Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/767bd0-b0ef-4114-a58e-ff86bf881648/1/UWha6IpIWQ8UypUBu2xJP35Noak.roa
File:                     UWha6IpIWQ8UypUBu2xJP35Noak.roa (raw, json)
Hash identifier:          APpp9qRI+bgAYEyBZMTsZh2ojQ/6snuXEGt50MZDsIc=
Subject key identifier:   51:68:5A:E8:8A:48:59:0F:14:CA:95:01:BB:6C:49:3F:7E:4D:A1:A9
Certificate issuer:       /CN=839a9a1b7e11fde77e4e1f57ff11864cee21f165
Certificate serial:       019252803C871E7674B3BC7A06CC08BD6F66
Authority key identifier: 83:9A:9A:1B:7E:11:FD:E7:7E:4E:1F:57:FF:11:86:4C:EE:21:F1:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g5qaG34R_ed-Th9X_xGGTO4h8WU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/767bd0-b0ef-4114-a58e-ff86bf881648/1/UWha6IpIWQ8UypUBu2xJP35Noak.roa
Signing time:             Thu 03 Oct 2024 13:09:48 +0000
ROA not before:           Thu 03 Oct 2024 13:09:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56985
IP address blocks:        141.105.112.0/21 maxlen: 21
                          185.111.112.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/767bd0-b0ef-4114-a58e-ff86bf881648/1/g5qaG34R_ed-Th9X_xGGTO4h8WU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/767bd0-b0ef-4114-a58e-ff86bf881648/1/g5qaG34R_ed-Th9X_xGGTO4h8WU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g5qaG34R_ed-Th9X_xGGTO4h8WU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 19:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:52:80:3c:87:1e:76:74:b3:bc:7a:06:cc:08:bd:6f:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=839a9a1b7e11fde77e4e1f57ff11864cee21f165
        Validity
            Not Before: Oct  3 13:09:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51685ae88a48590f14ca9501bb6c493f7e4da1a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:45:33:37:d9:f3:08:85:e4:4a:47:7d:74:33:
                    3c:c2:ee:64:85:02:ab:ed:ad:6b:49:2f:76:e6:65:
                    0b:b1:60:bd:b1:71:13:f0:d5:f5:f8:65:59:90:ab:
                    26:f2:f3:c4:03:a3:d6:1a:2f:e0:ad:df:c1:33:26:
                    b0:fc:c9:3d:58:e5:c0:0b:d8:5d:b5:5d:30:8b:33:
                    bf:e8:9b:d6:d2:bd:77:b0:9f:b3:ca:3c:72:0d:a0:
                    44:7f:ad:75:1e:60:0e:df:88:14:e1:4b:d4:e6:c8:
                    b7:c9:0b:7d:bf:bc:88:08:4b:5f:82:d8:b5:7a:e3:
                    6a:0f:53:8a:0d:5a:81:f1:b9:6e:f4:eb:c6:71:eb:
                    68:82:2f:29:9e:f3:7f:f5:27:05:6f:70:b5:65:fa:
                    d2:cc:19:16:57:6e:d4:54:32:be:85:fa:e3:8b:bd:
                    8c:60:1f:ff:66:0a:54:30:93:8a:43:50:94:33:f2:
                    b8:2e:6c:62:d0:c0:83:ab:97:08:e2:ad:18:1e:7b:
                    d4:f9:d9:bb:6e:b3:76:77:1f:1d:c8:40:f4:ac:71:
                    62:15:9e:1a:82:c0:5c:d2:3f:c3:18:d4:bd:6a:eb:
                    22:b6:d3:be:49:8e:1b:b1:13:b9:b8:2e:ec:4e:61:
                    71:3a:2b:d9:ec:3c:56:b9:0c:3c:de:bd:a8:03:98:
                    4d:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:68:5A:E8:8A:48:59:0F:14:CA:95:01:BB:6C:49:3F:7E:4D:A1:A9
            X509v3 Authority Key Identifier:
