Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/3bae86-a8fc-43e6-801a-bca80e47c573/1/u6pZ4cdG4Zwgu2mkcQxxR9LTzRQ.roa
File:                     u6pZ4cdG4Zwgu2mkcQxxR9LTzRQ.roa (raw, json)
Hash identifier:          5wHTbQRjcb/mbbnpSpANPHICF5wiJQZ5d4VpHBFOWsU=
Subject key identifier:   BB:AA:59:E1:C7:46:E1:9C:20:BB:69:A4:71:0C:71:47:D2:D3:CD:14
Certificate issuer:       /CN=8d281989c3b6e58fdc9534ee7eb3e260d1d87749
Certificate serial:       018CC793D99D34BFC0DD2ADC02DA70149E03
Authority key identifier: 8D:28:19:89:C3:B6:E5:8F:DC:95:34:EE:7E:B3:E2:60:D1:D8:77:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jSgZicO25Y_clTTufrPiYNHYd0k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/3bae86-a8fc-43e6-801a-bca80e47c573/1/u6pZ4cdG4Zwgu2mkcQxxR9LTzRQ.roa
Signing time:             Tue 02 Jan 2024 00:30:04 +0000
ROA not before:           Tue 02 Jan 2024 00:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31549
IP address blocks:        185.166.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/3bae86-a8fc-43e6-801a-bca80e47c573/1/jSgZicO25Y_clTTufrPiYNHYd0k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/3bae86-a8fc-43e6-801a-bca80e47c573/1/jSgZicO25Y_clTTufrPiYNHYd0k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jSgZicO25Y_clTTufrPiYNHYd0k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:d9:9d:34:bf:c0:dd:2a:dc:02:da:70:14:9e:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d281989c3b6e58fdc9534ee7eb3e260d1d87749
        Validity
            Not Before: Jan  2 00:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bbaa59e1c746e19c20bb69a4710c7147d2d3cd14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:70:25:08:75:26:76:f4:a7:5d:c5:c6:5a:70:
                    bf:fd:aa:44:4e:6d:fd:90:cd:fa:02:82:dc:7b:ff:
                    ff:2b:c5:ef:7c:6a:82:76:13:18:1e:09:4a:35:6a:
                    f0:71:76:e3:fc:49:c2:20:b9:e9:6c:c6:e9:33:af:
                    2d:11:db:1b:14:69:81:02:c3:f9:45:c8:2c:3e:27:
                    19:c5:31:35:c1:be:f8:74:68:6a:61:9c:6d:41:c5:
                    2f:c3:aa:1f:ce:d4:59:52:7d:cf:8e:76:0d:16:5b:
                    cb:78:37:d2:bb:9d:bb:15:c6:0e:ab:5d:af:32:7a:
                    7d:1a:28:53:d9:b6:cf:2c:a7:ff:f3:db:b1:61:45:
                    49:c1:00:84:b8:f2:61:4a:93:89:56:f1:54:ae:a9:
                    89:16:23:0c:b6:45:84:36:1b:b7:c9:0e:d9:c1:c3:
                    53:bd:b7:3e:53:7e:5a:95:17:40:15:d7:8b:31:3b:
                    54:a1:3c:d7:32:cb:f3:b3:1d:f3:6c:93:cd:59:22:
                    a5:3b:b9:fa:e5:f4:15:1c:2f:54:0a:42:12:e2:f2:
                    4a:de:87:5a:1b:b4:ae:2f:cc:c1:ae:5a:3d:e0:b1:
                    c4:84:a0:da:8f:3c:26:17:ff:f6:9e:76:4f:2d:31:
                    80:c6:7e:e5:a4:49:f6:73:f0:4f:ab:64:4b:21:d7:
                    a4:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:AA:59:E1:C7:46:E1:9C:20:BB:69:A4:71:0C:71:47:D2:D3:CD:14
            X509v3 Authority Key Identifier:
                keyid:8D:28:19:89:C3:B6:E5:8F:DC:95:34:EE:7E:B3:E2:60:D1:D8:77:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jSgZicO25Y_clTTufrPiYNHYd0k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/3bae86-a8fc-43e6-801a-bca80e47c573/1/u6pZ4cdG4Zwgu2mkcQxxR9LTzRQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/3bae86-a8fc-43e6-801a-bca80e47c573/1/jSgZicO25Y_clTTufrPiYNHYd0k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.166.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:a9:ed:9d:c5:23:12:ac:6d:3c:b3:f1:9e:1b:d8:fa:f3:bc:
         1c:70:1a:5f:a5:fa:9a:92:04:ce:88:ea:d6:8d:d3:d1:f2:93:
         1c:71:36:dc:d4:6c:a8:ba:ac:3d:26:dd:0b:62:68:a1:b4:9a:
         0d:de:51:0a:c0:ea:41:cc:50:fa:49:44:54:aa:25:00:7a:47:
         56:f4:44:f5:7a:a7:2d:75:aa:ca:1c:c1:7c:2e:38:21:83:52:
         6b:bd:8d:bf:c1:3c:7c:07:46:f7:33:d3:3b:cd:70:13:1f:b5:
         a3:74:e8:60:e6:41:42:a5:9e:1e:4f:66:dc:c3:0a:f4:47:5d:
         fc:4c:76:03:46:c0:05:ca:21:c1:f5:4d:7a:9a:5c:ab:c3:21:
         f7:b3:12:a5:1b:48:dd:3e:cd:67:23:42:d0:8f:2d:1d:8c:0b:
         14:47:dc:f6:d7:1b:0d:6a:6f:69:65:38:bb:84:c3:08:41:36:
         70:5b:c8:4a:24:9e:1d:dd:c6:4f:fb:68:b9:4f:55:16:35:01:
         43:f0:6b:47:46:da:25:9c:08:3d:65:fe:8c:f0:72:9e:cf:8e:
         b6:88:b0:c5:33:16:5b:64:b0:b4:5d:de:fd:59:a5:12:73:ac:
         ca:3c:ca:0a:68:49:b2:47:79:33:9a:a9:a7:cd:35:f2:8f:9b:
         d8:02:6e:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk9mdNL/A3SrcAtpwFJ4DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMjgxOTg5YzNiNmU1OGZkYzk1MzRlZTdlYjNlMjYwZDFk
ODc3NDkwHhcNMjQwMTAyMDAzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmFhNTllMWM3NDZlMTljMjBiYjY5YTQ3MTBjNzE0N2QyZDNjZDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXAlCHUmdvSnXcXGWnC//apETm39
kM36AoLce///K8XvfGqCdhMYHglKNWrwcXbj/EnCILnpbMbpM68tEdsbFGmBAsP5
RcgsPicZxTE1wb74dGhqYZxtQcUvw6ofztRZUn3PjnYNFlvLeDfSu527FcYOq12v
Mnp9GihT2bbPLKf/89uxYUVJwQCEuPJhSpOJVvFUrqmJFiMMtkWENhu3yQ7ZwcNT
vbc+U35alRdAFdeLMTtUoTzXMsvzsx3zbJPNWSKlO7n65fQVHC9UCkIS4vJK3oda
G7SuL8zBrlo94LHEhKDajzwmF//2nnZPLTGAxn7lpEn2c/BPq2RLIdekkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLuqWeHHRuGcILtppHEMcUfS080UMB8GA1UdIwQY
MBaAFI0oGYnDtuWP3JU07n6z4mDR2HdJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalNnWmljTzI1WV9jbFRUdWZyUGlZTkhZZDBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS8zYmFlODYtYThmYy00M2U2LTgwMWEt
YmNhODBlNDdjNTczLzEvdTZwWjRjZEc0WndndTJta2NReHhSOUxUelJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS8zYmFlODYtYThmYy00M2U2LTgwMWEtYmNhODBlNDdjNTcz
LzEvalNnWmljTzI1WV9jbFRUdWZyUGlZTkhZZDBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaZxMA0G
CSqGSIb3DQEBCwUAA4IBAQAhqe2dxSMSrG08s/GeG9j687wccBpfpfqakgTOiOrW
jdPR8pMccTbc1Gyouqw9Jt0LYmihtJoN3lEKwOpBzFD6SURUqiUAekdW9ET1eqct
darKHMF8Ljghg1JrvY2/wTx8B0b3M9M7zXATH7WjdOhg5kFCpZ4eT2bcwwr0R138
THYDRsAFyiHB9U16mlyrwyH3sxKlG0jdPs1nI0LQjy0djAsUR9z21xsNam9pZTi7
hMMIQTZwW8hKJJ4d3cZP+2i5T1UWNQFD8GtHRtolnAg9Zf6M8HKez462iLDFMxZb
ZLC0Xd79WaUSc6zKPMoKaEmyR3kzmqmnzTXyj5vYAm7E
-----END CERTIFICATE-----