Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/7916cd-4d2f-4f52-aeac-f1e9bc41d92f/1/wouy4DX8l8GfQQi46-0b6DlspTs.roa
File:                     wouy4DX8l8GfQQi46-0b6DlspTs.roa (raw, json)
Hash identifier:          y3xQtIBn0HVvxpHzTYfyADWbtCksEv3OIAPLSPJnSdA=
Subject key identifier:   C2:8B:B2:E0:35:FC:97:C1:9F:41:08:B8:EB:ED:1B:E8:39:6C:A5:3B
Certificate issuer:       /CN=32ed67002dc7307e8563b6e4934ccd5723a44f3e
Certificate serial:       019242A121485EB375B5FFBB14DBD25527C5
Authority key identifier: 32:ED:67:00:2D:C7:30:7E:85:63:B6:E4:93:4C:CD:57:23:A4:4F:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mu1nAC3HMH6FY7bkk0zNVyOkTz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/7916cd-4d2f-4f52-aeac-f1e9bc41d92f/1/wouy4DX8l8GfQQi46-0b6DlspTs.roa
Signing time:             Mon 30 Sep 2024 11:11:48 +0000
ROA not before:           Mon 30 Sep 2024 11:11:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206119
IP address blocks:        185.34.131.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/7916cd-4d2f-4f52-aeac-f1e9bc41d92f/1/Mu1nAC3HMH6FY7bkk0zNVyOkTz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/7916cd-4d2f-4f52-aeac-f1e9bc41d92f/1/Mu1nAC3HMH6FY7bkk0zNVyOkTz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mu1nAC3HMH6FY7bkk0zNVyOkTz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:42:a1:21:48:5e:b3:75:b5:ff:bb:14:db:d2:55:27:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32ed67002dc7307e8563b6e4934ccd5723a44f3e
        Validity
            Not Before: Sep 30 11:11:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c28bb2e035fc97c19f4108b8ebed1be8396ca53b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:65:e7:10:f0:de:0d:f5:bb:f6:ec:e2:09:46:
                    20:f7:31:bd:7c:d2:b1:c1:66:ee:94:dc:e5:34:6d:
                    fe:dc:f8:6d:7c:cb:8d:64:b9:2f:17:e9:31:a8:dc:
                    6c:a0:24:a3:51:08:d0:90:ac:62:c1:1f:49:ce:6f:
                    79:92:4b:e6:64:4e:7b:d3:33:b8:1d:8b:fa:21:23:
                    33:a3:18:d6:c1:11:42:7f:d2:7a:00:a2:ea:1d:bb:
                    55:eb:f1:7a:ce:70:69:34:d2:f5:da:55:63:a5:83:
                    41:aa:f0:29:5b:66:b9:4c:4b:15:9c:d7:9e:73:a8:
                    1f:5f:ec:32:e8:23:0b:6d:df:11:cd:1a:48:1d:a3:
                    c7:4d:0f:3b:25:36:17:e9:9e:84:05:72:74:4d:70:
                    c5:ee:db:7e:53:8b:d9:a3:cf:0b:e8:85:23:b6:e1:
                    5c:13:bf:83:86:8b:3e:c5:d3:8a:91:49:75:0b:9a:
                    aa:8c:3b:68:98:97:b5:e7:4c:8d:e4:2c:c0:51:e6:
                    95:fa:5c:db:53:1f:22:a5:1e:b2:76:1d:ec:48:7e:
                    75:8b:f0:c4:86:97:82:0d:68:7f:eb:cb:7f:b9:c8:
                    6d:72:b8:83:15:e5:0f:43:96:5e:d6:f7:58:81:67:
                    29:2f:37:f6:3c:ea:27:4c:c9:33:75:5f:a6:4d:c4:
                    c1:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:8B:B2:E0:35:FC:97:C1:9F:41:08:B8:EB:ED:1B:E8:39:6C:A5:3B
            X509v3 Authority Key Identifier:
