Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/zUiuMYD8QIeC-qePKL-5o290RiM.roa
File:                     zUiuMYD8QIeC-qePKL-5o290RiM.roa (raw, json)
Hash identifier:          GwYtRpfJG7kwxQLtTfzB+KZPUtPAIqgVPnUIJvQ5DZs=
Subject key identifier:   CD:48:AE:31:80:FC:40:87:82:FA:A7:8F:28:BF:B9:A3:6F:74:46:23
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC5012BAC6AB73DEF6A355F32B144F781
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/zUiuMYD8QIeC-qePKL-5o290RiM.roa
Signing time:             Mon 01 Jan 2024 12:30:37 +0000
ROA not before:           Mon 01 Jan 2024 12:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210740
IP address blocks:        194.32.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 16:03:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:2b:ac:6a:b7:3d:ef:6a:35:5f:32:b1:44:f7:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd48ae3180fc408782faa78f28bfb9a36f744623
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:ce:86:b0:b2:83:ed:89:06:2c:83:8a:90:8d:
                    d1:5b:15:45:00:b6:b3:c2:aa:f1:81:e3:69:b9:ce:
                    4f:c2:d2:9c:db:04:36:c4:1b:b4:69:e5:be:f2:9f:
                    bf:ac:54:91:f9:95:d3:7e:b8:b0:66:f5:11:d9:23:
                    21:bc:95:6c:12:85:2e:4b:e7:ce:3b:2f:9a:44:64:
                    30:ed:ae:d1:56:69:7a:0b:68:3a:93:b8:47:77:4c:
                    74:8c:63:8b:b5:a4:68:1e:7d:04:b1:fb:2f:77:94:
                    34:05:04:72:0c:c0:97:1a:6c:8c:11:27:aa:09:2d:
                    f7:03:9c:b8:4c:5f:d8:14:27:5f:5f:c3:03:3c:95:
                    44:f0:dc:1c:54:a8:e0:04:99:b5:a7:2e:ba:5d:0d:
                    77:f4:18:b1:6a:26:72:8a:88:da:a7:43:02:c4:0a:
                    ab:8e:27:b0:82:a2:7a:27:6c:37:d4:ac:49:b3:a8:
                    03:8d:87:85:cb:23:40:b7:a8:a5:98:8e:84:b7:82:
                    f6:5d:14:be:a7:cf:e9:a8:79:1a:2a:ed:83:5b:27:
                    2d:47:11:fa:9d:cb:ec:5c:34:a5:dc:5e:6b:6c:85:
                    b3:d9:02:77:b9:40:c0:ac:49:df:10:e4:42:c2:04:
                    20:e8:68:5e:ce:b6:24:cf:50:a1:22:67:82:62:9c:
                    bc:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:48:AE:31:80:FC:40:87:82:FA:A7:8F:28:BF:B9:A3:6F:74:46:23
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/zUiuMYD8QIeC-qePKL-5o290RiM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.32.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:6f:7c:cd:53:e4:01:26:fc:fb:dd:8d:97:ec:e1:4d:72:2d:
         5b:84:26:6e:bf:08:d2:aa:10:c7:26:13:a6:ba:45:2e:27:bd:
         c6:1f:3f:a3:ac:87:c5:66:fb:45:ca:4b:61:6c:0e:80:aa:d0:
         12:65:f5:35:84:83:42:fa:ec:64:63:c2:08:27:24:c8:9b:32:
         24:8c:7e:ee:69:04:0e:0a:40:b9:6d:30:bb:79:e9:ac:32:83:
         7b:3c:cc:ca:c5:d5:0e:a0:3b:36:f6:c8:31:cf:23:78:42:16:
         d8:82:3b:f1:61:25:a5:5a:f1:04:82:7e:af:59:e3:b8:5a:ae:
         b7:27:7e:36:b6:55:e8:a4:43:64:a6:7f:e6:97:62:48:ea:bd:
         32:8f:9c:55:4b:a5:8a:d5:da:7c:88:ac:17:03:fa:39:d5:a5:
         6b:a2:ed:de:84:af:1a:ac:97:7a:36:c2:5c:00:33:fa:e3:e3:
         d3:4c:aa:d4:b9:94:62:bb:82:78:71:d2:51:3b:cf:74:dc:eb:
         51:60:00:33:d2:01:7a:84:d4:f9:9b:b7:fb:25:31:b9:ef:2d:
         91:fc:db:1b:83:90:f4:91:87:a0:fa:72:a3:97:21:48:6c:a8:
         b7:f5:44:c4:ad:ef:92:c5:c8:cf:c9:2a:d2:3a:7e:d1:a8:7c:
         49:c7:3b:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFASusarc972o1XzKxRPeBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDQ4YWUzMTgwZmM0MDg3ODJmYWE3OGYyOGJmYjlhMzZmNzQ0NjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo86GsLKD7YkGLIOKkI3RWxVFALaz
wqrxgeNpuc5PwtKc2wQ2xBu0aeW+8p+/rFSR+ZXTfriwZvUR2SMhvJVsEoUuS+fO
Oy+aRGQw7a7RVml6C2g6k7hHd0x0jGOLtaRoHn0Esfsvd5Q0BQRyDMCXGmyMESeq
CS33A5y4TF/YFCdfX8MDPJVE8NwcVKjgBJm1py66XQ139BixaiZyiojap0MCxAqr
jiewgqJ6J2w31KxJs6gDjYeFyyNAt6ilmI6Et4L2XRS+p8/pqHkaKu2DWyctRxH6
ncvsXDSl3F5rbIWz2QJ3uUDArEnfEORCwgQg6GhezrYkz1ChImeCYpy8JQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM1IrjGA/ECHgvqnjyi/uaNvdEYjMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvelVpdU1ZRDhRSWVDLXFlUEtMLTVvMjkwUmlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiB5MA0G
CSqGSIb3DQEBCwUAA4IBAQCUb3zNU+QBJvz73Y2X7OFNci1bhCZuvwjSqhDHJhOm
ukUuJ73GHz+jrIfFZvtFykthbA6AqtASZfU1hINC+uxkY8IIJyTImzIkjH7uaQQO
CkC5bTC7eemsMoN7PMzKxdUOoDs29sgxzyN4QhbYgjvxYSWlWvEEgn6vWeO4Wq63
J342tlXopENkpn/ml2JI6r0yj5xVS6WK1dp8iKwXA/o51aVrou3ehK8arJd6NsJc
ADP64+PTTKrUuZRiu4J4cdJRO8903OtRYAAz0gF6hNT5m7f7JTG57y2R/Nsbg5D0
kYeg+nKjlyFIbKi39UTEre+SxcjPySrSOn7RqHxJxzs7
-----END CERTIFICATE-----