Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/693fe2-fbaf-430f-8a22-1bae93cfa078/1/UD67o1HhlLWeIcw0bTjX3trp_CI.roa
File:                     UD67o1HhlLWeIcw0bTjX3trp_CI.roa (raw, json)
Hash identifier:          OUPpZro8aOFeFisRMTIfLNsk6dCNtIqDMsp6d/uAhdg=
Subject key identifier:   50:3E:BB:A3:51:E1:94:B5:9E:21:CC:34:6D:38:D7:DE:DA:E9:FC:22
Certificate issuer:       /CN=3206b1d207b65c0ebd3f23fa7630016d87b41349
Certificate serial:       018CC72574B177B00F14726EDF5F08C26FFF
Authority key identifier: 32:06:B1:D2:07:B6:5C:0E:BD:3F:23:FA:76:30:01:6D:87:B4:13:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mgax0ge2XA69PyP6djABbYe0E0k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/693fe2-fbaf-430f-8a22-1bae93cfa078/1/UD67o1HhlLWeIcw0bTjX3trp_CI.roa
Signing time:             Mon 01 Jan 2024 22:29:29 +0000
ROA not before:           Mon 01 Jan 2024 22:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15830
IP address blocks:        185.69.44.0/22 maxlen: 24
                          2a05:2000::/29 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/693fe2-fbaf-430f-8a22-1bae93cfa078/1/Mgax0ge2XA69PyP6djABbYe0E0k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/693fe2-fbaf-430f-8a22-1bae93cfa078/1/Mgax0ge2XA69PyP6djABbYe0E0k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mgax0ge2XA69PyP6djABbYe0E0k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:74:b1:77:b0:0f:14:72:6e:df:5f:08:c2:6f:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3206b1d207b65c0ebd3f23fa7630016d87b41349
        Validity
            Not Before: Jan  1 22:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=503ebba351e194b59e21cc346d38d7dedae9fc22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:8d:1e:6e:2d:41:98:0c:e7:c1:d2:52:bd:e4:
                    4b:0c:d9:37:dd:ac:ec:84:dd:f9:32:57:8f:d3:ba:
                    01:09:8f:5b:68:08:f8:01:59:c2:60:36:a3:4e:d8:
                    d8:d2:ee:91:6c:08:f5:db:b9:02:83:97:c0:c7:14:
                    b7:2b:65:09:13:b1:62:c5:5b:05:b7:c2:79:25:9d:
                    1d:4c:d3:58:61:54:20:ca:c7:a0:a5:50:f8:94:78:
                    0b:97:f3:ed:69:60:f8:01:04:04:08:8c:41:af:69:
                    53:68:ba:bd:5a:23:64:c8:31:51:f4:93:07:a2:2f:
                    d2:31:4b:13:eb:54:6b:61:5c:f8:ee:d3:9a:b2:1e:
                    7c:6b:8d:6c:36:f5:02:84:64:cf:40:7b:95:7b:bb:
                    62:2b:12:40:6e:88:4a:26:58:70:0d:d1:31:75:71:
                    74:df:41:10:bf:ef:81:34:de:b0:91:d1:69:e1:9f:
                    41:8b:fa:00:da:3c:39:f2:72:82:2b:40:13:44:31:
                    c8:39:f6:8e:f0:f2:c5:f2:63:6c:ab:ac:35:06:41:
                    b9:35:36:0b:44:fa:26:ee:6e:69:0d:69:80:2b:fe:
                    21:fd:98:18:39:96:fe:d3:bc:3e:3a:95:b6:4a:24:
                    9b:32:86:67:ae:c6:e2:53:bb:fc:46:a9:1b:7d:2d:
                    27:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:3E:BB:A3:51:E1:94:B5:9E:21:CC:34:6D:38:D7:DE:DA:E9:FC:22
            X509v3 Authority Key Identifier:
                keyid:32:06:B1:D2:07:B6:5C:0E:BD:3F:23:FA:76:30:01:6D:87:B4:13:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mgax0ge2XA69PyP6djABbYe0E0k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/693fe2-fbaf-430f-8a22-1bae93cfa078/1/UD67o1HhlLWeIcw0bTjX3trp_CI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/693fe2-fbaf-430f-8a22-1bae93cfa078/1/Mgax0ge2XA69PyP6djABbYe0E0k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.69.44.0/22
                IPv6:
                  2a05:2000::/29

    Signature Algorithm: sha256WithRSAEncryption
         0a:eb:ce:73:fc:f9:f0:5c:ac:48:33:b9:3d:43:1f:25:33:2f:
         fe:f6:0f:9f:c3:fa:1d:dc:b8:49:42:60:cc:cc:0d:82:d5:79:
         15:50:86:e9:94:82:f2:a2:c4:b7:9a:01:6b:93:a6:15:4c:51:
         83:16:b7:d9:15:0e:33:35:7c:84:52:3c:3a:65:45:43:0f:5e:
         90:f9:a2:95:49:e8:4b:28:ac:6d:f2:41:57:71:27:62:91:28:
         ec:82:7c:87:48:32:f5:65:83:c7:ca:a6:62:7e:eb:6d:63:28:
         26:d2:88:d9:92:0f:15:d2:e6:9f:21:f6:3a:12:09:c7:3d:54:
         0e:54:7f:5d:49:41:ee:0c:16:ea:78:c1:49:ea:c0:38:cb:60:
         c7:cf:59:91:20:a1:5d:52:c7:c4:f4:34:9a:b4:67:f6:45:28:
         0c:9d:2e:1b:42:ee:7c:c4:cc:1f:c6:21:c7:b6:af:bc:d7:36:
         3e:3e:58:f6:74:59:e2:07:c1:a0:d7:0a:ef:8e:ce:2b:f6:17:
         0d:00:fa:24:6a:9b:fd:ea:c3:4c:5d:2f:5b:5d:9d:a0:0f:ee:
         ee:3c:f0:6c:83:07:f0:7d:12:35:02:97:ea:1b:4d:f3:d4:2f:
         66:18:6a:0c:e8:0d:8c:32:58:9b:d0:60:40:0b:42:22:24:e7:
         81:ba:9a:fc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJXSxd7APFHJu318Iwm//MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyMDZiMWQyMDdiNjVjMGViZDNmMjNmYTc2MzAwMTZkODdi
NDEzNDkwHhcNMjQwMTAxMjIyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDNlYmJhMzUxZTE5NGI1OWUyMWNjMzQ2ZDM4ZDdkZWRhZTlmYzIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm40ebi1BmAznwdJSveRLDNk33azs
hN35MleP07oBCY9baAj4AVnCYDajTtjY0u6RbAj127kCg5fAxxS3K2UJE7FixVsF
t8J5JZ0dTNNYYVQgysegpVD4lHgLl/PtaWD4AQQECIxBr2lTaLq9WiNkyDFR9JMH
oi/SMUsT61RrYVz47tOash58a41sNvUChGTPQHuVe7tiKxJAbohKJlhwDdExdXF0
30EQv++BNN6wkdFp4Z9Bi/oA2jw58nKCK0ATRDHIOfaO8PLF8mNsq6w1BkG5NTYL
RPom7m5pDWmAK/4h/ZgYOZb+07w+OpW2SiSbMoZnrsbiU7v8RqkbfS0nxwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFA+u6NR4ZS1niHMNG04197a6fwiMB8GA1UdIwQY
MBaAFDIGsdIHtlwOvT8j+nYwAW2HtBNJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWdheDBnZTJYQTY5UHlQNmRqQUJiWWUwRTBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy82OTNmZTItZmJhZi00MzBmLThhMjIt
MWJhZTkzY2ZhMDc4LzEvVUQ2N28xSGhsTFdlSWN3MGJUalgzdHJwX0NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy82OTNmZTItZmJhZi00MzBmLThhMjItMWJhZTkzY2ZhMDc4
LzEvTWdheDBnZTJYQTY5UHlQNmRqQUJiWWUwRTBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuUUsMA0E
AgACMAcDBQMqBSAAMA0GCSqGSIb3DQEBCwUAA4IBAQAK685z/PnwXKxIM7k9Qx8l
My/+9g+fw/od3LhJQmDMzA2C1XkVUIbplILyosS3mgFrk6YVTFGDFrfZFQ4zNXyE
Ujw6ZUVDD16Q+aKVSehLKKxt8kFXcSdikSjsgnyHSDL1ZYPHyqZifuttYygm0ojZ
kg8V0uafIfY6EgnHPVQOVH9dSUHuDBbqeMFJ6sA4y2DHz1mRIKFdUsfE9DSatGf2
RSgMnS4bQu58xMwfxiHHtq+81zY+Plj2dFniB8Gg1wrvjs4r9hcNAPokapv96sNM
XS9bXZ2gD+7uPPBsgwfwfRI1ApfqG03z1C9mGGoM6A2MMlib0GBAC0IiJOeBupr8
-----END CERTIFICATE-----