                keyid:83:9A:9A:1B:7E:11:FD:E7:7E:4E:1F:57:FF:11:86:4C:EE:21:F1:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g5qaG34R_ed-Th9X_xGGTO4h8WU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/767bd0-b0ef-4114-a58e-ff86bf881648/1/UWha6IpIWQ8UypUBu2xJP35Noak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/767bd0-b0ef-4114-a58e-ff86bf881648/1/g5qaG34R_ed-Th9X_xGGTO4h8WU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.105.112.0/21
                  185.111.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         12:f6:e6:41:29:db:43:c9:68:88:a5:c3:3d:5b:18:ba:b1:f2:
         b7:f4:ef:9a:ec:10:f2:23:e7:5e:3e:ed:08:70:77:71:14:7d:
         30:04:fb:3a:7a:f6:c0:cf:15:a2:a3:34:d4:ca:dc:f3:db:e7:
         31:ef:97:ff:55:4b:d9:fc:1c:c2:d4:95:df:9e:e5:74:54:65:
         15:05:bb:c5:26:2b:c7:0f:f8:e2:43:ef:8c:d0:64:ea:a6:43:
         9d:97:9a:cc:d2:83:0a:f4:27:14:42:42:96:48:82:08:65:3b:
         3e:46:79:e0:6d:99:97:47:84:93:1b:6c:13:0a:ba:b6:d1:3a:
         29:22:49:d5:85:d5:79:8d:bd:e1:ca:11:be:0e:24:5b:c6:e3:
         25:17:d5:41:7c:1c:a5:12:e3:d0:a4:83:f5:b2:2a:4a:8d:92:
         02:7b:df:cd:73:24:0e:77:4f:f8:eb:de:4f:0f:b6:ae:34:e5:
         c5:34:94:a6:5b:98:a6:b3:37:9e:88:10:a9:bd:fe:73:28:96:
         aa:28:ad:92:2e:65:f3:4a:e4:6b:a9:bc:92:15:b3:fd:2a:14:
         b4:53:db:a1:ff:cf:83:6d:5c:b2:82:65:be:ef:3a:9d:fe:7c:
         81:2d:85:d0:1a:cd:5c:61:c7:5f:5c:2e:77:c1:f4:1d:94:49:
         52:43:d2:ad
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZJSgDyHHnZ0s7x6BswIvW9mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzOWE5YTFiN2UxMWZkZTc3ZTRlMWY1N2ZmMTE4NjRjZWUy
MWYxNjUwHhcNMjQxMDAzMTMwOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTY4NWFlODhhNDg1OTBmMTRjYTk1MDFiYjZjNDkzZjdlNGRhMWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn0UzN9nzCIXkSkd9dDM8wu5khQKr
7a1rSS925mULsWC9sXET8NX1+GVZkKsm8vPEA6PWGi/grd/BMyaw/Mk9WOXAC9hd
tV0wizO/6JvW0r13sJ+zyjxyDaBEf611HmAO34gU4UvU5si3yQt9v7yICEtfgti1
euNqD1OKDVqB8blu9OvGcetogi8pnvN/9ScFb3C1ZfrSzBkWV27UVDK+hfrji72M
YB//ZgpUMJOKQ1CUM/K4Lmxi0MCDq5cI4q0YHnvU+dm7brN2dx8dyED0rHFiFZ4a
gsBc0j/DGNS9ausittO+SY4bsRO5uC7sTmFxOivZ7DxWuQw83r2oA5hNxwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFFoWuiKSFkPFMqVAbtsST9+TaGpMB8GA1UdIwQY
MBaAFIOamht+Ef3nfk4fV/8RhkzuIfFlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzVxYUczNFJfZWQtVGg5WF94R0dUTzRoOFdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC83NjdiZDAtYjBlZi00MTE0LWE1OGUt
ZmY4NmJmODgxNjQ4LzEvVVdoYTZJcElXUThVeXBVQnUyeEpQMzVOb2FrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC83NjdiZDAtYjBlZi00MTE0LWE1OGUtZmY4NmJmODgxNjQ4
LzEvZzVxYUczNFJfZWQtVGg5WF94R0dUTzRoOFdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDjWlwAwQC
uW9wMA0GCSqGSIb3DQEBCwUAA4IBAQAS9uZBKdtDyWiIpcM9Wxi6sfK39O+a7BDy
I+dePu0IcHdxFH0wBPs6evbAzxWiozTUytzz2+cx75f/VUvZ/BzC1JXfnuV0VGUV
BbvFJivHD/jiQ++M0GTqpkOdl5rM0oMK9CcUQkKWSIIIZTs+RnngbZmXR4STG2wT
Crq20TopIknVhdV5jb3hyhG+DiRbxuMlF9VBfBylEuPQpIP1sipKjZICe9/NcyQO
d0/4695PD7auNOXFNJSmW5imszeeiBCpvf5zKJaqKK2SLmXzSuRrqbySFbP9KhS0
U9uh/8+DbVyygmW+7zqd/nyBLYXQGs1cYcdfXC53wfQdlElSQ9Kt
-----END CERTIFICATE-----