Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/UPLzG0TBw-rX7HWjZDA6-gcxATg.roa
File:                     UPLzG0TBw-rX7HWjZDA6-gcxATg.roa (raw, json)
Hash identifier:          sUaTYq3YOAzI0iP3OGsMicy+8IF9hEdyTbaaDYtCfis=
Subject key identifier:   50:F2:F3:1B:44:C1:C3:EA:D7:EC:75:A3:64:30:3A:FA:07:31:01:38
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       01919560EC253C257AB30BAAADAF8B42BC54
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/UPLzG0TBw-rX7HWjZDA6-gcxATg.roa
Signing time:             Tue 27 Aug 2024 19:47:22 +0000
ROA not before:           Tue 27 Aug 2024 19:47:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31732
IP address blocks:        188.209.155.0/24 maxlen: 24
                          2001:16c0::/29 maxlen: 29
                          2001:16c0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:95:60:ec:25:3c:25:7a:b3:0b:aa:ad:af:8b:42:bc:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Aug 27 19:47:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=50f2f31b44c1c3ead7ec75a364303afa07310138
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:6d:ac:d2:3d:83:62:18:de:b4:fc:a0:d5:5f:
                    00:37:67:0f:3b:db:78:6b:6f:51:57:bf:d1:9b:19:
                    16:7e:fd:0d:50:00:0c:a8:99:ce:fe:3f:78:39:2b:
                    45:6b:0f:44:0b:4b:24:41:f6:a5:96:cf:3e:f7:8f:
                    09:7e:b9:4f:ba:a4:d7:6c:5d:f2:49:59:8e:61:90:
                    41:86:0f:d0:aa:e2:fc:b9:89:76:90:51:e8:d5:ce:
                    d8:47:2b:2c:53:ac:5b:ff:2f:d6:0f:c1:c9:87:8b:
                    66:c0:79:35:f5:56:a8:c4:d4:c4:fc:c9:07:65:6e:
                    ce:a8:ad:63:14:e3:e1:20:b9:5f:bf:d9:3a:72:f8:
                    fa:68:8b:c6:dd:f5:40:4e:7d:63:f2:af:75:05:0f:
                    b5:48:b5:dd:a4:9f:f1:c0:5e:ea:70:75:b2:7b:c1:
                    46:0b:25:d5:6e:59:87:ef:99:0c:5c:53:1b:f4:e4:
                    0f:7f:ae:e0:fb:81:5b:66:ff:09:0e:cd:aa:85:fc:
                    69:14:8c:06:e8:47:b8:27:0f:de:29:71:fd:93:51:
                    89:51:98:bf:3a:bf:ee:24:7a:54:3e:7b:3c:a9:7e:
                    c9:c1:88:56:e6:c3:36:24:32:59:a4:af:d6:38:c3:
                    e1:8a:4a:49:cf:2f:49:72:43:82:a7:05:95:62:cc:
                    13:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:F2:F3:1B:44:C1:C3:EA:D7:EC:75:A3:64:30:3A:FA:07:31:01:38
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/UPLzG0TBw-rX7HWjZDA6-gcxATg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.209.155.0/24
                IPv6:
                  2001:16c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         a9:a9:b0:b1:6c:9b:6a:73:7c:a4:f5:14:aa:a1:d5:39:7e:d3:
         ae:93:6e:04:ef:4e:84:0a:3d:07:14:9a:2d:80:4c:74:71:9f:
         03:69:a0:48:f5:d0:f3:76:b8:fd:ca:06:94:a5:a4:09:d6:77:
         e4:e4:5d:c4:70:d4:33:7e:94:7e:39:90:49:3d:6c:b7:cd:8a:
         41:2a:94:f7:aa:9e:04:12:05:75:78:35:b3:68:0a:67:3c:6c:
         8e:42:6b:e9:c7:e3:0d:49:0e:7b:b4:e3:ec:e2:69:e2:e6:ad:
         b4:87:ae:30:03:62:fd:ba:74:75:c8:73:e7:d6:b9:a2:92:9a:
         78:4e:49:35:40:5f:05:23:a6:21:49:a9:29:59:9c:9b:10:41:
         34:fc:2d:02:9f:c2:f2:5e:90:06:ea:3e:a0:f6:46:2b:87:cf:
         44:36:a1:fb:57:53:f3:52:59:87:b9:f5:27:91:8c:5f:f9:61:
         b5:a3:21:eb:df:1a:8c:3d:a0:5f:c2:19:ea:7d:4f:77:e7:ac:
         f3:0c:23:78:af:d5:2c:3a:41:7e:23:6f:9b:af:0b:15:d7:59:
         09:a7:6d:e3:0d:2a:1c:c7:6a:a8:a8:a5:74:4d:8f:91:c4:dd:
         77:83:3b:73:f1:68:a0:00:66:09:68:8f:13:8c:ff:4a:c6:0e:
         c9:12:8b:86
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZGVYOwlPCV6swuqra+LQrxUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQwODI3MTk0NzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGYyZjMxYjQ0YzFjM2VhZDdlYzc1YTM2NDMwM2FmYTA3MzEwMTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz22s0j2DYhjetPyg1V8AN2cPO9t4
a29RV7/RmxkWfv0NUAAMqJnO/j94OStFaw9EC0skQfalls8+948JfrlPuqTXbF3y
SVmOYZBBhg/QquL8uYl2kFHo1c7YRyssU6xb/y/WD8HJh4tmwHk19VaoxNTE/MkH
ZW7OqK1jFOPhILlfv9k6cvj6aIvG3fVATn1j8q91BQ+1SLXdpJ/xwF7qcHWye8FG
CyXVblmH75kMXFMb9OQPf67g+4FbZv8JDs2qhfxpFIwG6Ee4Jw/eKXH9k1GJUZi/
Or/uJHpUPns8qX7JwYhW5sM2JDJZpK/WOMPhikpJzy9JckOCpwWVYswTPQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFDy8xtEwcPq1+x1o2QwOvoHMQE4MB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvVVBMekcwVEJ3LXJYN0hXalpEQTYtZ2N4QVRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAvNGbMA0E
AgACMAcDBQMgARbAMA0GCSqGSIb3DQEBCwUAA4IBAQCpqbCxbJtqc3yk9RSqodU5
ftOuk24E706ECj0HFJotgEx0cZ8DaaBI9dDzdrj9ygaUpaQJ1nfk5F3EcNQzfpR+
OZBJPWy3zYpBKpT3qp4EEgV1eDWzaApnPGyOQmvpx+MNSQ57tOPs4mni5q20h64w
A2L9unR1yHPn1rmikpp4Tkk1QF8FI6YhSakpWZybEEE0/C0Cn8LyXpAG6j6g9kYr
h89ENqH7V1PzUlmHufUnkYxf+WG1oyHr3xqMPaBfwhnqfU9356zzDCN4r9UsOkF+
I2+brwsV11kJp23jDSocx2qoqKV0TY+RxN13gztz8WigAGYJaI8TjP9Kxg7JEouG
-----END CERTIFICATE-----