Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/70c477-a8cd-4a72-b669-1f93c239a012/1/sQO5RoXs508ZEhLdGf27TnOAZOg.roa
File:                     sQO5RoXs508ZEhLdGf27TnOAZOg.roa (raw, json)
Hash identifier:          iPyzbHTvR7ZHD1pNmuWYstSA3j4HkRErAhnx1Z+lNFw=
Subject key identifier:   B1:03:B9:46:85:EC:E7:4F:19:12:12:DD:19:FD:BB:4E:73:80:64:E8
Certificate issuer:       /CN=1bd2d463ae15346d5edd7937b8bfa8e09b14376d
Certificate serial:       018CC649B0D4CFA71E7F2BA2EFD550789009
Authority key identifier: 1B:D2:D4:63:AE:15:34:6D:5E:DD:79:37:B8:BF:A8:E0:9B:14:37:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G9LUY64VNG1e3Xk3uL-o4JsUN20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/70c477-a8cd-4a72-b669-1f93c239a012/1/sQO5RoXs508ZEhLdGf27TnOAZOg.roa
Signing time:             Mon 01 Jan 2024 18:29:27 +0000
ROA not before:           Mon 01 Jan 2024 18:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43289
IP address blocks:        194.61.32.0/24 maxlen: 24
                          194.61.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/70c477-a8cd-4a72-b669-1f93c239a012/1/G9LUY64VNG1e3Xk3uL-o4JsUN20.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/70c477-a8cd-4a72-b669-1f93c239a012/1/G9LUY64VNG1e3Xk3uL-o4JsUN20.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G9LUY64VNG1e3Xk3uL-o4JsUN20.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:b0:d4:cf:a7:1e:7f:2b:a2:ef:d5:50:78:90:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1bd2d463ae15346d5edd7937b8bfa8e09b14376d
        Validity
            Not Before: Jan  1 18:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b103b94685ece74f191212dd19fdbb4e738064e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:6a:b4:b8:65:8b:86:36:1d:4e:9b:5a:70:09:
                    04:58:de:8c:36:6c:f7:a8:db:70:a6:14:d1:1c:41:
                    4c:0a:66:87:f9:6a:0c:8d:3c:41:0d:02:76:6b:ca:
                    bb:e7:a7:41:00:0c:80:2d:00:0f:6f:49:88:09:b4:
                    88:58:ac:32:f3:77:f4:d5:24:f3:8e:67:0b:7d:d2:
                    e8:4f:c7:fd:c4:54:7a:c4:68:6e:a3:1f:a7:e5:5e:
                    7e:f9:01:21:fa:ab:02:0e:7d:13:dd:a5:d6:e6:5b:
                    0b:76:b5:b4:c0:e2:f1:86:51:5e:17:82:ae:be:55:
                    18:f8:e0:38:91:b7:97:63:40:6a:6e:36:a8:ce:32:
                    aa:8f:60:8c:72:5e:40:0f:ef:66:03:03:ab:a3:ea:
                    49:6a:09:e8:23:28:11:8e:6c:cb:4c:fb:38:bd:23:
                    52:98:a6:53:19:c8:b5:71:e8:b5:71:63:fd:51:b7:
                    f9:32:7f:d3:16:73:78:cc:69:66:ab:da:c0:88:5e:
                    42:9d:e6:18:30:76:68:7f:f7:67:a6:05:17:67:ac:
                    9a:63:61:4a:2f:75:be:ec:fc:d7:66:93:c4:f3:83:
                    c4:53:75:43:1b:2d:e0:80:63:fa:48:3a:02:88:1d:
                    7c:bd:48:18:95:27:f5:90:2b:9f:0e:20:3c:8b:51:
                    c4:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:03:B9:46:85:EC:E7:4F:19:12:12:DD:19:FD:BB:4E:73:80:64:E8
            X509v3 Authority Key Identifier:
