Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/cdc024-ea9c-4508-b936-80b9120738ca/1/NlmDLH5wWMGr_vzUkJAwntWEnjQ.roa
File:                     NlmDLH5wWMGr_vzUkJAwntWEnjQ.roa (raw, json)
Hash identifier:          1/yiZpsUjLuoNGo0Ku/rpHLpaDxTkI6zMzawihAJCgI=
Subject key identifier:   36:59:83:2C:7E:70:58:C1:AB:FE:FC:D4:90:90:30:9E:D5:84:9E:34
Certificate issuer:       /CN=584d44ad55c262d84efd442dc8767b0413e1b162
Certificate serial:       01942C13BF9A29C868069F9EA76D5DE549EE
Authority key identifier: 58:4D:44:AD:55:C2:62:D8:4E:FD:44:2D:C8:76:7B:04:13:E1:B1:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WE1ErVXCYthO_UQtyHZ7BBPhsWI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/cdc024-ea9c-4508-b936-80b9120738ca/1/NlmDLH5wWMGr_vzUkJAwntWEnjQ.roa
Signing time:             Fri 03 Jan 2025 12:11:19 +0000
ROA not before:           Fri 03 Jan 2025 12:11:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49556
IP address blocks:        194.32.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/cdc024-ea9c-4508-b936-80b9120738ca/1/WE1ErVXCYthO_UQtyHZ7BBPhsWI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/cdc024-ea9c-4508-b936-80b9120738ca/1/WE1ErVXCYthO_UQtyHZ7BBPhsWI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WE1ErVXCYthO_UQtyHZ7BBPhsWI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:2c:13:bf:9a:29:c8:68:06:9f:9e:a7:6d:5d:e5:49:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=584d44ad55c262d84efd442dc8767b0413e1b162
        Validity
            Not Before: Jan  3 12:11:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3659832c7e7058c1abfefcd49090309ed5849e34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:bb:2c:52:00:37:40:17:c6:1b:73:f3:a2:5a:
                    e5:71:19:63:ee:0e:ae:b5:9c:a0:d2:37:86:a5:0b:
                    3b:94:6f:b2:6e:a2:47:02:17:b2:1c:0b:fc:b6:ac:
                    b5:59:c6:95:08:4b:4c:99:e6:b8:49:f3:b6:5d:c2:
                    45:31:25:65:a3:ef:b3:f2:59:da:10:99:25:2d:8a:
                    b8:15:f6:5c:4e:d3:9e:75:8a:02:17:20:98:46:cd:
                    a2:55:36:c2:2b:de:77:a5:a7:f1:5e:19:39:0e:a8:
                    9e:ea:6b:71:8b:4a:95:ea:fb:32:47:df:fb:8a:42:
                    c5:07:44:91:a1:a5:d5:dd:e9:68:3e:58:bf:88:fc:
                    e4:26:37:d4:ac:8d:68:29:c2:39:33:46:68:81:a3:
                    d3:3a:04:8d:59:7c:c5:4a:2d:7f:2f:91:8e:39:52:
                    54:bd:2b:ef:40:55:b3:f8:45:b9:98:ae:96:cc:39:
                    4e:e5:7f:3a:65:3f:da:be:f8:bf:ca:70:e6:0c:9e:
                    3e:ad:1a:e1:b9:36:4e:6b:a2:a6:89:ea:43:5b:c9:
                    32:e0:de:50:50:a8:9d:89:fa:17:2a:69:ef:a5:a5:
                    09:a4:bf:65:8f:69:c2:27:ce:2f:45:bf:5b:d7:af:
                    78:d4:49:48:7d:8d:f2:4a:70:62:18:7a:70:55:13:
                    6e:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:59:83:2C:7E:70:58:C1:AB:FE:FC:D4:90:90:30:9E:D5:84:9E:34
            X509v3 Authority Key Identifier:
