Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/b9e6d5-a045-4438-bcaa-9d94fe97f125/1/UApIjDVbl7LGmffFEHba-3Suiwo.roa
File:                     UApIjDVbl7LGmffFEHba-3Suiwo.roa (raw, json)
Hash identifier:          f6YFpxfAgDD9hKvi8ZqGTV20e7r8JkVFOP1LBNxQzKk=
Subject key identifier:   50:0A:48:8C:35:5B:97:B2:C6:99:F7:C5:10:76:DA:FB:74:AE:8B:0A
Certificate issuer:       /CN=1176b92497196085d6fbbd5f1c9929cf2b8230a8
Certificate serial:       018CC5001AA97E6DE8A248BC8D6B14B2E1B5
Authority key identifier: 11:76:B9:24:97:19:60:85:D6:FB:BD:5F:1C:99:29:CF:2B:82:30:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EXa5JJcZYIXW-71fHJkpzyuCMKg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/b9e6d5-a045-4438-bcaa-9d94fe97f125/1/UApIjDVbl7LGmffFEHba-3Suiwo.roa
Signing time:             Mon 01 Jan 2024 12:29:27 +0000
ROA not before:           Mon 01 Jan 2024 12:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50819
IP address blocks:        194.1.169.0/24 maxlen: 24
                          91.234.168.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/b9e6d5-a045-4438-bcaa-9d94fe97f125/1/EXa5JJcZYIXW-71fHJkpzyuCMKg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/b9e6d5-a045-4438-bcaa-9d94fe97f125/1/EXa5JJcZYIXW-71fHJkpzyuCMKg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EXa5JJcZYIXW-71fHJkpzyuCMKg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 12:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:1a:a9:7e:6d:e8:a2:48:bc:8d:6b:14:b2:e1:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1176b92497196085d6fbbd5f1c9929cf2b8230a8
        Validity
            Not Before: Jan  1 12:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=500a488c355b97b2c699f7c51076dafb74ae8b0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:ce:ef:62:89:d7:a1:f7:69:08:de:91:09:52:
                    f0:49:69:75:5c:14:3b:ac:5c:8f:6a:2f:69:d2:85:
                    f0:37:65:03:4a:91:a5:fa:70:bd:29:21:9d:5e:f4:
                    a3:81:cc:2b:e7:54:38:7c:bc:07:2c:01:b3:cd:38:
                    76:d5:c1:59:d0:30:38:af:c9:75:20:54:a6:93:ae:
                    5b:6a:e2:fb:e8:51:c7:a2:b0:43:af:21:67:40:a4:
                    24:1f:33:c5:40:6d:1f:05:b8:eb:48:89:46:f9:76:
                    63:1d:76:45:1b:e0:14:1d:66:37:1c:f4:1c:86:64:
                    b7:5a:de:b6:70:ec:3e:ba:fa:93:48:63:fd:0a:83:
                    c9:76:e9:3f:66:53:08:4b:4a:68:ba:c7:0a:ed:42:
                    4e:78:c7:9c:57:fe:6c:9d:17:87:e1:06:c0:30:6b:
                    0e:79:f2:c0:35:b7:a2:71:af:43:79:8e:3d:fb:1a:
                    84:40:21:b2:2b:d4:6d:bc:d4:5b:74:cb:b1:43:22:
                    78:9b:f5:c1:f5:e2:96:42:00:a8:ae:29:be:11:49:
                    e3:ea:dc:ee:0c:df:2b:1c:69:5d:ad:dc:d7:4f:15:
                    c4:82:56:b2:5b:fa:87:c7:05:6c:0b:6f:d3:b1:8a:
                    aa:4a:8f:3e:1a:ed:03:81:42:ff:b9:c2:6a:65:b3:
                    49:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:0A:48:8C:35:5B:97:B2:C6:99:F7:C5:10:76:DA:FB:74:AE:8B:0A
            X509v3 Authority Key Identifier:
                keyid:11:76:B9:24:97:19:60:85:D6:FB:BD:5F:1C:99:29:CF:2B:82:30:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EXa5JJcZYIXW-71fHJkpzyuCMKg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/b9e6d5-a045-4438-bcaa-9d94fe97f125/1/UApIjDVbl7LGmffFEHba-3Suiwo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/b9e6d5-a045-4438-bcaa-9d94fe97f125/1/EXa5JJcZYIXW-71fHJkpzyuCMKg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.168.0/23
                  194.1.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:92:40:70:76:cf:46:45:e4:02:8b:33:0e:2f:49:b8:4f:25:
         ba:00:d1:0e:00:db:b1:14:bc:7f:56:c6:76:1e:a0:10:19:43:
         50:75:8b:77:ad:33:8e:96:0e:e5:a1:7e:af:4c:c4:d9:af:ee:
         e7:6e:87:2d:01:2c:1c:c8:85:18:df:7f:5c:e1:12:7e:13:a5:
         38:61:46:a5:77:91:38:15:be:59:0f:8a:4e:f2:e5:6f:d6:c5:
         58:5a:fb:fc:3c:d1:28:fa:4c:f1:90:4a:f5:8c:26:ce:ea:a0:
         74:7b:76:59:8e:c1:38:e1:14:75:b6:2e:c8:d3:b6:e9:13:c8:
         a8:43:3f:ad:53:e6:f0:db:7d:25:a7:79:57:aa:c4:d9:c3:be:
         f5:bb:05:12:9f:9e:5a:1c:46:12:35:67:37:f6:fc:fb:1a:d9:
         64:2c:07:c2:77:dd:de:ae:bb:71:47:c9:d3:fd:66:e0:bc:8f:
         9b:ec:b5:cf:3e:6e:49:57:29:92:a5:02:1d:1e:a3:15:98:4d:
         1e:8d:e5:be:0c:b6:8d:cc:80:6a:ec:b6:69:2a:b7:17:38:37:
         ea:65:eb:7c:28:64:98:a6:9d:3c:28:e3:ae:f5:a7:42:99:cc:
         a4:60:ad:a4:92:48:c2:93:fd:6f:ec:76:a5:54:86:af:ae:3f:
         0f:13:0b:4b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFABqpfm3ooki8jWsUsuG1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExNzZiOTI0OTcxOTYwODVkNmZiYmQ1ZjFjOTkyOWNmMmI4
MjMwYTgwHhcNMjQwMTAxMTIyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDBhNDg4YzM1NWI5N2IyYzY5OWY3YzUxMDc2ZGFmYjc0YWU4YjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvc7vYonXofdpCN6RCVLwSWl1XBQ7
rFyPai9p0oXwN2UDSpGl+nC9KSGdXvSjgcwr51Q4fLwHLAGzzTh21cFZ0DA4r8l1
IFSmk65bauL76FHHorBDryFnQKQkHzPFQG0fBbjrSIlG+XZjHXZFG+AUHWY3HPQc
hmS3Wt62cOw+uvqTSGP9CoPJduk/ZlMIS0pouscK7UJOeMecV/5snReH4QbAMGsO
efLANbeica9DeY49+xqEQCGyK9RtvNRbdMuxQyJ4m/XB9eKWQgCorim+EUnj6tzu
DN8rHGldrdzXTxXEglayW/qHxwVsC2/TsYqqSo8+Gu0DgUL/ucJqZbNJswIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFAKSIw1W5eyxpn3xRB22vt0rosKMB8GA1UdIwQY
MBaAFBF2uSSXGWCF1vu9XxyZKc8rgjCoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVhhNUpKY1pZSVhXLTcxZkhKa3B6eXVDTUtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS9iOWU2ZDUtYTA0NS00NDM4LWJjYWEt
OWQ5NGZlOTdmMTI1LzEvVUFwSWpEVmJsN0xHbWZmRkVIYmEtM1N1aXdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS9iOWU2ZDUtYTA0NS00NDM4LWJjYWEtOWQ5NGZlOTdmMTI1
LzEvRVhhNUpKY1pZSVhXLTcxZkhKa3B6eXVDTUtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW+qoAwQA
wgGpMA0GCSqGSIb3DQEBCwUAA4IBAQAlkkBwds9GReQCizMOL0m4TyW6ANEOANux
FLx/VsZ2HqAQGUNQdYt3rTOOlg7loX6vTMTZr+7nboctASwcyIUY339c4RJ+E6U4
YUald5E4Fb5ZD4pO8uVv1sVYWvv8PNEo+kzxkEr1jCbO6qB0e3ZZjsE44RR1ti7I
07bpE8ioQz+tU+bw230lp3lXqsTZw771uwUSn55aHEYSNWc39vz7GtlkLAfCd93e
rrtxR8nT/WbgvI+b7LXPPm5JVymSpQIdHqMVmE0ejeW+DLaNzIBq7LZpKrcXODfq
Zet8KGSYpp08KOOu9adCmcykYK2kkkjCk/1v7HalVIavrj8PEwtL
-----END CERTIFICATE-----