Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/4ea4f7-d70e-42a2-afd7-3e3a188f49de/1/nRoBdSM4wPK1IPUm53y5IBC4GVs.roa
File:                     nRoBdSM4wPK1IPUm53y5IBC4GVs.roa (raw, json)
Hash identifier:          JK0caA2toIljZ+6FpkjkzhuAfIGCvEYLplppBpwKNI0=
Subject key identifier:   9D:1A:01:75:23:38:C0:F2:B5:20:F5:26:E7:7C:B9:20:10:B8:19:5B
Certificate issuer:       /CN=37915673b28bdfadb2c2019ac68d0464fd21b71a
Certificate serial:       018CC72679E019659861F496395D71FBF2F9
Authority key identifier: 37:91:56:73:B2:8B:DF:AD:B2:C2:01:9A:C6:8D:04:64:FD:21:B7:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N5FWc7KL362ywgGaxo0EZP0htxo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/4ea4f7-d70e-42a2-afd7-3e3a188f49de/1/nRoBdSM4wPK1IPUm53y5IBC4GVs.roa
Signing time:             Mon 01 Jan 2024 22:30:36 +0000
ROA not before:           Mon 01 Jan 2024 22:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2830
IP address blocks:        145.32.100.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/4ea4f7-d70e-42a2-afd7-3e3a188f49de/1/N5FWc7KL362ywgGaxo0EZP0htxo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/4ea4f7-d70e-42a2-afd7-3e3a188f49de/1/N5FWc7KL362ywgGaxo0EZP0htxo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N5FWc7KL362ywgGaxo0EZP0htxo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 19:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:79:e0:19:65:98:61:f4:96:39:5d:71:fb:f2:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37915673b28bdfadb2c2019ac68d0464fd21b71a
        Validity
            Not Before: Jan  1 22:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d1a01752338c0f2b520f526e77cb92010b8195b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:00:2d:a9:16:f3:40:33:eb:bf:8c:ff:65:e9:
                    1d:ff:a7:55:31:d9:e9:6b:a4:0c:97:eb:1a:bf:b4:
                    c7:39:3f:81:20:c3:99:41:75:54:fc:0c:a0:77:55:
                    3a:be:18:7c:2c:00:33:e8:6f:2a:99:da:c2:1d:ec:
                    4f:86:98:d2:73:2f:be:da:17:74:99:57:c1:06:e0:
                    75:dd:c0:2d:f0:af:0f:a0:bd:92:79:56:d1:85:07:
                    3f:56:cb:7d:ab:07:ae:f6:11:72:3e:1a:50:a2:de:
                    a4:3a:3d:83:26:0f:12:8c:e3:5c:ed:5b:87:ab:20:
                    94:6b:b3:44:fd:a5:b9:83:b8:84:6b:3f:30:d2:46:
                    e2:59:8e:ff:e1:d0:ed:db:5c:ed:d1:ed:1e:b7:56:
                    cb:37:5d:09:93:e3:df:10:82:b2:e7:c4:8a:d6:81:
                    e3:09:63:12:1a:13:7f:66:04:62:20:7e:b1:5d:2b:
                    f9:2f:e1:78:01:33:60:50:5a:cc:1b:fc:5c:f3:76:
                    0f:ab:02:ab:a1:17:e0:f4:63:54:a1:3a:b8:62:91:
                    57:ee:19:0a:03:ee:a2:42:f6:58:25:b0:c4:1e:51:
                    a3:46:8b:81:01:84:dd:8d:35:c8:06:30:a6:2f:3e:
                    f1:ef:f0:54:df:82:07:db:2c:2e:f9:3f:2f:4f:b5:
                    3c:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:1A:01:75:23:38:C0:F2:B5:20:F5:26:E7:7C:B9:20:10:B8:19:5B
            X509v3 Authority Key Identifier:
                keyid:37:91:56:73:B2:8B:DF:AD:B2:C2:01:9A:C6:8D:04:64:FD:21:B7:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N5FWc7KL362ywgGaxo0EZP0htxo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/4ea4f7-d70e-42a2-afd7-3e3a188f49de/1/nRoBdSM4wPK1IPUm53y5IBC4GVs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/4ea4f7-d70e-42a2-afd7-3e3a188f49de/1/N5FWc7KL362ywgGaxo0EZP0htxo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.32.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:96:e7:f8:ed:c8:ed:f5:38:f8:fc:8b:a1:55:5f:05:2d:e7:
         c6:66:8c:18:08:d2:c7:6d:af:97:d6:b4:e6:a9:99:a3:0a:6f:
         ee:39:60:4d:7d:e2:19:43:eb:34:d7:9e:e6:c3:b7:38:71:23:
         98:75:0a:c8:93:63:18:05:4a:e8:24:36:f1:23:c6:cd:34:4e:
         dc:12:04:8b:86:a9:50:06:ed:dd:5c:e1:f9:67:a5:24:24:58:
         a2:81:db:0d:70:f6:99:9d:3a:39:f5:83:cb:59:1c:45:aa:59:
         73:5e:9d:20:e8:15:47:cf:8c:99:7c:33:82:b4:ff:a8:f2:3b:
         26:71:1f:b7:ab:69:97:84:72:69:8b:ca:b0:f4:45:d4:c2:f2:
         d9:fe:ba:5e:e3:93:ee:8b:74:d6:04:1c:97:5b:eb:40:9d:20:
         fc:cc:39:40:27:4b:ce:a4:5f:3d:5d:d0:1b:36:a5:c0:b3:31:
         28:32:5e:04:8c:04:37:9f:19:fa:0c:df:d1:08:bc:b5:2d:85:
         80:2a:1a:f8:35:e5:38:ad:52:90:4e:43:14:01:56:d2:34:83:
         dc:42:56:0a:c2:b6:a4:a1:31:4d:40:99:d9:94:49:b8:72:82:
         5b:45:ce:53:6c:bd:c0:1b:3f:e3:59:2e:d5:98:a4:a6:bc:3b:
         de:27:d5:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJnngGWWYYfSWOV1x+/L5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3OTE1NjczYjI4YmRmYWRiMmMyMDE5YWM2OGQwNDY0ZmQy
MWI3MWEwHhcNMjQwMTAxMjIzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDFhMDE3NTIzMzhjMGYyYjUyMGY1MjZlNzdjYjkyMDEwYjgxOTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgAtqRbzQDPrv4z/Zekd/6dVMdnp
a6QMl+sav7THOT+BIMOZQXVU/Aygd1U6vhh8LAAz6G8qmdrCHexPhpjScy++2hd0
mVfBBuB13cAt8K8PoL2SeVbRhQc/Vst9qweu9hFyPhpQot6kOj2DJg8SjONc7VuH
qyCUa7NE/aW5g7iEaz8w0kbiWY7/4dDt21zt0e0et1bLN10Jk+PfEIKy58SK1oHj
CWMSGhN/ZgRiIH6xXSv5L+F4ATNgUFrMG/xc83YPqwKroRfg9GNUoTq4YpFX7hkK
A+6iQvZYJbDEHlGjRouBAYTdjTXIBjCmLz7x7/BU34IH2ywu+T8vT7U8YwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ0aAXUjOMDytSD1Jud8uSAQuBlbMB8GA1UdIwQY
MBaAFDeRVnOyi9+tssIBmsaNBGT9IbcaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjVGV2M3S0wzNjJ5d2dHYXhvMEVaUDBodHhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS80ZWE0ZjctZDcwZS00MmEyLWFmZDct
M2UzYTE4OGY0OWRlLzEvblJvQmRTTTR3UEsxSVBVbTUzeTVJQkM0R1ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS80ZWE0ZjctZDcwZS00MmEyLWFmZDctM2UzYTE4OGY0OWRl
LzEvTjVGV2M3S0wzNjJ5d2dHYXhvMEVaUDBodHhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkSBkMA0G
CSqGSIb3DQEBCwUAA4IBAQCZluf47cjt9Tj4/IuhVV8FLefGZowYCNLHba+X1rTm
qZmjCm/uOWBNfeIZQ+s0157mw7c4cSOYdQrIk2MYBUroJDbxI8bNNE7cEgSLhqlQ
Bu3dXOH5Z6UkJFiigdsNcPaZnTo59YPLWRxFqllzXp0g6BVHz4yZfDOCtP+o8jsm
cR+3q2mXhHJpi8qw9EXUwvLZ/rpe45Pui3TWBByXW+tAnSD8zDlAJ0vOpF89XdAb
NqXAszEoMl4EjAQ3nxn6DN/RCLy1LYWAKhr4NeU4rVKQTkMUAVbSNIPcQlYKwrak
oTFNQJnZlEm4coJbRc5TbL3AGz/jWS7VmKSmvDveJ9W3
-----END CERTIFICATE-----