Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/dd9c90-31a9-4995-9da3-4efde6eb32d4/1/4biwE-DS6MlQ3KzzuMudPiZ43DA.roa
File:                     4biwE-DS6MlQ3KzzuMudPiZ43DA.roa (raw, json)
Hash identifier:          7cp+0sWf4LBsahXxXsOqglYHWLU3yqKUF4NGZi0J31g=
Subject key identifier:   E1:B8:B0:13:E0:D2:E8:C9:50:DC:AC:F3:B8:CB:9D:3E:26:78:DC:30
Certificate issuer:       /CN=356d9a95bace19785c40647663f31d9056261c2f
Certificate serial:       018CC8015081220785851EC275C6376C84C1
Authority key identifier: 35:6D:9A:95:BA:CE:19:78:5C:40:64:76:63:F3:1D:90:56:26:1C:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NW2albrOGXhcQGR2Y_MdkFYmHC8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/dd9c90-31a9-4995-9da3-4efde6eb32d4/1/4biwE-DS6MlQ3KzzuMudPiZ43DA.roa
Signing time:             Tue 02 Jan 2024 02:29:38 +0000
ROA not before:           Tue 02 Jan 2024 02:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62739
IP address blocks:        185.32.194.0/24 maxlen: 24
                          185.32.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/dd9c90-31a9-4995-9da3-4efde6eb32d4/1/NW2albrOGXhcQGR2Y_MdkFYmHC8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/dd9c90-31a9-4995-9da3-4efde6eb32d4/1/NW2albrOGXhcQGR2Y_MdkFYmHC8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NW2albrOGXhcQGR2Y_MdkFYmHC8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:50:81:22:07:85:85:1e:c2:75:c6:37:6c:84:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=356d9a95bace19785c40647663f31d9056261c2f
        Validity
            Not Before: Jan  2 02:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1b8b013e0d2e8c950dcacf3b8cb9d3e2678dc30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:c2:e0:8d:40:51:08:0d:9e:78:6e:0b:24:ec:
                    46:ad:4c:24:ff:a1:11:ff:83:bd:a9:05:f6:f0:32:
                    a8:9f:bc:38:94:c5:34:f1:b1:1e:7f:d6:6f:c5:46:
                    51:a5:a7:bd:1f:34:4a:a9:6c:2f:18:ed:f3:fe:17:
                    4b:96:53:00:bc:dd:9f:dc:71:e8:2b:75:45:74:20:
                    4f:0f:64:2f:73:e4:8a:52:97:41:3c:aa:22:bd:e6:
                    51:c1:1a:48:b9:ab:bb:cf:7d:4c:f8:91:0a:74:c3:
                    0c:0d:08:54:8a:70:85:1b:18:ea:36:7e:b2:25:21:
                    d9:ae:f1:d1:02:92:e0:75:f8:71:68:34:eb:84:1a:
                    dd:c8:79:a1:e9:24:92:07:c2:48:94:8d:85:c6:e2:
                    99:eb:d0:1f:86:78:50:cb:f1:b1:f8:8e:cd:33:2b:
                    24:b5:4d:e2:93:01:76:81:49:7a:75:49:18:44:37:
                    0d:a7:4b:24:a3:bd:25:82:ff:c7:98:20:bc:a2:13:
                    36:d4:8f:3b:45:4c:91:c5:91:6e:41:13:26:bb:51:
                    c3:7f:84:68:8e:a5:5d:55:07:11:cb:7c:6a:e1:93:
                    36:5c:94:6f:3f:ec:92:c7:08:2a:f6:34:cb:95:44:
                    b3:e8:0a:64:74:a7:ce:1f:b2:f7:20:2b:55:7a:5f:
                    36:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:B8:B0:13:E0:D2:E8:C9:50:DC:AC:F3:B8:CB:9D:3E:26:78:DC:30
            X509v3 Authority Key Identifier:
