Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/Mq1kVRdCgqeSxKzKnCDdHQU1FW0.roa
File:                     Mq1kVRdCgqeSxKzKnCDdHQU1FW0.roa (raw, json)
Hash identifier:          APYl5k3NS/+96Z60M9SmSU4weSXVpb1ZJIHzgfVxEeU=
Subject key identifier:   32:AD:64:55:17:42:82:A7:92:C4:AC:CA:9C:20:DD:1D:05:35:15:6D
Certificate issuer:       /CN=bba35cf8ab6f3eaa2aebadd9e2373dec0893625e
Certificate serial:       018CC64ADDFF95BFA5F5E5931FDF02519795
Authority key identifier: BB:A3:5C:F8:AB:6F:3E:AA:2A:EB:AD:D9:E2:37:3D:EC:08:93:62:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u6Nc-KtvPqoq663Z4jc97AiTYl4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/Mq1kVRdCgqeSxKzKnCDdHQU1FW0.roa
Signing time:             Mon 01 Jan 2024 18:30:44 +0000
ROA not before:           Mon 01 Jan 2024 18:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398849
IP address blocks:        157.23.224.0/20 maxlen: 24
                          2a0e:bbc0:8000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/u6Nc-KtvPqoq663Z4jc97AiTYl4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/u6Nc-KtvPqoq663Z4jc97AiTYl4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u6Nc-KtvPqoq663Z4jc97AiTYl4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:dd:ff:95:bf:a5:f5:e5:93:1f:df:02:51:97:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bba35cf8ab6f3eaa2aebadd9e2373dec0893625e
        Validity
            Not Before: Jan  1 18:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=32ad6455174282a792c4acca9c20dd1d0535156d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:3a:75:50:c3:da:4d:b3:de:df:5f:dd:39:cd:
                    90:fa:ef:87:48:9b:00:64:ed:28:59:73:fe:80:c0:
                    f3:62:be:df:23:c8:eb:2c:47:59:f7:30:e6:2f:ab:
                    8d:cd:61:23:f1:47:19:94:3b:e1:c4:4f:ca:36:54:
                    c5:89:ab:d6:1e:70:84:c2:18:e1:57:d5:77:6b:08:
                    d7:cf:7b:db:54:41:1e:e7:0b:2b:ba:b1:1e:99:56:
                    70:0a:16:f5:d6:a0:ef:39:7f:43:4d:ee:24:c1:3b:
                    b2:ee:02:88:37:d0:ca:84:a5:88:1c:7f:01:c7:3c:
                    cd:4d:cc:82:a5:d6:c8:54:86:30:f5:cb:4b:c0:41:
                    fe:ee:f0:7c:89:a7:06:ba:4d:16:5e:50:7d:81:4b:
                    c8:71:a0:85:db:fd:a1:f4:92:cf:c0:f6:92:02:90:
                    31:7d:e5:9b:12:06:7e:6f:da:07:de:8d:00:57:46:
                    f1:50:41:64:20:82:c7:b5:bf:e2:8d:97:41:f1:66:
                    24:df:b5:23:67:2b:a2:35:a0:27:f6:d7:f7:31:66:
                    07:3a:36:07:d3:18:41:73:3e:48:4a:7d:3d:c9:7d:
                    e3:dc:ff:1b:89:b4:d7:99:ad:44:88:0e:2d:ff:a4:
                    75:3d:bd:e7:08:94:e9:99:18:f0:24:bd:0f:a5:4e:
                    a2:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:AD:64:55:17:42:82:A7:92:C4:AC:CA:9C:20:DD:1D:05:35:15:6D
            X509v3 Authority Key Identifier:
                keyid:BB:A3:5C:F8:AB:6F:3E:AA:2A:EB:AD:D9:E2:37:3D:EC:08:93:62:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u6Nc-KtvPqoq663Z4jc97AiTYl4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/Mq1kVRdCgqeSxKzKnCDdHQU1FW0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/u6Nc-KtvPqoq663Z4jc97AiTYl4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.23.224.0/20
                IPv6:
                  2a0e:bbc0:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         5d:f0:94:2d:40:a6:f9:a8:7c:7e:27:89:47:65:d4:e5:e6:2a:
         c7:2b:92:1a:fd:54:1a:e8:0f:e1:07:cc:ce:eb:50:9d:0c:28:
         00:0b:67:0f:0f:07:08:f9:33:29:66:dd:88:58:ec:cd:b3:0c:
         62:34:7d:73:a1:4a:7c:60:d7:08:be:15:9c:da:4a:f2:42:d3:
         19:05:3d:08:59:86:a5:1e:06:68:23:b7:6b:c2:3e:0d:1b:20:
         2a:05:5f:d2:26:4a:51:8a:10:ce:25:87:21:bf:af:d4:34:04:
         46:23:ce:f3:d8:7a:38:2d:9c:ec:ec:76:ce:38:04:dc:29:2b:
         56:b1:55:72:cf:d1:90:47:73:5a:7a:22:ae:93:e6:bd:35:7e:
         2a:d3:92:cb:de:b2:19:5c:53:d5:99:c9:dc:10:52:d5:cb:d6:
         b8:cd:09:8a:5e:a0:5b:8c:f5:a6:cc:de:55:85:f4:20:4a:82:
         6a:01:f8:86:03:65:91:bd:7b:e1:41:80:f5:e6:e2:84:45:b6:
         df:65:0b:e4:39:38:97:8d:17:12:71:6c:8d:3a:3c:cf:8c:6e:
         c3:94:c2:16:c9:f2:1c:4f:23:8e:72:c2:d5:52:af:4e:5b:8d:
         e6:d3:dd:5a:58:ac:4c:c6:9f:34:6a:f7:3e:98:e0:b6:73:b7:
         57:4b:5b:03
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzGSt3/lb+l9eWTH98CUZeVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiYTM1Y2Y4YWI2ZjNlYWEyYWViYWRkOWUyMzczZGVjMDg5
MzYyNWUwHhcNMjQwMTAxMTgzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmFkNjQ1NTE3NDI4MmE3OTJjNGFjY2E5YzIwZGQxZDA1MzUxNTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTp1UMPaTbPe31/dOc2Q+u+HSJsA
ZO0oWXP+gMDzYr7fI8jrLEdZ9zDmL6uNzWEj8UcZlDvhxE/KNlTFiavWHnCEwhjh
V9V3awjXz3vbVEEe5wsrurEemVZwChb11qDvOX9DTe4kwTuy7gKIN9DKhKWIHH8B
xzzNTcyCpdbIVIYw9ctLwEH+7vB8iacGuk0WXlB9gUvIcaCF2/2h9JLPwPaSApAx
feWbEgZ+b9oH3o0AV0bxUEFkIILHtb/ijZdB8WYk37UjZyuiNaAn9tf3MWYHOjYH
0xhBcz5ISn09yX3j3P8bibTXma1EiA4t/6R1Pb3nCJTpmRjwJL0PpU6ikwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFDKtZFUXQoKnksSsypwg3R0FNRVtMB8GA1UdIwQY
MBaAFLujXPirbz6qKuut2eI3PewIk2JeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTZOYy1LdHZQcW9xNjYzWjRqYzk3QWlUWWw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9hMGUwMWEtOWJiYy00NGVlLTk4YTMt
NTk3YjZlMjQ5MmFiLzEvTXExa1ZSZENncWVTeEt6S25DRGRIUVUxRlcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9hMGUwMWEtOWJiYy00NGVlLTk4YTMtNTk3YjZlMjQ5MmFi
LzEvdTZOYy1LdHZQcW9xNjYzWjRqYzk3QWlUWWw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQEnRfgMA4E
AgACMAgDBgAqDrvAgDANBgkqhkiG9w0BAQsFAAOCAQEAXfCULUCm+ah8fieJR2XU
5eYqxyuSGv1UGugP4QfMzutQnQwoAAtnDw8HCPkzKWbdiFjszbMMYjR9c6FKfGDX
CL4VnNpK8kLTGQU9CFmGpR4GaCO3a8I+DRsgKgVf0iZKUYoQziWHIb+v1DQERiPO
89h6OC2c7Ox2zjgE3CkrVrFVcs/RkEdzWnoirpPmvTV+KtOSy96yGVxT1ZnJ3BBS
1cvWuM0Jil6gW4z1pszeVYX0IEqCagH4hgNlkb174UGA9ebihEW232UL5Dk4l40X
EnFsjTo8z4xuw5TCFsnyHE8jjnLC1VKvTluN5tPdWlisTMafNGr3PpjgtnO3V0tb
Aw==
-----END CERTIFICATE-----