Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/df3c61-78ae-4d1c-a756-6348649774a2/1/ujjA7gAhSggI_fju13FkKMGr8ZQ.roa
File:                     ujjA7gAhSggI_fju13FkKMGr8ZQ.roa (raw, json)
Hash identifier:          5o16JCI3AjgrYKAqSTaLlOHXMvqC/4mSBxI6EUbGSq0=
Subject key identifier:   BA:38:C0:EE:00:21:4A:08:08:FD:F8:EE:D7:71:64:28:C1:AB:F1:94
Certificate issuer:       /CN=51ac7e33744c248f87de2dc63aabf19f6c84b032
Certificate serial:       018CCA2A0E86816D3528E1779433E0F745FB
Authority key identifier: 51:AC:7E:33:74:4C:24:8F:87:DE:2D:C6:3A:AB:F1:9F:6C:84:B0:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uax-M3RMJI-H3i3GOqvxn2yEsDI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/df3c61-78ae-4d1c-a756-6348649774a2/1/ujjA7gAhSggI_fju13FkKMGr8ZQ.roa
Signing time:             Tue 02 Jan 2024 12:33:23 +0000
ROA not before:           Tue 02 Jan 2024 12:33:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49078
IP address blocks:        195.88.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/df3c61-78ae-4d1c-a756-6348649774a2/1/Uax-M3RMJI-H3i3GOqvxn2yEsDI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/df3c61-78ae-4d1c-a756-6348649774a2/1/Uax-M3RMJI-H3i3GOqvxn2yEsDI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uax-M3RMJI-H3i3GOqvxn2yEsDI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 04:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:0e:86:81:6d:35:28:e1:77:94:33:e0:f7:45:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51ac7e33744c248f87de2dc63aabf19f6c84b032
        Validity
            Not Before: Jan  2 12:33:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba38c0ee00214a0808fdf8eed7716428c1abf194
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:c4:da:0c:ca:ee:59:03:f9:81:a1:ea:7b:7e:
                    98:43:78:79:d2:9a:cf:1f:37:c6:66:31:2b:6e:d0:
                    23:2e:f4:26:88:a8:ac:f2:35:c3:29:06:51:bd:c6:
                    0f:68:84:91:86:48:3f:ea:21:ef:46:b9:be:a9:4e:
                    a5:51:3f:6a:4a:99:ed:db:3e:8d:a3:e6:4f:8e:db:
                    7b:b8:a0:e3:a6:c9:38:47:80:16:b0:95:57:8e:e4:
                    55:1d:f5:aa:2f:34:74:39:eb:4d:18:79:fd:f2:37:
                    1a:b0:51:8a:13:a7:e8:6a:4d:ce:db:6c:94:84:b7:
                    b8:1a:24:82:b0:2b:19:01:55:e6:b1:12:bb:25:1d:
                    27:8a:3c:53:8b:02:ca:b9:f5:c1:f8:db:28:89:e5:
                    5f:7f:ad:b9:51:8a:85:dc:72:6d:de:06:e4:19:cf:
                    db:31:eb:50:8c:dd:60:5b:53:58:44:aa:c6:54:c0:
                    33:ef:54:6b:93:1e:b8:93:74:bf:d1:b2:6c:d8:4f:
                    0a:5e:89:44:79:de:53:51:da:27:bd:a0:7b:17:05:
                    62:98:84:46:d2:56:fd:9c:77:87:7d:af:23:94:6d:
                    e8:67:fe:f4:73:27:b7:63:fe:3b:75:22:61:c2:75:
                    17:80:bc:13:e2:1a:a3:14:af:0a:a3:d3:0a:73:e6:
                    05:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:38:C0:EE:00:21:4A:08:08:FD:F8:EE:D7:71:64:28:C1:AB:F1:94
            X509v3 Authority Key Identifier:
                keyid:51:AC:7E:33:74:4C:24:8F:87:DE:2D:C6:3A:AB:F1:9F:6C:84:B0:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uax-M3RMJI-H3i3GOqvxn2yEsDI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/df3c61-78ae-4d1c-a756-6348649774a2/1/ujjA7gAhSggI_fju13FkKMGr8ZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/df3c61-78ae-4d1c-a756-6348649774a2/1/Uax-M3RMJI-H3i3GOqvxn2yEsDI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.88.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:a1:f3:a3:60:a1:5a:34:ea:69:23:a4:ee:2e:0a:94:33:f2:
         65:1c:4f:0a:d8:c9:6f:db:d5:f8:58:8a:90:7d:c9:83:2c:d4:
         25:a6:91:91:8b:80:dd:13:cf:a5:b2:1a:9d:56:b6:3a:a1:30:
         f9:da:60:03:e7:2a:36:a4:c8:d4:f9:37:0e:79:b3:66:6c:fa:
         64:68:7c:21:e2:ee:d8:ff:70:3b:aa:8f:04:f6:72:af:77:2d:
         db:ab:1c:03:f0:51:7e:21:3e:eb:f2:3c:93:c1:41:af:d2:d9:
         6c:4c:dd:77:db:a0:09:d2:f1:14:65:dd:a4:d5:e7:9e:06:3b:
         86:b7:7c:53:2c:89:77:68:16:e7:ed:2a:c1:41:f4:ea:68:4e:
         be:49:e6:4c:6e:b2:6d:0f:24:2d:4a:b7:46:2b:8b:03:93:2f:
         7c:0a:47:5b:e3:d5:0e:2f:61:7d:75:23:a4:62:dd:a7:40:f9:
         09:80:67:e0:8c:1a:2b:89:6f:3e:e0:7d:ba:a1:80:17:78:4c:
         03:b6:57:a8:0a:14:1d:9e:57:7f:9d:6f:67:54:3f:8f:5c:10:
         12:5d:db:cf:6f:95:18:48:90:df:47:09:14:95:1d:1a:d6:8d:
         1b:f0:7c:0e:d0:73:3a:a3:8e:31:ac:0f:1e:a4:e1:5f:82:7d:
         25:fb:26:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKg6GgW01KOF3lDPg90X7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYWM3ZTMzNzQ0YzI0OGY4N2RlMmRjNjNhYWJmMTlmNmM4
NGIwMzIwHhcNMjQwMTAyMTIzMzIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTM4YzBlZTAwMjE0YTA4MDhmZGY4ZWVkNzcxNjQyOGMxYWJmMTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwMTaDMruWQP5gaHqe36YQ3h50prP
HzfGZjErbtAjLvQmiKis8jXDKQZRvcYPaISRhkg/6iHvRrm+qU6lUT9qSpnt2z6N
o+ZPjtt7uKDjpsk4R4AWsJVXjuRVHfWqLzR0OetNGHn98jcasFGKE6foak3O22yU
hLe4GiSCsCsZAVXmsRK7JR0nijxTiwLKufXB+NsoieVff625UYqF3HJt3gbkGc/b
MetQjN1gW1NYRKrGVMAz71Rrkx64k3S/0bJs2E8KXolEed5TUdonvaB7FwVimIRG
0lb9nHeHfa8jlG3oZ/70cye3Y/47dSJhwnUXgLwT4hqjFK8Ko9MKc+YFPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLo4wO4AIUoICP347tdxZCjBq/GUMB8GA1UdIwQY
MBaAFFGsfjN0TCSPh94txjqr8Z9shLAyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWF4LU0zUk1KSS1IM2kzR09xdnhuMnlFc0RJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9kZjNjNjEtNzhhZS00ZDFjLWE3NTYt
NjM0ODY0OTc3NGEyLzEvdWpqQTdnQWhTZ2dJX2ZqdTEzRmtLTUdyOFpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9kZjNjNjEtNzhhZS00ZDFjLWE3NTYtNjM0ODY0OTc3NGEy
LzEvVWF4LU0zUk1KSS1IM2kzR09xdnhuMnlFc0RJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1i3MA0G
CSqGSIb3DQEBCwUAA4IBAQCoofOjYKFaNOppI6TuLgqUM/JlHE8K2Mlv29X4WIqQ
fcmDLNQlppGRi4DdE8+lshqdVrY6oTD52mAD5yo2pMjU+TcOebNmbPpkaHwh4u7Y
/3A7qo8E9nKvdy3bqxwD8FF+IT7r8jyTwUGv0tlsTN1326AJ0vEUZd2k1eeeBjuG
t3xTLIl3aBbn7SrBQfTqaE6+SeZMbrJtDyQtSrdGK4sDky98Ckdb49UOL2F9dSOk
Yt2nQPkJgGfgjBoriW8+4H26oYAXeEwDtleoChQdnld/nW9nVD+PXBASXdvPb5UY
SJDfRwkUlR0a1o0b8HwO0HM6o44xrA8epOFfgn0l+yYj
-----END CERTIFICATE-----