Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/uJD7oFo4aO8qn5sODElgt_rlI-o.roa
File:                     uJD7oFo4aO8qn5sODElgt_rlI-o.roa (raw, json)
Hash identifier:          R6r3iDJvusPjpNLG9ZAsmTQVY6U7Dh7F35UQVKU/8Q4=
Subject key identifier:   B8:90:FB:A0:5A:38:68:EF:2A:9F:9B:0E:0C:49:60:B7:FA:E5:23:EA
Certificate issuer:       /CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
Certificate serial:       018CC9BC8E6C7BE419C7A0079DA913455632
Authority key identifier: 4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/uJD7oFo4aO8qn5sODElgt_rlI-o.roa
Signing time:             Tue 02 Jan 2024 10:33:46 +0000
ROA not before:           Tue 02 Jan 2024 10:33:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     26114
IP address blocks:        212.119.8.0/24 maxlen: 24
                          213.198.53.0/24 maxlen: 24
                          83.231.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 23:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:8e:6c:7b:e4:19:c7:a0:07:9d:a9:13:45:56:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
        Validity
            Not Before: Jan  2 10:33:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b890fba05a3868ef2a9f9b0e0c4960b7fae523ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:99:78:50:fd:65:95:72:98:5d:1a:c6:98:cd:
                    ca:d4:ef:e4:04:17:b9:f3:04:11:61:b0:c7:59:ba:
                    c9:ef:3f:58:0a:da:1c:a9:3a:7e:84:fe:49:5f:3f:
                    cd:00:18:18:da:9c:92:12:21:dc:3e:5a:d8:9b:c0:
                    3d:93:15:b7:49:b6:25:ad:f6:9f:33:a2:b3:97:26:
                    11:38:9b:87:e9:68:2f:5b:9c:1c:c8:f7:60:4c:ca:
                    f0:0a:40:42:35:c5:1b:0c:f6:68:b3:9d:da:bd:a6:
                    a1:40:d5:56:df:7b:a1:21:87:73:4e:1f:a1:2f:7b:
                    2b:ae:7c:6e:ec:ea:d9:93:41:75:aa:ca:d7:81:2d:
                    5a:54:9c:76:79:2d:0b:16:11:bd:f3:7c:8e:31:94:
                    00:52:92:3d:2f:1b:91:3b:8e:9e:ff:1b:79:aa:fd:
                    fc:6f:82:4f:b5:86:25:5c:99:ab:e3:62:d1:d7:fb:
                    a8:69:95:5d:f5:de:46:c2:74:ec:c4:56:17:6b:40:
                    d0:fd:e1:54:69:f6:8c:66:24:0b:b7:10:53:12:a0:
                    5d:05:79:63:e5:7a:04:99:e6:47:88:c8:61:7f:7a:
                    e1:05:47:4d:58:06:41:65:28:d6:df:20:07:7e:29:
                    05:71:e1:c9:44:8f:13:ed:5c:d5:da:05:cc:14:78:
                    f8:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:90:FB:A0:5A:38:68:EF:2A:9F:9B:0E:0C:49:60:B7:FA:E5:23:EA
            X509v3 Authority Key Identifier:
                keyid:4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/uJD7oFo4aO8qn5sODElgt_rlI-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.231.153.0/24
                  212.119.8.0/24
                  213.198.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:cd:2c:a4:91:e0:6e:40:1f:d3:47:74:fb:ed:91:2f:94:4d:
         44:d4:04:73:a3:e1:65:80:73:da:07:26:06:a7:84:39:36:92:
         38:3c:26:46:1e:b6:3f:9b:39:fd:fa:a4:ad:fc:7a:69:5a:0b:
         e4:5b:59:0a:6f:fc:c1:34:5c:a2:8a:8b:27:62:17:0e:a2:f5:
         27:43:23:ce:3d:c5:ce:27:52:1c:60:af:41:b6:79:da:a1:71:
         66:df:d9:51:bd:d1:51:f8:25:b8:0c:69:4f:85:6d:06:e6:b7:
         0f:91:fb:bf:73:7d:bb:1b:42:f9:c2:9d:89:e4:f8:14:70:9e:
         a5:20:42:15:e4:30:e2:ab:47:e5:67:b3:34:f3:0f:f9:2a:8c:
         98:3b:0f:79:0d:96:0f:1c:8b:2b:3a:6d:a6:4b:0b:f1:77:1a:
         4f:80:33:a8:d1:fb:f0:90:62:37:b8:76:ee:63:5d:10:1c:7c:
         6a:14:3d:42:b1:4d:f3:d8:3c:e4:e7:4d:04:15:77:34:b8:13:
         5d:bf:65:dc:91:44:e0:1f:2e:c8:3e:e0:31:d3:27:a7:7e:d6:
         33:ab:76:4c:d1:41:47:ea:22:45:29:b2:80:21:0d:c6:a8:36:
         21:c2:ea:db:51:62:5c:92:6a:11:8f:0e:e0:f5:5d:f7:d5:8a:
         3c:5f:97:d6
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJvI5se+QZx6AHnakTRVYyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNWEyOTIxZmJlYjhhNDQ4ZTdhZTFlYzVhMTFiOGFiODk4
ZDIyZmQwHhcNMjQwMTAyMTAzMzQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODkwZmJhMDVhMzg2OGVmMmE5ZjliMGUwYzQ5NjBiN2ZhZTUyM2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzpl4UP1llXKYXRrGmM3K1O/kBBe5
8wQRYbDHWbrJ7z9YCtocqTp+hP5JXz/NABgY2pySEiHcPlrYm8A9kxW3SbYlrfaf
M6KzlyYROJuH6WgvW5wcyPdgTMrwCkBCNcUbDPZos53avaahQNVW33uhIYdzTh+h
L3srrnxu7OrZk0F1qsrXgS1aVJx2eS0LFhG983yOMZQAUpI9LxuRO46e/xt5qv38
b4JPtYYlXJmr42LR1/uoaZVd9d5GwnTsxFYXa0DQ/eFUafaMZiQLtxBTEqBdBXlj
5XoEmeZHiMhhf3rhBUdNWAZBZSjW3yAHfikFceHJRI8T7VzV2gXMFHj4bQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLiQ+6BaOGjvKp+bDgxJYLf65SPqMB8GA1UdIwQY
MBaAFE1aKSH764pEjnrh7FoRuKuJjSL9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUt
NzgwYTI1Y2QwZGQ5LzEvdUpEN29GbzRhTzhxbjVzT0RFbGd0X3JsSS1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUtNzgwYTI1Y2QwZGQ5
LzEvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAU+eZAwQA
1HcIAwQA1cY1MA0GCSqGSIb3DQEBCwUAA4IBAQBTzSykkeBuQB/TR3T77ZEvlE1E
1ARzo+FlgHPaByYGp4Q5NpI4PCZGHrY/mzn9+qSt/HppWgvkW1kKb/zBNFyiiosn
YhcOovUnQyPOPcXOJ1IcYK9BtnnaoXFm39lRvdFR+CW4DGlPhW0G5rcPkfu/c327
G0L5wp2J5PgUcJ6lIEIV5DDiq0flZ7M08w/5KoyYOw95DZYPHIsrOm2mSwvxdxpP
gDOo0fvwkGI3uHbuY10QHHxqFD1CsU3z2Dzk500EFXc0uBNdv2XckUTgHy7IPuAx
0yenftYzq3ZM0UFH6iJFKbKAIQ3GqDYhwurbUWJckmoRjw7g9V331Yo8X5fW
-----END CERTIFICATE-----