Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/4b08af-67db-42da-a094-ef590c1c8e12/1/p2cmi4-szwuBRjunNqjqqW6Qbyw.roa
File:                     p2cmi4-szwuBRjunNqjqqW6Qbyw.roa (raw, json)
Hash identifier:          b1A0/L2pixE5GgQ6nN5uzQLS9wTBw/uhAXwmlC42Gzs=
Subject key identifier:   A7:67:26:8B:8F:AC:CF:0B:81:46:3B:A7:36:A8:EA:A9:6E:90:6F:2C
Certificate issuer:       /CN=97eac753379fd22ff6515033f513dc282463ad2d
Certificate serial:       018CC5DC9D769A240F66A6AF13F9BB53ACC3
Authority key identifier: 97:EA:C7:53:37:9F:D2:2F:F6:51:50:33:F5:13:DC:28:24:63:AD:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l-rHUzef0i_2UVAz9RPcKCRjrS0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/4b08af-67db-42da-a094-ef590c1c8e12/1/p2cmi4-szwuBRjunNqjqqW6Qbyw.roa
Signing time:             Mon 01 Jan 2024 16:30:18 +0000
ROA not before:           Mon 01 Jan 2024 16:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198009
IP address blocks:        193.201.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/4b08af-67db-42da-a094-ef590c1c8e12/1/l-rHUzef0i_2UVAz9RPcKCRjrS0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/4b08af-67db-42da-a094-ef590c1c8e12/1/l-rHUzef0i_2UVAz9RPcKCRjrS0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l-rHUzef0i_2UVAz9RPcKCRjrS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:9d:76:9a:24:0f:66:a6:af:13:f9:bb:53:ac:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97eac753379fd22ff6515033f513dc282463ad2d
        Validity
            Not Before: Jan  1 16:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a767268b8faccf0b81463ba736a8eaa96e906f2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:7d:4e:b3:3d:f8:40:5d:08:f2:ca:04:f4:dc:
                    af:9d:84:25:ed:ee:26:0e:6a:c4:e0:ce:7b:59:ee:
                    5c:a1:c1:09:36:44:b5:a6:58:a6:99:f1:19:63:20:
                    8e:ae:dc:dc:42:85:c7:a8:84:b0:f5:76:7b:af:26:
                    a6:aa:4f:ce:9a:77:f0:b6:ef:32:c8:14:a3:31:ec:
                    15:86:b2:9b:26:bc:90:36:8a:24:4c:8a:ab:45:1b:
                    f7:e3:e5:38:03:69:7e:2f:fb:18:09:0c:f0:63:8c:
                    3d:40:30:b6:6d:36:6b:45:c5:ad:7f:30:89:ab:a7:
                    6e:fb:d0:2d:6b:75:38:53:4d:31:d2:89:48:32:32:
                    ba:f1:9e:e6:1c:7c:5b:46:0b:2b:b5:ce:35:73:ed:
                    f1:7b:13:8f:89:f6:7a:ef:6f:18:78:c8:55:89:b4:
                    c3:f8:af:17:aa:a0:88:5e:4e:1b:55:ae:10:a8:72:
                    2a:59:01:0e:b4:06:8a:66:a2:fe:c0:ff:c5:0d:58:
                    5c:e1:e2:ae:0e:3e:ee:0b:3b:a5:ae:b7:17:fb:e8:
                    14:8c:2e:34:72:56:61:88:7a:f4:52:79:0e:b6:b8:
                    a6:98:5f:9a:b7:56:f2:ee:80:63:a2:a7:f8:3c:3d:
                    dc:c3:46:2e:29:c6:1f:ef:f0:40:f8:90:c7:d4:0c:
                    f7:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:67:26:8B:8F:AC:CF:0B:81:46:3B:A7:36:A8:EA:A9:6E:90:6F:2C
            X509v3 Authority Key Identifier:
                keyid:97:EA:C7:53:37:9F:D2:2F:F6:51:50:33:F5:13:DC:28:24:63:AD:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l-rHUzef0i_2UVAz9RPcKCRjrS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/4b08af-67db-42da-a094-ef590c1c8e12/1/p2cmi4-szwuBRjunNqjqqW6Qbyw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/4b08af-67db-42da-a094-ef590c1c8e12/1/l-rHUzef0i_2UVAz9RPcKCRjrS0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.201.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:a7:e0:91:e0:92:da:70:32:47:73:81:c5:63:0e:34:4d:54:
         a7:11:13:75:5f:b9:85:72:b1:f6:8d:65:92:0b:8a:01:57:c9:
         4d:e9:1b:f7:f4:22:71:06:d5:65:1e:ee:82:32:e6:23:b7:c1:
         b4:d5:98:4c:9b:5c:25:5d:e7:ba:80:20:83:12:43:e6:3a:11:
         05:60:44:93:a8:d5:1d:d5:71:67:57:a7:d2:64:34:f2:c4:71:
         39:d0:fe:5d:fd:e9:ec:87:dd:63:f0:a6:c7:98:d5:41:cf:c8:
         0c:0e:31:61:38:77:f7:f8:aa:1d:80:49:13:04:28:d0:6a:44:
         27:95:30:ee:56:e8:63:48:0a:3e:56:d3:0e:63:fd:72:78:f8:
         dc:9e:48:f8:bd:ad:15:ac:53:d8:fd:ec:b4:74:f4:00:c7:05:
         59:95:af:a2:40:bb:fd:d7:d7:ba:31:e7:ba:4e:28:f5:8e:86:
         6c:37:f3:7f:ca:0b:a6:d5:72:89:6b:76:c4:c1:30:5c:ac:77:
         7a:83:70:b9:52:f5:d7:c4:41:bc:48:2d:b3:bb:d5:65:95:12:
         e8:78:8f:a7:db:0b:07:86:e7:10:d5:e5:76:df:c3:bc:d8:24:
         66:25:e6:53:a6:2b:ff:21:3a:54:28:2e:98:bd:32:fe:02:1a:
         d3:1c:56:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3J12miQPZqavE/m7U6zDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3ZWFjNzUzMzc5ZmQyMmZmNjUxNTAzM2Y1MTNkYzI4MjQ2
M2FkMmQwHhcNMjQwMTAxMTYzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzY3MjY4YjhmYWNjZjBiODE0NjNiYTczNmE4ZWFhOTZlOTA2ZjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5X1Osz34QF0I8soE9NyvnYQl7e4m
DmrE4M57We5cocEJNkS1plimmfEZYyCOrtzcQoXHqISw9XZ7ryamqk/Omnfwtu8y
yBSjMewVhrKbJryQNookTIqrRRv34+U4A2l+L/sYCQzwY4w9QDC2bTZrRcWtfzCJ
q6du+9Ata3U4U00x0olIMjK68Z7mHHxbRgsrtc41c+3xexOPifZ6728YeMhVibTD
+K8XqqCIXk4bVa4QqHIqWQEOtAaKZqL+wP/FDVhc4eKuDj7uCzulrrcX++gUjC40
clZhiHr0UnkOtrimmF+at1by7oBjoqf4PD3cw0YuKcYf7/BA+JDH1Az3CwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKdnJouPrM8LgUY7pzao6qlukG8sMB8GA1UdIwQY
MBaAFJfqx1M3n9Iv9lFQM/UT3CgkY60tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbC1ySFV6ZWYwaV8yVVZBejlSUGNLQ1JqclMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC80YjA4YWYtNjdkYi00MmRhLWEwOTQt
ZWY1OTBjMWM4ZTEyLzEvcDJjbWk0LXN6d3VCUmp1bk5xanFxVzZRYnl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC80YjA4YWYtNjdkYi00MmRhLWEwOTQtZWY1OTBjMWM4ZTEy
LzEvbC1ySFV6ZWYwaV8yVVZBejlSUGNLQ1JqclMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwckgMA0G
CSqGSIb3DQEBCwUAA4IBAQAfp+CR4JLacDJHc4HFYw40TVSnERN1X7mFcrH2jWWS
C4oBV8lN6Rv39CJxBtVlHu6CMuYjt8G01ZhMm1wlXee6gCCDEkPmOhEFYESTqNUd
1XFnV6fSZDTyxHE50P5d/ensh91j8KbHmNVBz8gMDjFhOHf3+KodgEkTBCjQakQn
lTDuVuhjSAo+VtMOY/1yePjcnkj4va0VrFPY/ey0dPQAxwVZla+iQLv919e6Mee6
Tij1joZsN/N/ygum1XKJa3bEwTBcrHd6g3C5UvXXxEG8SC2zu9VllRLoeI+n2wsH
hucQ1eV238O82CRmJeZTpiv/ITpUKC6YvTL+AhrTHFbD
-----END CERTIFICATE-----