                keyid:35:6D:9A:95:BA:CE:19:78:5C:40:64:76:63:F3:1D:90:56:26:1C:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NW2albrOGXhcQGR2Y_MdkFYmHC8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/dd9c90-31a9-4995-9da3-4efde6eb32d4/1/4biwE-DS6MlQ3KzzuMudPiZ43DA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/dd9c90-31a9-4995-9da3-4efde6eb32d4/1/NW2albrOGXhcQGR2Y_MdkFYmHC8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.32.193.0-185.32.194.255

    Signature Algorithm: sha256WithRSAEncryption
         39:11:98:4e:79:52:fc:80:17:1c:2b:00:78:3d:ae:b4:97:2c:
         30:1f:06:aa:05:97:69:0e:79:be:cc:28:f4:1e:8a:df:31:76:
         fb:9e:c7:24:32:eb:e0:b5:27:c5:5b:b5:03:38:69:30:13:c9:
         6e:29:e1:d1:85:66:e0:ae:5b:ea:8e:61:f6:a0:f3:10:4f:b4:
         7a:6f:41:00:33:a1:a9:23:bc:0a:40:58:9b:3a:7c:f9:3c:32:
         0b:de:d0:31:2a:87:7f:51:ce:12:a4:35:28:53:03:7a:a5:cb:
         52:b5:c1:82:e7:7d:5c:9e:4c:95:a4:3d:be:e5:1a:a5:e4:b3:
         98:c0:2a:ea:a2:01:ea:b7:a2:a0:17:45:9c:22:5f:bc:4c:ca:
         5d:c4:6f:50:d6:ed:1d:07:7d:02:a2:16:01:bf:43:1e:0b:62:
         54:35:0f:99:3f:d5:9f:0d:b6:58:9d:ac:ad:9b:35:79:57:bb:
         76:49:50:08:af:d4:11:fd:5c:7f:2e:e4:2b:81:f3:dc:5f:93:
         cb:52:92:e7:ec:62:46:db:52:57:63:46:86:2b:71:1e:06:47:
         38:fc:e7:bb:eb:10:30:f9:20:0c:38:76:23:8f:9e:ef:9c:75:
         22:93:82:2c:2f:f6:8d:89:e7:ba:b1:cb:fb:a6:aa:84:8e:40:
         2d:2a:24:13
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzIAVCBIgeFhR7CdcY3bITBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NmQ5YTk1YmFjZTE5Nzg1YzQwNjQ3NjYzZjMxZDkwNTYy
NjFjMmYwHhcNMjQwMTAyMDIyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWI4YjAxM2UwZDJlOGM5NTBkY2FjZjNiOGNiOWQzZTI2NzhkYzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk8LgjUBRCA2eeG4LJOxGrUwk/6ER
/4O9qQX28DKon7w4lMU08bEef9ZvxUZRpae9HzRKqWwvGO3z/hdLllMAvN2f3HHo
K3VFdCBPD2Qvc+SKUpdBPKoiveZRwRpIuau7z31M+JEKdMMMDQhUinCFGxjqNn6y
JSHZrvHRApLgdfhxaDTrhBrdyHmh6SSSB8JIlI2FxuKZ69AfhnhQy/Gx+I7NMysk
tU3ikwF2gUl6dUkYRDcNp0sko70lgv/HmCC8ohM21I87RUyRxZFuQRMmu1HDf4Ro
jqVdVQcRy3xq4ZM2XJRvP+ySxwgq9jTLlUSz6ApkdKfOH7L3ICtVel82zQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFOG4sBPg0ujJUNys87jLnT4meNwwMB8GA1UdIwQY
MBaAFDVtmpW6zhl4XEBkdmPzHZBWJhwvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlcyYWxick9HWGhjUUdSMllfTWRrRlltSEM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9kZDljOTAtMzFhOS00OTk1LTlkYTMt
NGVmZGU2ZWIzMmQ0LzEvNGJpd0UtRFM2TWxRM0t6enVNdWRQaVo0M0RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9kZDljOTAtMzFhOS00OTk1LTlkYTMtNGVmZGU2ZWIzMmQ0
LzEvTlcyYWxick9HWGhjUUdSMllfTWRrRlltSEM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5IMED
BAC5IMIwDQYJKoZIhvcNAQELBQADggEBADkRmE55UvyAFxwrAHg9rrSXLDAfBqoF
l2kOeb7MKPQeit8xdvuexyQy6+C1J8VbtQM4aTATyW4p4dGFZuCuW+qOYfag8xBP
tHpvQQAzoakjvApAWJs6fPk8Mgve0DEqh39RzhKkNShTA3qly1K1wYLnfVyeTJWk
Pb7lGqXks5jAKuqiAeq3oqAXRZwiX7xMyl3Eb1DW7R0HfQKiFgG/Qx4LYlQ1D5k/
1Z8NtlidrK2bNXlXu3ZJUAiv1BH9XH8u5CuB89xfk8tSkufsYkbbUldjRoYrcR4G
Rzj857vrEDD5IAw4diOPnu+cdSKTgiwv9o2J57qxy/umqoSOQC0qJBM=
-----END CERTIFICATE-----