Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/9cb5fb-ab65-4a2b-88dd-2ef7165b21b5/1/UrIeKRdUwuAvlN0mm6Oc3iRfOaE.roa
File:                     UrIeKRdUwuAvlN0mm6Oc3iRfOaE.roa (raw, json)
Hash identifier:          IqvGfZBQEYveO/mS/ynngSUjkNMal6qkTGeEb3hflCI=
Subject key identifier:   52:B2:1E:29:17:54:C2:E0:2F:94:DD:26:9B:A3:9C:DE:24:5F:39:A1
Certificate issuer:       /CN=9b5337bd1a7c5ee9c57a73b0a33c61219cd2a9cb
Certificate serial:       018CC6B8DD0CAC858068870D6255ABF7140E
Authority key identifier: 9B:53:37:BD:1A:7C:5E:E9:C5:7A:73:B0:A3:3C:61:21:9C:D2:A9:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m1M3vRp8XunFenOwozxhIZzSqcs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/9cb5fb-ab65-4a2b-88dd-2ef7165b21b5/1/UrIeKRdUwuAvlN0mm6Oc3iRfOaE.roa
Signing time:             Mon 01 Jan 2024 20:30:53 +0000
ROA not before:           Mon 01 Jan 2024 20:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     786
IP address blocks:        149.153.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/9cb5fb-ab65-4a2b-88dd-2ef7165b21b5/1/m1M3vRp8XunFenOwozxhIZzSqcs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/9cb5fb-ab65-4a2b-88dd-2ef7165b21b5/1/m1M3vRp8XunFenOwozxhIZzSqcs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m1M3vRp8XunFenOwozxhIZzSqcs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:dd:0c:ac:85:80:68:87:0d:62:55:ab:f7:14:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b5337bd1a7c5ee9c57a73b0a33c61219cd2a9cb
        Validity
            Not Before: Jan  1 20:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=52b21e291754c2e02f94dd269ba39cde245f39a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:29:77:e0:9a:b9:3a:ef:ee:47:d7:33:89:97:
                    05:0c:f3:8c:c5:0d:a3:bc:e9:86:f5:23:84:8e:a5:
                    39:b9:3c:c5:1c:66:8b:ff:20:74:9d:0c:4a:b1:33:
                    35:2b:e1:b3:a2:67:45:31:cc:01:21:b1:fe:29:51:
                    45:8a:e5:28:3b:3d:29:f6:73:62:36:41:54:73:3c:
                    24:1f:12:d5:71:ce:e3:7f:06:08:b7:85:05:36:cc:
                    71:00:39:ba:4c:22:4e:ab:5c:82:f4:1e:a7:27:2f:
                    d1:25:10:d3:e0:22:92:34:a5:30:2e:02:d6:fa:30:
                    73:ed:0f:2d:dc:f3:f4:0c:2b:7c:0a:3f:f5:fb:14:
                    63:a8:4f:a9:5f:7a:fb:b0:e6:a4:68:73:f6:85:74:
                    f8:41:ec:92:4e:9b:4b:fb:90:45:c7:f5:22:6c:cb:
                    c4:16:7c:01:10:1c:52:58:a7:6d:2a:79:73:05:66:
                    8e:c7:a2:a0:cd:b8:bc:e5:56:c4:0b:92:01:1b:2e:
                    58:ef:a8:bb:1c:b8:e5:be:3d:6b:a1:4e:63:53:61:
                    50:97:96:84:4d:74:bc:5f:ec:bb:b2:34:b0:29:4c:
                    cf:b2:4d:52:b1:42:90:8b:64:8a:1a:4b:1e:fc:8c:
                    00:ea:ab:d3:b0:08:44:8a:7a:43:2e:f2:f2:5e:ce:
                    7f:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:B2:1E:29:17:54:C2:E0:2F:94:DD:26:9B:A3:9C:DE:24:5F:39:A1
            X509v3 Authority Key Identifier:
                keyid:9B:53:37:BD:1A:7C:5E:E9:C5:7A:73:B0:A3:3C:61:21:9C:D2:A9:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m1M3vRp8XunFenOwozxhIZzSqcs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/9cb5fb-ab65-4a2b-88dd-2ef7165b21b5/1/UrIeKRdUwuAvlN0mm6Oc3iRfOaE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/9cb5fb-ab65-4a2b-88dd-2ef7165b21b5/1/m1M3vRp8XunFenOwozxhIZzSqcs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.153.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         7b:a3:f4:45:fe:54:0b:06:b5:31:8c:81:b2:ae:92:f3:d5:59:
         63:79:5e:4f:70:56:d5:95:2b:51:b3:5b:72:eb:8c:45:d2:42:
         fc:09:26:1d:a5:79:dc:49:f5:28:9d:61:93:b6:01:91:e6:75:
         58:b1:4d:83:60:27:e3:ec:64:4b:dc:4b:df:1c:b5:80:6b:3e:
         85:ae:ae:e9:ce:c4:53:34:a8:cf:7e:21:76:49:89:d6:e5:e6:
         b5:82:95:69:56:bd:81:79:cb:78:dc:38:3b:78:07:89:e5:f7:
         41:48:ad:d3:04:01:68:b0:fc:ae:24:6e:74:22:13:0d:51:b0:
         bc:a7:fd:9a:03:c0:c6:ed:0a:5e:8e:fe:d9:04:9b:f0:b8:7f:
         b1:d8:e1:b9:f1:04:49:a6:b3:21:1a:e0:16:59:03:b6:b1:30:
         78:3b:8f:fd:37:da:a9:db:7e:77:4e:3a:5d:67:5f:87:ee:2d:
         a6:52:47:e6:91:fe:9c:39:cc:c6:70:08:25:64:68:25:23:ad:
         de:d5:03:4b:3c:51:5a:68:ae:dc:e2:46:f6:26:05:27:84:b2:
         c6:ef:d8:72:dd:3f:72:28:81:f5:5a:b1:7d:9b:f0:52:b8:b4:
         24:70:47:04:7f:70:89:c4:56:63:19:ff:f9:08:c4:93:89:e0:
         b7:08:c7:13
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzGuN0MrIWAaIcNYlWr9xQOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliNTMzN2JkMWE3YzVlZTljNTdhNzNiMGEzM2M2MTIxOWNk
MmE5Y2IwHhcNMjQwMTAxMjAzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmIyMWUyOTE3NTRjMmUwMmY5NGRkMjY5YmEzOWNkZTI0NWYzOWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1il34Jq5Ou/uR9cziZcFDPOMxQ2j
vOmG9SOEjqU5uTzFHGaL/yB0nQxKsTM1K+GzomdFMcwBIbH+KVFFiuUoOz0p9nNi
NkFUczwkHxLVcc7jfwYIt4UFNsxxADm6TCJOq1yC9B6nJy/RJRDT4CKSNKUwLgLW
+jBz7Q8t3PP0DCt8Cj/1+xRjqE+pX3r7sOakaHP2hXT4QeySTptL+5BFx/UibMvE
FnwBEBxSWKdtKnlzBWaOx6Kgzbi85VbEC5IBGy5Y76i7HLjlvj1roU5jU2FQl5aE
TXS8X+y7sjSwKUzPsk1SsUKQi2SKGkse/IwA6qvTsAhEinpDLvLyXs5/kQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFFKyHikXVMLgL5TdJpujnN4kXzmhMB8GA1UdIwQY
MBaAFJtTN70afF7pxXpzsKM8YSGc0qnLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTFNM3ZScDhYdW5GZW5Pd296eGhJWnpTcWNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS85Y2I1ZmItYWI2NS00YTJiLTg4ZGQt
MmVmNzE2NWIyMWI1LzEvVXJJZUtSZFV3dUF2bE4wbW02T2MzaVJmT2FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS85Y2I1ZmItYWI2NS00YTJiLTg4ZGQtMmVmNzE2NWIyMWI1
LzEvbTFNM3ZScDhYdW5GZW5Pd296eGhJWnpTcWNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAlZkwDQYJ
KoZIhvcNAQELBQADggEBAHuj9EX+VAsGtTGMgbKukvPVWWN5Xk9wVtWVK1GzW3Lr
jEXSQvwJJh2ledxJ9SidYZO2AZHmdVixTYNgJ+PsZEvcS98ctYBrPoWurunOxFM0
qM9+IXZJidbl5rWClWlWvYF5y3jcODt4B4nl90FIrdMEAWiw/K4kbnQiEw1RsLyn
/ZoDwMbtCl6O/tkEm/C4f7HY4bnxBEmmsyEa4BZZA7axMHg7j/032qnbfndOOl1n
X4fuLaZSR+aR/pw5zMZwCCVkaCUjrd7VA0s8UVportziRvYmBSeEssbv2HLdP3Io
gfVasX2b8FK4tCRwRwR/cInEVmMZ//kIxJOJ4LcIxxM=
-----END CERTIFICATE-----