Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/eed9ce-aef9-4fc9-8a4a-c442a18f1efc/1/UCC0Oks2onBa0Korrd25uzudcc0.roa
File:                     UCC0Oks2onBa0Korrd25uzudcc0.roa (raw, json)
Hash identifier:          yBpwLqs08/NpBpmpmKSrBPC4QBymGAVzEp4zDoL02CE=
Subject key identifier:   50:20:B4:3A:4B:36:A2:70:5A:D0:AA:2B:AD:DD:B9:BB:3B:9D:71:CD
Certificate issuer:       /CN=397245d0492eede59b045b5be1fd4eb9161bc417
Certificate serial:       018CC26D576E252BB220A8ABB56B75219AA5
Authority key identifier: 39:72:45:D0:49:2E:ED:E5:9B:04:5B:5B:E1:FD:4E:B9:16:1B:C4:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OXJF0Eku7eWbBFtb4f1OuRYbxBc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/eed9ce-aef9-4fc9-8a4a-c442a18f1efc/1/UCC0Oks2onBa0Korrd25uzudcc0.roa
Signing time:             Mon 01 Jan 2024 00:29:54 +0000
ROA not before:           Mon 01 Jan 2024 00:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     133861
IP address blocks:        193.134.209.0/24 maxlen: 24
                          193.134.211.0/24 maxlen: 24
                          193.134.208.0/24 maxlen: 24
                          193.134.210.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/eed9ce-aef9-4fc9-8a4a-c442a18f1efc/1/OXJF0Eku7eWbBFtb4f1OuRYbxBc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/eed9ce-aef9-4fc9-8a4a-c442a18f1efc/1/OXJF0Eku7eWbBFtb4f1OuRYbxBc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OXJF0Eku7eWbBFtb4f1OuRYbxBc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:57:6e:25:2b:b2:20:a8:ab:b5:6b:75:21:9a:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=397245d0492eede59b045b5be1fd4eb9161bc417
        Validity
            Not Before: Jan  1 00:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5020b43a4b36a2705ad0aa2badddb9bb3b9d71cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:f9:f5:e6:b2:95:0b:13:ac:b9:2f:02:d7:a3:
                    32:6e:f1:83:d9:d7:61:6d:05:99:d1:78:44:b0:49:
                    c6:e4:41:14:2f:14:0f:97:21:61:8b:e9:98:ae:ed:
                    a1:04:b3:86:ac:de:2a:62:54:50:9a:0a:c0:57:1c:
                    48:2d:c8:d7:34:dc:2e:c3:c9:23:ea:73:ff:e2:4d:
                    5e:92:bd:61:1d:4b:1a:72:90:57:c2:06:7e:92:9e:
                    5a:9b:84:d2:6a:2a:2e:14:8d:32:83:a7:33:0b:ab:
                    f7:83:95:90:d5:cd:c8:bb:58:a1:64:e0:b9:db:f9:
                    e7:fa:97:55:cf:8a:c3:54:b2:46:64:9b:f3:ae:f2:
                    62:b9:00:95:7d:e7:b7:7d:65:73:69:6b:a8:1a:10:
                    9f:8c:73:74:a8:50:10:db:5b:b3:bf:b8:3a:16:64:
                    11:c3:2e:c0:8d:c1:70:7f:f3:e3:9c:19:57:38:0f:
                    1a:8e:27:a9:61:2f:e3:c4:6c:12:f0:bd:a7:3e:9c:
                    73:cf:c5:5b:5e:f3:b0:21:29:9f:5c:1d:69:eb:db:
                    d4:e5:04:b9:29:0c:fc:1f:01:d2:31:13:66:c1:83:
                    9b:9f:21:53:4b:da:06:1b:d7:db:a5:ec:60:87:34:
                    fd:60:7c:fb:50:4b:d9:6d:6b:c1:ed:ad:5e:d5:c5:
                    5a:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:20:B4:3A:4B:36:A2:70:5A:D0:AA:2B:AD:DD:B9:BB:3B:9D:71:CD
