Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/UL56UxDY5eB1gQd3Lf5VrI2lprY.roa
File:                     UL56UxDY5eB1gQd3Lf5VrI2lprY.roa (raw, json)
Hash identifier:          gROPQfJDc5GkbVrtelYML6OIz44babjmklUz+gVPlTU=
Subject key identifier:   50:BE:7A:53:10:D8:E5:E0:75:81:07:77:2D:FE:55:AC:8D:A5:A6:B6
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018EA92233BA239A69D6A6FC8FFE7E462475
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/UL56UxDY5eB1gQd3Lf5VrI2lprY.roa
Signing time:             Thu 04 Apr 2024 12:42:54 +0000
ROA not before:           Thu 04 Apr 2024 12:42:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215176
IP address blocks:        193.37.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a9:22:33:ba:23:9a:69:d6:a6:fc:8f:fe:7e:46:24:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Apr  4 12:42:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=50be7a5310d8e5e0758107772dfe55ac8da5a6b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:f9:73:b7:73:05:da:47:3b:67:fa:3e:01:fd:
                    56:9d:51:2e:62:33:22:15:42:6e:88:16:87:e3:8a:
                    91:d0:9e:e2:9e:9d:6f:e8:3f:08:31:5f:99:0b:9f:
                    67:a1:74:71:50:9f:c2:de:26:a8:4e:5d:f3:51:41:
                    33:35:a5:bf:81:7c:5d:99:f7:a4:c7:91:02:0e:31:
                    c4:f6:d9:16:ac:18:1c:a3:f6:28:a3:5e:93:19:93:
                    95:c3:6b:92:1f:f1:50:31:f3:d6:3c:cf:27:26:5a:
                    1a:03:0c:ac:66:c3:3b:0b:ba:79:a1:a0:e8:37:ac:
                    82:d6:9a:7e:09:8e:a8:5b:51:a0:8c:86:5a:62:10:
                    c6:bd:32:3b:df:eb:5e:a7:a4:30:89:4b:46:9b:62:
                    65:63:25:7a:2d:08:41:28:c0:3f:de:d5:c4:79:36:
                    8f:2b:2a:66:b7:02:8a:ed:48:4f:c1:c5:16:29:9b:
                    a9:ec:bd:72:1e:2c:35:16:bb:08:72:f2:50:64:20:
                    7f:6e:b1:5f:bb:d9:6e:3a:1e:af:58:b4:ab:ac:07:
                    75:58:df:6b:13:f4:bc:c7:25:4e:01:1f:4a:8a:22:
                    f7:a5:3f:de:ba:5a:fb:8f:22:94:97:e1:88:51:bf:
                    04:e2:a4:35:e2:7e:64:ec:d0:f4:c6:b2:be:2d:46:
                    7e:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:BE:7A:53:10:D8:E5:E0:75:81:07:77:2D:FE:55:AC:8D:A5:A6:B6
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/UL56UxDY5eB1gQd3Lf5VrI2lprY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:ff:ea:82:e1:6e:3b:e0:87:4a:eb:64:c2:fb:a6:40:a0:aa:
         42:50:89:e0:8f:8a:ee:97:b2:ea:01:f5:2a:15:1c:a9:a0:01:
         6a:36:3c:cd:37:09:80:05:04:2f:c1:49:dd:12:07:15:34:b2:
         52:ad:39:c4:93:a5:bb:58:44:fb:6d:29:81:c0:4a:c4:4b:2e:
         97:91:90:c1:01:d8:3f:b7:e7:b5:f3:e5:eb:50:8a:da:36:96:
         46:86:a4:c1:34:ac:1e:43:50:8a:72:84:3c:95:dc:2f:c0:47:
         ba:d5:de:d8:13:7b:20:6b:a2:32:dc:73:91:6d:2b:68:5e:26:
         cf:ce:30:bb:52:42:f0:b1:38:8a:d8:03:00:5b:4f:79:02:5f:
         93:81:26:c1:e2:c4:0a:55:27:42:cd:b7:fc:97:27:87:6f:9a:
         cb:ee:e2:d7:d2:ab:cb:ea:dd:6f:0f:5f:97:ad:d7:f7:56:a0:
         c6:eb:94:cd:14:f5:66:21:ef:2c:6e:d5:2e:e7:a6:d6:20:fa:
         6a:5a:2a:73:d7:de:73:18:f7:c0:d1:bb:ef:a1:af:5a:3b:76:
         86:7a:c5:3e:81:01:75:10:2c:17:9b:cc:4d:25:11:33:30:79:
         56:97:20:92:f9:39:48:0e:7e:8f:28:8f:79:02:b2:3f:1d:9e:
         c7:4f:a8:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6pIjO6I5pp1qb8j/5+RiR1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwNDA0MTI0MjU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGJlN2E1MzEwZDhlNWUwNzU4MTA3NzcyZGZlNTVhYzhkYTVhNmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/lzt3MF2kc7Z/o+Af1WnVEuYjMi
FUJuiBaH44qR0J7inp1v6D8IMV+ZC59noXRxUJ/C3iaoTl3zUUEzNaW/gXxdmfek
x5ECDjHE9tkWrBgco/Yoo16TGZOVw2uSH/FQMfPWPM8nJloaAwysZsM7C7p5oaDo
N6yC1pp+CY6oW1GgjIZaYhDGvTI73+tep6QwiUtGm2JlYyV6LQhBKMA/3tXEeTaP
KypmtwKK7UhPwcUWKZup7L1yHiw1FrsIcvJQZCB/brFfu9luOh6vWLSrrAd1WN9r
E/S8xyVOAR9KiiL3pT/eulr7jyKUl+GIUb8E4qQ14n5k7ND0xrK+LUZ+sQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFC+elMQ2OXgdYEHdy3+VayNpaa2MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvVUw1NlV4RFk1ZUIxZ1FkM0xmNVZySTJscHJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSUpMA0G
CSqGSIb3DQEBCwUAA4IBAQAq/+qC4W474IdK62TC+6ZAoKpCUIngj4rul7LqAfUq
FRypoAFqNjzNNwmABQQvwUndEgcVNLJSrTnEk6W7WET7bSmBwErESy6XkZDBAdg/
t+e18+XrUIraNpZGhqTBNKweQ1CKcoQ8ldwvwEe61d7YE3sga6Iy3HORbStoXibP
zjC7UkLwsTiK2AMAW095Al+TgSbB4sQKVSdCzbf8lyeHb5rL7uLX0qvL6t1vD1+X
rdf3VqDG65TNFPVmIe8sbtUu56bWIPpqWipz195zGPfA0bvvoa9aO3aGesU+gQF1
ECwXm8xNJREzMHlWlyCS+TlIDn6PKI95ArI/HZ7HT6gZ
-----END CERTIFICATE-----