Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/416aaf-8602-4196-b51d-41d087b3828b/1/K1u6G52Oo071fcKWRbqDbYSdKYs.roa
File:                     K1u6G52Oo071fcKWRbqDbYSdKYs.roa (raw, json)
Hash identifier:          YVuRttXvNUekNB/VUm7CL48HDikmhcLikJuYYtlehT8=
Subject key identifier:   2B:5B:BA:1B:9D:8E:A3:4E:F5:7D:C2:96:45:BA:83:6D:84:9D:29:8B
Certificate issuer:       /CN=32c0274bc17f9c75cd3fc10f8b5825a19382ab4f
Certificate serial:       018CC26D8699C26DF9EAF9CD93A11F42E1FD
Authority key identifier: 32:C0:27:4B:C1:7F:9C:75:CD:3F:C1:0F:8B:58:25:A1:93:82:AB:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MsAnS8F_nHXNP8EPi1gloZOCq08.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/416aaf-8602-4196-b51d-41d087b3828b/1/K1u6G52Oo071fcKWRbqDbYSdKYs.roa
Signing time:             Mon 01 Jan 2024 00:30:06 +0000
ROA not before:           Mon 01 Jan 2024 00:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50163
IP address blocks:        109.71.208.0/21 maxlen: 21
                          2a03:e00::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/416aaf-8602-4196-b51d-41d087b3828b/1/MsAnS8F_nHXNP8EPi1gloZOCq08.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/416aaf-8602-4196-b51d-41d087b3828b/1/MsAnS8F_nHXNP8EPi1gloZOCq08.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MsAnS8F_nHXNP8EPi1gloZOCq08.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:86:99:c2:6d:f9:ea:f9:cd:93:a1:1f:42:e1:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32c0274bc17f9c75cd3fc10f8b5825a19382ab4f
        Validity
            Not Before: Jan  1 00:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b5bba1b9d8ea34ef57dc29645ba836d849d298b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:76:64:7b:a4:51:79:05:cd:e5:67:36:e0:3a:
                    97:9d:56:fa:90:dc:4c:2c:b8:b5:1e:c7:c4:e5:18:
                    46:72:22:c5:b2:ee:43:1c:b5:be:3b:53:ae:ed:e6:
                    e7:95:0b:f8:83:5d:ac:67:4e:62:65:9e:2b:ca:42:
                    c6:91:ce:d0:f4:b1:59:7e:6e:17:4c:ce:6b:71:3e:
                    57:7b:91:a6:de:87:c1:f4:7b:96:4c:55:22:74:2e:
                    3d:1e:78:90:05:c5:9b:1f:47:4a:15:3b:40:f8:f0:
                    d9:65:7c:6e:b4:71:04:51:e1:04:ee:26:dd:c6:65:
                    5a:7e:1f:3d:6a:ea:37:06:73:e3:dc:ca:c8:98:9d:
                    a8:d7:aa:a4:b5:e2:18:f0:5c:d5:83:d3:0b:d9:54:
                    a6:5d:58:27:ad:af:aa:14:3c:91:f0:38:81:d1:0e:
                    01:ce:46:7d:2a:60:76:e4:1b:22:43:73:11:e8:7e:
                    ed:a0:2b:65:5d:4c:36:63:df:a5:76:5b:e7:c1:a1:
                    94:9e:4f:76:0b:e1:83:1e:8c:7a:a3:42:2f:ac:c8:
                    d7:48:03:f8:ee:68:71:1f:32:84:1f:c5:67:3e:96:
                    bb:9b:7c:3d:3e:49:5b:81:d6:a6:e1:11:f2:b9:e3:
                    c0:19:d3:f8:1b:73:3d:85:d7:33:dc:7a:e5:b4:19:
                    16:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:5B:BA:1B:9D:8E:A3:4E:F5:7D:C2:96:45:BA:83:6D:84:9D:29:8B
            X509v3 Authority Key Identifier:
                keyid:32:C0:27:4B:C1:7F:9C:75:CD:3F:C1:0F:8B:58:25:A1:93:82:AB:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MsAnS8F_nHXNP8EPi1gloZOCq08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/416aaf-8602-4196-b51d-41d087b3828b/1/K1u6G52Oo071fcKWRbqDbYSdKYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/416aaf-8602-4196-b51d-41d087b3828b/1/MsAnS8F_nHXNP8EPi1gloZOCq08.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.71.208.0/21
                IPv6:
                  2a03:e00::/32

    Signature Algorithm: sha256WithRSAEncryption
         88:55:59:53:de:4f:0f:47:ec:8d:18:5a:8a:7a:48:05:bc:a2:
         d3:9e:b3:4e:4b:85:7b:ce:6e:d5:28:85:19:59:f9:9d:6b:15:
         9b:64:f1:8f:ff:64:3d:38:91:69:40:80:e8:25:f2:05:ba:f0:
         74:e5:8f:54:a6:7a:f2:b4:df:50:d0:d4:dc:13:a6:5c:34:47:
         58:df:30:6f:6e:69:bb:a9:68:0d:50:fd:f6:de:df:9e:43:d8:
         26:53:e1:98:ce:34:69:9b:2a:82:94:2b:c5:3c:b4:63:74:a2:
         c9:3f:21:39:fc:c6:e3:78:dd:82:c9:f3:e8:d9:00:66:9b:07:
         e0:93:53:98:c3:1c:81:e2:d2:cb:d8:fe:61:7c:89:dc:c6:8f:
         bf:b5:be:51:97:b0:2e:99:49:32:74:46:92:9e:05:93:e1:dd:
         69:25:4d:3e:30:9c:4c:61:fc:30:8f:c7:ed:1c:6c:4b:2a:4b:
         b3:45:43:2a:e9:2f:b3:5f:0d:41:b1:74:66:4b:02:7b:ee:17:
         2c:cc:a9:1d:71:c8:cb:95:37:29:e5:24:c7:28:fd:e6:24:81:
         27:c1:f6:05:1c:45:fe:f2:18:24:fd:e7:68:45:79:8c:c1:5e:
         02:e6:69:21:d5:cf:1e:29:02:a7:dc:4d:e1:ef:d6:b6:47:74:
         b7:1b:5e:0e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzCbYaZwm356vnNk6EfQuH9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyYzAyNzRiYzE3ZjljNzVjZDNmYzEwZjhiNTgyNWExOTM4
MmFiNGYwHhcNMjQwMTAxMDAzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjViYmExYjlkOGVhMzRlZjU3ZGMyOTY0NWJhODM2ZDg0OWQyOThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz3Zke6RReQXN5Wc24DqXnVb6kNxM
LLi1HsfE5RhGciLFsu5DHLW+O1Ou7ebnlQv4g12sZ05iZZ4rykLGkc7Q9LFZfm4X
TM5rcT5Xe5Gm3ofB9HuWTFUidC49HniQBcWbH0dKFTtA+PDZZXxutHEEUeEE7ibd
xmVafh89auo3BnPj3MrImJ2o16qkteIY8FzVg9ML2VSmXVgnra+qFDyR8DiB0Q4B
zkZ9KmB25BsiQ3MR6H7toCtlXUw2Y9+ldlvnwaGUnk92C+GDHox6o0IvrMjXSAP4
7mhxHzKEH8VnPpa7m3w9Pklbgdam4RHyuePAGdP4G3M9hdcz3HrltBkWMwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCtbuhudjqNO9X3ClkW6g22EnSmLMB8GA1UdIwQY
MBaAFDLAJ0vBf5x1zT/BD4tYJaGTgqtPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXNBblM4Rl9uSFhOUDhFUGkxZ2xvWk9DcTA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS80MTZhYWYtODYwMi00MTk2LWI1MWQt
NDFkMDg3YjM4MjhiLzEvSzF1Nkc1Mk9vMDcxZmNLV1JicURiWVNkS1lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS80MTZhYWYtODYwMi00MTk2LWI1MWQtNDFkMDg3YjM4Mjhi
LzEvTXNBblM4Rl9uSFhOUDhFUGkxZ2xvWk9DcTA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDbUfQMA0E
AgACMAcDBQAqAw4AMA0GCSqGSIb3DQEBCwUAA4IBAQCIVVlT3k8PR+yNGFqKekgF
vKLTnrNOS4V7zm7VKIUZWfmdaxWbZPGP/2Q9OJFpQIDoJfIFuvB05Y9UpnrytN9Q
0NTcE6ZcNEdY3zBvbmm7qWgNUP323t+eQ9gmU+GYzjRpmyqClCvFPLRjdKLJPyE5
/MbjeN2CyfPo2QBmmwfgk1OYwxyB4tLL2P5hfIncxo+/tb5Rl7AumUkydEaSngWT
4d1pJU0+MJxMYfwwj8ftHGxLKkuzRUMq6S+zXw1BsXRmSwJ77hcszKkdccjLlTcp
5STHKP3mJIEnwfYFHEX+8hgk/edoRXmMwV4C5mkh1c8eKQKn3E3h79a2R3S3G14O
-----END CERTIFICATE-----