Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/6IUP6wTLgozvLhvF6NFeRVhOW80.roa
File:                     6IUP6wTLgozvLhvF6NFeRVhOW80.roa (raw, json)
Hash identifier:          MYL/Gq12XUwYuaiBgx2Zo1PKLiefyVszWcc47H/NHIs=
Subject key identifier:   E8:85:0F:EB:04:CB:82:8C:EF:2E:1B:C5:E8:D1:5E:45:58:4E:5B:CD
Certificate issuer:       /CN=0dd441c3ffae829842249e944b03851081f4d9e0
Certificate serial:       019017DBBA2B729BF1E04E621D3DEFF7FB4F
Authority key identifier: 0D:D4:41:C3:FF:AE:82:98:42:24:9E:94:4B:03:85:10:81:F4:D9:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DdRBw_-ugphCJJ6USwOFEIH02eA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/6IUP6wTLgozvLhvF6NFeRVhOW80.roa
Signing time:             Fri 14 Jun 2024 17:46:34 +0000
ROA not before:           Fri 14 Jun 2024 17:46:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        185.1.32.0/24 maxlen: 24
                          2001:7f8:8f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/DdRBw_-ugphCJJ6USwOFEIH02eA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/DdRBw_-ugphCJJ6USwOFEIH02eA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DdRBw_-ugphCJJ6USwOFEIH02eA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:17:db:ba:2b:72:9b:f1:e0:4e:62:1d:3d:ef:f7:fb:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0dd441c3ffae829842249e944b03851081f4d9e0
        Validity
            Not Before: Jun 14 17:46:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8850feb04cb828cef2e1bc5e8d15e45584e5bcd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:b0:cf:7d:8c:fe:e7:23:5e:79:0e:cb:04:e8:
                    b3:87:c6:b0:54:d7:1e:a9:2f:22:56:cc:fc:e0:8b:
                    87:83:c8:3d:14:4d:7b:f3:1b:35:8f:3a:fa:45:90:
                    0d:0b:39:ce:4e:09:f9:f9:b8:65:72:2b:44:db:fd:
                    5d:e9:9f:7f:76:69:4b:3b:4f:88:f4:fd:f7:eb:67:
                    3a:cb:f8:be:5f:1e:ef:bc:9d:83:d4:95:ee:23:84:
                    7b:42:b2:b9:e5:91:c6:eb:5d:d9:f1:25:92:7c:34:
                    41:80:0a:b6:4d:59:0b:f6:28:09:40:9e:a6:b3:d6:
                    66:8c:f7:a0:cd:45:97:1c:95:f5:c2:10:fa:f1:3d:
                    14:4e:2b:5f:bd:16:a7:9b:b5:df:e5:71:b4:08:b9:
                    29:e8:9c:5d:4a:31:35:e5:81:69:ef:42:a1:23:5e:
                    6a:7e:32:c8:39:8c:96:d8:8c:00:30:73:5d:7b:7a:
                    75:cf:eb:b3:8e:d0:2b:2b:c7:3d:e0:88:aa:68:84:
                    9c:3e:28:96:04:0f:2b:58:59:63:41:bc:01:a4:d1:
                    65:f1:92:de:a4:d0:de:5c:03:3a:fd:a4:e2:ed:dd:
                    04:d1:7c:8e:a5:01:73:ff:f8:13:75:d2:85:91:6f:
                    ef:39:b2:58:d3:52:44:8b:f7:93:74:08:05:35:8a:
                    4e:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:85:0F:EB:04:CB:82:8C:EF:2E:1B:C5:E8:D1:5E:45:58:4E:5B:CD
            X509v3 Authority Key Identifier:
                keyid:0D:D4:41:C3:FF:AE:82:98:42:24:9E:94:4B:03:85:10:81:F4:D9:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DdRBw_-ugphCJJ6USwOFEIH02eA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/6IUP6wTLgozvLhvF6NFeRVhOW80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/DdRBw_-ugphCJJ6USwOFEIH02eA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.32.0/24
                IPv6:
                  2001:7f8:8f::/48

    Signature Algorithm: sha256WithRSAEncryption
         0b:bc:43:9d:cf:93:ff:c8:71:fb:4a:58:e8:75:1c:c8:06:84:
         8d:54:92:f2:87:73:28:57:e8:6b:84:d3:ee:ef:70:2a:45:0a:
         04:27:55:06:58:3b:fc:6a:ad:3d:f8:dd:3f:02:6d:2c:ce:bc:
         5b:75:9c:03:5c:6d:6f:f6:c9:70:5a:ac:c5:b0:5d:15:8c:7c:
         a7:9f:0c:8b:bc:0c:e6:ea:fd:17:cd:37:fa:b4:37:04:cf:10:
         e2:17:e9:97:d9:16:5b:6c:55:c5:9c:45:7f:40:33:62:cf:d6:
         39:7e:78:ed:9f:20:09:bc:84:b8:15:98:8c:1e:ee:bd:d2:60:
         a1:41:31:bf:0e:8f:73:05:41:e6:94:b8:8b:13:10:c2:ba:30:
         48:db:dc:a9:30:b2:12:c1:8f:ad:af:0d:aa:87:bb:72:bf:65:
         d8:c4:e8:fd:39:e1:a7:ed:f1:d3:38:ad:5c:24:6d:e9:49:3b:
         c0:fc:49:3d:9e:d7:8b:e8:74:fa:f4:ad:71:06:e5:c7:c8:d9:
         7b:1b:8b:22:83:8d:3a:ef:6b:fd:9d:10:9d:13:78:eb:93:20:
         c3:fd:85:86:db:a0:27:b4:c8:fe:eb:b2:30:50:41:d3:cf:54:
         15:ab:6c:64:93:b7:f2:db:88:8e:f7:28:05:15:4e:1e:e7:aa:
         91:fa:f6:80
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZAX27orcpvx4E5iHT3v9/tPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkZDQ0MWMzZmZhZTgyOTg0MjI0OWU5NDRiMDM4NTEwODFm
NGQ5ZTAwHhcNMjQwNjE0MTc0NjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODg1MGZlYjA0Y2I4MjhjZWYyZTFiYzVlOGQxNWU0NTU4NGU1YmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkrDPfYz+5yNeeQ7LBOizh8awVNce
qS8iVsz84IuHg8g9FE178xs1jzr6RZANCznOTgn5+bhlcitE2/1d6Z9/dmlLO0+I
9P3362c6y/i+Xx7vvJ2D1JXuI4R7QrK55ZHG613Z8SWSfDRBgAq2TVkL9igJQJ6m
s9ZmjPegzUWXHJX1whD68T0UTitfvRanm7Xf5XG0CLkp6JxdSjE15YFp70KhI15q
fjLIOYyW2IwAMHNde3p1z+uzjtArK8c94IiqaIScPiiWBA8rWFljQbwBpNFl8ZLe
pNDeXAM6/aTi7d0E0XyOpQFz//gTddKFkW/vObJY01JEi/eTdAgFNYpOmwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOiFD+sEy4KM7y4bxejRXkVYTlvNMB8GA1UdIwQY
MBaAFA3UQcP/roKYQiSelEsDhRCB9NngMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGRSQndfLXVncGhDSko2VVN3T0ZFSUgwMmVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hN2VmNGQtZGM0NC00ZmFmLTk1MTMt
ZTljOTEzMjgzNmZmLzEvNklVUDZ3VExnb3p2TGh2RjZORmVSVmhPVzgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hN2VmNGQtZGM0NC00ZmFmLTk1MTMtZTljOTEzMjgzNmZm
LzEvRGRSQndfLXVncGhDSko2VVN3T0ZFSUgwMmVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuQEgMA8E
AgACMAkDBwAgAQf4AI8wDQYJKoZIhvcNAQELBQADggEBAAu8Q53Pk//IcftKWOh1
HMgGhI1UkvKHcyhX6GuE0+7vcCpFCgQnVQZYO/xqrT343T8CbSzOvFt1nANcbW/2
yXBarMWwXRWMfKefDIu8DObq/RfNN/q0NwTPEOIX6ZfZFltsVcWcRX9AM2LP1jl+
eO2fIAm8hLgVmIwe7r3SYKFBMb8Oj3MFQeaUuIsTEMK6MEjb3KkwshLBj62vDaqH
u3K/ZdjE6P054aft8dM4rVwkbelJO8D8ST2e14vodPr0rXEG5cfI2XsbiyKDjTrv
a/2dEJ0TeOuTIMP9hYbboCe0yP7rsjBQQdPPVBWrbGSTt/LbiI73KAUVTh7nqpH6
9oA=
-----END CERTIFICATE-----