Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/UB6_bQUmQdgUpECpmeVrdU5pt1s.roa
File:                     UB6_bQUmQdgUpECpmeVrdU5pt1s.roa (raw, json)
Hash identifier:          Ufup5JT76gegk8txR60lirQd9jpaXv7eM1PVPqNiZ+g=
Subject key identifier:   50:1E:BF:6D:05:26:41:D8:14:A4:40:A9:99:E5:6B:75:4E:69:B7:5B
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       0190F8B53AFD5AF55F31936D0DC6D8794D9D
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/UB6_bQUmQdgUpECpmeVrdU5pt1s.roa
Signing time:             Sun 28 Jul 2024 09:39:04 +0000
ROA not before:           Sun 28 Jul 2024 09:39:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215224
IP address blocks:        163.5.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:f8:b5:3a:fd:5a:f5:5f:31:93:6d:0d:c6:d8:79:4d:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jul 28 09:39:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=501ebf6d052641d814a440a999e56b754e69b75b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:f6:98:cb:a0:47:11:a8:91:1f:6c:ca:7d:db:
                    4e:d2:cb:0a:dd:e5:e8:49:2e:27:89:d6:c4:7a:4a:
                    47:5e:d1:0a:0b:bd:bf:68:6b:fb:c4:0f:65:ec:3f:
                    0f:bf:a6:88:4b:19:d4:c1:0f:ba:dd:b5:41:ad:40:
                    7a:f7:0f:36:46:88:cd:b4:6d:61:3a:90:15:4d:a9:
                    17:f4:1b:f9:36:d4:98:7e:db:69:95:03:c4:0d:fe:
                    98:49:ac:cb:eb:e3:b4:89:74:4c:00:a9:da:c1:54:
                    cb:90:e7:64:23:34:c8:11:32:2a:09:5c:c2:9c:e6:
                    70:9a:38:32:f9:b0:d0:4a:a5:30:f5:ad:9b:97:75:
                    1f:3e:0e:cd:68:8e:7e:e7:a8:61:c8:75:6d:93:11:
                    1b:39:0f:1b:96:c4:d6:95:5b:93:ec:7e:a5:3a:2d:
                    db:fd:b1:58:51:cf:62:92:13:2e:f9:3c:fe:13:8a:
                    41:e2:fb:e2:65:e7:14:78:e2:c5:34:a9:ca:d2:37:
                    f5:7c:00:a9:43:90:18:96:91:98:f3:d7:d8:b8:f2:
                    20:43:4c:ce:30:45:e2:8c:5f:27:69:eb:74:eb:17:
                    63:14:58:ec:8a:9b:03:a7:8e:21:06:2f:b0:34:70:
                    70:f1:06:03:35:61:21:c3:a5:20:da:ed:bf:00:8b:
                    cf:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:1E:BF:6D:05:26:41:D8:14:A4:40:A9:99:E5:6B:75:4E:69:B7:5B
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/UB6_bQUmQdgUpECpmeVrdU5pt1s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:cc:e8:a1:09:71:ca:ff:3d:c6:83:7e:55:d7:b5:ef:76:31:
         ee:6b:6c:9b:ec:10:de:59:d5:69:04:64:3d:d6:f3:78:8a:67:
         47:d9:c9:78:28:68:44:fa:a9:fb:fb:dc:31:b7:d8:9d:3a:68:
         a3:56:72:de:b4:23:93:b5:9b:e7:3a:5c:7b:33:11:08:26:d9:
         82:bd:3f:df:06:ea:97:23:35:cd:13:5a:5f:14:d4:17:2f:68:
         d9:ed:ae:79:e5:f7:db:fc:a3:34:c1:07:24:f8:1c:00:f5:1a:
         b4:fe:a3:38:e8:28:91:06:29:b4:0f:9f:c3:d3:d1:d2:b7:9a:
         76:19:74:cb:18:1b:ca:63:c1:7a:e2:0d:66:11:0f:5a:ce:ab:
         0e:d2:b7:4e:cf:91:30:d0:27:1d:91:6c:f7:f7:91:24:e7:85:
         58:7a:c8:74:9f:60:6d:b6:30:43:d6:4f:15:6f:f6:5e:13:74:
         b2:68:ee:67:18:87:aa:85:76:30:12:89:9e:2a:79:fd:1a:3e:
         61:10:38:c2:e3:a1:6a:0b:c3:2b:a1:75:c2:ec:ac:c7:38:0b:
         63:ea:15:4f:44:ca:f2:1f:da:77:0f:b0:2d:01:44:39:5c:de:
         6f:c1:c6:fc:09:e1:7b:e7:17:d9:95:6e:89:61:d9:dd:89:13:
         ae:a5:f3:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZD4tTr9WvVfMZNtDcbYeU2dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwNzI4MDkzOTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDFlYmY2ZDA1MjY0MWQ4MTRhNDQwYTk5OWU1NmI3NTRlNjliNzViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsvaYy6BHEaiRH2zKfdtO0ssK3eXo
SS4nidbEekpHXtEKC72/aGv7xA9l7D8Pv6aISxnUwQ+63bVBrUB69w82RojNtG1h
OpAVTakX9Bv5NtSYfttplQPEDf6YSazL6+O0iXRMAKnawVTLkOdkIzTIETIqCVzC
nOZwmjgy+bDQSqUw9a2bl3UfPg7NaI5+56hhyHVtkxEbOQ8blsTWlVuT7H6lOi3b
/bFYUc9ikhMu+Tz+E4pB4vviZecUeOLFNKnK0jf1fACpQ5AYlpGY89fYuPIgQ0zO
MEXijF8naet06xdjFFjsipsDp44hBi+wNHBw8QYDNWEhw6Ug2u2/AIvPcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFAev20FJkHYFKRAqZnla3VOabdbMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvVUI2X2JRVW1RZGdVcEVDcG1lVnJkVTVwdDFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowW/MA0G
CSqGSIb3DQEBCwUAA4IBAQAIzOihCXHK/z3Gg35V17XvdjHua2yb7BDeWdVpBGQ9
1vN4imdH2cl4KGhE+qn7+9wxt9idOmijVnLetCOTtZvnOlx7MxEIJtmCvT/fBuqX
IzXNE1pfFNQXL2jZ7a555ffb/KM0wQck+BwA9Rq0/qM46CiRBim0D5/D09HSt5p2
GXTLGBvKY8F64g1mEQ9azqsO0rdOz5Ew0CcdkWz395Ek54VYesh0n2BttjBD1k8V
b/ZeE3SyaO5nGIeqhXYwEomeKnn9Gj5hEDjC46FqC8MroXXC7KzHOAtj6hVPRMry
H9p3D7AtAUQ5XN5vwcb8CeF75xfZlW6JYdndiROupfO4
-----END CERTIFICATE-----