Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/333ab1-af9b-434c-8d13-9ca98f4950cf/1/u0O4o3u_ltJIPTn5kro9HNFW14g.roa
File:                     u0O4o3u_ltJIPTn5kro9HNFW14g.roa (raw, json)
Hash identifier:          bjtiumDN5XN8IQLl81TvHHoNxNq+o/GDKKPYKhCBTTs=
Subject key identifier:   BB:43:B8:A3:7B:BF:96:D2:48:3D:39:F9:92:BA:3D:1C:D1:56:D7:88
Certificate issuer:       /CN=1e14eb1eef66c2d349f3f7d7bafa68e49fbfec9c
Certificate serial:       018CC26D2B88E073359002CE4F006021F6D6
Authority key identifier: 1E:14:EB:1E:EF:66:C2:D3:49:F3:F7:D7:BA:FA:68:E4:9F:BF:EC:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HhTrHu9mwtNJ8_fXuvpo5J-_7Jw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/333ab1-af9b-434c-8d13-9ca98f4950cf/1/u0O4o3u_ltJIPTn5kro9HNFW14g.roa
Signing time:             Mon 01 Jan 2024 00:29:43 +0000
ROA not before:           Mon 01 Jan 2024 00:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199450
IP address blocks:        185.12.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/333ab1-af9b-434c-8d13-9ca98f4950cf/1/HhTrHu9mwtNJ8_fXuvpo5J-_7Jw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/333ab1-af9b-434c-8d13-9ca98f4950cf/1/HhTrHu9mwtNJ8_fXuvpo5J-_7Jw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HhTrHu9mwtNJ8_fXuvpo5J-_7Jw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:2b:88:e0:73:35:90:02:ce:4f:00:60:21:f6:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e14eb1eef66c2d349f3f7d7bafa68e49fbfec9c
        Validity
            Not Before: Jan  1 00:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb43b8a37bbf96d2483d39f992ba3d1cd156d788
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:d8:35:2c:9e:86:c5:df:59:7f:37:54:05:07:
                    35:b2:52:f3:2b:64:e2:0b:87:d9:9b:10:f5:c7:c3:
                    88:5e:6a:8b:98:f2:2f:95:8e:3c:1b:43:4d:e4:b6:
                    d8:7b:d1:dd:f4:cf:1d:cc:1a:4c:04:44:e5:b8:a0:
                    39:a8:43:71:4b:3d:b0:0e:5d:93:d9:64:6b:39:99:
                    3d:56:ee:5e:1b:20:81:0c:e3:8f:07:a8:dc:c7:bb:
                    c0:7c:81:50:fd:d0:a0:b4:7f:ff:cb:9d:4a:e4:d1:
                    d8:21:a5:8c:58:b1:75:79:64:4e:1a:66:fa:9a:81:
                    87:0c:b4:92:fc:1a:85:8e:d4:01:84:e8:88:57:d0:
                    fa:33:b8:8f:6d:25:a8:c3:85:7c:a0:18:cf:69:3a:
                    9f:82:d9:7e:74:5e:1d:7f:01:de:7a:85:40:37:c8:
                    e4:49:d0:57:c9:3b:33:29:f4:12:5e:58:49:e1:a3:
                    85:28:3a:7f:14:3f:e8:aa:82:8a:e7:88:3a:1f:a3:
                    21:c2:94:5d:ba:66:28:eb:fb:c6:e8:52:b9:fd:c6:
                    c4:fb:2a:d6:d0:bd:e8:47:41:86:15:f9:ee:90:b2:
                    93:4f:6a:68:fe:04:23:8d:00:b1:c8:6a:af:0d:88:
                    5e:a6:49:fa:95:b1:15:4c:2f:d4:d5:fd:d8:5b:95:
                    65:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:43:B8:A3:7B:BF:96:D2:48:3D:39:F9:92:BA:3D:1C:D1:56:D7:88
            X509v3 Authority Key Identifier:
                keyid:1E:14:EB:1E:EF:66:C2:D3:49:F3:F7:D7:BA:FA:68:E4:9F:BF:EC:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HhTrHu9mwtNJ8_fXuvpo5J-_7Jw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/333ab1-af9b-434c-8d13-9ca98f4950cf/1/u0O4o3u_ltJIPTn5kro9HNFW14g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/333ab1-af9b-434c-8d13-9ca98f4950cf/1/HhTrHu9mwtNJ8_fXuvpo5J-_7Jw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.12.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:57:12:06:6c:dd:79:97:3e:12:17:cc:42:d8:ec:4f:c4:fb:
         74:2c:29:a4:75:a9:96:37:2b:95:d7:26:65:d9:47:cb:1d:b0:
         af:77:28:61:a2:78:fd:07:c3:95:aa:c9:7f:89:91:ac:a7:7c:
         75:e1:2f:ba:e0:b6:5d:39:43:82:62:89:19:ad:af:86:68:cb:
         76:a2:c7:dd:ef:35:aa:a0:65:32:97:68:6a:70:52:90:d2:c0:
         96:06:b6:f7:3b:13:89:ef:16:5d:73:c6:2d:23:86:0e:e1:5a:
         96:e8:5a:41:53:ee:59:76:dc:4d:00:52:35:c9:d0:13:2d:f4:
         47:de:06:43:62:11:94:3b:02:88:67:eb:93:5a:b1:6c:f7:2b:
         81:6f:b0:2e:3b:30:4b:af:34:40:92:0b:7a:d1:8e:4c:99:b7:
         52:cc:27:d3:74:d6:d7:7d:3a:2e:56:98:f5:da:c9:3b:b5:2a:
         b1:34:76:e5:07:5f:47:ee:d8:f9:e1:cb:bf:c6:c2:e3:92:79:
         40:2a:f5:36:84:a1:5f:76:00:94:de:fc:93:d9:37:90:e7:d4:
         32:2f:ff:34:aa:11:6e:e7:10:a2:10:33:82:6a:0f:65:3d:28:
         ed:4b:cd:6f:1a:5f:fa:9b:3c:83:b9:9f:b8:c0:71:7a:f7:0a:
         c6:41:59:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbSuI4HM1kALOTwBgIfbWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlMTRlYjFlZWY2NmMyZDM0OWYzZjdkN2JhZmE2OGU0OWZi
ZmVjOWMwHhcNMjQwMTAxMDAyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjQzYjhhMzdiYmY5NmQyNDgzZDM5Zjk5MmJhM2QxY2QxNTZkNzg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhtg1LJ6Gxd9ZfzdUBQc1slLzK2Ti
C4fZmxD1x8OIXmqLmPIvlY48G0NN5LbYe9Hd9M8dzBpMBETluKA5qENxSz2wDl2T
2WRrOZk9Vu5eGyCBDOOPB6jcx7vAfIFQ/dCgtH//y51K5NHYIaWMWLF1eWROGmb6
moGHDLSS/BqFjtQBhOiIV9D6M7iPbSWow4V8oBjPaTqfgtl+dF4dfwHeeoVAN8jk
SdBXyTszKfQSXlhJ4aOFKDp/FD/oqoKK54g6H6MhwpRdumYo6/vG6FK5/cbE+yrW
0L3oR0GGFfnukLKTT2po/gQjjQCxyGqvDYhepkn6lbEVTC/U1f3YW5VltwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLtDuKN7v5bSSD05+ZK6PRzRVteIMB8GA1UdIwQY
MBaAFB4U6x7vZsLTSfP317r6aOSfv+ycMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGhUckh1OW13dE5KOF9mWHV2cG81Si1fN0p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy8zMzNhYjEtYWY5Yi00MzRjLThkMTMt
OWNhOThmNDk1MGNmLzEvdTBPNG8zdV9sdEpJUFRuNWtybzlITkZXMTRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy8zMzNhYjEtYWY5Yi00MzRjLThkMTMtOWNhOThmNDk1MGNm
LzEvSGhUckh1OW13dE5KOF9mWHV2cG81Si1fN0p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQwKMA0G
CSqGSIb3DQEBCwUAA4IBAQBRVxIGbN15lz4SF8xC2OxPxPt0LCmkdamWNyuV1yZl
2UfLHbCvdyhhonj9B8OVqsl/iZGsp3x14S+64LZdOUOCYokZra+GaMt2osfd7zWq
oGUyl2hqcFKQ0sCWBrb3OxOJ7xZdc8YtI4YO4VqW6FpBU+5ZdtxNAFI1ydATLfRH
3gZDYhGUOwKIZ+uTWrFs9yuBb7AuOzBLrzRAkgt60Y5MmbdSzCfTdNbXfTouVpj1
2sk7tSqxNHblB19H7tj54cu/xsLjknlAKvU2hKFfdgCU3vyT2TeQ59QyL/80qhFu
5xCiEDOCag9lPSjtS81vGl/6mzyDuZ+4wHF69wrGQVnz
-----END CERTIFICATE-----