Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/0dff12-4e72-430e-9df6-bdaa6fbd4347/1/uHjCdDvpzng_LNw3YyOuiO_Nfaw.roa
File:                     uHjCdDvpzng_LNw3YyOuiO_Nfaw.roa (raw, json)
Hash identifier:          OvEHevm3kL1vONtAwEELjyvGGIXOLLpe+c/3PEDweCg=
Subject key identifier:   B8:78:C2:74:3B:E9:CE:78:3F:2C:DC:37:63:23:AE:88:EF:CD:7D:AC
Certificate issuer:       /CN=95ebd8066f1090c3119cdb69e9d4dc40d90304f8
Certificate serial:       018CCA99F3D917F7242188EAC197124A0E2E
Authority key identifier: 95:EB:D8:06:6F:10:90:C3:11:9C:DB:69:E9:D4:DC:40:D9:03:04:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/levYBm8QkMMRnNtp6dTcQNkDBPg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/0dff12-4e72-430e-9df6-bdaa6fbd4347/1/uHjCdDvpzng_LNw3YyOuiO_Nfaw.roa
Signing time:             Tue 02 Jan 2024 14:35:36 +0000
ROA not before:           Tue 02 Jan 2024 14:35:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43242
IP address blocks:        185.51.24.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/0dff12-4e72-430e-9df6-bdaa6fbd4347/1/levYBm8QkMMRnNtp6dTcQNkDBPg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/0dff12-4e72-430e-9df6-bdaa6fbd4347/1/levYBm8QkMMRnNtp6dTcQNkDBPg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/levYBm8QkMMRnNtp6dTcQNkDBPg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 04:02:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:f3:d9:17:f7:24:21:88:ea:c1:97:12:4a:0e:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95ebd8066f1090c3119cdb69e9d4dc40d90304f8
        Validity
            Not Before: Jan  2 14:35:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b878c2743be9ce783f2cdc376323ae88efcd7dac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:d7:d4:cb:43:71:91:41:0d:69:81:f6:cf:5e:
                    84:9d:33:85:57:08:cb:b3:3f:41:25:9b:d5:e3:e6:
                    5b:b9:08:bc:be:8c:f8:9c:dc:0c:fc:f6:26:70:33:
                    41:7c:28:53:8b:79:4d:c6:a1:3c:90:85:e7:5c:59:
                    40:df:bc:6a:e7:da:74:2e:07:73:9c:64:55:62:44:
                    bd:ed:dd:a5:53:24:3a:94:e4:ec:d4:53:1c:58:ec:
                    3f:1f:8d:30:61:8d:93:b7:62:c6:83:da:69:6f:01:
                    9d:c8:8b:11:9b:10:bf:56:52:0a:4b:60:5a:e6:e1:
                    4b:05:7c:55:eb:7e:12:64:e3:15:6d:12:b7:09:54:
                    3d:6e:02:39:c9:2a:c5:d3:c1:43:59:2a:cc:ca:3e:
                    d5:9d:ee:ab:85:6f:f9:12:61:83:a3:0f:3e:b6:d8:
                    d0:89:e8:02:da:96:b7:11:6a:84:0c:02:99:85:f7:
                    87:60:70:ea:e2:57:89:64:bf:c6:75:0c:08:4e:01:
                    86:25:f4:11:de:f9:a3:cf:08:da:c4:0d:66:4a:f7:
                    d1:c0:7e:53:3a:09:e1:cd:b8:df:20:37:44:b9:da:
                    f8:3c:75:b8:f5:c8:8d:cf:ff:95:b3:ca:61:d9:c3:
                    bd:6a:c0:72:23:bb:7a:7a:f4:37:b6:72:1a:ad:e4:
                    0b:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:78:C2:74:3B:E9:CE:78:3F:2C:DC:37:63:23:AE:88:EF:CD:7D:AC
            X509v3 Authority Key Identifier:
                keyid:95:EB:D8:06:6F:10:90:C3:11:9C:DB:69:E9:D4:DC:40:D9:03:04:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/levYBm8QkMMRnNtp6dTcQNkDBPg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/0dff12-4e72-430e-9df6-bdaa6fbd4347/1/uHjCdDvpzng_LNw3YyOuiO_Nfaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/0dff12-4e72-430e-9df6-bdaa6fbd4347/1/levYBm8QkMMRnNtp6dTcQNkDBPg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.51.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         06:08:6b:66:84:5e:b3:70:76:b6:fc:2e:93:a2:25:23:47:cc:
         f9:40:70:37:88:f9:dd:93:e0:25:47:bc:c1:6a:47:3c:c8:7f:
         e9:a5:ee:c1:d4:69:0e:50:89:dc:04:59:6b:6e:e3:30:0c:1c:
         9c:85:2b:f1:61:7e:8a:41:3f:73:13:db:2c:b6:e3:fd:c5:21:
         9e:4d:f7:f7:63:ed:b2:bc:78:ac:3a:44:6e:51:97:71:13:4f:
         6a:e9:a2:ce:ad:8a:fa:90:f9:55:8c:d4:a4:18:5e:9e:4e:67:
         a4:42:6e:3a:77:cf:21:8a:39:34:ba:0f:a5:50:1b:20:d2:8d:
         25:f9:01:6d:a5:94:e7:5c:5e:b8:8b:ac:a3:29:47:44:17:1f:
         45:5a:f6:fd:c0:7a:c2:e5:87:eb:7d:23:45:16:96:2e:92:be:
         11:77:d8:41:e8:bb:ca:4b:5e:65:44:15:62:96:cd:76:0d:53:
         79:e8:f7:90:32:9b:0f:fa:95:92:5e:c8:9b:de:cc:04:91:e8:
         1e:03:2d:0d:96:85:ba:2e:ed:ee:83:34:aa:9e:7b:7d:db:4d:
         ab:2b:f5:09:8d:40:88:b7:df:24:b1:35:78:f8:33:64:dd:f8:
         9d:96:8f:d0:52:0a:f6:c8:2c:1d:3c:17:72:77:d2:a8:7e:9b:
         63:ba:8e:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmfPZF/ckIYjqwZcSSg4uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1ZWJkODA2NmYxMDkwYzMxMTljZGI2OWU5ZDRkYzQwZDkw
MzA0ZjgwHhcNMjQwMTAyMTQzNTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODc4YzI3NDNiZTljZTc4M2YyY2RjMzc2MzIzYWU4OGVmY2Q3ZGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9fUy0NxkUENaYH2z16EnTOFVwjL
sz9BJZvV4+ZbuQi8voz4nNwM/PYmcDNBfChTi3lNxqE8kIXnXFlA37xq59p0Lgdz
nGRVYkS97d2lUyQ6lOTs1FMcWOw/H40wYY2Tt2LGg9ppbwGdyIsRmxC/VlIKS2Ba
5uFLBXxV634SZOMVbRK3CVQ9bgI5ySrF08FDWSrMyj7Vne6rhW/5EmGDow8+ttjQ
iegC2pa3EWqEDAKZhfeHYHDq4leJZL/GdQwITgGGJfQR3vmjzwjaxA1mSvfRwH5T
OgnhzbjfIDdEudr4PHW49ciNz/+Vs8ph2cO9asByI7t6evQ3tnIareQLZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLh4wnQ76c54PyzcN2MjrojvzX2sMB8GA1UdIwQY
MBaAFJXr2AZvEJDDEZzbaenU3EDZAwT4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGV2WUJtOFFrTU1Sbk50cDZkVGNRTmtEQlBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC8wZGZmMTItNGU3Mi00MzBlLTlkZjYt
YmRhYTZmYmQ0MzQ3LzEvdUhqQ2REdnB6bmdfTE53M1l5T3VpT19OZmF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC8wZGZmMTItNGU3Mi00MzBlLTlkZjYtYmRhYTZmYmQ0MzQ3
LzEvbGV2WUJtOFFrTU1Sbk50cDZkVGNRTmtEQlBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTMYMA0G
CSqGSIb3DQEBCwUAA4IBAQAGCGtmhF6zcHa2/C6ToiUjR8z5QHA3iPndk+AlR7zB
akc8yH/ppe7B1GkOUIncBFlrbuMwDBychSvxYX6KQT9zE9sstuP9xSGeTff3Y+2y
vHisOkRuUZdxE09q6aLOrYr6kPlVjNSkGF6eTmekQm46d88hijk0ug+lUBsg0o0l
+QFtpZTnXF64i6yjKUdEFx9FWvb9wHrC5YfrfSNFFpYukr4Rd9hB6LvKS15lRBVi
ls12DVN56PeQMpsP+pWSXsib3swEkegeAy0NloW6Lu3ugzSqnnt9202rK/UJjUCI
t98ksTV4+DNk3fidlo/QUgr2yCwdPBdyd9Kofptjuo6T
-----END CERTIFICATE-----