Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/1KEGHQmULn4ro-xVX2ZjkNo9BTw.roa
File:                     1KEGHQmULn4ro-xVX2ZjkNo9BTw.roa (raw, json)
Hash identifier:          9h7O8zevIF/7SP+vwypVcniLHF6lE3Vs7pdJiTqCp+Y=
Subject key identifier:   D4:A1:06:1D:09:94:2E:7E:2B:A3:EC:55:5F:66:63:90:DA:3D:05:3C
Certificate issuer:       /CN=a316c7659af1d56bc718faf614f092758f5edc7f
Certificate serial:       0191BF1A617A6FD02EFC10E874A69424E993
Authority key identifier: A3:16:C7:65:9A:F1:D5:6B:C7:18:FA:F6:14:F0:92:75:8F:5E:DC:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oxbHZZrx1WvHGPr2FPCSdY9e3H8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/1KEGHQmULn4ro-xVX2ZjkNo9BTw.roa
Signing time:             Wed 04 Sep 2024 22:14:22 +0000
ROA not before:           Wed 04 Sep 2024 22:14:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     23467
IP address blocks:        212.32.0.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/oxbHZZrx1WvHGPr2FPCSdY9e3H8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/oxbHZZrx1WvHGPr2FPCSdY9e3H8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oxbHZZrx1WvHGPr2FPCSdY9e3H8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:bf:1a:61:7a:6f:d0:2e:fc:10:e8:74:a6:94:24:e9:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a316c7659af1d56bc718faf614f092758f5edc7f
        Validity
            Not Before: Sep  4 22:14:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d4a1061d09942e7e2ba3ec555f666390da3d053c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:d0:9a:6e:78:28:59:e5:00:91:a7:d8:7e:3e:
                    46:12:52:18:f1:5a:04:9e:12:b3:2b:df:e8:ec:9d:
                    0f:b5:00:59:7f:b3:19:e5:11:8d:9a:2b:43:7f:f8:
                    e0:a9:7b:4d:cc:1c:ff:f3:fc:f5:cf:83:fe:5f:f1:
                    05:44:40:37:61:19:27:69:45:12:c9:e0:f7:aa:58:
                    34:a3:c1:bf:23:25:db:16:6c:f8:56:e9:14:64:f5:
                    e3:b7:1b:d6:41:6d:dd:cd:ba:14:94:8c:9e:ea:ba:
                    98:35:7a:60:c9:38:6f:02:94:ee:4a:c4:77:ac:21:
                    43:66:2b:09:bc:a7:b2:81:fb:58:74:20:f7:a5:80:
                    06:fe:b0:e7:ac:38:36:4a:bc:ba:10:56:e4:87:0d:
                    d0:65:e0:d5:c4:fa:15:83:13:e0:e0:24:f4:72:eb:
                    d9:7d:b0:4c:a7:f5:14:e4:c9:f7:e9:d0:47:e7:b4:
                    6b:00:2e:ad:78:6a:c9:df:67:c2:2a:15:2a:25:67:
                    c5:03:35:36:31:e8:c0:c6:b5:0d:5f:8b:10:36:1d:
                    34:e7:5c:a2:fc:5d:a6:8f:5b:c9:84:86:28:90:04:
                    73:37:8d:7b:3c:08:bf:f0:91:44:d3:c1:fb:63:fa:
                    2a:46:98:ff:3e:e9:9f:c2:5f:94:3c:87:f9:0f:f2:
                    62:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:A1:06:1D:09:94:2E:7E:2B:A3:EC:55:5F:66:63:90:DA:3D:05:3C
            X509v3 Authority Key Identifier:
                keyid:A3:16:C7:65:9A:F1:D5:6B:C7:18:FA:F6:14:F0:92:75:8F:5E:DC:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oxbHZZrx1WvHGPr2FPCSdY9e3H8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/1KEGHQmULn4ro-xVX2ZjkNo9BTw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/oxbHZZrx1WvHGPr2FPCSdY9e3H8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.32.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         27:c8:75:6f:32:ef:31:30:e9:4c:80:d2:69:af:e1:ca:db:c4:
         c2:15:0c:74:42:e3:05:3f:f0:cf:09:15:ff:4d:d8:72:d5:82:
         a2:88:8a:9f:be:c6:99:8b:7b:6a:18:07:7d:40:eb:e7:4a:78:
         4b:e8:9c:94:52:52:92:3e:36:d3:7f:84:19:ce:20:2e:1b:03:
         6a:6d:f2:2a:33:8c:5b:3c:01:2d:aa:41:ff:25:b4:a1:7e:7b:
         e4:8f:3b:9b:69:51:30:e5:6c:2d:cf:93:4d:6e:f0:11:18:98:
         72:72:67:95:0e:64:c8:d9:35:6d:34:b1:b9:68:6e:79:af:4c:
         61:a8:e7:8f:a3:10:ab:2a:9d:d3:38:15:1e:88:4e:7c:0d:bc:
         bc:3b:78:0d:d1:c0:ce:a8:b0:ee:7e:19:7c:7a:15:8c:58:f9:
         c4:c7:d0:c6:9d:3c:ac:b1:45:b4:a7:45:97:d1:d4:30:37:b2:
         62:79:2f:66:9b:9e:12:2f:de:bc:07:e7:e2:41:ba:75:9c:0b:
         fd:a2:ae:3c:32:34:44:c0:f9:2c:96:96:2b:b0:39:14:8a:c4:
         0a:5c:3c:2d:6a:21:2d:cd:60:f5:8c:43:ef:98:dc:25:bd:40:
         f2:11:1b:63:c3:9d:00:c7:fe:ee:3a:3b:5f:38:dc:34:fa:8c:
         5e:6b:cf:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZG/GmF6b9Au/BDodKaUJOmTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzMTZjNzY1OWFmMWQ1NmJjNzE4ZmFmNjE0ZjA5Mjc1OGY1
ZWRjN2YwHhcNMjQwOTA0MjIxNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGExMDYxZDA5OTQyZTdlMmJhM2VjNTU1ZjY2NjM5MGRhM2QwNTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAldCabngoWeUAkafYfj5GElIY8VoE
nhKzK9/o7J0PtQBZf7MZ5RGNmitDf/jgqXtNzBz/8/z1z4P+X/EFREA3YRknaUUS
yeD3qlg0o8G/IyXbFmz4VukUZPXjtxvWQW3dzboUlIye6rqYNXpgyThvApTuSsR3
rCFDZisJvKeygftYdCD3pYAG/rDnrDg2Sry6EFbkhw3QZeDVxPoVgxPg4CT0cuvZ
fbBMp/UU5Mn36dBH57RrAC6teGrJ32fCKhUqJWfFAzU2MejAxrUNX4sQNh0051yi
/F2mj1vJhIYokARzN417PAi/8JFE08H7Y/oqRpj/Pumfwl+UPIf5D/Ji4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNShBh0JlC5+K6PsVV9mY5DaPQU8MB8GA1UdIwQY
MBaAFKMWx2Wa8dVrxxj69hTwknWPXtx/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3hiSFpacngxV3ZIR1ByMkZQQ1NkWTllM0g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8zMGQ0ZTgtZTA5MC00YmYyLTgxODUt
MzY4N2M4MThlZGU1LzEvMUtFR0hRbVVMbjRyby14VlgyWmprTm85QlR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8zMGQ0ZTgtZTA5MC00YmYyLTgxODUtMzY4N2M4MThlZGU1
LzEvb3hiSFpacngxV3ZIR1ByMkZQQ1NkWTllM0g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE1CAAMA0G
CSqGSIb3DQEBCwUAA4IBAQAnyHVvMu8xMOlMgNJpr+HK28TCFQx0QuMFP/DPCRX/
Tdhy1YKiiIqfvsaZi3tqGAd9QOvnSnhL6JyUUlKSPjbTf4QZziAuGwNqbfIqM4xb
PAEtqkH/JbShfnvkjzubaVEw5Wwtz5NNbvARGJhycmeVDmTI2TVtNLG5aG55r0xh
qOePoxCrKp3TOBUeiE58Dby8O3gN0cDOqLDufhl8ehWMWPnEx9DGnTyssUW0p0WX
0dQwN7JieS9mm54SL968B+fiQbp1nAv9oq48MjREwPkslpYrsDkUisQKXDwtaiEt
zWD1jEPvmNwlvUDyERtjw50Ax/7uOjtfONw0+oxea8/C
-----END CERTIFICATE-----