)
Hash identifier:          sk4VXsJ6ola7deyGgxnKsUn5hNEK8npKXdaxTOJ3EIs=
Subject key identifier:   6B:56:EF:B9:81:9B:0B:BA:39:29:E6:E7:00:F1:5F:2C:26:4D:47:F6
Certificate issuer:       /CN=1bd2d463ae15346d5edd7937b8bfa8e09b14376d
Certificate serial:       018CC649B1BA0795C1C107C9565107463BF1
Authority key identifier: 1B:D2:D4:63:AE:15:34:6D:5E:DD:79:37:B8:BF:A8:E0:9B:14:37:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G9LUY64VNG1e3Xk3uL-o4JsUN20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/70c477-a8cd-4a72-b669-1f93c239a012/1/a1bvuYGbC7o5KebnAPFfLCZNR_Y.roa
Signing time:             Mon 01 Jan 2024 18:29:27 +0000
ROA not before:           Mon 01 Jan 2024 18:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210166
IP address blocks:        194.61.33.0/24 maxlen: 24
                          194.61.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/70c477-a8cd-4a72-b669-1f93c239a012/1/G9LUY64VNG1e3Xk3uL-o4JsUN20.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/70c477-a8cd-4a72-b669-1f93c239a012/1/G9LUY64VNG1e3Xk3uL-o4JsUN20.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G9LUY64VNG1e3Xk3uL-o4JsUN20.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 22:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:b1:ba:07:95:c1:c1:07:c9:56:51:07:46:3b:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1bd2d463ae15346d5edd7937b8bfa8e09b14376d
        Validity
            Not Before: Jan  1 18:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b56efb9819b0bba3929e6e700f15f2c264d47f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:89:3e:1b:9f:a9:e8:a2:2e:f3:98:45:d4:61:
                    27:04:39:07:95:45:bd:8f:2f:86:33:09:a4:98:73:
                    aa:9e:cf:00:94:ac:9d:f7:95:8b:82:16:98:61:1c:
                    ff:82:91:af:6b:83:bf:87:8d:53:61:e4:76:e3:a5:
                    d0:2d:73:f2:bd:8e:d2:8d:27:d0:5e:d7:bf:d7:71:
                    14:a9:cd:c5:f8:4d:fb:86:42:af:2b:db:8a:1b:47:
                    62:b0:2a:ec:5f:0d:0a:c1:0c:91:73:90:91:ce:32:
                    1f:da:92:bb:23:63:be:a0:4d:fb:11:d3:fa:a6:23:
                    68:c5:4c:77:fb:d1:a8:b1:fa:0a:30:31:f6:bf:bd:
                    5d:35:e0:5f:50:3f:ef:d9:5f:76:60:63:e5:41:37:
                    55:77:a0:77:60:8a:c7:54:0d:d4:09:5a:cc:05:26:
                    f4:a4:e3:5f:96:2b:53:6d:d5:0b:cd:37:2c:cb:26:
                    cc:64:cc:70:f4:80:4f:5c:09:47:8d:75:78:0e:c1:
                    fe:f3:56:a1:b8:33:c4:51:a7:83:38:a9:35:a6:52:
                    7a:41:76:d6:c8:72:7a:2f:a3:87:77:70:9d:89:bb:
                    8a:cd:3b:3a:45:8f:5c:5d:be:99:ef:7c:13:3c:26:
                    65:39:7f:6e:67:a8:15:31:01:d5:11:3c:77:3f:f9:
                    ca:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:56:EF:B9:81:9B:0B:BA:39:29:E6:E7:00:F1:5F:2C:26:4D:47:F6
            X509v3 Authority Key Identifier:
                keyid:1B:D2:D4:63:AE:15:34:6D:5E:DD:79:37:B8:BF:A8:E0:9B:14:37:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G9LUY64VNG1e3Xk3uL-o4JsUN20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/70c477-a8cd-4a72-b669-1f93c239a012/1/a1bvuYGbC7o5KebnAPFfLCZNR_Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/70c477-a8cd-4a72-b669-1f93c239a012/1/G9LUY64VNG1e3Xk3uL-o4JsUN20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.61.32.0/23

    Signature Algorithm: sha256WithRSAEncryption
         01:1b:0e:fc:ea:af:8c:b8:d2:d2:da:22:d1:4e:8a:48:d6:0c:
         78:e4:6a:26:48:0e:e9:8e:9b:94:c4:e4:e6:a3:00:8d:e8:48:
         45:b2:df:fa:2b:18:2b:ab:3a:6f:0e:2c:63:05:60:f6:f4:7b:
         42:84:5b:ba:63:ed:c9:3c:22:9c:82:d1:26:a5:46:d1:db:a2:
         81:ac:ce:2d:4c:b6:a8:50:78:16:c1:a2:50:01:94:66:69:18:
         28:cf:74:7a:a3:16:46:6d:4e:5b:61:f9:de:f8:2b:1a:da:85:
         41:c6:cb:48:43:b7:91:a7:06:6e:11:21:18:e9:fe:bf:93:0f:
         eb:19:28:cd:44:7e:f9:77:e8:88:70:b4:5a:dc:8c:2b:60:d6:
         e3:d2:70:96:a7:b0:67:f0:f6:52:43:d9:5a:95:d0:ba:a7:f4:
         e5:d1:17:32:0b:d6:9a:89:2a:69:41:70:5f:79:2b:c8:94:26:
         05:2e:c5:54:b1:55:70:0a:5b:c9:95:ef:c2:02:7b:31:f3:38:
         ff:de:85:bc:61:17:87:2e:de:33:1f:d5:25:33:3e:a8:3c:18:
         dc:f4:01:1f:af:64:db:e6:97:3f:42:33:68:78:1e:0f:76:0c:
         ac:62:bc:ed:7d:0a:90:00:92:22:80:10:37:dc:87:cf:53:9e:
         cc:aa:2f:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSbG6B5XBwQfJVlEHRjvxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiZDJkNDYzYWUxNTM0NmQ1ZWRkNzkzN2I4YmZhOGUwOWIx
NDM3NmQwHhcNMjQwMTAxMTgyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjU2ZWZiOTgxOWIwYmJhMzkyOWU2ZTcwMGYxNWYyYzI2NGQ0N2Y2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj4k+G5+p6KIu85hF1GEnBDkHlUW9
jy+GMwmkmHOqns8AlKyd95WLghaYYRz/gpGva4O/h41TYeR246XQLXPyvY7SjSfQ
Xte/13EUqc3F+E37hkKvK9uKG0disCrsXw0KwQyRc5CRzjIf2pK7I2O+oE37EdP6
piNoxUx3+9GosfoKMDH2v71dNeBfUD/v2V92YGPlQTdVd6B3YIrHVA3UCVrMBSb0
pONflitTbdULzTcsyybMZMxw9IBPXAlHjXV4DsH+81ahuDPEUaeDOKk1plJ6QXbW
yHJ6L6OHd3CdibuKzTs6RY9cXb6Z73wTPCZlOX9uZ6gVMQHVETx3P/nKOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGtW77mBmwu6OSnm5wDxXywmTUf2MB8GA1UdIwQY
MBaAFBvS1GOuFTRtXt15N7i/qOCbFDdtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzlMVVk2NFZORzFlM1hrM3VMLW80SnNVTjIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC83MGM0NzctYThjZC00YTcyLWI2Njkt
MWY5M2MyMzlhMDEyLzEvYTFidnVZR2JDN281S2VibkFQRmZMQ1pOUl9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC83MGM0NzctYThjZC00YTcyLWI2NjktMWY5M2MyMzlhMDEy
LzEvRzlMVVk2NFZORzFlM1hrM3VMLW80SnNVTjIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwj0gMA0G
CSqGSIb3DQEBCwUAA4IBAQABGw786q+MuNLS2iLRTopI1gx45GomSA7pjpuUxOTm
owCN6EhFst/6KxgrqzpvDixjBWD29HtChFu6Y+3JPCKcgtEmpUbR26KBrM4tTLao
UHgWwaJQAZRmaRgoz3R6oxZGbU5bYfne+Csa2oVBxstIQ7eRpwZuESEY6f6/kw/r
GSjNRH75d+iIcLRa3IwrYNbj0nCWp7Bn8PZSQ9laldC6p/Tl0RcyC9aaiSppQXBf
eSvIlCYFLsVUsVVwClvJle/CAnsx8zj/3oW8YReHLt4zH9UlMz6oPBjc9AEfr2Tb
5pc/QjNoeB4PdgysYrztfQqQAJIigBA33IfPU57Mqi/k
-----END CERTIFICATE-----