                keyid:1B:D2:D4:63:AE:15:34:6D:5E:DD:79:37:B8:BF:A8:E0:9B:14:37:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G9LUY64VNG1e3Xk3uL-o4JsUN20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/70c477-a8cd-4a72-b669-1f93c239a012/1/sQO5RoXs508ZEhLdGf27TnOAZOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/70c477-a8cd-4a72-b669-1f93c239a012/1/G9LUY64VNG1e3Xk3uL-o4JsUN20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.61.32.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3f:e0:43:3e:d7:3d:32:a3:b8:d9:e4:b5:e5:76:80:49:a0:21:
         f1:58:b9:7b:23:cd:3c:9a:a4:f9:b4:2c:69:1a:06:59:6b:95:
         4b:c4:6e:78:1f:e3:09:19:df:13:2f:0a:69:b4:08:32:44:3d:
         9a:00:b6:fa:37:5e:98:67:f8:f3:3b:7e:1f:e7:79:41:cd:54:
         de:f5:8b:f5:7b:39:d8:85:85:e4:32:46:3b:f7:e9:df:77:ed:
         a4:8a:c9:37:3e:22:fb:e6:c2:9c:df:28:ad:65:76:95:42:d0:
         ea:8d:b3:86:03:31:05:c3:23:4e:28:b4:ff:95:3d:e8:a5:fa:
         70:08:00:04:40:a1:74:7d:c9:dd:5f:bc:5d:30:31:69:c7:11:
         36:82:b3:51:78:1a:6f:6e:12:c0:43:b8:3a:c5:4c:6d:d0:4a:
         d6:f0:0e:28:d0:3b:6f:5f:f8:5f:0c:b5:23:65:45:df:b9:fa:
         11:c6:41:e3:e0:26:f6:e3:3f:fd:6e:55:54:70:48:45:33:f3:
         89:01:80:1d:b7:87:82:b4:f8:ea:26:ca:d2:1d:27:a3:eb:35:
         8c:f0:f0:6a:9f:a4:65:d3:ee:8f:09:fb:0d:36:22:4d:58:bf:
         94:e9:8a:5f:2e:86:fb:21:83:04:20:29:ac:03:f7:15:c2:a9:
         3e:4f:69:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSbDUz6cefyui79VQeJAJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiZDJkNDYzYWUxNTM0NmQ1ZWRkNzkzN2I4YmZhOGUwOWIx
NDM3NmQwHhcNMjQwMTAxMTgyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTAzYjk0Njg1ZWNlNzRmMTkxMjEyZGQxOWZkYmI0ZTczODA2NGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlmq0uGWLhjYdTptacAkEWN6MNmz3
qNtwphTRHEFMCmaH+WoMjTxBDQJ2a8q756dBAAyALQAPb0mICbSIWKwy83f01STz
jmcLfdLoT8f9xFR6xGhuox+n5V5++QEh+qsCDn0T3aXW5lsLdrW0wOLxhlFeF4Ku
vlUY+OA4kbeXY0BqbjaozjKqj2CMcl5AD+9mAwOro+pJagnoIygRjmzLTPs4vSNS
mKZTGci1cei1cWP9Ubf5Mn/TFnN4zGlmq9rAiF5CneYYMHZof/dnpgUXZ6yaY2FK
L3W+7PzXZpPE84PEU3VDGy3ggGP6SDoCiB18vUgYlSf1kCufDiA8i1HEBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLEDuUaF7OdPGRIS3Rn9u05zgGToMB8GA1UdIwQY
MBaAFBvS1GOuFTRtXt15N7i/qOCbFDdtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzlMVVk2NFZORzFlM1hrM3VMLW80SnNVTjIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC83MGM0NzctYThjZC00YTcyLWI2Njkt
MWY5M2MyMzlhMDEyLzEvc1FPNVJvWHM1MDhaRWhMZEdmMjdUbk9BWk9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC83MGM0NzctYThjZC00YTcyLWI2NjktMWY5M2MyMzlhMDEy
LzEvRzlMVVk2NFZORzFlM1hrM3VMLW80SnNVTjIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwj0gMA0G
CSqGSIb3DQEBCwUAA4IBAQA/4EM+1z0yo7jZ5LXldoBJoCHxWLl7I808mqT5tCxp
GgZZa5VLxG54H+MJGd8TLwpptAgyRD2aALb6N16YZ/jzO34f53lBzVTe9Yv1eznY
hYXkMkY79+nfd+2kisk3PiL75sKc3yitZXaVQtDqjbOGAzEFwyNOKLT/lT3opfpw
CAAEQKF0fcndX7xdMDFpxxE2grNReBpvbhLAQ7g6xUxt0ErW8A4o0DtvX/hfDLUj
ZUXfufoRxkHj4Cb24z/9blVUcEhFM/OJAYAdt4eCtPjqJsrSHSej6zWM8PBqn6Rl
0+6PCfsNNiJNWL+U6YpfLob7IYMEICmsA/cVwqk+T2kt
-----END CERTIFICATE-----