Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/b2c68e-eb3b-4e01-b50a-a86a24655870/1/UcEnYVNqi5U6cqdiwoplOCS3HnA.roa
File:                     UcEnYVNqi5U6cqdiwoplOCS3HnA.roa (raw, json)
Hash identifier:          tlO3GR/kt1gki0uA6qk4A0lEyuuVBM5YLXaJiMrAvVY=
Subject key identifier:   51:C1:27:61:53:6A:8B:95:3A:72:A7:62:C2:8A:65:38:24:B7:1E:70
Certificate issuer:       /CN=2d676a61dcf4d222ba66cda19430f61e611d8aae
Certificate serial:       018CC26D17536151E7E485FA30F97059A953
Authority key identifier: 2D:67:6A:61:DC:F4:D2:22:BA:66:CD:A1:94:30:F6:1E:61:1D:8A:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LWdqYdz00iK6Zs2hlDD2HmEdiq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/b2c68e-eb3b-4e01-b50a-a86a24655870/1/UcEnYVNqi5U6cqdiwoplOCS3HnA.roa
Signing time:             Mon 01 Jan 2024 00:29:38 +0000
ROA not before:           Mon 01 Jan 2024 00:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        185.235.236.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/b2c68e-eb3b-4e01-b50a-a86a24655870/1/LWdqYdz00iK6Zs2hlDD2HmEdiq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/b2c68e-eb3b-4e01-b50a-a86a24655870/1/LWdqYdz00iK6Zs2hlDD2HmEdiq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LWdqYdz00iK6Zs2hlDD2HmEdiq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 01:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:17:53:61:51:e7:e4:85:fa:30:f9:70:59:a9:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d676a61dcf4d222ba66cda19430f61e611d8aae
        Validity
            Not Before: Jan  1 00:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51c12761536a8b953a72a762c28a653824b71e70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:97:bc:ed:c7:ec:e6:c1:b9:44:1a:4f:78:09:
                    1f:f1:9c:58:b2:40:92:9a:9c:5f:a3:1c:06:46:34:
                    52:94:50:b2:89:7c:7c:85:d4:5c:92:84:84:14:2c:
                    73:6a:88:b9:d6:bf:48:64:9a:e5:8c:08:8d:3f:b6:
                    2d:64:5e:df:94:4a:e6:1e:8b:f6:d6:a0:e5:93:29:
                    65:a2:5c:c7:51:6c:30:5b:d2:c1:2e:fb:0a:92:ef:
                    72:56:82:23:d5:b1:f5:b0:14:83:2f:cd:58:1c:f1:
                    44:10:c3:ec:b3:44:8f:21:7d:db:ac:b8:11:7d:09:
                    50:fd:58:32:80:bd:3d:f5:81:a4:c8:d6:bd:f7:8b:
                    56:65:3e:e2:8a:5b:ce:d2:a9:b2:b6:3d:89:0d:8a:
                    6c:54:ff:db:00:15:f0:8e:ae:83:7f:d4:4d:9a:de:
                    75:d3:b8:34:08:7a:47:66:f9:2b:5e:1a:7f:a6:7d:
                    ef:4e:84:ba:d2:23:cb:64:f8:55:e4:fe:40:de:1a:
                    03:0d:65:51:60:8f:f6:56:4d:13:11:36:28:90:43:
                    92:c8:1c:74:f7:b0:7e:42:2c:be:7d:ce:dc:69:e7:
                    45:03:d1:da:20:01:0d:05:4c:28:c9:12:19:27:fa:
                    13:30:db:df:0b:d2:30:9f:a8:85:2d:b2:b6:63:3e:
                    d1:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:C1:27:61:53:6A:8B:95:3A:72:A7:62:C2:8A:65:38:24:B7:1E:70
            X509v3 Authority Key Identifier:
