Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/d30eef-495e-43bd-919c-a2a0e2db49d0/1/US0rLrhy2Q9wuK38v9eJ_CG69ok.roa
File:                     US0rLrhy2Q9wuK38v9eJ_CG69ok.roa (raw, json)
Hash identifier:          JvWW5sk+1LarD/JYX6mE6AsWIbWCXM7oHLMNo5Nw7ww=
Subject key identifier:   51:2D:2B:2E:B8:72:D9:0F:70:B8:AD:FC:BF:D7:89:FC:21:BA:F6:89
Certificate issuer:       /CN=d99a47cdc89f46342f90b0da3c30d9ec5fd63238
Certificate serial:       018CC6B89339D8988FF88B83CD7D9F4C3633
Authority key identifier: D9:9A:47:CD:C8:9F:46:34:2F:90:B0:DA:3C:30:D9:EC:5F:D6:32:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2ZpHzcifRjQvkLDaPDDZ7F_WMjg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/d30eef-495e-43bd-919c-a2a0e2db49d0/1/US0rLrhy2Q9wuK38v9eJ_CG69ok.roa
Signing time:             Mon 01 Jan 2024 20:30:34 +0000
ROA not before:           Mon 01 Jan 2024 20:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205005
IP address blocks:        195.32.56.0/21 maxlen: 21
                          195.32.32.0/21 maxlen: 21
                          195.32.40.0/21 maxlen: 21
                          195.32.48.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/d30eef-495e-43bd-919c-a2a0e2db49d0/1/2ZpHzcifRjQvkLDaPDDZ7F_WMjg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/d30eef-495e-43bd-919c-a2a0e2db49d0/1/2ZpHzcifRjQvkLDaPDDZ7F_WMjg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2ZpHzcifRjQvkLDaPDDZ7F_WMjg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:93:39:d8:98:8f:f8:8b:83:cd:7d:9f:4c:36:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d99a47cdc89f46342f90b0da3c30d9ec5fd63238
        Validity
            Not Before: Jan  1 20:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=512d2b2eb872d90f70b8adfcbfd789fc21baf689
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:5b:28:88:e0:40:8f:b1:7e:1e:1f:e2:c8:3d:
                    7c:e3:40:81:f0:98:0f:c4:e7:26:3d:22:94:d5:c1:
                    90:52:e8:04:db:d3:0f:7f:4a:87:72:fe:e1:d9:fb:
                    ca:74:84:28:d1:af:d8:44:4e:aa:31:e3:0f:3f:c0:
                    83:4b:3a:5c:3a:32:60:b3:a9:f1:58:30:76:20:ac:
                    86:71:17:af:08:e1:75:83:ea:b6:a1:c0:fa:87:21:
                    22:c2:6f:72:9f:18:dc:48:f6:52:2c:37:90:67:98:
                    81:ef:66:dd:1c:30:28:13:43:fe:73:9e:10:9e:bc:
                    4f:99:e5:61:c1:10:fa:42:bc:6b:ac:5a:c6:fb:46:
                    e1:e1:76:21:c4:dc:2b:e6:39:ac:a1:30:50:4f:30:
                    da:42:e2:94:e1:3f:d9:a6:2b:bf:df:9b:5c:08:07:
                    e1:ba:6a:ca:fc:23:8e:03:52:49:05:19:27:2e:a3:
                    94:86:0a:71:65:98:de:d4:24:45:3e:2f:2e:01:90:
                    2d:fb:62:aa:83:fb:49:f3:7c:ab:05:63:a1:38:80:
                    a0:d6:fc:e0:66:56:88:9c:70:b6:74:73:ff:4b:32:
                    fc:ee:fc:b8:0e:02:86:ee:10:e0:17:1c:6c:c3:2e:
                    9f:d4:ad:93:ed:dd:81:55:ea:65:8b:15:72:e9:35:
                    89:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:2D:2B:2E:B8:72:D9:0F:70:B8:AD:FC:BF:D7:89:FC:21:BA:F6:89
            X509v3 Authority Key Identifier:
                keyid:D9:9A:47:CD:C8:9F:46:34:2F:90:B0:DA:3C:30:D9:EC:5F:D6:32:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2ZpHzcifRjQvkLDaPDDZ7F_WMjg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/d30eef-495e-43bd-919c-a2a0e2db49d0/1/US0rLrhy2Q9wuK38v9eJ_CG69ok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/d30eef-495e-43bd-919c-a2a0e2db49d0/1/2ZpHzcifRjQvkLDaPDDZ7F_WMjg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.32.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         a9:3f:30:4c:46:34:96:6a:b5:a5:37:97:52:45:56:f7:b0:5c:
         d6:8f:5d:e0:fd:b1:e2:ae:69:aa:30:8f:04:75:7a:b5:1b:67:
         d7:e8:21:f9:b8:3e:a5:fd:9d:e5:90:2c:1b:43:0b:ab:c7:cf:
         2c:3e:f1:7b:ba:79:e0:a7:5e:80:2c:73:92:0b:83:2e:31:42:
         21:87:09:4c:a6:db:a8:78:fd:11:3f:94:7a:95:b0:55:52:42:
         f7:01:d3:7c:e8:18:ff:04:0b:da:fb:1c:2f:9c:54:a9:99:45:
         61:51:86:47:32:db:e2:b3:dd:20:67:63:c3:db:d6:e0:e0:fc:
         21:9b:00:31:ed:f4:c4:b7:4e:b9:d1:94:8e:51:b1:4a:44:cd:
         71:dc:f0:25:65:4c:e1:28:09:4e:e4:0d:4e:39:a3:83:b1:c9:
         a3:11:b3:70:5a:f7:91:d5:61:b9:7d:27:40:90:8e:11:b3:85:
         24:65:dc:c9:fd:d8:5b:77:e2:af:ff:c3:fe:d5:11:3b:28:f5:
         aa:17:91:11:b7:b2:80:2d:a0:70:84:d0:b7:70:ad:16:b5:f9:
         d1:79:6d:42:13:f5:ab:87:c0:f9:e3:55:ca:27:b8:ec:5f:dc:
         cb:6e:6d:1b:cd:46:f8:84:54:cf:6f:0e:8d:13:12:fd:df:ee:
         d5:b4:20:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuJM52JiP+IuDzX2fTDYzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5OWE0N2NkYzg5ZjQ2MzQyZjkwYjBkYTNjMzBkOWVjNWZk
NjMyMzgwHhcNMjQwMTAxMjAzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTJkMmIyZWI4NzJkOTBmNzBiOGFkZmNiZmQ3ODlmYzIxYmFmNjg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj1soiOBAj7F+Hh/iyD1840CB8JgP
xOcmPSKU1cGQUugE29MPf0qHcv7h2fvKdIQo0a/YRE6qMeMPP8CDSzpcOjJgs6nx
WDB2IKyGcRevCOF1g+q2ocD6hyEiwm9ynxjcSPZSLDeQZ5iB72bdHDAoE0P+c54Q
nrxPmeVhwRD6QrxrrFrG+0bh4XYhxNwr5jmsoTBQTzDaQuKU4T/Zpiu/35tcCAfh
umrK/COOA1JJBRknLqOUhgpxZZje1CRFPi8uAZAt+2Kqg/tJ83yrBWOhOICg1vzg
ZlaInHC2dHP/SzL87vy4DgKG7hDgFxxswy6f1K2T7d2BVeplixVy6TWJWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFEtKy64ctkPcLit/L/XifwhuvaJMB8GA1UdIwQY
MBaAFNmaR83In0Y0L5Cw2jww2exf1jI4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlpwSHpjaWZSalF2a0xEYVBERFo3Rl9XTWpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9kMzBlZWYtNDk1ZS00M2JkLTkxOWMt
YTJhMGUyZGI0OWQwLzEvVVMwckxyaHkyUTl3dUszOHY5ZUpfQ0c2OW9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9kMzBlZWYtNDk1ZS00M2JkLTkxOWMtYTJhMGUyZGI0OWQw
LzEvMlpwSHpjaWZSalF2a0xEYVBERFo3Rl9XTWpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFwyAgMA0G
CSqGSIb3DQEBCwUAA4IBAQCpPzBMRjSWarWlN5dSRVb3sFzWj13g/bHirmmqMI8E
dXq1G2fX6CH5uD6l/Z3lkCwbQwurx88sPvF7unngp16ALHOSC4MuMUIhhwlMptuo
eP0RP5R6lbBVUkL3AdN86Bj/BAva+xwvnFSpmUVhUYZHMtvis90gZ2PD29bg4Pwh
mwAx7fTEt0650ZSOUbFKRM1x3PAlZUzhKAlO5A1OOaODscmjEbNwWveR1WG5fSdA
kI4Rs4UkZdzJ/dhbd+Kv/8P+1RE7KPWqF5ERt7KALaBwhNC3cK0WtfnReW1CE/Wr
h8D541XKJ7jsX9zLbm0bzUb4hFTPbw6NExL93+7VtCC7
-----END CERTIFICATE-----