Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/4559fd-b409-479c-a40f-2255585ddecb/1/Ulvl40-jwIkAlBIvkCaF-OyibbE.roa
File:                     Ulvl40-jwIkAlBIvkCaF-OyibbE.roa (raw, json)
Hash identifier:          IJ/wnlhUpehRsgnOjRyD3Fof5LjyHzD92RCdoIKJSr0=
Subject key identifier:   52:5B:E5:E3:4F:A3:C0:89:00:94:12:2F:90:26:85:F8:EC:A2:6D:B1
Certificate issuer:       /CN=d23b6477e1c84f52907cd60c63ea83ef5e4ac782
Certificate serial:       018CC8DEF99BD3A4A7E99EF3248A76381D44
Authority key identifier: D2:3B:64:77:E1:C8:4F:52:90:7C:D6:0C:63:EA:83:EF:5E:4A:C7:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0jtkd-HIT1KQfNYMY-qD715Kx4I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/4559fd-b409-479c-a40f-2255585ddecb/1/Ulvl40-jwIkAlBIvkCaF-OyibbE.roa
Signing time:             Tue 02 Jan 2024 06:31:45 +0000
ROA not before:           Tue 02 Jan 2024 06:31:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41299
IP address blocks:        195.60.216.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/4559fd-b409-479c-a40f-2255585ddecb/1/0jtkd-HIT1KQfNYMY-qD715Kx4I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/4559fd-b409-479c-a40f-2255585ddecb/1/0jtkd-HIT1KQfNYMY-qD715Kx4I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0jtkd-HIT1KQfNYMY-qD715Kx4I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:f9:9b:d3:a4:a7:e9:9e:f3:24:8a:76:38:1d:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d23b6477e1c84f52907cd60c63ea83ef5e4ac782
        Validity
            Not Before: Jan  2 06:31:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=525be5e34fa3c0890094122f902685f8eca26db1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:3a:d9:6d:f6:0f:5e:41:af:88:58:a2:32:7d:
                    67:f6:da:2c:07:08:8e:6f:a4:3b:24:93:93:23:85:
                    85:76:84:97:59:53:eb:e3:52:56:16:bf:c0:fa:ac:
                    7d:73:37:d3:dc:13:f8:70:52:a8:89:32:1f:3e:e2:
                    47:5a:6e:23:86:7f:15:e4:17:4e:ea:29:7d:2d:bf:
                    cd:f5:84:b9:18:85:cd:b5:f3:fb:84:de:67:3b:e0:
                    06:13:4c:a8:a9:68:63:06:0b:fc:f4:77:98:28:69:
                    08:dc:43:f7:58:5f:67:a6:cb:21:26:89:76:b5:2f:
                    1e:d7:ab:db:52:9e:d2:fe:4a:83:27:64:08:bb:fe:
                    f4:b0:7c:fa:a9:6e:23:79:23:e5:62:44:2c:b9:11:
                    8f:73:9e:11:22:b7:1d:85:cc:59:a1:4b:b8:4d:40:
                    3b:e3:32:57:e7:6b:a6:2f:6e:cf:b7:f5:ef:86:d6:
                    39:44:61:a1:d3:6d:b6:93:a5:81:db:41:05:d1:ad:
                    ef:ca:00:e2:98:43:5a:c7:5c:f9:d2:9f:c3:0e:f9:
                    96:76:70:46:3e:2a:d9:c1:8f:08:24:19:90:25:1d:
                    5e:24:7f:1f:a8:33:71:82:c5:6c:e4:8a:48:d8:b6:
                    bb:bc:f5:47:c7:51:77:15:5b:1b:bf:0a:49:fa:d6:
                    a4:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:5B:E5:E3:4F:A3:C0:89:00:94:12:2F:90:26:85:F8:EC:A2:6D:B1
            X509v3 Authority Key Identifier:
