Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/d8548c-30b1-48a4-ae28-d6b0bc90f2f5/1/ub4OxjYJpzcfpTgkKyzYZu3RSPU.roa
File:                     ub4OxjYJpzcfpTgkKyzYZu3RSPU.roa (raw, json)
Hash identifier:          e0dSkfwmxgS7I9SDYqnLA66JuAF8IH2if8pg1z7TcpA=
Subject key identifier:   B9:BE:0E:C6:36:09:A7:37:1F:A5:38:24:2B:2C:D8:66:ED:D1:48:F5
Certificate issuer:       /CN=a4a07cdcd09503ecfe3e697cc3266985181ae82a
Certificate serial:       018CC8DED3DC28CAB17A98F2E1A6E5F78C40
Authority key identifier: A4:A0:7C:DC:D0:95:03:EC:FE:3E:69:7C:C3:26:69:85:18:1A:E8:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pKB83NCVA-z-Pml8wyZphRga6Co.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/d8548c-30b1-48a4-ae28-d6b0bc90f2f5/1/ub4OxjYJpzcfpTgkKyzYZu3RSPU.roa
Signing time:             Tue 02 Jan 2024 06:31:35 +0000
ROA not before:           Tue 02 Jan 2024 06:31:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62270
IP address blocks:        193.162.140.0/24 maxlen: 24
                          2a10:8080::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/d8548c-30b1-48a4-ae28-d6b0bc90f2f5/1/pKB83NCVA-z-Pml8wyZphRga6Co.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/d8548c-30b1-48a4-ae28-d6b0bc90f2f5/1/pKB83NCVA-z-Pml8wyZphRga6Co.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pKB83NCVA-z-Pml8wyZphRga6Co.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 18:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:d3:dc:28:ca:b1:7a:98:f2:e1:a6:e5:f7:8c:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4a07cdcd09503ecfe3e697cc3266985181ae82a
        Validity
            Not Before: Jan  2 06:31:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9be0ec63609a7371fa538242b2cd866edd148f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:39:93:81:72:5f:d4:67:4e:1c:fd:91:0c:e8:
                    69:f4:c2:ee:62:f5:fc:25:24:50:0d:86:d1:fa:a7:
                    e8:9d:cb:76:93:33:c8:c1:7b:05:ca:1c:c2:97:38:
                    56:7b:35:6e:6c:82:86:a4:de:b6:88:b9:88:24:b3:
                    1b:68:43:d4:ac:38:cb:39:c1:3e:4d:b7:32:df:2a:
                    6d:1f:df:27:61:3f:6c:8f:12:b8:1a:ae:7f:12:b9:
                    c5:5d:d1:f0:91:61:1c:cd:93:ce:42:76:17:7b:61:
                    9d:2b:92:64:27:7f:c7:6c:b5:af:ee:b8:df:d4:46:
                    44:5d:4c:16:82:3b:b4:7c:d6:03:3e:c6:52:6c:2b:
                    c5:b0:b9:2c:97:b7:26:66:4a:86:c8:a4:8a:fc:9b:
                    9e:e2:d4:32:8c:d7:a7:b5:4b:f8:df:17:46:7f:a9:
                    cb:50:8e:22:32:33:48:2a:96:8e:0a:c7:95:32:29:
                    32:4a:b5:2b:07:eb:7e:b4:d9:76:8a:f5:6d:2f:50:
                    fd:d5:23:98:dc:65:83:13:28:53:03:3a:3d:d9:a4:
                    f1:dd:fc:da:a7:de:4c:0a:b6:ed:f2:2c:9b:b1:76:
                    e9:ed:bc:d8:a1:22:9a:2c:96:b3:11:af:88:1b:32:
                    e0:de:ad:49:47:e2:57:42:7f:6e:73:7d:70:c7:54:
                    9b:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:BE:0E:C6:36:09:A7:37:1F:A5:38:24:2B:2C:D8:66:ED:D1:48:F5
            X509v3 Authority Key Identifier:
                keyid:A4:A0:7C:DC:D0:95:03:EC:FE:3E:69:7C:C3:26:69:85:18:1A:E8:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pKB83NCVA-z-Pml8wyZphRga6Co.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/d8548c-30b1-48a4-ae28-d6b0bc90f2f5/1/ub4OxjYJpzcfpTgkKyzYZu3RSPU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/d8548c-30b1-48a4-ae28-d6b0bc90f2f5/1/pKB83NCVA-z-Pml8wyZphRga6Co.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.162.140.0/24
                IPv6:
                  2a10:8080::/29

    Signature Algorithm: sha256WithRSAEncryption
         77:2a:ca:fc:56:7e:d8:f5:26:f8:0f:84:5d:a3:e1:d0:ce:c5:
         a2:16:f2:e5:6c:e2:c4:f4:bc:5a:52:0b:5c:0d:3b:c4:a4:7c:
         19:5a:4b:e3:1a:c6:1c:c8:08:6f:cd:df:5c:0d:fa:46:14:78:
         42:e0:f3:9d:9e:ba:3f:4f:00:4a:9a:99:fe:b1:c4:ae:65:6c:
         c1:dd:15:7b:47:a0:9b:fb:6b:60:5f:fb:c7:3b:60:a2:75:22:
         52:39:22:c5:4a:7b:42:d2:19:1b:d3:dd:83:78:c3:33:3f:f6:
         09:9e:2b:5c:38:e7:de:38:77:5c:70:3c:58:11:f2:e5:7f:95:
         e0:ac:f5:bf:5d:03:5c:e1:ac:76:28:26:52:d5:66:c0:af:2d:
         28:6d:92:f6:44:f4:ce:df:e7:87:6d:1e:35:f7:4d:38:8a:d1:
         b9:2f:4e:86:49:c1:cf:f3:cb:3d:e0:98:de:2d:8e:71:f3:4a:
         b1:9d:65:b9:07:16:d6:ce:c6:6d:37:d7:32:6b:ae:a7:22:0e:
         fd:6c:29:ac:3e:ae:9b:40:29:f0:55:0f:35:e2:8d:9f:04:9f:
         1e:49:f5:13:2d:16:4f:df:55:c3:e6:e6:47:e9:25:1a:1e:81:
         40:a5:0f:cf:2a:68:bf:93:ac:02:eb:7a:5c:68:a9:45:d3:6c:
         b4:fc:74:f3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3tPcKMqxepjy4abl94xAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0YTA3Y2RjZDA5NTAzZWNmZTNlNjk3Y2MzMjY2OTg1MTgx
YWU4MmEwHhcNMjQwMTAyMDYzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWJlMGVjNjM2MDlhNzM3MWZhNTM4MjQyYjJjZDg2NmVkZDE0OGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnDmTgXJf1GdOHP2RDOhp9MLuYvX8
JSRQDYbR+qfonct2kzPIwXsFyhzClzhWezVubIKGpN62iLmIJLMbaEPUrDjLOcE+
Tbcy3yptH98nYT9sjxK4Gq5/ErnFXdHwkWEczZPOQnYXe2GdK5JkJ3/HbLWv7rjf
1EZEXUwWgju0fNYDPsZSbCvFsLksl7cmZkqGyKSK/Jue4tQyjNentUv43xdGf6nL
UI4iMjNIKpaOCseVMikySrUrB+t+tNl2ivVtL1D91SOY3GWDEyhTAzo92aTx3fza
p95MCrbt8iybsXbp7bzYoSKaLJazEa+IGzLg3q1JR+JXQn9uc31wx1Sb/wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLm+DsY2Cac3H6U4JCss2Gbt0Uj1MB8GA1UdIwQY
MBaAFKSgfNzQlQPs/j5pfMMmaYUYGugqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEtCODNOQ1ZBLXotUG1sOHd5WnBoUmdhNkNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9kODU0OGMtMzBiMS00OGE0LWFlMjgt
ZDZiMGJjOTBmMmY1LzEvdWI0T3hqWUpwemNmcFRna0t5elladTNSU1BVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9kODU0OGMtMzBiMS00OGE0LWFlMjgtZDZiMGJjOTBmMmY1
LzEvcEtCODNOQ1ZBLXotUG1sOHd5WnBoUmdhNkNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwaKMMA0E
AgACMAcDBQMqEICAMA0GCSqGSIb3DQEBCwUAA4IBAQB3Ksr8Vn7Y9Sb4D4Rdo+HQ
zsWiFvLlbOLE9LxaUgtcDTvEpHwZWkvjGsYcyAhvzd9cDfpGFHhC4POdnro/TwBK
mpn+scSuZWzB3RV7R6Cb+2tgX/vHO2CidSJSOSLFSntC0hkb092DeMMzP/YJnitc
OOfeOHdccDxYEfLlf5XgrPW/XQNc4ax2KCZS1WbAry0obZL2RPTO3+eHbR419004
itG5L06GScHP88s94JjeLY5x80qxnWW5BxbWzsZtN9cya66nIg79bCmsPq6bQCnw
VQ814o2fBJ8eSfUTLRZP31XD5uZH6SUaHoFApQ/PKmi/k6wC63pcaKlF02y0/HTz
-----END CERTIFICATE-----