Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/582b17-f46f-41eb-8fd4-eb5093b231c1/1/nuGDvxBkrnMoMvHv-ullHwsDbWU.roa
File:                     nuGDvxBkrnMoMvHv-ullHwsDbWU.roa (raw, json)
Hash identifier:          q00VgpvufYWi6LCqRYWE5w0Py+7kOgsLZdBHuPxLzJA=
Subject key identifier:   9E:E1:83:BF:10:64:AE:73:28:32:F1:EF:FA:E9:65:1F:0B:03:6D:65
Certificate issuer:       /CN=fd261d45319e8375187436da44bf5b9adb044a7f
Certificate serial:       018CC42527AD8B9F678D0339CC3C18F29F06
Authority key identifier: FD:26:1D:45:31:9E:83:75:18:74:36:DA:44:BF:5B:9A:DB:04:4A:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_SYdRTGeg3UYdDbaRL9bmtsESn8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/582b17-f46f-41eb-8fd4-eb5093b231c1/1/nuGDvxBkrnMoMvHv-ullHwsDbWU.roa
Signing time:             Mon 01 Jan 2024 08:30:18 +0000
ROA not before:           Mon 01 Jan 2024 08:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20560
IP address blocks:        194.50.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/582b17-f46f-41eb-8fd4-eb5093b231c1/1/_SYdRTGeg3UYdDbaRL9bmtsESn8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/582b17-f46f-41eb-8fd4-eb5093b231c1/1/_SYdRTGeg3UYdDbaRL9bmtsESn8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_SYdRTGeg3UYdDbaRL9bmtsESn8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:27:ad:8b:9f:67:8d:03:39:cc:3c:18:f2:9f:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd261d45319e8375187436da44bf5b9adb044a7f
        Validity
            Not Before: Jan  1 08:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ee183bf1064ae732832f1effae9651f0b036d65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:13:14:8a:15:d5:a9:c9:e1:48:6d:ba:06:60:
                    7f:34:8f:6f:09:3f:6f:32:67:b9:51:1d:4d:51:3b:
                    75:09:1d:f3:2b:52:9a:13:b7:cd:65:ad:99:fc:94:
                    bd:c3:ff:ca:55:06:66:c8:dc:ab:ac:b4:33:0d:19:
                    34:ce:37:eb:da:5a:da:97:8e:d8:5b:2e:07:c3:aa:
                    d9:5a:39:1d:20:d0:08:29:84:fb:47:63:6d:de:d5:
                    c6:1a:64:fb:96:8a:f3:20:4d:fe:09:43:45:12:1f:
                    fe:5d:05:17:f2:1b:7b:7c:7c:4b:a6:0b:e9:7b:8e:
                    51:ed:a6:dc:16:d5:1a:cf:dd:77:04:a8:e4:f9:f7:
                    20:f5:fe:98:fb:d1:ea:12:a8:a5:1a:16:eb:c8:0e:
                    dd:84:a2:14:32:81:d1:60:93:fe:09:2b:ca:35:fc:
                    41:86:d6:28:e5:f2:b7:94:33:6e:0d:a0:81:98:f0:
                    4f:9b:bf:66:a1:06:fb:e4:76:e9:dd:aa:a7:6a:45:
                    eb:48:6d:57:6f:3a:51:7e:21:71:41:37:51:42:77:
                    d6:f0:bb:5a:c3:5c:cb:7c:b2:b4:2f:7d:bb:46:e2:
                    de:76:57:56:a6:96:a6:d6:df:f7:77:c8:06:2a:21:
                    25:b4:ec:eb:80:ba:9c:69:9f:a6:e8:e6:00:f7:d9:
                    c0:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:E1:83:BF:10:64:AE:73:28:32:F1:EF:FA:E9:65:1F:0B:03:6D:65
            X509v3 Authority Key Identifier:
                keyid:FD:26:1D:45:31:9E:83:75:18:74:36:DA:44:BF:5B:9A:DB:04:4A:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_SYdRTGeg3UYdDbaRL9bmtsESn8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/582b17-f46f-41eb-8fd4-eb5093b231c1/1/nuGDvxBkrnMoMvHv-ullHwsDbWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/582b17-f46f-41eb-8fd4-eb5093b231c1/1/_SYdRTGeg3UYdDbaRL9bmtsESn8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:0f:e8:e2:bf:de:b3:1f:92:a6:51:d0:e8:27:e1:d8:4d:a4:
         89:0f:30:e7:da:bd:d0:fe:8a:ed:e4:db:74:9b:1e:77:e3:ff:
         cf:29:08:14:0d:0a:8d:cb:70:e1:79:f8:ca:dd:b9:bd:bd:5d:
         6e:5f:3b:40:91:e9:20:51:34:f7:02:a8:87:0f:82:c6:0d:f0:
         f8:44:67:ef:60:49:18:4d:cd:c7:20:7d:b4:5f:0b:70:df:70:
         9a:24:14:df:30:04:b9:0d:8a:0f:24:8a:8a:34:c6:03:73:18:
         ce:66:d4:84:3f:2c:5f:b7:89:b9:ef:87:70:89:3a:85:92:cb:
         f7:c4:12:b3:ee:f5:36:cb:84:62:09:33:5c:75:f6:21:c5:32:
         34:1b:3e:37:3a:59:a7:c5:92:ac:f6:92:fc:99:d3:d8:9a:5c:
         1b:f8:2b:51:52:37:24:2c:bf:4a:ae:69:49:16:1f:6d:e5:74:
         ea:cd:1d:5b:ce:86:f7:bd:6d:d5:a6:93:77:75:42:76:40:dd:
         09:40:5f:db:2b:cf:9a:4b:31:b2:0a:4f:ee:1e:0c:f8:31:f2:
         00:67:7b:93:52:ef:b2:c4:38:03:7a:7f:f5:3e:67:fd:95:fd:
         30:de:e1:3b:54:cb:8a:cc:99:57:42:7d:e8:4f:00:34:b1:ff:
         b7:2c:fe:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJSeti59njQM5zDwY8p8GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkMjYxZDQ1MzE5ZTgzNzUxODc0MzZkYTQ0YmY1YjlhZGIw
NDRhN2YwHhcNMjQwMTAxMDgzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWUxODNiZjEwNjRhZTczMjgzMmYxZWZmYWU5NjUxZjBiMDM2ZDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8RMUihXVqcnhSG26BmB/NI9vCT9v
Mme5UR1NUTt1CR3zK1KaE7fNZa2Z/JS9w//KVQZmyNyrrLQzDRk0zjfr2lral47Y
Wy4Hw6rZWjkdINAIKYT7R2Nt3tXGGmT7lorzIE3+CUNFEh/+XQUX8ht7fHxLpgvp
e45R7abcFtUaz913BKjk+fcg9f6Y+9HqEqilGhbryA7dhKIUMoHRYJP+CSvKNfxB
htYo5fK3lDNuDaCBmPBPm79moQb75Hbp3aqnakXrSG1XbzpRfiFxQTdRQnfW8Lta
w1zLfLK0L327RuLedldWppam1t/3d8gGKiEltOzrgLqcaZ+m6OYA99nANQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ7hg78QZK5zKDLx7/rpZR8LA21lMB8GA1UdIwQY
MBaAFP0mHUUxnoN1GHQ22kS/W5rbBEp/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1NZZFJUR2VnM1VZZERiYVJMOWJtdHNFU244LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS81ODJiMTctZjQ2Zi00MWViLThmZDQt
ZWI1MDkzYjIzMWMxLzEvbnVHRHZ4Qmtybk1vTXZIdi11bGxId3NEYldVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS81ODJiMTctZjQ2Zi00MWViLThmZDQtZWI1MDkzYjIzMWMx
LzEvX1NZZFJUR2VnM1VZZERiYVJMOWJtdHNFU244LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjIiMA0G
CSqGSIb3DQEBCwUAA4IBAQB0D+jiv96zH5KmUdDoJ+HYTaSJDzDn2r3Q/ort5Nt0
mx534//PKQgUDQqNy3DhefjK3bm9vV1uXztAkekgUTT3AqiHD4LGDfD4RGfvYEkY
Tc3HIH20Xwtw33CaJBTfMAS5DYoPJIqKNMYDcxjOZtSEPyxft4m574dwiTqFksv3
xBKz7vU2y4RiCTNcdfYhxTI0Gz43OlmnxZKs9pL8mdPYmlwb+CtRUjckLL9KrmlJ
Fh9t5XTqzR1bzob3vW3VppN3dUJ2QN0JQF/bK8+aSzGyCk/uHgz4MfIAZ3uTUu+y
xDgDen/1Pmf9lf0w3uE7VMuKzJlXQn3oTwA0sf+3LP4H
-----END CERTIFICATE-----