                keyid:58:4D:44:AD:55:C2:62:D8:4E:FD:44:2D:C8:76:7B:04:13:E1:B1:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WE1ErVXCYthO_UQtyHZ7BBPhsWI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/cdc024-ea9c-4508-b936-80b9120738ca/1/NlmDLH5wWMGr_vzUkJAwntWEnjQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/cdc024-ea9c-4508-b936-80b9120738ca/1/WE1ErVXCYthO_UQtyHZ7BBPhsWI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.32.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:98:5b:0b:a7:fe:db:de:fc:86:9d:2a:74:76:90:6b:a3:5a:
         6e:43:9f:9e:93:7a:47:10:32:f3:70:fb:c2:20:c9:bf:47:9d:
         4e:d8:53:1a:f3:13:28:b4:a3:c0:45:cb:9d:3a:85:12:7b:83:
         a8:30:26:8e:c4:9d:cf:82:cc:42:e3:38:b7:3e:02:50:d0:5f:
         cf:35:48:f6:8e:2b:9b:a6:57:5a:f0:43:fe:a2:0f:93:20:92:
         7a:15:f3:79:52:90:d9:42:c3:a3:7d:a9:68:c0:7c:d3:ee:15:
         20:f0:a7:67:bf:e6:0a:de:f0:72:86:ce:8b:95:e1:6d:38:5b:
         a1:9e:60:8a:3d:11:a8:b8:93:de:1a:31:02:f7:e4:3f:ea:2e:
         e4:de:c1:15:63:a4:b6:31:47:34:c8:c9:35:5d:1e:c5:9f:1f:
         cd:b0:ff:ea:67:96:af:50:a1:6c:7d:25:34:cf:cc:85:94:d9:
         13:a9:f1:2e:2d:14:b3:76:df:54:a5:4e:0e:c9:41:14:d4:3e:
         c6:c9:0a:ca:45:f6:51:80:79:94:15:da:ab:14:5f:b2:0a:00:
         78:89:73:1e:90:14:38:eb:ab:d1:78:04:a3:15:7f:29:2f:98:
         2e:b3:46:20:32:29:10:38:39:bf:39:2b:4d:77:2b:1e:03:28:
         74:a0:bd:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQsE7+aKchoBp+ep21d5UnuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4NGQ0NGFkNTVjMjYyZDg0ZWZkNDQyZGM4NzY3YjA0MTNl
MWIxNjIwHhcNMjUwMTAzMTIxMTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjU5ODMyYzdlNzA1OGMxYWJmZWZjZDQ5MDkwMzA5ZWQ1ODQ5ZTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0LssUgA3QBfGG3PzolrlcRlj7g6u
tZyg0jeGpQs7lG+ybqJHAheyHAv8tqy1WcaVCEtMmea4SfO2XcJFMSVlo++z8lna
EJklLYq4FfZcTtOedYoCFyCYRs2iVTbCK953pafxXhk5Dqie6mtxi0qV6vsyR9/7
ikLFB0SRoaXV3eloPli/iPzkJjfUrI1oKcI5M0ZogaPTOgSNWXzFSi1/L5GOOVJU
vSvvQFWz+EW5mK6WzDlO5X86ZT/avvi/ynDmDJ4+rRrhuTZOa6KmiepDW8ky4N5Q
UKidifoXKmnvpaUJpL9lj2nCJ84vRb9b16941ElIfY3ySnBiGHpwVRNujwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDZZgyx+cFjBq/781JCQMJ7VhJ40MB8GA1UdIwQY
MBaAFFhNRK1VwmLYTv1ELch2ewQT4bFiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0UxRXJWWENZdGhPX1VRdHlIWjdCQlBoc1dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9jZGMwMjQtZWE5Yy00NTA4LWI5MzYt
ODBiOTEyMDczOGNhLzEvTmxtRExINXdXTUdyX3Z6VWtKQXdudFdFbmpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9jZGMwMjQtZWE5Yy00NTA4LWI5MzYtODBiOTEyMDczOGNh
LzEvV0UxRXJWWENZdGhPX1VRdHlIWjdCQlBoc1dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiDWMA0G
CSqGSIb3DQEBCwUAA4IBAQCImFsLp/7b3vyGnSp0dpBro1puQ5+ek3pHEDLzcPvC
IMm/R51O2FMa8xMotKPARcudOoUSe4OoMCaOxJ3PgsxC4zi3PgJQ0F/PNUj2jiub
plda8EP+og+TIJJ6FfN5UpDZQsOjfalowHzT7hUg8Kdnv+YK3vByhs6LleFtOFuh
nmCKPRGouJPeGjEC9+Q/6i7k3sEVY6S2MUc0yMk1XR7Fnx/NsP/qZ5avUKFsfSU0
z8yFlNkTqfEuLRSzdt9UpU4OyUEU1D7GyQrKRfZRgHmUFdqrFF+yCgB4iXMekBQ4
66vReASjFX8pL5gus0YgMikQODm/OStNdyseAyh0oL13
-----END CERTIFICATE-----