                keyid:32:ED:67:00:2D:C7:30:7E:85:63:B6:E4:93:4C:CD:57:23:A4:4F:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mu1nAC3HMH6FY7bkk0zNVyOkTz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7916cd-4d2f-4f52-aeac-f1e9bc41d92f/1/wouy4DX8l8GfQQi46-0b6DlspTs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7916cd-4d2f-4f52-aeac-f1e9bc41d92f/1/Mu1nAC3HMH6FY7bkk0zNVyOkTz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:72:40:fa:85:92:88:1a:01:5c:ae:6f:ba:52:37:4e:0a:ce:
         03:06:24:f2:85:c6:dc:f5:3e:40:95:02:ba:d7:67:7f:4b:6a:
         18:0e:a7:e0:9c:fc:8c:6f:3e:b2:f5:a4:34:fd:71:01:98:e0:
         2f:9b:d6:83:25:f9:ab:8c:68:45:cb:9b:b9:47:b9:5f:7f:f2:
         5d:81:a0:a9:ee:59:98:2f:69:86:7b:bb:94:e5:9b:5c:9c:03:
         c8:3e:87:d2:2e:32:1a:1b:b3:13:93:8b:6f:52:16:be:66:86:
         67:74:fe:d4:04:20:6f:7d:d6:cc:aa:cd:48:aa:0f:01:4e:7d:
         c1:05:57:ad:14:bf:87:4a:37:1c:fd:62:5d:a8:f4:b2:d4:a0:
         af:5e:50:3e:2f:8f:b5:5c:81:18:95:76:0b:5b:fd:51:db:41:
         fb:11:41:e2:b5:3b:56:42:17:43:ef:62:dd:37:81:46:13:eb:
         8c:c7:8d:26:2b:63:6d:fb:ac:c5:31:7b:a0:ad:09:07:29:d2:
         f8:ff:d9:ab:ce:54:79:5b:fa:34:76:4a:f2:1e:57:b1:f6:f8:
         1f:a1:d0:f1:35:97:b7:33:85:54:f9:34:bc:19:8e:9a:f7:2b:
         c4:52:d8:61:de:5a:92:66:2a:dd:54:d1:42:69:c3:c3:0e:83:
         33:ef:41:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJCoSFIXrN1tf+7FNvSVSfFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyZWQ2NzAwMmRjNzMwN2U4NTYzYjZlNDkzNGNjZDU3MjNh
NDRmM2UwHhcNMjQwOTMwMTExMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjhiYjJlMDM1ZmM5N2MxOWY0MTA4YjhlYmVkMWJlODM5NmNhNTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWXnEPDeDfW79uziCUYg9zG9fNKx
wWbulNzlNG3+3PhtfMuNZLkvF+kxqNxsoCSjUQjQkKxiwR9Jzm95kkvmZE570zO4
HYv6ISMzoxjWwRFCf9J6AKLqHbtV6/F6znBpNNL12lVjpYNBqvApW2a5TEsVnNee
c6gfX+wy6CMLbd8RzRpIHaPHTQ87JTYX6Z6EBXJ0TXDF7tt+U4vZo88L6IUjtuFc
E7+Dhos+xdOKkUl1C5qqjDtomJe150yN5CzAUeaV+lzbUx8ipR6ydh3sSH51i/DE
hpeCDWh/68t/uchtcriDFeUPQ5Ze1vdYgWcpLzf2POonTMkzdV+mTcTBYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMKLsuA1/JfBn0EIuOvtG+g5bKU7MB8GA1UdIwQY
MBaAFDLtZwAtxzB+hWO25JNMzVcjpE8+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXUxbkFDM0hNSDZGWTdia2swek5WeU9rVHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83OTE2Y2QtNGQyZi00ZjUyLWFlYWMt
ZjFlOWJjNDFkOTJmLzEvd291eTREWDhsOEdmUVFpNDYtMGI2RGxzcFRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS83OTE2Y2QtNGQyZi00ZjUyLWFlYWMtZjFlOWJjNDFkOTJm
LzEvTXUxbkFDM0hNSDZGWTdia2swek5WeU9rVHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSKDMA0G
CSqGSIb3DQEBCwUAA4IBAQBEckD6hZKIGgFcrm+6UjdOCs4DBiTyhcbc9T5AlQK6
12d/S2oYDqfgnPyMbz6y9aQ0/XEBmOAvm9aDJfmrjGhFy5u5R7lff/JdgaCp7lmY
L2mGe7uU5ZtcnAPIPofSLjIaG7MTk4tvUha+ZoZndP7UBCBvfdbMqs1Iqg8BTn3B
BVetFL+HSjcc/WJdqPSy1KCvXlA+L4+1XIEYlXYLW/1R20H7EUHitTtWQhdD72Ld
N4FGE+uMx40mK2Nt+6zFMXugrQkHKdL4/9mrzlR5W/o0dkryHlex9vgfodDxNZe3
M4VU+TS8GY6a9yvEUthh3lqSZirdVNFCacPDDoMz70Eh
-----END CERTIFICATE-----