Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/NUxLM5UMnMrHfQDXkf-daMPgGNU.roa
File:                     NUxLM5UMnMrHfQDXkf-daMPgGNU.roa (raw, json)
Hash identifier:          uqWG0dLnS2Y2z9n0D7h3PW7HM+aTp5cnjB6dbmKYWzs=
Subject key identifier:   35:4C:4B:33:95:0C:9C:CA:C7:7D:00:D7:91:FF:9D:68:C3:E0:18:D5
Certificate issuer:       /CN=0dd441c3ffae829842249e944b03851081f4d9e0
Certificate serial:       018CC5DCA9090E14AB4A40B1292544AE8553
Authority key identifier: 0D:D4:41:C3:FF:AE:82:98:42:24:9E:94:4B:03:85:10:81:F4:D9:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DdRBw_-ugphCJJ6USwOFEIH02eA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/NUxLM5UMnMrHfQDXkf-daMPgGNU.roa
Signing time:             Mon 01 Jan 2024 16:30:21 +0000
ROA not before:           Mon 01 Jan 2024 16:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        185.1.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/DdRBw_-ugphCJJ6USwOFEIH02eA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/DdRBw_-ugphCJJ6USwOFEIH02eA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DdRBw_-ugphCJJ6USwOFEIH02eA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Apr 2024 04:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:a9:09:0e:14:ab:4a:40:b1:29:25:44:ae:85:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0dd441c3ffae829842249e944b03851081f4d9e0
        Validity
            Not Before: Jan  1 16:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=354c4b33950c9ccac77d00d791ff9d68c3e018d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:e1:f5:32:ad:5f:13:96:5d:e3:92:64:f9:bd:
                    3c:4d:10:de:7f:66:00:90:f7:d1:50:53:80:24:b4:
                    f4:a5:4f:4b:6d:7b:27:38:3a:67:6c:b2:ba:39:48:
                    62:96:65:35:31:4a:7d:ce:2d:41:79:57:b0:89:fc:
                    9c:9e:56:78:88:85:93:f5:45:db:8d:de:48:6b:b5:
                    5b:97:aa:8b:d5:bd:f0:79:31:87:d2:4a:d7:9d:2d:
                    47:35:5d:49:ec:d8:b4:f2:5d:2e:d2:e9:97:3d:46:
                    ed:44:ed:bc:62:31:1e:de:3d:1e:d3:c6:5a:80:1d:
                    c9:73:f3:2e:76:fa:34:88:cb:a3:6b:00:db:ba:06:
                    2e:c1:88:45:0d:70:14:76:d8:86:bc:bd:61:73:d8:
                    7a:43:ca:60:ee:90:27:ba:51:3b:f8:fe:75:9c:03:
                    ea:70:60:eb:68:e3:0d:ad:23:ed:66:15:b5:d7:0d:
                    f4:ca:66:2b:eb:b6:68:08:8b:c3:98:bc:7b:77:16:
                    5a:b8:f3:d1:5b:a3:7d:95:be:46:a1:ec:dc:b9:bd:
                    46:32:a0:93:48:17:04:f5:a5:8d:7d:24:76:b2:54:
                    49:50:57:f8:29:a2:e2:69:af:1f:b4:42:9d:8c:59:
                    d0:05:a5:76:5d:b0:4d:14:6a:d7:b5:7c:96:c3:df:
                    dd:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:4C:4B:33:95:0C:9C:CA:C7:7D:00:D7:91:FF:9D:68:C3:E0:18:D5
            X509v3 Authority Key Identifier:
                keyid:0D:D4:41:C3:FF:AE:82:98:42:24:9E:94:4B:03:85:10:81:F4:D9:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DdRBw_-ugphCJJ6USwOFEIH02eA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/NUxLM5UMnMrHfQDXkf-daMPgGNU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/DdRBw_-ugphCJJ6USwOFEIH02eA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:1e:0d:6e:ac:91:dd:99:db:31:ff:9c:c5:e1:12:17:2c:b2:
         46:2e:bc:15:bd:49:1e:3f:00:bb:5b:87:91:62:16:09:cf:2d:
         36:6b:a3:21:35:f4:40:14:43:12:dc:f6:e7:94:47:0b:8b:ac:
         cb:bb:fd:92:00:2c:f5:fd:ae:ef:74:17:2c:f8:96:34:b6:4a:
         33:45:0e:44:38:2f:92:d4:dd:db:25:69:95:75:14:8d:40:e4:
         69:a5:8c:5d:2f:df:89:a8:38:71:ed:4e:90:42:86:67:fa:78:
         94:1c:c9:34:22:57:ae:cb:83:13:bc:32:0d:b2:a9:77:b0:e3:
         32:81:36:cf:14:12:de:85:31:60:ac:2b:d4:32:b7:67:6e:65:
         46:f7:39:c4:1a:f2:58:e3:c5:4e:d3:7d:2b:d2:9b:5d:95:9e:
         49:0d:88:b3:61:1c:3d:2f:c9:41:a5:d0:22:4b:70:e2:f7:83:
         a3:97:34:fc:ff:83:be:f8:1d:2a:42:73:e9:a8:88:39:52:7b:
         4d:23:83:1e:93:33:f2:03:f1:46:a5:93:9f:33:67:49:ed:1f:
         a8:37:13:c6:61:ba:34:75:92:e3:6c:58:00:87:d2:58:1c:87:
         e2:4c:e8:dc:ac:4b:e4:ab:cc:2d:2d:cd:b9:c6:47:f4:41:14:
         ef:16:52:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3KkJDhSrSkCxKSVEroVTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkZDQ0MWMzZmZhZTgyOTg0MjI0OWU5NDRiMDM4NTEwODFm
NGQ5ZTAwHhcNMjQwMTAxMTYzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTRjNGIzMzk1MGM5Y2NhYzc3ZDAwZDc5MWZmOWQ2OGMzZTAxOGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlOH1Mq1fE5Zd45Jk+b08TRDef2YA
kPfRUFOAJLT0pU9LbXsnODpnbLK6OUhilmU1MUp9zi1BeVewifycnlZ4iIWT9UXb
jd5Ia7Vbl6qL1b3weTGH0krXnS1HNV1J7Ni08l0u0umXPUbtRO28YjEe3j0e08Za
gB3Jc/Mudvo0iMujawDbugYuwYhFDXAUdtiGvL1hc9h6Q8pg7pAnulE7+P51nAPq
cGDraOMNrSPtZhW11w30ymYr67ZoCIvDmLx7dxZauPPRW6N9lb5Goezcub1GMqCT
SBcE9aWNfSR2slRJUFf4KaLiaa8ftEKdjFnQBaV2XbBNFGrXtXyWw9/dYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDVMSzOVDJzKx30A15H/nWjD4BjVMB8GA1UdIwQY
MBaAFA3UQcP/roKYQiSelEsDhRCB9NngMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGRSQndfLXVncGhDSko2VVN3T0ZFSUgwMmVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hN2VmNGQtZGM0NC00ZmFmLTk1MTMt
ZTljOTEzMjgzNmZmLzEvTlV4TE01VU1uTXJIZlFEWGtmLWRhTVBnR05VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hN2VmNGQtZGM0NC00ZmFmLTk1MTMtZTljOTEzMjgzNmZm
LzEvRGRSQndfLXVncGhDSko2VVN3T0ZFSUgwMmVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQEgMA0G
CSqGSIb3DQEBCwUAA4IBAQB9Hg1urJHdmdsx/5zF4RIXLLJGLrwVvUkePwC7W4eR
YhYJzy02a6MhNfRAFEMS3PbnlEcLi6zLu/2SACz1/a7vdBcs+JY0tkozRQ5EOC+S
1N3bJWmVdRSNQORppYxdL9+JqDhx7U6QQoZn+niUHMk0Ileuy4MTvDINsql3sOMy
gTbPFBLehTFgrCvUMrdnbmVG9znEGvJY48VO030r0ptdlZ5JDYizYRw9L8lBpdAi
S3Di94OjlzT8/4O++B0qQnPpqIg5UntNI4MekzPyA/FGpZOfM2dJ7R+oNxPGYbo0
dZLjbFgAh9JYHIfiTOjcrEvkq8wtLc25xkf0QRTvFlKQ
-----END CERTIFICATE-----