Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/bc59ad-acca-41d2-baa1-9c3effaf2af2/1/Uz_Vioh_nw0iq8oWlMcwzbixI44.roa
File:                     Uz_Vioh_nw0iq8oWlMcwzbixI44.roa (raw, json)
Hash identifier:          azLNNhol7oHbKBpxcKT+gg349gcpBlroogKCnbR+Fv8=
Subject key identifier:   53:3F:D5:8A:88:7F:9F:0D:22:AB:CA:16:94:C7:30:CD:B8:B1:23:8E
Certificate issuer:       /CN=5f83c3976cf00e42cbed53924c4a86556bd70142
Certificate serial:       018CC6B78736A975C6A004CA66846AF3F1D2
Authority key identifier: 5F:83:C3:97:6C:F0:0E:42:CB:ED:53:92:4C:4A:86:55:6B:D7:01:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X4PDl2zwDkLL7VOSTEqGVWvXAUI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/bc59ad-acca-41d2-baa1-9c3effaf2af2/1/Uz_Vioh_nw0iq8oWlMcwzbixI44.roa
Signing time:             Mon 01 Jan 2024 20:29:25 +0000
ROA not before:           Mon 01 Jan 2024 20:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12350
IP address blocks:        81.23.64.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/bc59ad-acca-41d2-baa1-9c3effaf2af2/1/X4PDl2zwDkLL7VOSTEqGVWvXAUI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/bc59ad-acca-41d2-baa1-9c3effaf2af2/1/X4PDl2zwDkLL7VOSTEqGVWvXAUI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X4PDl2zwDkLL7VOSTEqGVWvXAUI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:87:36:a9:75:c6:a0:04:ca:66:84:6a:f3:f1:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f83c3976cf00e42cbed53924c4a86556bd70142
        Validity
            Not Before: Jan  1 20:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=533fd58a887f9f0d22abca1694c730cdb8b1238e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:ea:be:ee:6a:d5:ff:2e:75:12:01:92:01:3c:
                    f2:78:41:ba:90:bd:9f:fc:f8:92:21:d5:75:4e:cc:
                    78:cc:0a:99:83:d2:45:32:de:fc:14:4a:b0:cf:4b:
                    47:0f:c8:6d:85:8e:ac:73:d5:99:ff:5b:de:67:17:
                    59:12:2f:ab:2a:50:9e:d8:81:06:7a:30:6d:ac:12:
                    db:81:40:b9:15:04:2a:bf:6d:a6:1c:f1:7f:70:b3:
                    cc:78:5a:bd:5a:45:2d:3b:5a:b1:9b:59:9d:f9:cd:
                    4c:3e:50:1d:57:25:1f:8e:18:4e:32:ba:4b:06:e8:
                    a3:41:f7:d2:ce:12:13:53:0a:66:98:94:16:64:8f:
                    5c:d0:1e:ef:4e:ba:29:10:18:e0:2b:45:2f:7d:73:
                    8f:39:c3:01:23:74:a6:02:39:96:26:39:09:10:ed:
                    83:66:13:22:db:cc:0b:af:57:72:13:05:c1:01:3e:
                    2e:8e:e9:5a:86:8c:2c:40:8f:a4:21:6f:e9:b5:03:
                    65:c2:18:4c:92:46:68:5e:b2:d4:bf:6c:c7:41:8a:
                    b1:82:d4:97:9c:92:a5:51:6d:7a:fc:ae:94:67:4f:
                    bf:24:8b:53:e9:52:97:a5:22:a2:2e:83:82:ca:84:
                    5d:e7:2b:ba:12:40:e6:c0:22:6d:25:8e:7b:9f:01:
                    50:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:3F:D5:8A:88:7F:9F:0D:22:AB:CA:16:94:C7:30:CD:B8:B1:23:8E
            X509v3 Authority Key Identifier:
                keyid:5F:83:C3:97:6C:F0:0E:42:CB:ED:53:92:4C:4A:86:55:6B:D7:01:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X4PDl2zwDkLL7VOSTEqGVWvXAUI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/bc59ad-acca-41d2-baa1-9c3effaf2af2/1/Uz_Vioh_nw0iq8oWlMcwzbixI44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/bc59ad-acca-41d2-baa1-9c3effaf2af2/1/X4PDl2zwDkLL7VOSTEqGVWvXAUI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.23.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         a5:38:51:83:07:d7:90:8d:5c:a2:cf:81:8e:c5:2e:13:1e:e5:
         b0:39:b9:b1:b8:e2:0d:2d:32:84:fb:63:67:02:5a:ed:a9:c2:
         08:b6:58:e9:98:bd:ef:f3:45:0b:36:da:71:b0:0d:d5:5c:0f:
         8f:8a:da:54:8b:d4:ad:ff:0e:cb:fe:5b:fd:14:0c:eb:aa:60:
         7c:07:7d:69:4c:9e:f9:8d:da:13:c3:98:2e:74:cb:36:b2:1b:
         61:3c:c0:fd:99:db:8d:23:4d:e5:6f:1a:37:87:db:48:e8:12:
         8a:73:e6:bd:a5:5f:c6:7e:25:26:90:b9:28:1a:6d:fa:02:81:
         d9:8a:46:f1:2d:9d:24:f8:e5:97:b2:04:89:08:cd:d3:e5:0b:
         70:d4:57:e1:85:0a:ed:3e:3d:31:7d:e9:8c:36:d2:2b:a4:b5:
         82:3c:f9:e7:b7:d5:af:b2:9c:ca:7c:9f:00:0d:db:44:d3:1f:
         35:d0:04:ba:9a:57:0c:8a:02:ed:0c:ef:41:4f:f1:e6:6c:a9:
         06:45:c8:97:db:31:db:75:b6:33:9d:a7:b0:19:f0:48:2c:a3:
         47:5d:e8:87:25:55:b8:37:f5:b7:22:93:7e:61:d4:da:f6:b0:
         80:c4:21:b2:07:11:c2:ff:b7:cb:d9:f7:9f:60:f0:fb:ee:24:
         35:ee:7b:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt4c2qXXGoATKZoRq8/HSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmODNjMzk3NmNmMDBlNDJjYmVkNTM5MjRjNGE4NjU1NmJk
NzAxNDIwHhcNMjQwMTAxMjAyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzNmZDU4YTg4N2Y5ZjBkMjJhYmNhMTY5NGM3MzBjZGI4YjEyMzhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzeq+7mrV/y51EgGSATzyeEG6kL2f
/PiSIdV1Tsx4zAqZg9JFMt78FEqwz0tHD8hthY6sc9WZ/1veZxdZEi+rKlCe2IEG
ejBtrBLbgUC5FQQqv22mHPF/cLPMeFq9WkUtO1qxm1md+c1MPlAdVyUfjhhOMrpL
BuijQffSzhITUwpmmJQWZI9c0B7vTropEBjgK0UvfXOPOcMBI3SmAjmWJjkJEO2D
ZhMi28wLr1dyEwXBAT4ujulahowsQI+kIW/ptQNlwhhMkkZoXrLUv2zHQYqxgtSX
nJKlUW16/K6UZ0+/JItT6VKXpSKiLoOCyoRd5yu6EkDmwCJtJY57nwFQ4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFM/1YqIf58NIqvKFpTHMM24sSOOMB8GA1UdIwQY
MBaAFF+Dw5ds8A5Cy+1TkkxKhlVr1wFCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDRQRGwyendEa0xMN1ZPU1RFcUdWV3ZYQVVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9iYzU5YWQtYWNjYS00MWQyLWJhYTEt
OWMzZWZmYWYyYWYyLzEvVXpfVmlvaF9udzBpcThvV2xNY3d6Yml4STQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9iYzU5YWQtYWNjYS00MWQyLWJhYTEtOWMzZWZmYWYyYWYy
LzEvWDRQRGwyendEa0xMN1ZPU1RFcUdWV3ZYQVVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEURdAMA0G
CSqGSIb3DQEBCwUAA4IBAQClOFGDB9eQjVyiz4GOxS4THuWwObmxuOINLTKE+2Nn
AlrtqcIItljpmL3v80ULNtpxsA3VXA+PitpUi9St/w7L/lv9FAzrqmB8B31pTJ75
jdoTw5gudMs2shthPMD9mduNI03lbxo3h9tI6BKKc+a9pV/GfiUmkLkoGm36AoHZ
ikbxLZ0k+OWXsgSJCM3T5Qtw1FfhhQrtPj0xfemMNtIrpLWCPPnnt9WvspzKfJ8A
DdtE0x810AS6mlcMigLtDO9BT/HmbKkGRciX2zHbdbYznaewGfBILKNHXeiHJVW4
N/W3IpN+YdTa9rCAxCGyBxHC/7fL2fefYPD77iQ17nvf
-----END CERTIFICATE-----