Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/7916cd-4d2f-4f52-aeac-f1e9bc41d92f/1/aHd8Hb3TiSUDJ9_am3m_hfMFbEg.roa
File:                     aHd8Hb3TiSUDJ9_am3m_hfMFbEg.roa (raw, json)
Hash identifier:          0xXrfGlH5ZXk4sEKe5rR3WIqR6D/UcVeIcT+OM58hCw=
Subject key identifier:   68:77:7C:1D:BD:D3:89:25:03:27:DF:DA:9B:79:BF:85:F3:05:6C:48
Certificate issuer:       /CN=32ed67002dc7307e8563b6e4934ccd5723a44f3e
Certificate serial:       0192438A96AFC5613E847C71D50E3C301DD2
Authority key identifier: 32:ED:67:00:2D:C7:30:7E:85:63:B6:E4:93:4C:CD:57:23:A4:4F:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mu1nAC3HMH6FY7bkk0zNVyOkTz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/7916cd-4d2f-4f52-aeac-f1e9bc41d92f/1/aHd8Hb3TiSUDJ9_am3m_hfMFbEg.roa
Signing time:             Mon 30 Sep 2024 15:26:48 +0000
ROA not before:           Mon 30 Sep 2024 15:26:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204457
IP address blocks:        185.34.129.0/24 maxlen: 24
                          185.34.130.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/7916cd-4d2f-4f52-aeac-f1e9bc41d92f/1/Mu1nAC3HMH6FY7bkk0zNVyOkTz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/7916cd-4d2f-4f52-aeac-f1e9bc41d92f/1/Mu1nAC3HMH6FY7bkk0zNVyOkTz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mu1nAC3HMH6FY7bkk0zNVyOkTz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:43:8a:96:af:c5:61:3e:84:7c:71:d5:0e:3c:30:1d:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32ed67002dc7307e8563b6e4934ccd5723a44f3e
        Validity
            Not Before: Sep 30 15:26:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68777c1dbdd389250327dfda9b79bf85f3056c48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:ee:b7:9a:74:ea:70:0d:06:de:1c:4d:a3:82:
                    78:ac:41:26:a2:47:63:cf:db:21:7e:8e:28:74:96:
                    93:df:63:72:ad:2e:f5:3c:f3:f3:7e:0c:48:6f:58:
                    ba:6d:b0:7b:9c:71:da:83:12:57:a9:04:b9:82:c9:
                    45:90:9e:b8:3b:1d:7c:e1:96:e0:ae:59:ab:81:d6:
                    91:75:e8:15:b1:a1:85:fb:8d:51:5a:4b:c0:c5:90:
                    21:1c:1a:32:c0:8a:86:52:f9:3b:c5:4b:c0:52:35:
                    b3:d8:47:7c:a7:f3:1a:25:1b:8b:65:5d:f5:25:cb:
                    a3:08:cf:b8:1a:4d:63:28:b2:b5:ca:d0:18:96:95:
                    71:07:05:03:99:ca:29:17:13:89:ee:b0:d2:dd:65:
                    85:70:8c:49:e3:ca:7e:40:e0:95:56:1d:ab:13:62:
                    8a:80:df:3a:6a:79:a6:18:ac:0b:d4:f2:28:4c:60:
                    c8:09:c6:b9:77:67:e5:a2:bc:49:ed:99:f7:d8:e3:
                    ca:f5:23:4b:c1:29:ea:44:51:72:4a:6c:fc:92:f2:
                    39:08:ed:e3:11:c2:66:84:9c:59:e8:43:0a:19:73:
                    66:84:25:55:9c:cf:c2:34:70:48:aa:2c:94:e8:fa:
                    72:68:89:92:74:7c:92:62:9a:2f:d5:d5:3a:96:f7:
                    5c:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:77:7C:1D:BD:D3:89:25:03:27:DF:DA:9B:79:BF:85:F3:05:6C:48
            X509v3 Authority Key Identifier:
                keyid:32:ED:67:00:2D:C7:30:7E:85:63:B6:E4:93:4C:CD:57:23:A4:4F:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mu1nAC3HMH6FY7bkk0zNVyOkTz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7916cd-4d2f-4f52-aeac-f1e9bc41d92f/1/aHd8Hb3TiSUDJ9_am3m_hfMFbEg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7916cd-4d2f-4f52-aeac-f1e9bc41d92f/1/Mu1nAC3HMH6FY7bkk0zNVyOkTz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.129.0-185.34.130.255

    Signature Algorithm: sha256WithRSAEncryption
         a2:9e:6a:65:dd:b5:33:9b:5e:0e:a8:96:d8:90:80:69:13:ca:
         e5:4c:1f:7d:cc:9d:ab:5b:f0:45:ba:6a:d3:70:cf:55:f1:b4:
         ef:ed:5b:1b:26:39:60:57:6c:0f:58:09:d1:03:9c:44:a8:65:
         8a:dc:8f:29:f7:3e:23:24:f4:49:3e:01:75:25:77:d0:c1:21:
         d8:92:ce:c4:bf:1c:93:38:ce:f4:58:43:3d:1a:71:52:cc:59:
         84:ba:12:35:0a:a4:18:68:d3:ff:b1:61:81:8d:7f:4f:e4:a8:
         1f:c4:18:3b:17:41:e4:af:28:b2:43:13:fe:eb:45:98:07:ff:
         5b:de:2a:92:e7:d8:57:e4:13:db:54:a7:fe:04:e8:da:b9:71:
         97:f5:3b:df:d2:8a:49:ba:a7:7b:ec:0e:78:ed:4d:19:5d:19:
         85:29:a3:60:78:cf:6e:a4:c5:bc:e3:f4:ba:d6:9f:48:dc:5c:
         e1:36:5a:e6:c3:d7:f3:03:a6:63:98:12:f6:7b:df:0b:af:1d:
         92:08:c4:5c:f0:b0:c7:0e:8e:f2:4f:b7:10:89:49:e4:6c:e4:
         d0:6c:53:84:2d:7f:ec:4c:78:45:87:42:63:5a:f6:f8:54:d7:
         54:c9:85:23:a1:ac:d6:5d:d7:dd:1c:a5:16:97:9e:69:89:e0:
         05:12:55:2d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZJDipavxWE+hHxx1Q48MB3SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyZWQ2NzAwMmRjNzMwN2U4NTYzYjZlNDkzNGNjZDU3MjNh
NDRmM2UwHhcNMjQwOTMwMTUyNjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODc3N2MxZGJkZDM4OTI1MDMyN2RmZGE5Yjc5YmY4NWYzMDU2YzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoO63mnTqcA0G3hxNo4J4rEEmokdj
z9shfo4odJaT32NyrS71PPPzfgxIb1i6bbB7nHHagxJXqQS5gslFkJ64Ox184Zbg
rlmrgdaRdegVsaGF+41RWkvAxZAhHBoywIqGUvk7xUvAUjWz2Ed8p/MaJRuLZV31
JcujCM+4Gk1jKLK1ytAYlpVxBwUDmcopFxOJ7rDS3WWFcIxJ48p+QOCVVh2rE2KK
gN86anmmGKwL1PIoTGDICca5d2florxJ7Zn32OPK9SNLwSnqRFFySmz8kvI5CO3j
EcJmhJxZ6EMKGXNmhCVVnM/CNHBIqiyU6PpyaImSdHySYpov1dU6lvdcjwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGh3fB2904klAyff2pt5v4XzBWxIMB8GA1UdIwQY
MBaAFDLtZwAtxzB+hWO25JNMzVcjpE8+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXUxbkFDM0hNSDZGWTdia2swek5WeU9rVHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83OTE2Y2QtNGQyZi00ZjUyLWFlYWMt
ZjFlOWJjNDFkOTJmLzEvYUhkOEhiM1RpU1VESjlfYW0zbV9oZk1GYkVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS83OTE2Y2QtNGQyZi00ZjUyLWFlYWMtZjFlOWJjNDFkOTJm
LzEvTXUxbkFDM0hNSDZGWTdia2swek5WeU9rVHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5IoED
BAC5IoIwDQYJKoZIhvcNAQELBQADggEBAKKeamXdtTObXg6oltiQgGkTyuVMH33M
natb8EW6atNwz1XxtO/tWxsmOWBXbA9YCdEDnESoZYrcjyn3PiMk9Ek+AXUld9DB
IdiSzsS/HJM4zvRYQz0acVLMWYS6EjUKpBho0/+xYYGNf0/kqB/EGDsXQeSvKLJD
E/7rRZgH/1veKpLn2FfkE9tUp/4E6Nq5cZf1O9/Sikm6p3vsDnjtTRldGYUpo2B4
z26kxbzj9LrWn0jcXOE2WubD1/MDpmOYEvZ73wuvHZIIxFzwsMcOjvJPtxCJSeRs
5NBsU4Qtf+xMeEWHQmNa9vhU11TJhSOhrNZd190cpRaXnmmJ4AUSVS0=
-----END CERTIFICATE-----