Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/db0b0e-97f1-48bd-ac2b-7e89f41b266b/1/R32ocj-6uY_43O0MYMBgyGscCvA.roa
File:                     R32ocj-6uY_43O0MYMBgyGscCvA.roa (raw, json)
Hash identifier:          r9h0VFYvoYX+2ey0h2BkC9X3BYpiR12BEJYPKT358/g=
Subject key identifier:   47:7D:A8:72:3F:BA:B9:8F:F8:DC:ED:0C:60:C0:60:C8:6B:1C:0A:F0
Certificate issuer:       /CN=aa00ca862956f19d4dc95468aa616f9b167d9b39
Certificate serial:       019424447FAD4CE2293C91AC0847E23129AE
Authority key identifier: AA:00:CA:86:29:56:F1:9D:4D:C9:54:68:AA:61:6F:9B:16:7D:9B:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qgDKhilW8Z1NyVRoqmFvmxZ9mzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/db0b0e-97f1-48bd-ac2b-7e89f41b266b/1/R32ocj-6uY_43O0MYMBgyGscCvA.roa
Signing time:             Wed 01 Jan 2025 23:47:36 +0000
ROA not before:           Wed 01 Jan 2025 23:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48012
IP address blocks:        91.208.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/db0b0e-97f1-48bd-ac2b-7e89f41b266b/1/qgDKhilW8Z1NyVRoqmFvmxZ9mzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/db0b0e-97f1-48bd-ac2b-7e89f41b266b/1/qgDKhilW8Z1NyVRoqmFvmxZ9mzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qgDKhilW8Z1NyVRoqmFvmxZ9mzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 05:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:7f:ad:4c:e2:29:3c:91:ac:08:47:e2:31:29:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa00ca862956f19d4dc95468aa616f9b167d9b39
        Validity
            Not Before: Jan  1 23:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=477da8723fbab98ff8dced0c60c060c86b1c0af0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:c4:ee:a9:d6:cc:b0:1e:96:74:0c:12:cd:cc:
                    7c:bb:2e:4e:ef:2c:a9:67:92:55:4a:e4:fc:b2:5a:
                    bb:30:f8:c0:ff:24:7e:60:56:19:65:38:64:c8:db:
                    6c:75:07:8c:2e:80:6a:27:a5:aa:c8:2b:e2:0b:af:
                    72:b9:5d:e6:8b:48:fa:4a:3f:6e:99:02:29:fe:30:
                    07:19:12:19:96:05:c7:80:eb:ef:1d:4a:f9:ff:a6:
                    7f:b3:5c:ee:6a:70:9c:b1:1e:05:5b:fd:43:7b:82:
                    89:a7:74:da:62:4c:a6:5c:0a:22:1b:c2:2a:62:c8:
                    aa:27:fd:ea:30:85:a3:9f:1c:86:b7:0a:05:04:ac:
                    cc:37:96:d9:30:ed:7c:86:c1:dc:29:0f:99:69:47:
                    37:46:13:e4:be:40:ff:44:ae:7f:28:03:4a:8c:7e:
                    43:02:f9:62:fc:3a:7b:2f:0e:54:bf:bd:ad:33:4c:
                    78:41:a6:9f:6a:41:93:bf:ed:e7:38:fc:9f:b3:c7:
                    94:a9:8c:56:dd:04:63:2d:24:68:d2:75:c3:64:4c:
                    a0:22:ca:cc:4a:44:3d:5f:15:52:a2:76:a9:c3:23:
                    a6:55:4f:8c:bc:80:59:46:ea:6f:71:87:42:a2:bd:
                    35:f0:c6:58:98:f3:29:f9:87:ef:43:03:21:25:59:
                    00:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:7D:A8:72:3F:BA:B9:8F:F8:DC:ED:0C:60:C0:60:C8:6B:1C:0A:F0
            X509v3 Authority Key Identifier:
                keyid:AA:00:CA:86:29:56:F1:9D:4D:C9:54:68:AA:61:6F:9B:16:7D:9B:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qgDKhilW8Z1NyVRoqmFvmxZ9mzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/db0b0e-97f1-48bd-ac2b-7e89f41b266b/1/R32ocj-6uY_43O0MYMBgyGscCvA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/db0b0e-97f1-48bd-ac2b-7e89f41b266b/1/qgDKhilW8Z1NyVRoqmFvmxZ9mzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:c5:11:b6:56:c2:03:d2:19:ee:6e:f5:31:ed:2a:40:2e:9c:
         c6:5e:ba:2e:7d:29:ac:bf:63:e2:61:b1:14:8a:4c:d9:df:44:
         ba:d3:94:1a:9f:cc:df:a9:72:88:dd:85:c8:e0:1a:cc:14:5c:
         e3:83:6b:7f:1c:95:5b:56:20:0e:b1:2a:31:11:11:01:c5:88:
         eb:79:cf:a1:b0:17:9e:24:ad:1f:e2:f3:5c:c0:d3:f1:be:df:
         a4:39:9e:80:7f:7e:64:f4:b9:8f:99:25:b4:e7:c9:9a:97:22:
         85:81:c2:62:eb:84:22:8a:9b:53:bf:55:41:41:c7:32:bf:4a:
         68:21:e2:12:b0:67:09:53:3a:ff:05:11:93:cd:5e:31:27:7c:
         12:ed:01:22:e2:8b:c4:62:b3:b0:ac:87:63:bd:e3:2b:d3:ce:
         96:fb:e9:5e:5a:cf:e5:9d:51:65:24:78:f6:25:13:d7:98:4d:
         fa:02:93:cc:04:66:20:4c:52:8f:37:aa:a9:8a:ca:1d:1f:74:
         32:90:5a:1e:9f:44:70:5d:a5:54:0e:65:fc:3e:23:06:2f:f7:
         2c:c7:a2:3d:00:dc:2e:fd:59:e9:fa:bb:e9:85:fd:60:94:db:
         a5:93:58:a0:e5:0a:36:4b:6e:53:56:00:a7:87:f6:11:03:80:
         4a:e4:9f:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRH+tTOIpPJGsCEfiMSmuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhMDBjYTg2Mjk1NmYxOWQ0ZGM5NTQ2OGFhNjE2ZjliMTY3
ZDliMzkwHhcNMjUwMTAxMjM0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzdkYTg3MjNmYmFiOThmZjhkY2VkMGM2MGMwNjBjODZiMWMwYWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAksTuqdbMsB6WdAwSzcx8uy5O7yyp
Z5JVSuT8slq7MPjA/yR+YFYZZThkyNtsdQeMLoBqJ6WqyCviC69yuV3mi0j6Sj9u
mQIp/jAHGRIZlgXHgOvvHUr5/6Z/s1zuanCcsR4FW/1De4KJp3TaYkymXAoiG8Iq
YsiqJ/3qMIWjnxyGtwoFBKzMN5bZMO18hsHcKQ+ZaUc3RhPkvkD/RK5/KANKjH5D
Avli/Dp7Lw5Uv72tM0x4QaafakGTv+3nOPyfs8eUqYxW3QRjLSRo0nXDZEygIsrM
SkQ9XxVSonapwyOmVU+MvIBZRupvcYdCor018MZYmPMp+YfvQwMhJVkAbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEd9qHI/urmP+NztDGDAYMhrHArwMB8GA1UdIwQY
MBaAFKoAyoYpVvGdTclUaKphb5sWfZs5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWdES2hpbFc4WjFOeVZSb3FtRnZteFo5bXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9kYjBiMGUtOTdmMS00OGJkLWFjMmIt
N2U4OWY0MWIyNjZiLzEvUjMyb2NqLTZ1WV80M08wTVlNQmd5R3NjQ3ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9kYjBiMGUtOTdmMS00OGJkLWFjMmItN2U4OWY0MWIyNjZi
LzEvcWdES2hpbFc4WjFOeVZSb3FtRnZteFo5bXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9DqMA0G
CSqGSIb3DQEBCwUAA4IBAQACxRG2VsID0hnubvUx7SpALpzGXroufSmsv2PiYbEU
ikzZ30S605Qan8zfqXKI3YXI4BrMFFzjg2t/HJVbViAOsSoxEREBxYjrec+hsBee
JK0f4vNcwNPxvt+kOZ6Af35k9LmPmSW058malyKFgcJi64QiiptTv1VBQccyv0po
IeISsGcJUzr/BRGTzV4xJ3wS7QEi4ovEYrOwrIdjveMr086W++leWs/lnVFlJHj2
JRPXmE36ApPMBGYgTFKPN6qpisodH3QykFoen0RwXaVUDmX8PiMGL/csx6I9ANwu
/Vnp+rvphf1glNulk1ig5Qo2S25TVgCnh/YRA4BK5J8x
-----END CERTIFICATE-----