Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/e9c8fe-a687-4952-9d88-bfac928bf658/1/Blk2kZtsAzLmyZ1H2212ArL3Nuc.roa
File:                     Blk2kZtsAzLmyZ1H2212ArL3Nuc.roa (raw, json)
Hash identifier:          RtOa5NrSHOwcKzzX5y1ZYQmOENWLiH5g9ZjK2UUWngM=
Subject key identifier:   06:59:36:91:9B:6C:03:32:E6:C9:9D:47:DB:6D:76:02:B2:F7:36:E7
Certificate issuer:       /CN=c4ddbd9f230919321bf56706f1069377926119f9
Certificate serial:       018CC64B8D986A7E9CB34E4CEBA358ADD3B3
Authority key identifier: C4:DD:BD:9F:23:09:19:32:1B:F5:67:06:F1:06:93:77:92:61:19:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xN29nyMJGTIb9WcG8QaTd5JhGfk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/e9c8fe-a687-4952-9d88-bfac928bf658/1/Blk2kZtsAzLmyZ1H2212ArL3Nuc.roa
Signing time:             Mon 01 Jan 2024 18:31:29 +0000
ROA not before:           Mon 01 Jan 2024 18:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199041
IP address blocks:        193.32.65.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/e9c8fe-a687-4952-9d88-bfac928bf658/1/xN29nyMJGTIb9WcG8QaTd5JhGfk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/e9c8fe-a687-4952-9d88-bfac928bf658/1/xN29nyMJGTIb9WcG8QaTd5JhGfk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xN29nyMJGTIb9WcG8QaTd5JhGfk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 04:02:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:8d:98:6a:7e:9c:b3:4e:4c:eb:a3:58:ad:d3:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ddbd9f230919321bf56706f1069377926119f9
        Validity
            Not Before: Jan  1 18:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=065936919b6c0332e6c99d47db6d7602b2f736e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ff:fb:ad:eb:69:90:77:ab:5f:ae:c7:58:81:
                    e2:1a:7e:ed:c7:7e:5d:9f:7b:8b:72:09:4b:8e:38:
                    56:f0:c4:ec:15:1a:96:27:37:bc:e1:16:df:40:5f:
                    16:77:9c:77:10:a2:b0:88:9d:3a:dc:7c:e0:d5:69:
                    d7:c3:17:23:ca:23:88:12:39:d0:0f:e9:34:31:fa:
                    6a:97:c6:d5:23:07:81:cf:a2:e6:89:c4:6a:61:22:
                    37:c5:ae:f9:5d:bf:ff:4c:17:a1:b6:4d:82:98:e0:
                    14:39:28:8f:27:f6:21:71:30:8a:b1:df:61:0d:f6:
                    44:2f:70:72:2e:8e:ae:ef:6a:04:67:4e:8c:85:9c:
                    aa:c7:97:0e:58:e1:e8:20:ec:43:57:f1:14:0a:81:
                    f5:8c:dc:3a:f5:b7:d6:e3:51:d6:70:74:83:8e:10:
                    8d:93:3d:69:90:27:3c:2a:5d:ce:5c:25:0d:44:84:
                    b7:65:46:f4:9d:33:90:3b:28:4f:3e:63:a4:d9:9d:
                    e4:41:15:40:87:d9:d8:90:30:6b:d8:68:2e:20:8c:
                    d5:61:f9:91:ec:cd:3e:bc:7b:2b:97:57:c4:2e:27:
                    7a:c5:63:2a:3c:c5:93:0a:94:35:4c:58:0d:66:e8:
                    f6:6c:ed:be:1b:d5:83:49:c3:cf:f2:74:e7:2e:b9:
                    7d:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:59:36:91:9B:6C:03:32:E6:C9:9D:47:DB:6D:76:02:B2:F7:36:E7
            X509v3 Authority Key Identifier:
                keyid:C4:DD:BD:9F:23:09:19:32:1B:F5:67:06:F1:06:93:77:92:61:19:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xN29nyMJGTIb9WcG8QaTd5JhGfk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/e9c8fe-a687-4952-9d88-bfac928bf658/1/Blk2kZtsAzLmyZ1H2212ArL3Nuc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/e9c8fe-a687-4952-9d88-bfac928bf658/1/xN29nyMJGTIb9WcG8QaTd5JhGfk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:63:52:b7:99:e9:ba:d5:5c:ce:4a:dd:5e:d8:0c:fe:d2:9e:
         95:f0:a1:1f:29:d2:89:73:0f:5b:1c:ef:00:b5:f5:ee:a3:a1:
         77:73:94:c8:88:7f:12:f3:5d:9f:3c:6e:8d:03:9f:0f:23:28:
         fa:cb:bc:df:0e:0d:55:8d:4c:20:57:d2:a0:3c:a3:1c:fd:85:
         61:88:b2:2c:a6:e5:e9:6b:99:58:b0:3c:e3:c9:03:6f:25:4b:
         85:c5:e8:b0:e6:61:47:2d:15:10:14:1e:c6:47:52:98:2b:5a:
         5e:1f:f5:25:84:ef:3b:bf:75:46:2e:05:24:71:68:d0:39:76:
         ab:52:ec:24:fd:8c:8e:8d:8b:1a:8e:4b:99:27:70:e2:4e:87:
         fb:12:35:67:2f:59:10:8e:21:56:5a:35:98:22:37:23:fd:27:
         07:83:6a:84:57:67:13:d4:0b:41:b5:ec:21:40:84:e0:88:b7:
         eb:5f:87:bb:f1:63:97:82:f0:3e:63:b8:ba:18:43:c9:47:e9:
         97:87:ed:69:74:e8:40:c7:1f:63:f6:47:4d:14:80:66:6e:03:
         01:80:ff:d1:e1:f5:8b:03:74:ad:69:4b:74:11:b5:cb:fd:08:
         1d:34:cd:d0:6d:ca:ac:c2:5a:c4:8a:a5:de:b8:5e:6b:d9:d0:
         61:32:75:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS42Yan6cs05M66NYrdOzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0ZGRiZDlmMjMwOTE5MzIxYmY1NjcwNmYxMDY5Mzc3OTI2
MTE5ZjkwHhcNMjQwMTAxMTgzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjU5MzY5MTliNmMwMzMyZTZjOTlkNDdkYjZkNzYwMmIyZjczNmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuf/7retpkHerX67HWIHiGn7tx35d
n3uLcglLjjhW8MTsFRqWJze84RbfQF8Wd5x3EKKwiJ063Hzg1WnXwxcjyiOIEjnQ
D+k0Mfpql8bVIweBz6LmicRqYSI3xa75Xb//TBehtk2CmOAUOSiPJ/YhcTCKsd9h
DfZEL3ByLo6u72oEZ06MhZyqx5cOWOHoIOxDV/EUCoH1jNw69bfW41HWcHSDjhCN
kz1pkCc8Kl3OXCUNRIS3ZUb0nTOQOyhPPmOk2Z3kQRVAh9nYkDBr2GguIIzVYfmR
7M0+vHsrl1fELid6xWMqPMWTCpQ1TFgNZuj2bO2+G9WDScPP8nTnLrl9VQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAZZNpGbbAMy5smdR9ttdgKy9zbnMB8GA1UdIwQY
MBaAFMTdvZ8jCRkyG/VnBvEGk3eSYRn5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveE4yOW55TUpHVEliOVdjRzhRYVRkNUpoR2ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9lOWM4ZmUtYTY4Ny00OTUyLTlkODgt
YmZhYzkyOGJmNjU4LzEvQmxrMmtadHNBekxteVoxSDIyMTJBckwzTnVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9lOWM4ZmUtYTY4Ny00OTUyLTlkODgtYmZhYzkyOGJmNjU4
LzEveE4yOW55TUpHVEliOVdjRzhRYVRkNUpoR2ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSBBMA0G
CSqGSIb3DQEBCwUAA4IBAQCaY1K3mem61VzOSt1e2Az+0p6V8KEfKdKJcw9bHO8A
tfXuo6F3c5TIiH8S812fPG6NA58PIyj6y7zfDg1VjUwgV9KgPKMc/YVhiLIspuXp
a5lYsDzjyQNvJUuFxeiw5mFHLRUQFB7GR1KYK1peH/UlhO87v3VGLgUkcWjQOXar
Uuwk/YyOjYsajkuZJ3DiTof7EjVnL1kQjiFWWjWYIjcj/ScHg2qEV2cT1AtBtewh
QITgiLfrX4e78WOXgvA+Y7i6GEPJR+mXh+1pdOhAxx9j9kdNFIBmbgMBgP/R4fWL
A3StaUt0EbXL/QgdNM3QbcqswlrEiqXeuF5r2dBhMnUs
-----END CERTIFICATE-----