Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/fae443-198b-432e-b419-3e6fbe379e83/1/UJtvMYsRtpQs7oXJIYuG2cwbFTU.roa
File:                     UJtvMYsRtpQs7oXJIYuG2cwbFTU.roa (raw, json)
Hash identifier:          DrfJ6s0Gv88FOIz3YFwASt4RqHXcM9t9Ycy35Y/B8lk=
Subject key identifier:   50:9B:6F:31:8B:11:B6:94:2C:EE:85:C9:21:8B:86:D9:CC:1B:15:35
Certificate issuer:       /CN=e2b5b08dc433f8e9f77727cb51f6ba24bdd5f39a
Certificate serial:       018D555728C38EF38B7B60D73EAC7971539D
Authority key identifier: E2:B5:B0:8D:C4:33:F8:E9:F7:77:27:CB:51:F6:BA:24:BD:D5:F3:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4rWwjcQz-On3dyfLUfa6JL3V85o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/fae443-198b-432e-b419-3e6fbe379e83/1/UJtvMYsRtpQs7oXJIYuG2cwbFTU.roa
Signing time:             Mon 29 Jan 2024 13:09:51 +0000
ROA not before:           Mon 29 Jan 2024 13:09:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210767
IP address blocks:        5.183.151.0/24 maxlen: 24
                          193.161.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/fae443-198b-432e-b419-3e6fbe379e83/1/4rWwjcQz-On3dyfLUfa6JL3V85o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/fae443-198b-432e-b419-3e6fbe379e83/1/4rWwjcQz-On3dyfLUfa6JL3V85o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4rWwjcQz-On3dyfLUfa6JL3V85o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:55:57:28:c3:8e:f3:8b:7b:60:d7:3e:ac:79:71:53:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2b5b08dc433f8e9f77727cb51f6ba24bdd5f39a
        Validity
            Not Before: Jan 29 13:09:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=509b6f318b11b6942cee85c9218b86d9cc1b1535
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:32:40:07:ca:18:b0:5b:9f:a1:bc:74:30:b3:
                    fd:b5:c4:b3:30:d0:e2:66:72:b8:38:3a:ce:f2:c7:
                    8b:d9:96:05:24:78:a1:8f:7c:dc:c8:f0:c1:72:a9:
                    6d:39:9f:46:02:34:3b:3e:60:b9:30:96:85:85:2a:
                    bd:0e:88:ec:87:23:a3:5f:5f:a1:bf:bc:05:15:75:
                    46:1f:dc:3c:09:8b:1e:a9:eb:b0:71:f9:10:ec:61:
                    e8:74:0a:5e:eb:d9:27:7a:06:ef:d7:3e:d1:bc:0d:
                    c0:44:47:7b:2d:c4:ee:08:54:13:c1:3d:73:78:ef:
                    d0:b6:2c:b7:8e:1a:97:ea:f6:86:a7:1f:98:29:6f:
                    35:d2:16:1f:ab:bb:95:bf:66:b2:45:2a:0c:ca:b0:
                    12:50:79:1a:1b:cb:22:6c:35:64:96:7f:64:34:1a:
                    a5:49:b2:cf:f4:cb:7c:e3:fd:80:3a:79:db:d4:fd:
                    02:31:97:c4:c5:28:31:c7:2e:aa:96:31:bd:62:a7:
                    79:04:42:8b:1d:68:9b:30:a9:7d:da:ec:51:6f:e1:
                    a1:4b:13:86:da:eb:11:39:fa:2d:a9:65:0d:32:5c:
                    ba:ad:eb:c1:89:65:6e:cb:85:96:ce:13:ed:60:63:
                    1e:e2:f3:e4:6f:fb:7c:ad:1b:fc:e7:13:8e:80:66:
                    31:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:9B:6F:31:8B:11:B6:94:2C:EE:85:C9:21:8B:86:D9:CC:1B:15:35
            X509v3 Authority Key Identifier:
                keyid:E2:B5:B0:8D:C4:33:F8:E9:F7:77:27:CB:51:F6:BA:24:BD:D5:F3:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4rWwjcQz-On3dyfLUfa6JL3V85o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/fae443-198b-432e-b419-3e6fbe379e83/1/UJtvMYsRtpQs7oXJIYuG2cwbFTU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/fae443-198b-432e-b419-3e6fbe379e83/1/4rWwjcQz-On3dyfLUfa6JL3V85o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.151.0/24
                  193.161.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:c1:4a:51:2c:b5:36:22:2d:94:40:98:6e:b0:77:69:c4:05:
         76:31:18:8e:75:1f:84:cd:fb:5d:a5:e8:99:8d:ba:95:92:36:
         7a:a5:bd:c4:1d:05:25:4c:24:76:77:d5:0a:a7:c2:a4:65:5a:
         10:10:69:f1:79:a2:e9:ad:29:91:ba:1e:9b:32:f4:d5:32:80:
         44:24:22:d4:ef:44:5d:b4:6d:ea:ab:e7:34:81:9a:14:f4:38:
         21:40:7c:cc:6d:ef:e3:26:c9:4a:71:49:ee:97:af:71:9a:a7:
         e1:10:d3:c3:be:34:3f:7c:33:31:d2:74:3b:57:9b:9f:2b:88:
         52:0e:3d:53:00:4d:7b:fa:59:dd:e8:57:8f:17:1f:98:91:d6:
         f1:d8:32:25:46:0a:2d:1a:b2:fb:cc:1b:44:a3:08:95:4b:13:
         6b:72:b0:f4:1c:e3:19:11:a0:88:c6:04:6c:fa:6e:69:db:16:
         e5:03:84:1c:03:15:73:be:ea:e9:38:8c:e1:01:46:be:83:84:
         e1:31:e6:51:e5:68:3b:b2:b9:ce:af:eb:5f:93:a4:62:35:8a:
         4d:e5:28:f9:59:47:ae:ed:9a:f2:4d:19:e3:ed:28:bf:35:8a:
         37:f7:93:1d:1e:84:ca:75:31:6b:61:44:d1:45:6f:8c:c9:91:
         8f:44:a1:3f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY1VVyjDjvOLe2DXPqx5cVOdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYjViMDhkYzQzM2Y4ZTlmNzc3MjdjYjUxZjZiYTI0YmRk
NWYzOWEwHhcNMjQwMTI5MTMwOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDliNmYzMThiMTFiNjk0MmNlZTg1YzkyMThiODZkOWNjMWIxNTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnTJAB8oYsFufobx0MLP9tcSzMNDi
ZnK4ODrO8seL2ZYFJHihj3zcyPDBcqltOZ9GAjQ7PmC5MJaFhSq9DojshyOjX1+h
v7wFFXVGH9w8CYseqeuwcfkQ7GHodApe69knegbv1z7RvA3AREd7LcTuCFQTwT1z
eO/Qtiy3jhqX6vaGpx+YKW810hYfq7uVv2ayRSoMyrASUHkaG8sibDVkln9kNBql
SbLP9Mt84/2AOnnb1P0CMZfExSgxxy6qljG9Yqd5BEKLHWibMKl92uxRb+GhSxOG
2usROfotqWUNMly6revBiWVuy4WWzhPtYGMe4vPkb/t8rRv85xOOgGYxjQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFCbbzGLEbaULO6FySGLhtnMGxU1MB8GA1UdIwQY
MBaAFOK1sI3EM/jp93cny1H2uiS91fOaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHJXd2pjUXotT24zZHlmTFVmYTZKTDNWODVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9mYWU0NDMtMTk4Yi00MzJlLWI0MTkt
M2U2ZmJlMzc5ZTgzLzEvVUp0dk1Zc1J0cFFzN29YSklZdUcyY3diRlRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9mYWU0NDMtMTk4Yi00MzJlLWI0MTktM2U2ZmJlMzc5ZTgz
LzEvNHJXd2pjUXotT24zZHlmTFVmYTZKTDNWODVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABbeXAwQA
waHIMA0GCSqGSIb3DQEBCwUAA4IBAQAjwUpRLLU2Ii2UQJhusHdpxAV2MRiOdR+E
zftdpeiZjbqVkjZ6pb3EHQUlTCR2d9UKp8KkZVoQEGnxeaLprSmRuh6bMvTVMoBE
JCLU70RdtG3qq+c0gZoU9DghQHzMbe/jJslKcUnul69xmqfhENPDvjQ/fDMx0nQ7
V5ufK4hSDj1TAE17+lnd6FePFx+Ykdbx2DIlRgotGrL7zBtEowiVSxNrcrD0HOMZ
EaCIxgRs+m5p2xblA4QcAxVzvurpOIzhAUa+g4ThMeZR5Wg7srnOr+tfk6RiNYpN
5Sj5WUeu7ZryTRnj7Si/NYo395MdHoTKdTFrYUTRRW+MyZGPRKE/
-----END CERTIFICATE-----