            X509v3 Authority Key Identifier:
                keyid:39:72:45:D0:49:2E:ED:E5:9B:04:5B:5B:E1:FD:4E:B9:16:1B:C4:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OXJF0Eku7eWbBFtb4f1OuRYbxBc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/eed9ce-aef9-4fc9-8a4a-c442a18f1efc/1/UCC0Oks2onBa0Korrd25uzudcc0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/eed9ce-aef9-4fc9-8a4a-c442a18f1efc/1/OXJF0Eku7eWbBFtb4f1OuRYbxBc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.134.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         52:86:7f:89:08:55:c8:46:8b:b0:8a:ed:be:5e:77:40:39:35:
         f3:81:57:aa:d4:c5:1e:e6:8b:85:58:68:f4:17:7d:98:a3:fa:
         7b:3e:dc:0d:64:4a:99:55:11:3b:97:5d:9d:a7:90:fe:5c:cc:
         73:25:2f:87:06:a5:ea:bf:c8:06:9c:33:13:d1:55:00:1a:e6:
         37:76:f5:d9:1a:75:1a:bf:a1:d2:31:48:69:bc:4f:04:60:51:
         e7:2e:b6:ca:2b:d2:b2:2f:af:22:8a:05:f4:a6:4d:f5:5d:15:
         50:db:43:8b:4c:27:83:44:b9:6c:62:d4:0a:e3:bd:74:63:73:
         a4:00:7c:f6:fc:9f:60:b1:fd:c2:91:7b:9b:b9:d7:e2:25:c4:
         04:a1:12:83:86:66:5a:22:94:19:fc:3c:5a:43:55:0b:a9:46:
         ff:d0:fb:71:14:e2:fd:a0:30:17:98:a0:12:59:bf:68:00:67:
         28:09:89:10:b3:96:3a:d5:63:6f:f4:8a:8c:38:61:e2:fa:7e:
         ac:fa:ee:4b:70:5c:54:f8:96:be:6e:42:17:24:e8:cf:aa:08:
         d2:1b:5c:da:47:f8:63:a7:40:ea:c1:3f:ad:b5:d9:d1:67:4e:
         b8:36:98:e1:8e:57:3f:4d:51:86:67:05:2c:24:31:18:90:8f:
         78:f8:9b:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbVduJSuyIKirtWt1IZqlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5NzI0NWQwNDkyZWVkZTU5YjA0NWI1YmUxZmQ0ZWI5MTYx
YmM0MTcwHhcNMjQwMTAxMDAyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDIwYjQzYTRiMzZhMjcwNWFkMGFhMmJhZGRkYjliYjNiOWQ3MWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn/n15rKVCxOsuS8C16MybvGD2ddh
bQWZ0XhEsEnG5EEULxQPlyFhi+mYru2hBLOGrN4qYlRQmgrAVxxILcjXNNwuw8kj
6nP/4k1ekr1hHUsacpBXwgZ+kp5am4TSaiouFI0yg6czC6v3g5WQ1c3Iu1ihZOC5
2/nn+pdVz4rDVLJGZJvzrvJiuQCVfee3fWVzaWuoGhCfjHN0qFAQ21uzv7g6FmQR
wy7AjcFwf/PjnBlXOA8ajiepYS/jxGwS8L2nPpxzz8VbXvOwISmfXB1p69vU5QS5
KQz8HwHSMRNmwYObnyFTS9oGG9fbpexghzT9YHz7UEvZbWvB7a1e1cVaTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFAgtDpLNqJwWtCqK63dubs7nXHNMB8GA1UdIwQY
MBaAFDlyRdBJLu3lmwRbW+H9TrkWG8QXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1hKRjBFa3U3ZVdiQkZ0YjRmMU91UllieEJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9lZWQ5Y2UtYWVmOS00ZmM5LThhNGEt
YzQ0MmExOGYxZWZjLzEvVUNDME9rczJvbkJhMEtvcnJkMjV1enVkY2MwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9lZWQ5Y2UtYWVmOS00ZmM5LThhNGEtYzQ0MmExOGYxZWZj
LzEvT1hKRjBFa3U3ZVdiQkZ0YjRmMU91UllieEJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwYbQMA0G
CSqGSIb3DQEBCwUAA4IBAQBShn+JCFXIRouwiu2+XndAOTXzgVeq1MUe5ouFWGj0
F32Yo/p7PtwNZEqZVRE7l12dp5D+XMxzJS+HBqXqv8gGnDMT0VUAGuY3dvXZGnUa
v6HSMUhpvE8EYFHnLrbKK9KyL68iigX0pk31XRVQ20OLTCeDRLlsYtQK4710Y3Ok
AHz2/J9gsf3CkXubudfiJcQEoRKDhmZaIpQZ/DxaQ1ULqUb/0PtxFOL9oDAXmKAS
Wb9oAGcoCYkQs5Y61WNv9IqMOGHi+n6s+u5LcFxU+Ja+bkIXJOjPqgjSG1zaR/hj
p0DqwT+ttdnRZ064Npjhjlc/TVGGZwUsJDEYkI94+Jvq
-----END CERTIFICATE-----