Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/b81c0b-af1c-4ee8-b4c0-dca0fd509fb6/1/32xCTSIUl66A9Rs3eERVY2DaoJs.roa
File:                     32xCTSIUl66A9Rs3eERVY2DaoJs.roa (raw, json)
Hash identifier:          Lo0bYlboODneOCxrxxS/Ad4L8l8SlPUXYdIXyb+ZX/Q=
Subject key identifier:   DF:6C:42:4D:22:14:97:AE:80:F5:1B:37:78:44:55:63:60:DA:A0:9B
Certificate issuer:       /CN=6376c252db09be817b872a717a959edcac44266b
Certificate serial:       018CCA2A2E1EAF25901302A81045492A355C
Authority key identifier: 63:76:C2:52:DB:09:BE:81:7B:87:2A:71:7A:95:9E:DC:AC:44:26:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y3bCUtsJvoF7hypxepWe3KxEJms.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/b81c0b-af1c-4ee8-b4c0-dca0fd509fb6/1/32xCTSIUl66A9Rs3eERVY2DaoJs.roa
Signing time:             Tue 02 Jan 2024 12:33:31 +0000
ROA not before:           Tue 02 Jan 2024 12:33:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200336
IP address blocks:        194.56.195.0/24 maxlen: 24
                          194.56.194.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/b81c0b-af1c-4ee8-b4c0-dca0fd509fb6/1/Y3bCUtsJvoF7hypxepWe3KxEJms.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/b81c0b-af1c-4ee8-b4c0-dca0fd509fb6/1/Y3bCUtsJvoF7hypxepWe3KxEJms.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y3bCUtsJvoF7hypxepWe3KxEJms.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:2e:1e:af:25:90:13:02:a8:10:45:49:2a:35:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6376c252db09be817b872a717a959edcac44266b
        Validity
            Not Before: Jan  2 12:33:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df6c424d221497ae80f51b377844556360daa09b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:dc:40:09:7a:7f:d8:08:a4:19:27:a2:bb:47:
                    2c:a4:82:f1:2f:f1:9c:10:fa:37:2e:b1:09:a2:50:
                    11:c3:69:2c:b9:4b:6c:00:08:73:93:f0:b6:bc:a6:
                    52:07:d5:fb:77:5b:53:3e:7f:53:40:e0:df:bc:fe:
                    92:0f:5c:4c:f4:ad:3c:10:27:23:03:ca:78:77:6c:
                    71:56:52:27:5b:4c:72:76:b4:78:b1:03:f0:b4:3a:
                    9d:81:86:86:12:39:a0:c9:76:c6:e1:c3:ab:7c:87:
                    04:8d:58:cf:a0:2a:6b:c1:45:b1:b3:8b:80:1c:05:
                    ac:f0:f9:5e:e9:29:9f:8b:13:fe:36:83:b0:9f:da:
                    3e:bf:a1:c6:bf:5a:c9:30:a6:00:bc:a3:7c:cd:e3:
                    68:50:97:5c:0a:4b:06:83:d3:53:90:92:23:b7:4c:
                    1f:bf:c8:ee:e6:6b:fb:fa:bf:73:a9:f1:12:09:d1:
                    54:74:d5:ab:02:fa:82:fa:f7:c0:cc:2d:ea:f9:f4:
                    77:ea:fb:cc:78:6c:16:31:30:4f:2b:58:3e:10:7a:
                    b8:6f:bf:a6:62:d6:6d:04:c0:49:2c:6a:9c:fb:d8:
                    86:01:aa:bd:dd:5e:70:24:a4:22:9e:46:86:fb:30:
                    db:6a:7c:29:34:4d:41:a9:32:3e:ed:00:fc:d3:2a:
                    f5:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:6C:42:4D:22:14:97:AE:80:F5:1B:37:78:44:55:63:60:DA:A0:9B
            X509v3 Authority Key Identifier:
                keyid:63:76:C2:52:DB:09:BE:81:7B:87:2A:71:7A:95:9E:DC:AC:44:26:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y3bCUtsJvoF7hypxepWe3KxEJms.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/b81c0b-af1c-4ee8-b4c0-dca0fd509fb6/1/32xCTSIUl66A9Rs3eERVY2DaoJs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/b81c0b-af1c-4ee8-b4c0-dca0fd509fb6/1/Y3bCUtsJvoF7hypxepWe3KxEJms.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.56.194.0/23

    Signature Algorithm: sha256WithRSAEncryption
         89:53:57:01:95:63:23:35:13:59:31:1c:a9:23:70:f0:6a:55:
         c6:da:d9:7f:0b:49:4f:e6:f5:41:81:36:2a:80:9e:8e:f7:7f:
         03:1b:1e:fa:ff:e5:3c:d4:fb:06:f1:1f:2b:2b:f4:a3:87:14:
         ed:b4:6a:0f:6c:16:3b:f1:42:3f:3f:fb:92:6a:e8:d7:30:d4:
         44:71:2f:62:2a:9b:63:51:bb:b2:a6:58:89:f8:5e:c9:e6:e8:
         64:37:83:b2:d1:49:cd:cb:9c:99:fb:ab:8a:b6:cf:69:e2:10:
         e1:e1:95:a1:38:e3:48:26:65:bc:39:0b:00:38:ee:ca:ee:9e:
         ef:fa:76:4a:7d:5b:21:85:85:52:4a:6a:f5:a2:48:55:10:05:
         df:9e:8d:27:a8:94:11:b2:fe:44:7c:c9:1c:ac:57:85:a9:cc:
         6d:c5:62:6d:21:51:5b:6f:54:a2:a7:2c:07:46:9e:96:d8:c4:
         36:c0:ed:ae:aa:09:e9:e1:69:3d:7d:20:3b:4b:94:97:ec:c6:
         b2:43:9e:e7:81:1e:27:4a:7c:69:05:cf:1f:d5:16:9c:80:7e:
         90:38:f4:80:e2:8c:75:73:12:3e:01:67:1e:e1:b3:15:f9:44:
         06:e7:04:c6:aa:78:2b:40:3d:8e:fe:c5:fa:cc:87:01:f0:c9:
         eb:a7:06:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKi4eryWQEwKoEEVJKjVcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNzZjMjUyZGIwOWJlODE3Yjg3MmE3MTdhOTU5ZWRjYWM0
NDI2NmIwHhcNMjQwMTAyMTIzMzMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjZjNDI0ZDIyMTQ5N2FlODBmNTFiMzc3ODQ0NTU2MzYwZGFhMDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgdxACXp/2AikGSeiu0cspILxL/Gc
EPo3LrEJolARw2ksuUtsAAhzk/C2vKZSB9X7d1tTPn9TQODfvP6SD1xM9K08ECcj
A8p4d2xxVlInW0xydrR4sQPwtDqdgYaGEjmgyXbG4cOrfIcEjVjPoCprwUWxs4uA
HAWs8Ple6SmfixP+NoOwn9o+v6HGv1rJMKYAvKN8zeNoUJdcCksGg9NTkJIjt0wf
v8ju5mv7+r9zqfESCdFUdNWrAvqC+vfAzC3q+fR36vvMeGwWMTBPK1g+EHq4b7+m
YtZtBMBJLGqc+9iGAaq93V5wJKQinkaG+zDbanwpNE1BqTI+7QD80yr18wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN9sQk0iFJeugPUbN3hEVWNg2qCbMB8GA1UdIwQY
MBaAFGN2wlLbCb6Be4cqcXqVntysRCZrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTNiQ1V0c0p2b0Y3aHlweGVwV2UzS3hFSm1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9iODFjMGItYWYxYy00ZWU4LWI0YzAt
ZGNhMGZkNTA5ZmI2LzEvMzJ4Q1RTSVVsNjZBOVJzM2VFUlZZMkRhb0pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9iODFjMGItYWYxYy00ZWU4LWI0YzAtZGNhMGZkNTA5ZmI2
LzEvWTNiQ1V0c0p2b0Y3aHlweGVwV2UzS3hFSm1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwjjCMA0G
CSqGSIb3DQEBCwUAA4IBAQCJU1cBlWMjNRNZMRypI3DwalXG2tl/C0lP5vVBgTYq
gJ6O938DGx76/+U81PsG8R8rK/SjhxTttGoPbBY78UI/P/uSaujXMNREcS9iKptj
UbuypliJ+F7J5uhkN4Oy0UnNy5yZ+6uKts9p4hDh4ZWhOONIJmW8OQsAOO7K7p7v
+nZKfVshhYVSSmr1okhVEAXfno0nqJQRsv5EfMkcrFeFqcxtxWJtIVFbb1SipywH
Rp6W2MQ2wO2uqgnp4Wk9fSA7S5SX7MayQ57ngR4nSnxpBc8f1RacgH6QOPSA4ox1
cxI+AWce4bMV+UQG5wTGqngrQD2O/sX6zIcB8Mnrpwbz
-----END CERTIFICATE-----