Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/032d8b-4881-46fa-b674-7733bd888e28/1/UbdDsMop5-XbuLhdDrLsrVbG3f4.roa
File:                     UbdDsMop5-XbuLhdDrLsrVbG3f4.roa (raw, json)
Hash identifier:          cP7QkhG9oIa07nHvK/BU0OdLSy35YlkiMv6rpTFE3Z4=
Subject key identifier:   51:B7:43:B0:CA:29:E7:E5:DB:B8:B8:5D:0E:B2:EC:AD:56:C6:DD:FE
Certificate issuer:       /CN=da0b33cddb799b7bcf5d3dce004fdba8c3e864ff
Certificate serial:       018F8059493C25DEEC60E4FBDEE61E4F4D43
Authority key identifier: DA:0B:33:CD:DB:79:9B:7B:CF:5D:3D:CE:00:4F:DB:A8:C3:E8:64:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gszzdt5m3vPXT3OAE_bqMPoZP8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/032d8b-4881-46fa-b674-7733bd888e28/1/UbdDsMop5-XbuLhdDrLsrVbG3f4.roa
Signing time:             Thu 16 May 2024 07:41:26 +0000
ROA not before:           Thu 16 May 2024 07:41:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57630
IP address blocks:        80.88.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/032d8b-4881-46fa-b674-7733bd888e28/1/2gszzdt5m3vPXT3OAE_bqMPoZP8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/032d8b-4881-46fa-b674-7733bd888e28/1/2gszzdt5m3vPXT3OAE_bqMPoZP8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2gszzdt5m3vPXT3OAE_bqMPoZP8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:80:59:49:3c:25:de:ec:60:e4:fb:de:e6:1e:4f:4d:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da0b33cddb799b7bcf5d3dce004fdba8c3e864ff
        Validity
            Not Before: May 16 07:41:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51b743b0ca29e7e5dbb8b85d0eb2ecad56c6ddfe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:05:70:6d:b2:24:aa:d6:d9:8a:28:f5:ec:79:
                    df:ef:78:09:74:66:b8:64:50:b1:a9:6e:7a:ee:a6:
                    36:b1:23:9a:43:aa:70:b1:02:06:f5:30:01:8f:fc:
                    5c:bb:be:c8:e6:e2:b8:4a:0f:aa:92:39:10:44:a4:
                    a0:be:42:e5:2d:c7:81:c0:b7:d0:e5:2a:5a:44:9c:
                    f8:60:e5:a4:f6:db:66:97:58:6b:c0:af:6a:77:f8:
                    64:8d:4c:ee:65:e0:c1:4f:9a:ef:46:a6:49:62:d4:
                    53:76:74:9d:05:f3:a8:a9:6d:5e:5c:25:e5:5f:01:
                    12:fc:9f:4a:da:6f:bf:8e:3c:9a:56:de:b4:1e:7a:
                    19:46:77:54:c0:eb:36:e0:7f:ca:7e:8e:70:1a:6d:
                    9e:fb:f4:3d:c8:d7:6f:bc:45:93:a6:aa:7a:86:f9:
                    84:5e:ac:4e:74:43:5a:e4:de:77:69:a5:be:eb:4f:
                    bb:d4:1f:7e:d0:cd:11:2e:11:ba:2e:db:69:8f:1c:
                    6e:78:19:f2:7c:21:82:f7:0d:17:96:54:be:56:c5:
                    45:1e:88:e2:26:2a:ab:a8:ea:35:02:ff:dc:bc:54:
                    8c:de:f7:a2:21:71:d9:15:ac:81:2b:52:93:b5:e3:
                    8a:48:1a:1f:d9:26:59:61:85:3a:af:ab:60:d1:bb:
                    5f:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:B7:43:B0:CA:29:E7:E5:DB:B8:B8:5D:0E:B2:EC:AD:56:C6:DD:FE
            X509v3 Authority Key Identifier:
                keyid:DA:0B:33:CD:DB:79:9B:7B:CF:5D:3D:CE:00:4F:DB:A8:C3:E8:64:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gszzdt5m3vPXT3OAE_bqMPoZP8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/032d8b-4881-46fa-b674-7733bd888e28/1/UbdDsMop5-XbuLhdDrLsrVbG3f4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/032d8b-4881-46fa-b674-7733bd888e28/1/2gszzdt5m3vPXT3OAE_bqMPoZP8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.88.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:77:9c:8c:16:20:1e:01:f5:fc:bc:9c:11:58:4b:a6:11:0b:
         35:c2:bd:52:61:35:1d:3c:82:46:d5:9e:f8:a6:ff:60:18:1a:
         22:2d:69:d7:91:85:b6:51:53:ee:22:d7:a1:1c:e3:81:ff:e6:
         63:51:c9:22:75:24:f7:b9:59:b6:2b:73:d7:18:19:0c:b3:fb:
         f5:93:a5:96:c5:9e:be:81:4c:80:dc:e6:2e:93:bc:38:0d:d4:
         42:a2:3c:69:93:12:1a:00:77:48:3e:be:11:2e:2e:1f:bb:44:
         de:dc:a7:20:1c:b0:1f:ee:64:01:80:95:ef:72:d7:e0:38:26:
         04:11:95:f1:e0:e9:1e:f8:ab:8d:57:77:17:55:19:a8:87:a4:
         92:de:04:72:a8:50:a9:39:81:a7:50:64:95:e2:23:c3:20:71:
         97:f2:86:c6:69:4f:74:42:e4:de:e0:a6:60:30:f4:0c:b6:88:
         68:b9:0f:46:9a:61:f4:1a:12:23:87:0b:9a:2f:dd:f5:5c:81:
         32:6d:95:49:d8:98:d7:a4:80:df:bb:42:75:3c:b6:6d:29:fa:
         e9:7e:8d:7c:50:95:cb:b6:db:2a:e2:66:59:09:31:6f:2a:9c:
         0d:6b:51:22:85:a9:5b:7d:d8:bd:e6:e7:3f:71:fe:68:ee:96:
         15:f5:d6:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+AWUk8Jd7sYOT73uYeT01DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMGIzM2NkZGI3OTliN2JjZjVkM2RjZTAwNGZkYmE4YzNl
ODY0ZmYwHhcNMjQwNTE2MDc0MTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWI3NDNiMGNhMjllN2U1ZGJiOGI4NWQwZWIyZWNhZDU2YzZkZGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwVwbbIkqtbZiij17Hnf73gJdGa4
ZFCxqW567qY2sSOaQ6pwsQIG9TABj/xcu77I5uK4Sg+qkjkQRKSgvkLlLceBwLfQ
5SpaRJz4YOWk9ttml1hrwK9qd/hkjUzuZeDBT5rvRqZJYtRTdnSdBfOoqW1eXCXl
XwES/J9K2m+/jjyaVt60HnoZRndUwOs24H/Kfo5wGm2e+/Q9yNdvvEWTpqp6hvmE
XqxOdENa5N53aaW+60+71B9+0M0RLhG6LttpjxxueBnyfCGC9w0XllS+VsVFHoji
JiqrqOo1Av/cvFSM3veiIXHZFayBK1KTteOKSBof2SZZYYU6r6tg0btftwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFG3Q7DKKefl27i4XQ6y7K1Wxt3+MB8GA1UdIwQY
MBaAFNoLM83beZt7z109zgBP26jD6GT/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdzenpkdDVtM3ZQWFQzT0FFX2JxTVBvWlA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8wMzJkOGItNDg4MS00NmZhLWI2NzQt
NzczM2JkODg4ZTI4LzEvVWJkRHNNb3A1LVhidUxoZERyTHNyVmJHM2Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8wMzJkOGItNDg4MS00NmZhLWI2NzQtNzczM2JkODg4ZTI4
LzEvMmdzenpkdDVtM3ZQWFQzT0FFX2JxTVBvWlA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUFh+MA0G
CSqGSIb3DQEBCwUAA4IBAQA8d5yMFiAeAfX8vJwRWEumEQs1wr1SYTUdPIJG1Z74
pv9gGBoiLWnXkYW2UVPuItehHOOB/+ZjUckidST3uVm2K3PXGBkMs/v1k6WWxZ6+
gUyA3OYuk7w4DdRCojxpkxIaAHdIPr4RLi4fu0Te3KcgHLAf7mQBgJXvctfgOCYE
EZXx4Oke+KuNV3cXVRmoh6SS3gRyqFCpOYGnUGSV4iPDIHGX8obGaU90QuTe4KZg
MPQMtohouQ9GmmH0GhIjhwuaL931XIEybZVJ2JjXpIDfu0J1PLZtKfrpfo18UJXL
ttsq4mZZCTFvKpwNa1Eihalbfdi95uc/cf5o7pYV9dbb
-----END CERTIFICATE-----