Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/6c3cd4-5896-425e-95db-ffed50baa0da/1/U-MwDd9nbBSCcFyNdcDPfANhUl4.roa
File:                     U-MwDd9nbBSCcFyNdcDPfANhUl4.roa (raw, json)
Hash identifier:          gfJjn0fyvBNp2VyKfGLQvF2bjm/WooGxf9Dq5lq8KgM=
Subject key identifier:   53:E3:30:0D:DF:67:6C:14:82:70:5C:8D:75:C0:CF:7C:03:61:52:5E
Certificate issuer:       /CN=18db5fcfdc18ef8421e2651f1b26c165a01d53f1
Certificate serial:       018CC7935B77CA8443C6F51438A2E821926A
Authority key identifier: 18:DB:5F:CF:DC:18:EF:84:21:E2:65:1F:1B:26:C1:65:A0:1D:53:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GNtfz9wY74Qh4mUfGybBZaAdU_E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/6c3cd4-5896-425e-95db-ffed50baa0da/1/U-MwDd9nbBSCcFyNdcDPfANhUl4.roa
Signing time:             Tue 02 Jan 2024 00:29:32 +0000
ROA not before:           Tue 02 Jan 2024 00:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56919
IP address blocks:        176.32.40.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/6c3cd4-5896-425e-95db-ffed50baa0da/1/GNtfz9wY74Qh4mUfGybBZaAdU_E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/6c3cd4-5896-425e-95db-ffed50baa0da/1/GNtfz9wY74Qh4mUfGybBZaAdU_E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GNtfz9wY74Qh4mUfGybBZaAdU_E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:5b:77:ca:84:43:c6:f5:14:38:a2:e8:21:92:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18db5fcfdc18ef8421e2651f1b26c165a01d53f1
        Validity
            Not Before: Jan  2 00:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53e3300ddf676c1482705c8d75c0cf7c0361525e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:fc:f5:fb:33:fa:6e:b5:7f:61:6b:27:6a:a1:
                    b6:4d:eb:5b:d7:8b:a4:bd:25:2e:d2:17:a9:39:da:
                    01:ea:28:bf:81:a5:df:96:9b:d3:dc:a4:a3:cb:67:
                    9e:d4:ab:73:fd:7f:0b:c7:14:f6:9b:d8:40:aa:e2:
                    94:ec:68:d2:e8:92:ff:fe:3a:36:bc:e8:a1:53:48:
                    c1:99:39:13:85:34:f2:9e:ae:07:83:01:59:20:d1:
                    f5:9d:fd:d2:4f:51:40:30:fd:b7:3f:d2:ea:a1:e1:
                    4e:20:b5:fc:23:f6:c6:ef:62:2f:52:18:00:11:90:
                    95:ac:ac:58:83:7e:76:f1:2d:eb:0b:42:92:f6:76:
                    cb:0f:3a:e1:19:d3:10:aa:af:47:f9:c8:0c:74:98:
                    3d:7b:4e:15:98:ad:b5:7d:fe:5c:5f:d2:70:6a:be:
                    dd:cb:c6:a6:0d:b7:24:f6:b5:26:fd:46:51:45:7c:
                    78:e2:9c:64:69:a6:d4:16:ab:37:9c:a3:6b:e7:02:
                    e8:7f:e4:ff:7f:ee:8f:51:ac:56:65:67:88:77:66:
                    df:8e:6b:a9:37:fa:54:11:e1:1e:47:1c:76:b2:d2:
                    c2:73:94:6a:a0:d9:da:5a:40:32:2f:a6:0f:2e:e3:
                    43:3f:f7:f1:f1:9d:78:88:2f:f2:57:ca:84:2e:61:
                    ce:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:E3:30:0D:DF:67:6C:14:82:70:5C:8D:75:C0:CF:7C:03:61:52:5E
            X509v3 Authority Key Identifier:
                keyid:18:DB:5F:CF:DC:18:EF:84:21:E2:65:1F:1B:26:C1:65:A0:1D:53:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GNtfz9wY74Qh4mUfGybBZaAdU_E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/6c3cd4-5896-425e-95db-ffed50baa0da/1/U-MwDd9nbBSCcFyNdcDPfANhUl4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/6c3cd4-5896-425e-95db-ffed50baa0da/1/GNtfz9wY74Qh4mUfGybBZaAdU_E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.32.40.0/21

    Signature Algorithm: sha256WithRSAEncryption
         07:3d:ce:0e:a3:df:49:3b:51:33:34:51:ef:1f:da:2a:32:b3:
         8c:8c:7d:99:ea:ed:c3:77:94:77:9d:ed:43:12:e5:2a:b1:47:
         f5:b2:27:71:eb:e2:bf:dd:15:50:23:ff:bf:ce:63:bf:2a:97:
         89:12:8c:a3:6e:a1:fb:8d:76:2d:1f:c3:17:04:f8:45:71:eb:
         cc:8f:c4:e4:4a:1b:ee:93:80:9e:88:94:67:35:f6:c6:41:60:
         94:49:e7:79:8b:81:b7:96:6f:6c:fe:35:df:b8:28:93:d1:29:
         a1:f6:fd:09:ee:05:78:c7:bb:eb:0b:c7:72:7c:ee:fd:1f:54:
         66:b5:fe:dd:67:29:c2:c5:53:8f:a3:e6:57:40:35:f5:99:77:
         18:96:e4:90:24:72:f9:ab:27:b2:bb:c2:78:33:ba:78:85:ab:
         79:ec:8e:96:86:46:0f:49:16:66:57:08:ab:47:92:77:f4:24:
         ae:19:41:28:f7:f3:c8:06:15:17:9a:f8:ce:62:bd:87:57:a9:
         b4:c9:b7:df:14:e3:8b:bd:4b:22:66:7e:45:f7:e2:c5:00:92:
         44:f4:12:12:c2:b8:e4:b8:85:f7:07:09:ce:a0:44:d2:a5:dd:
         29:ee:91:e7:61:00:28:3f:25:64:15:68:f4:f9:bb:c8:87:a2:
         7b:8f:67:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk1t3yoRDxvUUOKLoIZJqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4ZGI1ZmNmZGMxOGVmODQyMWUyNjUxZjFiMjZjMTY1YTAx
ZDUzZjEwHhcNMjQwMTAyMDAyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2UzMzAwZGRmNjc2YzE0ODI3MDVjOGQ3NWMwY2Y3YzAzNjE1MjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnfz1+zP6brV/YWsnaqG2Tetb14uk
vSUu0hepOdoB6ii/gaXflpvT3KSjy2ee1Ktz/X8LxxT2m9hAquKU7GjS6JL//jo2
vOihU0jBmTkThTTynq4HgwFZINH1nf3ST1FAMP23P9LqoeFOILX8I/bG72IvUhgA
EZCVrKxYg3528S3rC0KS9nbLDzrhGdMQqq9H+cgMdJg9e04VmK21ff5cX9Jwar7d
y8amDbck9rUm/UZRRXx44pxkaabUFqs3nKNr5wLof+T/f+6PUaxWZWeId2bfjmup
N/pUEeEeRxx2stLCc5RqoNnaWkAyL6YPLuNDP/fx8Z14iC/yV8qELmHOowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFPjMA3fZ2wUgnBcjXXAz3wDYVJeMB8GA1UdIwQY
MBaAFBjbX8/cGO+EIeJlHxsmwWWgHVPxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR050Zno5d1k3NFFoNG1VZkd5YkJaYUFkVV9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC82YzNjZDQtNTg5Ni00MjVlLTk1ZGIt
ZmZlZDUwYmFhMGRhLzEvVS1Nd0RkOW5iQlNDY0Z5TmRjRFBmQU5oVWw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC82YzNjZDQtNTg5Ni00MjVlLTk1ZGItZmZlZDUwYmFhMGRh
LzEvR050Zno5d1k3NFFoNG1VZkd5YkJaYUFkVV9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDsCAoMA0G
CSqGSIb3DQEBCwUAA4IBAQAHPc4Oo99JO1EzNFHvH9oqMrOMjH2Z6u3Dd5R3ne1D
EuUqsUf1sidx6+K/3RVQI/+/zmO/KpeJEoyjbqH7jXYtH8MXBPhFcevMj8TkShvu
k4CeiJRnNfbGQWCUSed5i4G3lm9s/jXfuCiT0Smh9v0J7gV4x7vrC8dyfO79H1Rm
tf7dZynCxVOPo+ZXQDX1mXcYluSQJHL5qyeyu8J4M7p4hat57I6WhkYPSRZmVwir
R5J39CSuGUEo9/PIBhUXmvjOYr2HV6m0ybffFOOLvUsiZn5F9+LFAJJE9BISwrjk
uIX3BwnOoETSpd0p7pHnYQAoPyVkFWj0+bvIh6J7j2f+
-----END CERTIFICATE-----