                keyid:D2:3B:64:77:E1:C8:4F:52:90:7C:D6:0C:63:EA:83:EF:5E:4A:C7:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0jtkd-HIT1KQfNYMY-qD715Kx4I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/4559fd-b409-479c-a40f-2255585ddecb/1/Ulvl40-jwIkAlBIvkCaF-OyibbE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/4559fd-b409-479c-a40f-2255585ddecb/1/0jtkd-HIT1KQfNYMY-qD715Kx4I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.60.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         73:0e:8d:91:4a:da:52:86:00:8e:c2:0b:77:b9:2b:b4:a2:36:
         53:a9:95:f7:db:81:3d:2b:90:4b:cb:92:9e:b8:b9:be:ee:81:
         5a:0a:f9:cb:5b:24:0b:c8:15:5c:44:5d:ec:7c:da:77:70:9e:
         6d:13:fe:c3:54:15:47:f2:c2:84:12:4f:df:17:78:04:23:4c:
         4f:0d:93:26:01:aa:35:8c:13:d7:5a:16:f1:9b:00:5d:d1:30:
         5f:69:9d:a6:99:ed:c9:75:25:36:10:f8:79:a4:f3:74:2f:73:
         95:f7:95:70:5d:18:8a:af:02:26:5a:15:9a:30:eb:86:c1:97:
         fd:0f:64:83:ab:df:c2:ed:d6:aa:04:f0:32:e8:98:c9:87:99:
         da:46:ea:d3:f6:ee:e4:ca:8e:ad:b9:c7:fb:8d:d4:11:0f:29:
         93:73:82:1a:9a:22:7d:31:e3:65:ec:01:85:8e:5b:7d:ba:a6:
         90:8c:56:e0:2d:29:87:f9:ef:4d:70:61:94:ff:4d:56:a6:9f:
         1a:de:41:41:0a:02:8f:00:96:56:be:f9:60:03:d0:97:40:83:
         f3:1b:2f:8b:f0:a5:30:bc:69:26:4d:27:6f:82:d9:d8:33:13:
         e8:04:70:4c:f6:28:53:62:80:6d:b3:79:ca:1d:98:99:c1:fc:
         c6:f4:89:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3vmb06Sn6Z7zJIp2OB1EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyM2I2NDc3ZTFjODRmNTI5MDdjZDYwYzYzZWE4M2VmNWU0
YWM3ODIwHhcNMjQwMTAyMDYzMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjViZTVlMzRmYTNjMDg5MDA5NDEyMmY5MDI2ODVmOGVjYTI2ZGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1zrZbfYPXkGviFiiMn1n9tosBwiO
b6Q7JJOTI4WFdoSXWVPr41JWFr/A+qx9czfT3BP4cFKoiTIfPuJHWm4jhn8V5BdO
6il9Lb/N9YS5GIXNtfP7hN5nO+AGE0yoqWhjBgv89HeYKGkI3EP3WF9npsshJol2
tS8e16vbUp7S/kqDJ2QIu/70sHz6qW4jeSPlYkQsuRGPc54RIrcdhcxZoUu4TUA7
4zJX52umL27Pt/XvhtY5RGGh0222k6WB20EF0a3vygDimENax1z50p/DDvmWdnBG
PirZwY8IJBmQJR1eJH8fqDNxgsVs5IpI2La7vPVHx1F3FVsbvwpJ+takJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFJb5eNPo8CJAJQSL5Amhfjsom2xMB8GA1UdIwQY
MBaAFNI7ZHfhyE9SkHzWDGPqg+9eSseCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGp0a2QtSElUMUtRZk5ZTVktcUQ3MTVLeDRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS80NTU5ZmQtYjQwOS00NzljLWE0MGYt
MjI1NTU4NWRkZWNiLzEvVWx2bDQwLWp3SWtBbEJJdmtDYUYtT3lpYmJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS80NTU5ZmQtYjQwOS00NzljLWE0MGYtMjI1NTU4NWRkZWNi
LzEvMGp0a2QtSElUMUtRZk5ZTVktcUQ3MTVLeDRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwzzYMA0G
CSqGSIb3DQEBCwUAA4IBAQBzDo2RStpShgCOwgt3uSu0ojZTqZX324E9K5BLy5Ke
uLm+7oFaCvnLWyQLyBVcRF3sfNp3cJ5tE/7DVBVH8sKEEk/fF3gEI0xPDZMmAao1
jBPXWhbxmwBd0TBfaZ2mme3JdSU2EPh5pPN0L3OV95VwXRiKrwImWhWaMOuGwZf9
D2SDq9/C7daqBPAy6JjJh5naRurT9u7kyo6tucf7jdQRDymTc4IamiJ9MeNl7AGF
jlt9uqaQjFbgLSmH+e9NcGGU/01Wpp8a3kFBCgKPAJZWvvlgA9CXQIPzGy+L8KUw
vGkmTSdvgtnYMxPoBHBM9ihTYoBts3nKHZiZwfzG9Ik4
-----END CERTIFICATE-----