                keyid:2D:67:6A:61:DC:F4:D2:22:BA:66:CD:A1:94:30:F6:1E:61:1D:8A:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LWdqYdz00iK6Zs2hlDD2HmEdiq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/b2c68e-eb3b-4e01-b50a-a86a24655870/1/UcEnYVNqi5U6cqdiwoplOCS3HnA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/b2c68e-eb3b-4e01-b50a-a86a24655870/1/LWdqYdz00iK6Zs2hlDD2HmEdiq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         12:2b:ad:fe:50:7c:87:8c:e0:54:60:a4:cf:81:b3:1a:73:04:
         d5:a7:3b:cc:61:a5:50:78:d2:cc:ee:1e:48:64:86:65:f8:36:
         b9:83:07:4a:bb:50:5d:dd:9c:8d:b4:46:89:7a:81:d1:39:f6:
         62:8b:22:f7:34:0e:9e:75:28:95:e3:87:f3:ec:a1:99:e5:36:
         66:4b:9e:44:f2:e2:f4:a9:3d:6f:49:51:79:cc:bb:ec:51:92:
         d1:f2:80:c2:46:06:6e:19:4b:f6:e4:78:97:b2:72:c9:fd:9e:
         a7:46:14:2d:43:d0:aa:e5:03:59:64:ef:a3:cc:32:ff:bc:41:
         c0:6b:8b:69:70:8c:9e:70:7e:7b:1c:04:7a:40:4d:e9:50:c5:
         fe:b9:26:62:86:63:bb:b6:1c:83:2f:0b:b4:12:f3:c3:24:b3:
         ee:31:85:5e:20:af:37:c6:f1:8e:bc:cf:61:47:7a:7a:bc:47:
         a6:fe:f4:da:26:b4:61:2b:c3:06:b5:b1:f0:62:ec:62:f3:f6:
         ee:78:10:7d:54:30:82:c1:03:02:d7:c3:11:3c:ac:06:5a:95:
         d7:36:93:ee:46:31:36:3f:d1:4f:dc:a3:b9:19:ef:99:76:b4:
         84:32:a5:2b:50:59:46:58:f8:0a:d7:ff:36:a3:c0:2a:3d:68:
         83:80:37:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbRdTYVHn5IX6MPlwWalTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkNjc2YTYxZGNmNGQyMjJiYTY2Y2RhMTk0MzBmNjFlNjEx
ZDhhYWUwHhcNMjQwMTAxMDAyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWMxMjc2MTUzNmE4Yjk1M2E3MmE3NjJjMjhhNjUzODI0YjcxZTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5e87cfs5sG5RBpPeAkf8ZxYskCS
mpxfoxwGRjRSlFCyiXx8hdRckoSEFCxzaoi51r9IZJrljAiNP7YtZF7flErmHov2
1qDlkyllolzHUWwwW9LBLvsKku9yVoIj1bH1sBSDL81YHPFEEMPss0SPIX3brLgR
fQlQ/VgygL099YGkyNa994tWZT7iilvO0qmytj2JDYpsVP/bABXwjq6Df9RNmt51
07g0CHpHZvkrXhp/pn3vToS60iPLZPhV5P5A3hoDDWVRYI/2Vk0TETYokEOSyBx0
97B+Qiy+fc7caedFA9HaIAENBUwoyRIZJ/oTMNvfC9Iwn6iFLbK2Yz7RtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFHBJ2FTaouVOnKnYsKKZTgktx5wMB8GA1UdIwQY
MBaAFC1namHc9NIiumbNoZQw9h5hHYquMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFdkcVlkejAwaUs2WnMyaGxERDJIbUVkaXE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9iMmM2OGUtZWIzYi00ZTAxLWI1MGEt
YTg2YTI0NjU1ODcwLzEvVWNFbllWTnFpNVU2Y3FkaXdvcGxPQ1MzSG5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9iMmM2OGUtZWIzYi00ZTAxLWI1MGEtYTg2YTI0NjU1ODcw
LzEvTFdkcVlkejAwaUs2WnMyaGxERDJIbUVkaXE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuevsMA0G
CSqGSIb3DQEBCwUAA4IBAQASK63+UHyHjOBUYKTPgbMacwTVpzvMYaVQeNLM7h5I
ZIZl+Da5gwdKu1Bd3ZyNtEaJeoHROfZiiyL3NA6edSiV44fz7KGZ5TZmS55E8uL0
qT1vSVF5zLvsUZLR8oDCRgZuGUv25HiXsnLJ/Z6nRhQtQ9Cq5QNZZO+jzDL/vEHA
a4tpcIyecH57HAR6QE3pUMX+uSZihmO7thyDLwu0EvPDJLPuMYVeIK83xvGOvM9h
R3p6vEem/vTaJrRhK8MGtbHwYuxi8/bueBB9VDCCwQMC18MRPKwGWpXXNpPuRjE2
P9FP3KO5Ge+ZdrSEMqUrUFlGWPgK1/82o8AqPWiDgDeX
-----END CERTIFICATE-----