Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/UcbiYnov5XIHnMbudgsCreaH_XM.roa
File:                     UcbiYnov5XIHnMbudgsCreaH_XM.roa (raw, json)
Hash identifier:          okEodlXH/CHO6tU1ZN2zJdSKBoWy5eisS5rz3urt/WY=
Subject key identifier:   51:C6:E2:62:7A:2F:E5:72:07:9C:C6:EE:76:0B:02:AD:E6:87:FD:73
Certificate issuer:       /CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Certificate serial:       018CC56E1CC216A4444D402269B05BF8C056
Authority key identifier: 00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/UcbiYnov5XIHnMbudgsCreaH_XM.roa
Signing time:             Mon 01 Jan 2024 14:29:37 +0000
ROA not before:           Mon 01 Jan 2024 14:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        89.46.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:1c:c2:16:a4:44:4d:40:22:69:b0:5b:f8:c0:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
        Validity
            Not Before: Jan  1 14:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51c6e2627a2fe572079cc6ee760b02ade687fd73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:62:5e:70:7e:41:1e:57:10:a3:4e:92:7b:97:
                    15:1f:6d:48:05:60:53:92:f5:56:01:39:70:92:4a:
                    b6:9c:86:f6:cb:c1:b0:aa:35:12:51:f1:49:e6:04:
                    b0:6b:b4:ec:6e:3e:cc:a0:ab:28:a9:5a:89:96:49:
                    61:01:57:be:05:19:9f:45:70:94:a9:2c:31:d7:41:
                    61:98:ba:92:b6:17:56:fe:80:2e:81:5c:98:d0:05:
                    fa:3e:ec:81:29:3c:87:85:bd:1b:16:ad:0c:94:5a:
                    58:70:c8:17:12:34:f3:e8:58:dd:4f:7e:e1:a3:f5:
                    c1:6a:6e:9a:b8:8c:e8:4e:64:d8:4b:20:5d:6b:2a:
                    c7:1a:0f:8f:fc:b2:25:df:d6:a5:dc:75:6d:6b:d8:
                    f2:40:e7:09:d1:9a:3c:31:d0:ca:2d:d6:d7:17:86:
                    e1:3a:ca:8f:f4:a3:a6:bb:5b:3b:d7:cd:65:ad:5a:
                    bc:fc:7f:58:28:6b:d9:22:19:39:26:e7:75:11:e6:
                    5f:e5:c0:b3:59:33:a1:56:ea:c5:4d:d8:6a:3d:6d:
                    f0:d9:26:ef:3b:ca:37:c5:fd:f6:31:fb:8f:74:26:
                    58:26:04:12:2a:eb:ca:48:fe:42:d5:89:f6:20:ac:
                    45:4b:34:f4:e2:8c:32:29:12:ac:c9:ba:95:48:e3:
                    5c:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:C6:E2:62:7A:2F:E5:72:07:9C:C6:EE:76:0B:02:AD:E6:87:FD:73
            X509v3 Authority Key Identifier:
                keyid:00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/UcbiYnov5XIHnMbudgsCreaH_XM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.46.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:27:ed:1f:9c:7e:3f:36:fd:1c:f7:75:69:1a:42:6a:c9:f9:
         96:c3:d1:c7:62:53:6d:61:5e:da:0d:7d:ba:95:4a:d7:b3:4e:
         e1:dd:7f:e4:00:13:28:6b:b6:58:bd:25:89:e6:f7:2e:a2:a1:
         0f:05:e5:63:89:f8:90:a4:5a:1a:85:c6:b6:9d:d3:16:2b:3b:
         35:20:5d:d8:cf:35:03:86:56:37:05:e8:29:2f:9d:b1:69:ec:
         58:ee:a1:fd:54:65:6e:14:10:1b:70:22:8c:e1:db:d7:02:3a:
         77:d7:7e:71:d0:25:c2:98:77:33:5e:9f:d9:af:71:9f:fd:5a:
         d3:e8:2a:5a:26:7c:f0:ff:c8:e0:71:1d:23:32:2a:88:15:78:
         ac:fc:76:36:da:a4:3c:d3:0f:93:d4:a5:f0:3d:da:d5:7d:6e:
         3d:9a:26:7a:82:c4:32:7b:f6:2d:ea:3f:8e:de:1f:11:05:45:
         f4:33:87:d0:80:91:56:98:b8:fc:42:d8:fc:d5:23:76:dd:cf:
         88:92:40:4d:a6:08:60:67:8b:24:1c:ed:cc:1c:f1:62:0d:16:
         b3:67:61:30:90:93:9b:86:0b:b8:16:e6:f3:43:e3:ba:35:16:
         7e:d0:04:da:91:5c:ca:67:c4:87:97:46:d0:e8:9d:3c:5b:db:
         16:bd:e3:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhzCFqRETUAiabBb+MBWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwYWZmNmI0ZWZmZTdjMzYzZWYyMDBmNmYzZTU4ODhiOTE1
YmE2ODEwHhcNMjQwMTAxMTQyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWM2ZTI2MjdhMmZlNTcyMDc5Y2M2ZWU3NjBiMDJhZGU2ODdmZDczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg2JecH5BHlcQo06Se5cVH21IBWBT
kvVWATlwkkq2nIb2y8GwqjUSUfFJ5gSwa7Tsbj7MoKsoqVqJlklhAVe+BRmfRXCU
qSwx10FhmLqSthdW/oAugVyY0AX6PuyBKTyHhb0bFq0MlFpYcMgXEjTz6FjdT37h
o/XBam6auIzoTmTYSyBdayrHGg+P/LIl39al3HVta9jyQOcJ0Zo8MdDKLdbXF4bh
OsqP9KOmu1s7181lrVq8/H9YKGvZIhk5Jud1EeZf5cCzWTOhVurFTdhqPW3w2Sbv
O8o3xf32MfuPdCZYJgQSKuvKSP5C1Yn2IKxFSzT04owyKRKsybqVSONcKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFHG4mJ6L+VyB5zG7nYLAq3mh/1zMB8GA1UdIwQY
MBaAFACv9rTv/nw2PvIA9vPliIuRW6aBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMt
YTg3NzNkZTc2OGY3LzEvVWNiaVlub3Y1WElIbk1idWRnc0NyZWFIX1hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMtYTg3NzNkZTc2OGY3
LzEvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWS4LMA0G
CSqGSIb3DQEBCwUAA4IBAQBLJ+0fnH4/Nv0c93VpGkJqyfmWw9HHYlNtYV7aDX26
lUrXs07h3X/kABMoa7ZYvSWJ5vcuoqEPBeVjifiQpFoahca2ndMWKzs1IF3YzzUD
hlY3BegpL52xaexY7qH9VGVuFBAbcCKM4dvXAjp3135x0CXCmHczXp/Zr3Gf/VrT
6CpaJnzw/8jgcR0jMiqIFXis/HY22qQ80w+T1KXwPdrVfW49miZ6gsQye/Yt6j+O
3h8RBUX0M4fQgJFWmLj8Qtj81SN23c+IkkBNpghgZ4skHO3MHPFiDRazZ2EwkJOb
hgu4FubzQ+O6NRZ+0ATakVzKZ8SHl0bQ6J08W9sWveOC
-----END CERTIFICATE-----