Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/UjZRui3FZRxu8IPQmhop_LX7VTI.roa
File:                     UjZRui3FZRxu8IPQmhop_LX7VTI.roa (raw, json)
Hash identifier:          1pV+eVNJ51HIJirBUkG1CdSUS3qr5BTYjEfPEqyOm2M=
Subject key identifier:   52:36:51:BA:2D:C5:65:1C:6E:F0:83:D0:9A:1A:29:FC:B5:FB:55:32
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       018CC64AF76EC140A9F86ED9140477D7B54E
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/UjZRui3FZRxu8IPQmhop_LX7VTI.roa
Signing time:             Mon 01 Jan 2024 18:30:50 +0000
ROA not before:           Mon 01 Jan 2024 18:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209882
IP address blocks:        85.120.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 13:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:f7:6e:c1:40:a9:f8:6e:d9:14:04:77:d7:b5:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 18:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=523651ba2dc5651c6ef083d09a1a29fcb5fb5532
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:b5:2d:a1:83:9d:ff:aa:ac:0a:5a:c9:b6:40:
                    71:13:ec:5e:cc:39:04:30:51:3c:46:8c:b1:9a:a4:
                    51:b0:7b:ab:0e:bf:77:42:8e:26:c3:7f:87:e5:b7:
                    49:cb:b1:08:29:f9:ff:bf:ee:b1:62:eb:17:88:ec:
                    48:1b:08:46:6e:0a:c9:84:09:13:a1:7a:c7:c9:04:
                    a7:76:42:b1:b5:4b:75:97:76:c2:04:5f:42:eb:51:
                    82:f7:f3:ad:c1:2d:19:fd:7c:a3:51:3c:b7:f7:6b:
                    72:26:48:3c:b6:43:43:0f:81:e1:5e:5d:a0:86:82:
                    da:32:e2:d1:05:f0:3f:82:99:97:21:7a:df:9e:90:
                    4a:87:f8:28:e6:e0:68:c0:39:00:f4:06:76:d0:c3:
                    77:68:0a:2a:af:84:19:47:23:89:1d:13:a7:34:39:
                    d1:71:d9:89:a1:f7:6c:d8:87:c4:bd:dc:a5:66:ec:
                    8f:57:f6:52:78:ad:6e:d1:c9:f4:3b:8d:0b:88:76:
                    b9:9b:8a:43:f6:af:f0:af:46:ba:0a:78:77:b0:60:
                    cc:74:8b:3e:71:d2:ab:62:b1:5a:7c:95:0e:4a:09:
                    23:d5:ee:e2:47:ff:95:47:31:5b:78:3f:4f:9f:a4:
                    31:a1:db:25:59:21:1f:54:53:9b:42:c4:0c:0f:d7:
                    cb:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:36:51:BA:2D:C5:65:1C:6E:F0:83:D0:9A:1A:29:FC:B5:FB:55:32
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/UjZRui3FZRxu8IPQmhop_LX7VTI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.120.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:51:dc:bc:58:da:0d:35:fb:e8:18:3a:c1:58:e4:d2:36:93:
         36:03:83:9b:b1:36:7f:9a:77:55:ed:fe:11:1d:6c:71:1f:f4:
         c6:fa:ef:1e:1e:69:db:67:25:b2:6f:2a:3a:7b:cb:67:52:ef:
         0e:a6:5c:81:e1:a8:93:ff:b3:82:c7:85:30:c6:f0:3d:77:8c:
         fe:d6:55:af:38:3c:d4:3b:9a:ce:07:86:ac:cc:94:ac:9c:58:
         dc:00:2f:66:40:2f:95:06:03:6f:52:70:ea:1d:93:ad:89:40:
         ed:47:50:cd:f4:18:71:ca:df:5f:1d:f3:cf:48:32:8f:80:a7:
         89:58:3f:f4:67:50:af:ea:66:d6:7f:80:f9:9e:79:57:14:f8:
         e7:9d:0d:6a:6c:74:9c:c8:21:c6:e6:0e:80:b9:43:69:c0:75:
         37:b7:42:22:b0:ca:7d:e9:db:22:14:28:96:6a:a0:41:a5:8f:
         13:2c:19:a6:e8:ae:ee:4b:02:29:ac:ca:e0:07:22:b6:69:e8:
         fe:c4:71:83:47:ca:fd:da:96:a9:b4:7f:bc:f3:ac:a9:55:1c:
         9c:c4:ab:2f:0d:34:ad:e4:3b:81:8c:9c:a4:6c:1e:d1:74:3f:
         a9:95:c6:98:1a:02:9d:13:ff:2c:6a:6e:4e:c7:40:bc:c2:d2:
         a1:7d:10:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSvduwUCp+G7ZFAR317VOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjQwMTAxMTgzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjM2NTFiYTJkYzU2NTFjNmVmMDgzZDA5YTFhMjlmY2I1ZmI1NTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArLUtoYOd/6qsClrJtkBxE+xezDkE
MFE8RoyxmqRRsHurDr93Qo4mw3+H5bdJy7EIKfn/v+6xYusXiOxIGwhGbgrJhAkT
oXrHyQSndkKxtUt1l3bCBF9C61GC9/OtwS0Z/XyjUTy392tyJkg8tkNDD4HhXl2g
hoLaMuLRBfA/gpmXIXrfnpBKh/go5uBowDkA9AZ20MN3aAoqr4QZRyOJHROnNDnR
cdmJofds2IfEvdylZuyPV/ZSeK1u0cn0O40LiHa5m4pD9q/wr0a6Cnh3sGDMdIs+
cdKrYrFafJUOSgkj1e7iR/+VRzFbeD9Pn6QxodslWSEfVFObQsQMD9fLFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFI2UbotxWUcbvCD0JoaKfy1+1UyMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvVWpaUnVpM0ZaUnh1OElQUW1ob3BfTFg3VlRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVXgeMA0G
CSqGSIb3DQEBCwUAA4IBAQA2Udy8WNoNNfvoGDrBWOTSNpM2A4ObsTZ/mndV7f4R
HWxxH/TG+u8eHmnbZyWybyo6e8tnUu8OplyB4aiT/7OCx4UwxvA9d4z+1lWvODzU
O5rOB4aszJSsnFjcAC9mQC+VBgNvUnDqHZOtiUDtR1DN9Bhxyt9fHfPPSDKPgKeJ
WD/0Z1Cv6mbWf4D5nnlXFPjnnQ1qbHScyCHG5g6AuUNpwHU3t0IisMp96dsiFCiW
aqBBpY8TLBmm6K7uSwIprMrgByK2aej+xHGDR8r92paptH+886ypVRycxKsvDTSt
5DuBjJykbB7RdD+plcaYGgKdE/8sam5Ox0C8wtKhfRDb
-----END CERTIFICATE-----