Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/43e309-75c5-4f40-9db3-f2bb69e75e74/1/UdON_l6f_cBM0plUsoGvXvAKzQs.roa
File:                     UdON_l6f_cBM0plUsoGvXvAKzQs.roa (raw, json)
Hash identifier:          8qrVstFK6ufUZDlqbn/lTS4qKnw6PEKnb/JSeGyoBX0=
Subject key identifier:   51:D3:8D:FE:5E:9F:FD:C0:4C:D2:99:54:B2:81:AF:5E:F0:0A:CD:0B
Certificate issuer:       /CN=79d0d856764a3fee64be14f0a49f59a6865285d1
Certificate serial:       018CC5004B66882E60C3BF0C8D792436A50A
Authority key identifier: 79:D0:D8:56:76:4A:3F:EE:64:BE:14:F0:A4:9F:59:A6:86:52:85:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/edDYVnZKP-5kvhTwpJ9ZpoZShdE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/43e309-75c5-4f40-9db3-f2bb69e75e74/1/UdON_l6f_cBM0plUsoGvXvAKzQs.roa
Signing time:             Mon 01 Jan 2024 12:29:40 +0000
ROA not before:           Mon 01 Jan 2024 12:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8767
IP address blocks:        193.28.242.0/24 maxlen: 24
                          2a10:57c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/43e309-75c5-4f40-9db3-f2bb69e75e74/1/edDYVnZKP-5kvhTwpJ9ZpoZShdE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/43e309-75c5-4f40-9db3-f2bb69e75e74/1/edDYVnZKP-5kvhTwpJ9ZpoZShdE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/edDYVnZKP-5kvhTwpJ9ZpoZShdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:4b:66:88:2e:60:c3:bf:0c:8d:79:24:36:a5:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79d0d856764a3fee64be14f0a49f59a6865285d1
        Validity
            Not Before: Jan  1 12:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51d38dfe5e9ffdc04cd29954b281af5ef00acd0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:57:97:9b:d0:57:2d:8e:45:05:7e:6d:75:96:
                    46:77:7d:17:76:2c:fb:37:0a:1b:f0:30:0f:0a:34:
                    b8:ff:e3:27:10:73:bd:57:80:89:52:a9:1f:82:10:
                    a1:70:40:2a:04:08:3f:f3:4c:6e:0f:66:79:88:34:
                    09:cf:b5:56:20:de:6b:82:a3:c0:6b:f4:44:79:2d:
                    ba:5b:92:72:01:22:8d:69:a3:6f:b3:64:17:d7:e8:
                    4f:f9:cd:8b:e0:03:2d:e5:e5:df:0c:82:4c:6a:4c:
                    3a:c3:b7:06:2d:05:0a:7e:41:af:c2:36:5d:b1:e4:
                    68:9f:07:c5:74:66:e9:af:ce:f0:67:6c:86:35:dd:
                    b9:c7:d5:54:d8:97:bb:78:3f:a9:dc:3a:fd:a3:a1:
                    b5:5d:20:86:5d:e5:99:9e:9d:3a:9a:03:96:9e:77:
                    6d:86:19:60:11:a4:46:5a:84:d7:25:b1:c4:13:d5:
                    8d:43:19:c5:04:7b:f7:df:7c:3a:ff:e8:5d:2f:81:
                    76:3e:0a:84:27:c7:0a:04:30:67:bf:43:72:77:4d:
                    43:e8:be:f5:e5:4e:c3:b5:2c:b4:4f:d2:de:8e:ba:
                    4c:e9:fa:24:4c:d0:0e:a4:d6:77:22:0b:18:88:9c:
                    32:2f:91:4e:fb:a0:19:64:9d:ff:1f:5c:d4:ad:99:
                    86:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:D3:8D:FE:5E:9F:FD:C0:4C:D2:99:54:B2:81:AF:5E:F0:0A:CD:0B
            X509v3 Authority Key Identifier:
                keyid:79:D0:D8:56:76:4A:3F:EE:64:BE:14:F0:A4:9F:59:A6:86:52:85:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/edDYVnZKP-5kvhTwpJ9ZpoZShdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/43e309-75c5-4f40-9db3-f2bb69e75e74/1/UdON_l6f_cBM0plUsoGvXvAKzQs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/43e309-75c5-4f40-9db3-f2bb69e75e74/1/edDYVnZKP-5kvhTwpJ9ZpoZShdE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.28.242.0/24
                IPv6:
                  2a10:57c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         52:47:8d:a5:eb:f7:96:ae:2d:75:ea:b6:be:9f:0b:57:a7:03:
         67:ae:70:cb:ec:13:cc:31:59:58:19:52:92:7a:1b:df:a5:4f:
         af:fb:46:50:ce:ce:5d:d2:17:1a:19:2f:0b:51:85:02:bb:e7:
         73:86:90:7d:a2:32:27:33:e6:c2:c2:8b:c6:31:1f:0b:7c:38:
         b8:7c:1d:e6:7f:55:04:b4:cc:be:be:05:97:cc:1b:46:48:29:
         1d:db:ff:3d:13:1e:b1:e5:7f:84:56:39:1e:31:b2:26:05:7a:
         80:fa:8f:9f:4f:f5:76:c0:6b:6a:ff:08:8b:35:53:25:4d:3c:
         71:1f:0e:fa:6c:7f:56:e3:e7:93:e5:81:6f:fd:c9:60:9c:3a:
         df:c7:28:a7:58:9f:b1:7b:1a:b1:b9:01:ce:88:5e:c0:fb:a0:
         96:86:af:90:b6:a9:16:86:f0:0c:68:8e:f9:25:fc:56:11:24:
         c2:f2:10:99:ac:f9:3b:24:6b:1d:0a:ea:04:40:66:9b:4a:32:
         8f:af:d7:66:6f:b8:94:25:bd:7b:0a:ec:83:87:db:5d:11:77:
         a2:ab:a6:54:19:cf:af:f0:e8:1f:2d:a5:2b:e2:c6:5e:0f:ad:
         fa:b2:63:57:56:84:61:1f:72:23:60:ca:96:51:b4:e9:10:78:
         a7:c7:21:7d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAEtmiC5gw78MjXkkNqUKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5ZDBkODU2NzY0YTNmZWU2NGJlMTRmMGE0OWY1OWE2ODY1
Mjg1ZDEwHhcNMjQwMTAxMTIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWQzOGRmZTVlOWZmZGMwNGNkMjk5NTRiMjgxYWY1ZWYwMGFjZDBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0leXm9BXLY5FBX5tdZZGd30Xdiz7
Nwob8DAPCjS4/+MnEHO9V4CJUqkfghChcEAqBAg/80xuD2Z5iDQJz7VWIN5rgqPA
a/REeS26W5JyASKNaaNvs2QX1+hP+c2L4AMt5eXfDIJMakw6w7cGLQUKfkGvwjZd
seRonwfFdGbpr87wZ2yGNd25x9VU2Je7eD+p3Dr9o6G1XSCGXeWZnp06mgOWnndt
hhlgEaRGWoTXJbHEE9WNQxnFBHv333w6/+hdL4F2PgqEJ8cKBDBnv0Nyd01D6L71
5U7DtSy0T9LejrpM6fokTNAOpNZ3IgsYiJwyL5FO+6AZZJ3/H1zUrZmGHQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFHTjf5en/3ATNKZVLKBr17wCs0LMB8GA1UdIwQY
MBaAFHnQ2FZ2Sj/uZL4U8KSfWaaGUoXRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWREWVZuWktQLTVrdmhUd3BKOVpwb1pTaGRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS80M2UzMDktNzVjNS00ZjQwLTlkYjMt
ZjJiYjY5ZTc1ZTc0LzEvVWRPTl9sNmZfY0JNMHBsVXNvR3ZYdkFLelFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS80M2UzMDktNzVjNS00ZjQwLTlkYjMtZjJiYjY5ZTc1ZTc0
LzEvZWREWVZuWktQLTVrdmhUd3BKOVpwb1pTaGRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwRzyMA0E
AgACMAcDBQMqEFfAMA0GCSqGSIb3DQEBCwUAA4IBAQBSR42l6/eWri116ra+nwtX
pwNnrnDL7BPMMVlYGVKSehvfpU+v+0ZQzs5d0hcaGS8LUYUCu+dzhpB9ojInM+bC
wovGMR8LfDi4fB3mf1UEtMy+vgWXzBtGSCkd2/89Ex6x5X+EVjkeMbImBXqA+o+f
T/V2wGtq/wiLNVMlTTxxHw76bH9W4+eT5YFv/clgnDrfxyinWJ+xexqxuQHOiF7A
+6CWhq+QtqkWhvAMaI75JfxWESTC8hCZrPk7JGsdCuoEQGabSjKPr9dmb7iUJb17
CuyDh9tdEXeiq6ZUGc+v8OgfLaUr4sZeD636smNXVoRhH3IjYMqWUbTpEHinxyF9
-----END CERTIFICATE-----