Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/22d20e-0bd6-49fb-b9c3-e20d707c00fb/1/jk32Q5TPkyb2RdNlXf7apR-PAPs.roa
File:                     jk32Q5TPkyb2RdNlXf7apR-PAPs.roa (raw, json)
Hash identifier:          Z4bljLX9Qe/ST04PHuxBlmPcHhsZgX/Cgf1YMieXTOA=
Subject key identifier:   8E:4D:F6:43:94:CF:93:26:F6:45:D3:65:5D:FE:DA:A5:1F:8F:00:FB
Certificate issuer:       /CN=d5a89094e12e54dd901e32d33ce5131e046ee70c
Certificate serial:       01934DD07F6BC88552DAFA250974D9C129CA
Authority key identifier: D5:A8:90:94:E1:2E:54:DD:90:1E:32:D3:3C:E5:13:1E:04:6E:E7:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1aiQlOEuVN2QHjLTPOUTHgRu5ww.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/22d20e-0bd6-49fb-b9c3-e20d707c00fb/1/jk32Q5TPkyb2RdNlXf7apR-PAPs.roa
Signing time:             Thu 21 Nov 2024 08:22:09 +0000
ROA not before:           Thu 21 Nov 2024 08:22:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61363
IP address blocks:        176.119.216.0/24 maxlen: 24
                          194.11.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/22d20e-0bd6-49fb-b9c3-e20d707c00fb/1/1aiQlOEuVN2QHjLTPOUTHgRu5ww.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/22d20e-0bd6-49fb-b9c3-e20d707c00fb/1/1aiQlOEuVN2QHjLTPOUTHgRu5ww.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1aiQlOEuVN2QHjLTPOUTHgRu5ww.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4d:d0:7f:6b:c8:85:52:da:fa:25:09:74:d9:c1:29:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5a89094e12e54dd901e32d33ce5131e046ee70c
        Validity
            Not Before: Nov 21 08:22:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e4df64394cf9326f645d3655dfedaa51f8f00fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:db:f4:c5:68:48:b2:e9:13:c5:98:07:57:2e:
                    be:ea:a8:4d:ef:f0:7a:b7:1c:f3:1b:d1:bd:9b:e6:
                    2e:76:6d:71:54:e7:37:00:bf:8e:f2:e7:47:c9:72:
                    d0:50:20:80:49:59:79:78:32:3c:ac:12:18:c3:5a:
                    07:4d:2e:6b:be:4d:40:86:85:11:d8:6f:dd:9a:eb:
                    8b:25:c9:a9:31:31:e1:bb:7d:b1:10:fd:81:c7:0d:
                    18:6f:2f:5d:63:b4:8d:4f:9b:be:36:fd:57:ed:e1:
                    0c:34:d7:ee:f9:a8:fc:e1:12:de:3e:19:ab:c0:ba:
                    f9:d3:dd:b9:b8:72:97:93:15:d8:39:2d:c3:9f:ab:
                    fa:c5:45:16:c3:9a:3b:71:5c:33:7d:b9:ab:99:8c:
                    58:ec:37:63:e1:11:fa:f7:eb:88:95:8a:c8:06:9e:
                    ab:c0:76:54:78:07:35:c4:e4:c0:38:6b:65:cb:10:
                    90:98:e1:e8:67:8d:71:cd:da:fb:92:59:f0:43:09:
                    dc:a1:63:fc:6e:8d:2e:a7:9b:aa:a4:4a:1e:f8:6c:
                    ec:e7:d5:5f:bf:38:5c:93:21:4f:7c:31:f3:58:a7:
                    77:71:6d:70:34:0b:5e:02:12:61:02:04:0a:c1:4e:
                    c0:68:85:41:fe:1f:a7:40:5c:c1:83:82:f9:0b:dc:
                    a0:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:4D:F6:43:94:CF:93:26:F6:45:D3:65:5D:FE:DA:A5:1F:8F:00:FB
            X509v3 Authority Key Identifier:
                keyid:D5:A8:90:94:E1:2E:54:DD:90:1E:32:D3:3C:E5:13:1E:04:6E:E7:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1aiQlOEuVN2QHjLTPOUTHgRu5ww.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/22d20e-0bd6-49fb-b9c3-e20d707c00fb/1/jk32Q5TPkyb2RdNlXf7apR-PAPs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/22d20e-0bd6-49fb-b9c3-e20d707c00fb/1/1aiQlOEuVN2QHjLTPOUTHgRu5ww.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.119.216.0/24
                  194.11.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:6c:7a:b8:c1:c4:db:ed:ad:e3:c7:d1:9e:ca:b0:cd:6e:2b:
         3e:fb:25:96:08:5c:5c:7e:48:9f:cc:9b:17:17:20:32:45:87:
         0b:74:64:48:7c:ae:22:82:6d:64:e6:05:68:b5:85:f2:4c:95:
         1b:5e:6d:01:19:9c:2e:f5:91:58:15:f4:80:05:b9:21:6e:77:
         38:3d:98:23:1f:df:1f:7a:18:6d:4b:a2:9d:f0:53:b0:81:0c:
         46:e8:20:d9:7b:01:84:de:0f:20:51:45:be:eb:e5:d2:19:6d:
         89:2b:16:f5:2f:7a:af:78:f5:49:a2:78:ab:b0:1b:b0:71:c0:
         52:49:86:12:34:01:c1:cf:ac:6f:ac:cc:e1:32:16:80:8e:57:
         ac:22:aa:21:fe:26:1c:5f:fb:cd:ed:6d:1d:f6:48:c6:d2:fc:
         e4:3d:9c:47:6f:2b:6c:0c:06:9d:2b:49:05:7c:22:3b:4a:ef:
         ee:d3:29:ee:56:29:c1:d1:e3:f7:6c:21:b0:ee:2e:2b:41:6b:
         8c:c4:df:a1:9a:5b:34:13:0b:2a:6a:d9:9f:05:53:6e:05:b3:
         d7:d1:ab:e6:f4:31:9b:2a:4e:09:c8:69:0f:8f:36:2a:34:d2:
         f8:1c:8d:e2:e3:76:74:6e:05:22:a4:6e:a2:50:41:c5:06:62:
         42:1d:38:2c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZNN0H9ryIVS2volCXTZwSnKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1YTg5MDk0ZTEyZTU0ZGQ5MDFlMzJkMzNjZTUxMzFlMDQ2
ZWU3MGMwHhcNMjQxMTIxMDgyMjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTRkZjY0Mzk0Y2Y5MzI2ZjY0NWQzNjU1ZGZlZGFhNTFmOGYwMGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAydv0xWhIsukTxZgHVy6+6qhN7/B6
txzzG9G9m+Yudm1xVOc3AL+O8udHyXLQUCCASVl5eDI8rBIYw1oHTS5rvk1AhoUR
2G/dmuuLJcmpMTHhu32xEP2Bxw0Yby9dY7SNT5u+Nv1X7eEMNNfu+aj84RLePhmr
wLr50925uHKXkxXYOS3Dn6v6xUUWw5o7cVwzfbmrmYxY7Ddj4RH69+uIlYrIBp6r
wHZUeAc1xOTAOGtlyxCQmOHoZ41xzdr7klnwQwncoWP8bo0up5uqpEoe+Gzs59Vf
vzhckyFPfDHzWKd3cW1wNAteAhJhAgQKwU7AaIVB/h+nQFzBg4L5C9ygOQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI5N9kOUz5Mm9kXTZV3+2qUfjwD7MB8GA1UdIwQY
MBaAFNWokJThLlTdkB4y0zzlEx4EbucMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWFpUWxPRXVWTjJRSGpMVFBPVVRIZ1J1NXd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8yMmQyMGUtMGJkNi00OWZiLWI5YzMt
ZTIwZDcwN2MwMGZiLzEvamszMlE1VFBreWIyUmRObFhmN2FwUi1QQVBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8yMmQyMGUtMGJkNi00OWZiLWI5YzMtZTIwZDcwN2MwMGZi
LzEvMWFpUWxPRXVWTjJRSGpMVFBPVVRIZ1J1NXd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsHfYAwQA
wgvLMA0GCSqGSIb3DQEBCwUAA4IBAQA0bHq4wcTb7a3jx9GeyrDNbis++yWWCFxc
fkifzJsXFyAyRYcLdGRIfK4igm1k5gVotYXyTJUbXm0BGZwu9ZFYFfSABbkhbnc4
PZgjH98fehhtS6Kd8FOwgQxG6CDZewGE3g8gUUW+6+XSGW2JKxb1L3qvePVJonir
sBuwccBSSYYSNAHBz6xvrMzhMhaAjlesIqoh/iYcX/vN7W0d9kjG0vzkPZxHbyts
DAadK0kFfCI7Su/u0ynuVinB0eP3bCGw7i4rQWuMxN+hmls0EwsqatmfBVNuBbPX
0avm9DGbKk4JyGkPjzYqNNL4HI3i43Z0bgUipG6iUEHFBmJCHTgs
-----END CERTIFICATE-----