Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/NUSE3ckqpNURbosmSx9lcZCfBJ0.roa
File:                     NUSE3ckqpNURbosmSx9lcZCfBJ0.roa (raw, json)
Hash identifier:          bolrEuZBIqoqevB8CAyGbT8QZib4iKkxGFCi9j6sR0o=
Subject key identifier:   35:44:84:DD:C9:2A:A4:D5:11:6E:8B:26:4B:1F:65:71:90:9F:04:9D
Certificate issuer:       /CN=a389e7035b08e181a341f37eda7343d23f1cafa4
Certificate serial:       018CCA2B5A71FEEBF718CEED1575F1126CCB
Authority key identifier: A3:89:E7:03:5B:08:E1:81:A3:41:F3:7E:DA:73:43:D2:3F:1C:AF:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o4nnA1sI4YGjQfN-2nND0j8cr6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/NUSE3ckqpNURbosmSx9lcZCfBJ0.roa
Signing time:             Tue 02 Jan 2024 12:34:47 +0000
ROA not before:           Tue 02 Jan 2024 12:34:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12085
IP address blocks:        176.121.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/o4nnA1sI4YGjQfN-2nND0j8cr6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/o4nnA1sI4YGjQfN-2nND0j8cr6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o4nnA1sI4YGjQfN-2nND0j8cr6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:5a:71:fe:eb:f7:18:ce:ed:15:75:f1:12:6c:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a389e7035b08e181a341f37eda7343d23f1cafa4
        Validity
            Not Before: Jan  2 12:34:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=354484ddc92aa4d5116e8b264b1f6571909f049d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:3c:74:d9:2a:7d:4e:0e:d6:fa:8d:15:36:ab:
                    e3:1d:32:e6:c8:e2:bd:2a:5b:da:ca:d9:f9:63:ae:
                    b0:e7:e2:c3:a6:26:e8:b2:a5:65:c7:39:a3:fe:a1:
                    ab:d9:2c:3a:e7:c6:c1:e4:5d:3f:82:f5:95:19:6d:
                    ef:6b:c8:21:73:b8:f6:87:8a:97:48:53:50:d8:40:
                    43:c8:c9:c0:3c:1a:0a:c4:fe:7f:4c:dd:ee:93:ae:
                    17:68:fc:f6:8a:62:8b:b6:35:e3:fe:9a:1e:1e:06:
                    eb:bf:74:1d:fe:b6:7e:50:e9:70:f6:fd:29:42:f6:
                    81:14:a7:53:fd:53:dd:85:e3:ee:80:15:7e:9a:56:
                    79:52:3a:39:05:62:70:4b:e3:77:d3:35:ee:d2:bc:
                    53:61:02:4c:2b:43:48:77:25:73:36:2f:35:5f:f9:
                    4b:ba:96:1c:e6:ae:81:b6:f5:a6:3c:8f:48:a8:81:
                    a3:46:e8:3b:db:7b:46:73:71:04:02:d2:46:87:49:
                    45:71:47:81:c6:c3:3b:2d:8e:23:d8:17:2c:dd:80:
                    b0:fd:82:09:d8:bf:5c:2f:58:ff:d8:cc:c6:fa:99:
                    d1:f9:21:96:18:c9:93:6a:63:9f:aa:16:3a:8b:3a:
                    77:90:48:13:0d:cf:de:e6:ba:2c:e6:80:2f:59:18:
                    12:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:44:84:DD:C9:2A:A4:D5:11:6E:8B:26:4B:1F:65:71:90:9F:04:9D
            X509v3 Authority Key Identifier:
                keyid:A3:89:E7:03:5B:08:E1:81:A3:41:F3:7E:DA:73:43:D2:3F:1C:AF:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o4nnA1sI4YGjQfN-2nND0j8cr6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/NUSE3ckqpNURbosmSx9lcZCfBJ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/o4nnA1sI4YGjQfN-2nND0j8cr6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.121.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:d1:f5:15:07:d8:7f:c1:75:f2:89:bb:25:79:18:f9:20:20:
         20:07:74:98:c0:5d:44:5f:1f:ba:78:28:43:22:4d:29:e9:dc:
         69:10:0d:80:f9:70:50:b1:9a:74:e0:da:48:00:59:fa:af:30:
         53:1e:25:86:3e:ac:62:9c:46:2f:ee:2d:f3:e3:d0:0b:b5:20:
         41:5c:4f:75:cf:a3:16:7c:44:1e:59:5f:df:40:31:16:07:e0:
         2d:d6:80:18:85:6a:5c:5b:c1:7e:e7:33:2f:4a:14:93:47:ba:
         27:ff:bf:5c:2a:24:2a:5e:31:fb:06:a3:1c:2e:a7:01:fe:fd:
         be:94:59:8f:d1:b7:33:eb:6b:5a:a6:44:33:34:d7:fe:fd:23:
         6c:cc:4e:4c:a9:f0:e3:5b:e2:20:61:db:ca:31:0e:b6:0c:d6:
         a9:71:bd:e9:dd:f9:51:16:be:05:82:78:77:2d:a5:30:aa:e5:
         63:11:e1:bf:2b:21:65:74:45:e3:ee:0b:ee:5e:5d:1d:b4:a4:
         e9:27:c2:78:5e:c7:a5:66:78:d0:f2:a6:6d:65:84:d0:74:31:
         bc:25:93:f4:02:16:68:2b:fa:bf:a0:e0:a4:52:6d:63:a8:4f:
         3c:75:50:b1:4a:65:d2:6a:5c:9d:42:b5:fe:c9:3e:b7:23:6e:
         bc:55:63:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK1px/uv3GM7tFXXxEmzLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzODllNzAzNWIwOGUxODFhMzQxZjM3ZWRhNzM0M2QyM2Yx
Y2FmYTQwHhcNMjQwMTAyMTIzNDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTQ0ODRkZGM5MmFhNGQ1MTE2ZThiMjY0YjFmNjU3MTkwOWYwNDlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jx02Sp9Tg7W+o0VNqvjHTLmyOK9
Klvaytn5Y66w5+LDpibosqVlxzmj/qGr2Sw658bB5F0/gvWVGW3va8ghc7j2h4qX
SFNQ2EBDyMnAPBoKxP5/TN3uk64XaPz2imKLtjXj/poeHgbrv3Qd/rZ+UOlw9v0p
QvaBFKdT/VPdhePugBV+mlZ5Ujo5BWJwS+N30zXu0rxTYQJMK0NIdyVzNi81X/lL
upYc5q6BtvWmPI9IqIGjRug723tGc3EEAtJGh0lFcUeBxsM7LY4j2Bcs3YCw/YIJ
2L9cL1j/2MzG+pnR+SGWGMmTamOfqhY6izp3kEgTDc/e5ros5oAvWRgSewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDVEhN3JKqTVEW6LJksfZXGQnwSdMB8GA1UdIwQY
MBaAFKOJ5wNbCOGBo0HzftpzQ9I/HK+kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzRubkExc0k0WUdqUWZOLTJuTkQwajhjcjZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9mMDUzY2QtMWQ3OS00M2ExLTlhYWIt
MGU3MjQxNmI0ZGM3LzEvTlVTRTNja3FwTlVSYm9zbVN4OWxjWkNmQkowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9mMDUzY2QtMWQ3OS00M2ExLTlhYWItMGU3MjQxNmI0ZGM3
LzEvbzRubkExc0k0WUdqUWZOLTJuTkQwajhjcjZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHlYMA0G
CSqGSIb3DQEBCwUAA4IBAQBk0fUVB9h/wXXyibsleRj5ICAgB3SYwF1EXx+6eChD
Ik0p6dxpEA2A+XBQsZp04NpIAFn6rzBTHiWGPqxinEYv7i3z49ALtSBBXE91z6MW
fEQeWV/fQDEWB+At1oAYhWpcW8F+5zMvShSTR7on/79cKiQqXjH7BqMcLqcB/v2+
lFmP0bcz62tapkQzNNf+/SNszE5MqfDjW+IgYdvKMQ62DNapcb3p3flRFr4Fgnh3
LaUwquVjEeG/KyFldEXj7gvuXl0dtKTpJ8J4XselZnjQ8qZtZYTQdDG8JZP0AhZo
K/q/oOCkUm1jqE88dVCxSmXSalydQrX+yT63I268VWNN
-----END CERTIFICATE-----