Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/122129-2226-4e97-b0a7-1aa500b9948a/1/eYDBxTKrcaEFYFnlWLUsnIOsv3U.roa
File:                     eYDBxTKrcaEFYFnlWLUsnIOsv3U.roa (raw, json)
Hash identifier:          OfZoO6t0iyg5AXJF4WwUrvgzUmYDRfoo/QvhYXWGzUk=
Subject key identifier:   79:80:C1:C5:32:AB:71:A1:05:60:59:E5:58:B5:2C:9C:83:AC:BF:75
Certificate issuer:       /CN=32a03fed5dc7a0c34e4d85774ff7005d33e6ef13
Certificate serial:       018CC5DBE343A3A552E76873DE74904AE975
Authority key identifier: 32:A0:3F:ED:5D:C7:A0:C3:4E:4D:85:77:4F:F7:00:5D:33:E6:EF:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MqA_7V3HoMNOTYV3T_cAXTPm7xM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/122129-2226-4e97-b0a7-1aa500b9948a/1/eYDBxTKrcaEFYFnlWLUsnIOsv3U.roa
Signing time:             Mon 01 Jan 2024 16:29:31 +0000
ROA not before:           Mon 01 Jan 2024 16:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31528
IP address blocks:        193.16.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/122129-2226-4e97-b0a7-1aa500b9948a/1/MqA_7V3HoMNOTYV3T_cAXTPm7xM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/122129-2226-4e97-b0a7-1aa500b9948a/1/MqA_7V3HoMNOTYV3T_cAXTPm7xM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MqA_7V3HoMNOTYV3T_cAXTPm7xM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:e3:43:a3:a5:52:e7:68:73:de:74:90:4a:e9:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32a03fed5dc7a0c34e4d85774ff7005d33e6ef13
        Validity
            Not Before: Jan  1 16:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7980c1c532ab71a1056059e558b52c9c83acbf75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:08:54:d4:42:e3:e2:bf:d2:20:cd:75:27:aa:
                    a6:4a:6a:e2:bc:ac:0f:14:d2:b4:c8:08:d8:b3:05:
                    9f:ab:67:83:88:24:66:4e:92:89:58:b1:d4:b7:c1:
                    29:1d:0b:92:3a:a8:bb:ac:4d:0d:47:9a:dd:69:00:
                    51:f4:d3:b2:59:7a:8d:09:1f:8c:95:cd:ec:e6:9b:
                    a6:62:18:5a:d8:f7:55:e4:3f:de:49:8f:ae:27:25:
                    ad:ac:9b:2b:1f:0d:4f:a1:ec:6b:45:a8:d3:d2:b1:
                    8b:55:5d:78:85:b3:0d:e9:61:93:fb:22:45:1a:70:
                    67:ba:ac:1d:b2:98:16:83:51:39:40:83:b5:af:ce:
                    3c:2e:f4:6b:5a:bc:59:a0:20:3d:d3:b8:c7:d6:17:
                    87:b1:fe:41:d9:36:b5:2f:f1:b7:ee:d9:e4:f0:cd:
                    b9:5e:da:5f:0b:a5:07:f3:d7:49:44:04:4c:59:dc:
                    9c:38:3e:98:41:83:ab:06:3c:0c:3b:b9:4f:f8:90:
                    88:31:74:24:e4:c4:ec:80:54:e2:fa:c9:19:48:6a:
                    5a:81:04:ae:a1:9a:88:23:43:74:02:ff:86:ea:32:
                    a9:73:69:a3:7d:2e:33:a8:8e:03:59:55:6a:96:21:
                    27:2e:41:38:ba:4f:24:85:68:1b:a1:e8:f5:8f:c3:
                    3a:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:80:C1:C5:32:AB:71:A1:05:60:59:E5:58:B5:2C:9C:83:AC:BF:75
            X509v3 Authority Key Identifier:
                keyid:32:A0:3F:ED:5D:C7:A0:C3:4E:4D:85:77:4F:F7:00:5D:33:E6:EF:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MqA_7V3HoMNOTYV3T_cAXTPm7xM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/122129-2226-4e97-b0a7-1aa500b9948a/1/eYDBxTKrcaEFYFnlWLUsnIOsv3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/122129-2226-4e97-b0a7-1aa500b9948a/1/MqA_7V3HoMNOTYV3T_cAXTPm7xM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.16.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:16:5f:48:5a:e3:85:4f:cd:e8:5c:b9:1a:bd:0d:18:9b:dc:
         32:e5:71:61:db:a0:43:38:47:ad:39:1f:d1:db:5d:a1:a4:ef:
         8d:0a:25:83:ad:5d:f2:9e:16:21:d5:40:8d:e3:ce:a9:30:82:
         4a:8c:c2:41:a3:6d:1f:ac:32:d0:d6:be:00:8c:75:dd:bc:98:
         72:73:2c:be:9f:d2:33:80:c1:df:c1:c5:af:c1:70:b0:3a:3e:
         c9:29:0c:b3:0f:b5:61:b5:4f:38:1f:5a:23:11:a0:cf:7f:84:
         87:8a:63:cc:a5:fb:47:d5:9f:9d:42:6e:10:bb:d6:c7:70:6b:
         b4:a4:97:11:cf:ca:46:58:f3:5e:32:a1:2e:f5:37:7b:69:41:
         a6:78:90:61:a4:7c:50:e5:28:a5:41:d2:08:39:70:6e:67:ee:
         23:77:c0:bc:e1:85:02:ee:b0:f9:0e:d3:fa:a4:4a:4e:ef:20:
         fa:c7:1f:be:c5:64:b2:10:3e:b7:42:34:5c:33:0f:49:5e:52:
         5a:09:bd:dc:dc:f6:e3:0e:a4:81:8d:c9:ca:e2:44:4f:ca:74:
         3b:7b:db:90:29:f2:11:b1:0b:c5:98:6d:a2:d4:8c:23:70:c8:
         b2:83:ad:11:bb:4f:3a:01:1c:16:62:69:88:c6:17:78:f9:49:
         1b:ce:17:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2+NDo6VS52hz3nSQSul1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyYTAzZmVkNWRjN2EwYzM0ZTRkODU3NzRmZjcwMDVkMzNl
NmVmMTMwHhcNMjQwMTAxMTYyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTgwYzFjNTMyYWI3MWExMDU2MDU5ZTU1OGI1MmM5YzgzYWNiZjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoAhU1ELj4r/SIM11J6qmSmrivKwP
FNK0yAjYswWfq2eDiCRmTpKJWLHUt8EpHQuSOqi7rE0NR5rdaQBR9NOyWXqNCR+M
lc3s5pumYhha2PdV5D/eSY+uJyWtrJsrHw1PoexrRajT0rGLVV14hbMN6WGT+yJF
GnBnuqwdspgWg1E5QIO1r848LvRrWrxZoCA907jH1heHsf5B2Ta1L/G37tnk8M25
XtpfC6UH89dJRARMWdycOD6YQYOrBjwMO7lP+JCIMXQk5MTsgFTi+skZSGpagQSu
oZqII0N0Av+G6jKpc2mjfS4zqI4DWVVqliEnLkE4uk8khWgboej1j8M6vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHmAwcUyq3GhBWBZ5Vi1LJyDrL91MB8GA1UdIwQY
MBaAFDKgP+1dx6DDTk2Fd0/3AF0z5u8TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXFBXzdWM0hvTU5PVFlWM1RfY0FYVFBtN3hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC8xMjIxMjktMjIyNi00ZTk3LWIwYTct
MWFhNTAwYjk5NDhhLzEvZVlEQnhUS3JjYUVGWUZubFdMVXNuSU9zdjNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC8xMjIxMjktMjIyNi00ZTk3LWIwYTctMWFhNTAwYjk5NDhh
LzEvTXFBXzdWM0hvTU5PVFlWM1RfY0FYVFBtN3hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRBrMA0G
CSqGSIb3DQEBCwUAA4IBAQANFl9IWuOFT83oXLkavQ0Ym9wy5XFh26BDOEetOR/R
212hpO+NCiWDrV3ynhYh1UCN486pMIJKjMJBo20frDLQ1r4AjHXdvJhycyy+n9Iz
gMHfwcWvwXCwOj7JKQyzD7VhtU84H1ojEaDPf4SHimPMpftH1Z+dQm4Qu9bHcGu0
pJcRz8pGWPNeMqEu9Td7aUGmeJBhpHxQ5SilQdIIOXBuZ+4jd8C84YUC7rD5DtP6
pEpO7yD6xx++xWSyED63QjRcMw9JXlJaCb3c3PbjDqSBjcnK4kRPynQ7e9uQKfIR
sQvFmG2i1IwjcMiyg60Ru086ARwWYmmIxhd4+Ukbzhfa
-----END CERTIFICATE-----