Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/1e8d4d-53bf-4acb-bc0c-52cad6675fc6/1/DUlbXpxE38_-Ti9B3g99klz3UfQ.roa
File:                     DUlbXpxE38_-Ti9B3g99klz3UfQ.roa (raw, json)
Hash identifier:          As6eM5wVEsjfp11ll6J7UQmDdWjtdjzuHtsTInWHMio=
Subject key identifier:   0D:49:5B:5E:9C:44:DF:CF:FE:4E:2F:41:DE:0F:7D:92:5C:F7:51:F4
Certificate issuer:       /CN=9d9a0c84b30720f4d4ce4bdba01dd0544d028ecd
Certificate serial:       018CC3B6F975012B85AAEF148318D00C8CE3
Authority key identifier: 9D:9A:0C:84:B3:07:20:F4:D4:CE:4B:DB:A0:1D:D0:54:4D:02:8E:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nZoMhLMHIPTUzkvboB3QVE0Cjs0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/1e8d4d-53bf-4acb-bc0c-52cad6675fc6/1/DUlbXpxE38_-Ti9B3g99klz3UfQ.roa
Signing time:             Mon 01 Jan 2024 06:29:57 +0000
ROA not before:           Mon 01 Jan 2024 06:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205676
IP address blocks:        185.207.32.0/24 maxlen: 24
                          2a0b:1d40::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/1e8d4d-53bf-4acb-bc0c-52cad6675fc6/1/nZoMhLMHIPTUzkvboB3QVE0Cjs0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/1e8d4d-53bf-4acb-bc0c-52cad6675fc6/1/nZoMhLMHIPTUzkvboB3QVE0Cjs0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nZoMhLMHIPTUzkvboB3QVE0Cjs0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:f9:75:01:2b:85:aa:ef:14:83:18:d0:0c:8c:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d9a0c84b30720f4d4ce4bdba01dd0544d028ecd
        Validity
            Not Before: Jan  1 06:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d495b5e9c44dfcffe4e2f41de0f7d925cf751f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:39:1e:05:da:b3:59:bf:de:6e:04:9a:69:a6:
                    40:80:44:0c:39:9b:85:ff:22:b9:e8:7f:6d:65:90:
                    e6:5e:a3:fa:d6:64:38:9a:f7:9e:5f:86:22:68:f2:
                    ec:f3:8c:63:34:b0:ce:d7:79:92:a9:d1:a5:50:b6:
                    2d:6a:52:f2:95:55:fa:61:48:00:78:63:b3:c3:e6:
                    80:67:98:ff:29:4b:6c:eb:8a:05:34:18:08:95:79:
                    02:c9:c7:55:1d:b1:56:4a:e7:cf:2b:19:cd:2a:94:
                    76:7d:06:51:d7:38:eb:8f:59:6b:86:c2:ef:bb:f5:
                    ae:44:fe:c7:64:ae:6b:9c:6a:9e:06:6b:4c:7a:6e:
                    59:35:f3:e2:f5:43:5d:25:a9:44:c7:57:14:d9:df:
                    1c:ab:b1:87:c2:06:99:bf:d4:73:87:78:97:6d:7d:
                    f5:b5:be:4b:89:00:50:6f:b2:c4:9e:c9:76:40:90:
                    7d:5f:97:f9:79:59:27:9d:07:5d:9e:2f:b8:aa:28:
                    da:da:02:19:a5:91:60:95:fc:3b:3d:aa:ce:16:36:
                    6a:68:b2:64:a1:d1:11:fa:3e:75:21:dd:60:2d:19:
                    2a:e3:70:33:e7:a4:05:2b:13:89:c3:f7:b7:e1:7b:
                    6d:f2:7c:fb:79:83:88:c0:51:de:5f:c1:c9:36:81:
                    a9:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:49:5B:5E:9C:44:DF:CF:FE:4E:2F:41:DE:0F:7D:92:5C:F7:51:F4
            X509v3 Authority Key Identifier:
                keyid:9D:9A:0C:84:B3:07:20:F4:D4:CE:4B:DB:A0:1D:D0:54:4D:02:8E:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nZoMhLMHIPTUzkvboB3QVE0Cjs0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/1e8d4d-53bf-4acb-bc0c-52cad6675fc6/1/DUlbXpxE38_-Ti9B3g99klz3UfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/1e8d4d-53bf-4acb-bc0c-52cad6675fc6/1/nZoMhLMHIPTUzkvboB3QVE0Cjs0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.207.32.0/24
                IPv6:
                  2a0b:1d40::/32

    Signature Algorithm: sha256WithRSAEncryption
         3a:6d:a5:d3:6c:26:bc:7e:a8:05:e2:a0:8d:18:b3:b0:ec:a8:
         d6:b2:6e:29:91:48:bd:94:e9:be:f9:35:fd:f5:67:01:f4:ae:
         6e:5c:c0:fe:10:a1:8e:47:74:76:85:2a:62:dd:ee:a4:90:55:
         06:ee:75:b3:2d:93:22:50:59:86:c4:73:0c:7c:69:0c:49:3d:
         9a:ec:25:32:05:65:45:dd:aa:bd:61:b1:74:79:7d:a5:3d:4c:
         de:74:e6:d0:d2:65:87:f8:ce:a9:52:5d:0b:95:45:92:6e:1a:
         9f:3c:23:24:c5:66:c9:b8:20:02:5b:7a:50:dd:06:8f:7c:66:
         c4:a3:3b:a6:ea:89:44:b7:79:ae:e5:5d:a2:89:78:27:7a:ac:
         fa:34:8d:a1:0f:e5:3a:7e:13:71:b6:c7:2b:ea:f8:2d:80:74:
         be:a2:23:aa:d5:1c:ed:62:08:93:10:e0:85:42:05:90:da:55:
         69:3f:c6:e4:14:6d:f4:27:c4:08:c8:71:e4:4e:c9:91:61:b4:
         58:52:33:7d:65:5c:65:40:22:10:fa:f2:a8:68:59:69:3f:0c:
         35:59:b8:a5:32:de:ba:05:b4:5d:42:8d:e0:b2:4e:45:a2:b9:
         70:52:50:ff:77:04:ae:6d:2c:93:63:be:26:ad:57:1d:7a:1a:
         a3:a8:74:8d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDtvl1ASuFqu8UgxjQDIzjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkOWEwYzg0YjMwNzIwZjRkNGNlNGJkYmEwMWRkMDU0NGQw
MjhlY2QwHhcNMjQwMTAxMDYyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDQ5NWI1ZTljNDRkZmNmZmU0ZTJmNDFkZTBmN2Q5MjVjZjc1MWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmzkeBdqzWb/ebgSaaaZAgEQMOZuF
/yK56H9tZZDmXqP61mQ4mveeX4YiaPLs84xjNLDO13mSqdGlULYtalLylVX6YUgA
eGOzw+aAZ5j/KUts64oFNBgIlXkCycdVHbFWSufPKxnNKpR2fQZR1zjrj1lrhsLv
u/WuRP7HZK5rnGqeBmtMem5ZNfPi9UNdJalEx1cU2d8cq7GHwgaZv9Rzh3iXbX31
tb5LiQBQb7LEnsl2QJB9X5f5eVknnQddni+4qija2gIZpZFglfw7ParOFjZqaLJk
odER+j51Id1gLRkq43Az56QFKxOJw/e34Xtt8nz7eYOIwFHeX8HJNoGpuQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFA1JW16cRN/P/k4vQd4PfZJc91H0MB8GA1UdIwQY
MBaAFJ2aDISzByD01M5L26Ad0FRNAo7NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblpvTWhMTUhJUFRVemt2Ym9CM1FWRTBDanMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8xZThkNGQtNTNiZi00YWNiLWJjMGMt
NTJjYWQ2Njc1ZmM2LzEvRFVsYlhweEUzOF8tVGk5QjNnOTlrbHozVWZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8xZThkNGQtNTNiZi00YWNiLWJjMGMtNTJjYWQ2Njc1ZmM2
LzEvblpvTWhMTUhJUFRVemt2Ym9CM1FWRTBDanMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuc8gMA0E
AgACMAcDBQAqCx1AMA0GCSqGSIb3DQEBCwUAA4IBAQA6baXTbCa8fqgF4qCNGLOw
7KjWsm4pkUi9lOm++TX99WcB9K5uXMD+EKGOR3R2hSpi3e6kkFUG7nWzLZMiUFmG
xHMMfGkMST2a7CUyBWVF3aq9YbF0eX2lPUzedObQ0mWH+M6pUl0LlUWSbhqfPCMk
xWbJuCACW3pQ3QaPfGbEozum6olEt3mu5V2iiXgneqz6NI2hD+U6fhNxtscr6vgt
gHS+oiOq1RztYgiTEOCFQgWQ2lVpP8bkFG30J8QIyHHkTsmRYbRYUjN9ZVxlQCIQ
+vKoaFlpPww1WbilMt66BbRdQo3gsk5ForlwUlD/dwSubSyTY74mrVcdehqjqHSN
-----END CERTIFICATE-----