Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/dbe50a-2ca1-4362-b5e7-6683c8fc9e5b/1/UlLbH-09WnLTMQG9KoMCjAfa5nY.roa
File:                     UlLbH-09WnLTMQG9KoMCjAfa5nY.roa (raw, json)
Hash identifier:          KLW1HDd4cOzEoqFswjszeyIsCt3hwPJ7w/qX50vUHwc=
Subject key identifier:   52:52:DB:1F:ED:3D:5A:72:D3:31:01:BD:2A:83:02:8C:07:DA:E6:76
Certificate issuer:       /CN=09ee7ee0f75b7164ac7596197c7f121d6fca1576
Certificate serial:       018CC4245D555F3FFA35CD95DB7508C1AB16
Authority key identifier: 09:EE:7E:E0:F7:5B:71:64:AC:75:96:19:7C:7F:12:1D:6F:CA:15:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ce5-4PdbcWSsdZYZfH8SHW_KFXY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/dbe50a-2ca1-4362-b5e7-6683c8fc9e5b/1/UlLbH-09WnLTMQG9KoMCjAfa5nY.roa
Signing time:             Mon 01 Jan 2024 08:29:26 +0000
ROA not before:           Mon 01 Jan 2024 08:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        216.245.80.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/dbe50a-2ca1-4362-b5e7-6683c8fc9e5b/1/Ce5-4PdbcWSsdZYZfH8SHW_KFXY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/dbe50a-2ca1-4362-b5e7-6683c8fc9e5b/1/Ce5-4PdbcWSsdZYZfH8SHW_KFXY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ce5-4PdbcWSsdZYZfH8SHW_KFXY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:5d:55:5f:3f:fa:35:cd:95:db:75:08:c1:ab:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09ee7ee0f75b7164ac7596197c7f121d6fca1576
        Validity
            Not Before: Jan  1 08:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5252db1fed3d5a72d33101bd2a83028c07dae676
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:c2:4a:d5:4a:46:6e:19:47:a9:e1:5e:ca:ad:
                    49:cf:65:d8:58:c2:5c:8a:d8:8a:3b:a8:be:03:73:
                    81:39:d3:05:0c:d5:a8:0f:e3:d0:e2:5d:1a:c9:d3:
                    d7:93:e7:20:4e:86:4a:46:15:37:d2:c3:82:d3:56:
                    92:9d:61:0f:66:91:ab:ae:77:e7:ae:b3:00:36:25:
                    31:f6:62:62:4e:65:0b:30:ea:20:a8:e3:05:f0:2f:
                    40:06:be:b8:10:0a:9a:9a:26:48:94:a6:86:a3:1f:
                    81:af:f4:34:16:9f:14:23:46:14:df:66:78:a4:d2:
                    8c:bf:c9:7e:d9:fa:de:1a:9c:1b:d1:26:48:75:00:
                    e5:ca:32:f3:04:f9:5a:f5:d1:78:3e:e5:02:14:ea:
                    b4:6c:e8:86:13:6e:d1:40:fc:6d:f6:e3:82:04:86:
                    82:db:51:ec:bb:19:09:21:7e:a0:14:db:ea:d9:d1:
                    72:11:66:61:eb:5e:ec:e2:e9:a7:59:5e:f7:1c:12:
                    bd:1d:09:ad:d8:32:b3:db:a3:cf:61:dc:61:f1:93:
                    6f:cd:1b:5e:1a:de:86:07:97:40:d9:b2:56:2f:a1:
                    a3:0d:97:b5:b4:98:15:4b:e2:55:53:4a:f3:28:5d:
                    e7:fb:fd:1d:1d:a9:b4:c0:28:a4:89:d8:6c:44:74:
                    43:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:52:DB:1F:ED:3D:5A:72:D3:31:01:BD:2A:83:02:8C:07:DA:E6:76
            X509v3 Authority Key Identifier:
                keyid:09:EE:7E:E0:F7:5B:71:64:AC:75:96:19:7C:7F:12:1D:6F:CA:15:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ce5-4PdbcWSsdZYZfH8SHW_KFXY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/dbe50a-2ca1-4362-b5e7-6683c8fc9e5b/1/UlLbH-09WnLTMQG9KoMCjAfa5nY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/dbe50a-2ca1-4362-b5e7-6683c8fc9e5b/1/Ce5-4PdbcWSsdZYZfH8SHW_KFXY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.245.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:59:ce:5c:fb:1f:79:10:30:91:2f:e1:a9:99:71:02:6b:a9:
         88:c5:d4:68:b5:02:fc:21:62:20:4a:86:7e:4e:95:ea:bd:3b:
         8a:4a:8c:36:36:7e:56:ef:3a:3b:01:72:7d:91:27:2c:79:54:
         af:91:05:dc:ce:97:bb:aa:08:86:3d:b7:0c:b5:5c:c1:1c:7c:
         5e:bb:1e:7e:1a:8c:bf:49:02:01:99:e4:73:ca:ee:55:18:50:
         72:7f:ab:90:da:e6:27:d1:99:46:ec:10:12:d7:45:e6:09:cc:
         03:f4:85:ff:30:d9:a4:7f:94:63:f0:64:59:c6:f3:54:d4:38:
         a2:ca:d0:9a:53:14:52:36:a0:37:77:3f:55:28:f7:1d:6e:7d:
         37:b6:02:29:9e:12:2f:02:37:4d:e4:fc:bf:95:18:2f:fb:ef:
         2e:d9:42:b7:44:af:71:34:95:78:dd:30:1c:0b:54:2a:60:aa:
         9c:04:64:9b:33:34:58:f3:c9:88:37:8a:cc:0c:63:bf:83:c4:
         07:0f:b4:65:1f:99:99:b3:25:39:71:63:bc:ec:2b:71:9a:83:
         d4:71:c8:96:1f:f1:dc:5e:d2:e6:a6:6b:5a:db:83:bc:27:38:
         25:84:9f:05:2f:29:90:01:c2:bb:b8:61:42:57:28:8c:cc:ac:
         b0:ca:d1:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJF1VXz/6Nc2V23UIwasWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5ZWU3ZWUwZjc1YjcxNjRhYzc1OTYxOTdjN2YxMjFkNmZj
YTE1NzYwHhcNMjQwMTAxMDgyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjUyZGIxZmVkM2Q1YTcyZDMzMTAxYmQyYTgzMDI4YzA3ZGFlNjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkcJK1UpGbhlHqeFeyq1Jz2XYWMJc
itiKO6i+A3OBOdMFDNWoD+PQ4l0aydPXk+cgToZKRhU30sOC01aSnWEPZpGrrnfn
rrMANiUx9mJiTmULMOogqOMF8C9ABr64EAqamiZIlKaGox+Br/Q0Fp8UI0YU32Z4
pNKMv8l+2freGpwb0SZIdQDlyjLzBPla9dF4PuUCFOq0bOiGE27RQPxt9uOCBIaC
21HsuxkJIX6gFNvq2dFyEWZh617s4umnWV73HBK9HQmt2DKz26PPYdxh8ZNvzRte
Gt6GB5dA2bJWL6GjDZe1tJgVS+JVU0rzKF3n+/0dHam0wCikidhsRHRDEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFJS2x/tPVpy0zEBvSqDAowH2uZ2MB8GA1UdIwQY
MBaAFAnufuD3W3FkrHWWGXx/Eh1vyhV2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2U1LTRQZGJjV1NzZFpZWmZIOFNIV19LRlhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9kYmU1MGEtMmNhMS00MzYyLWI1ZTct
NjY4M2M4ZmM5ZTViLzEvVWxMYkgtMDlXbkxUTVFHOUtvTUNqQWZhNW5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9kYmU1MGEtMmNhMS00MzYyLWI1ZTctNjY4M2M4ZmM5ZTVi
LzEvQ2U1LTRQZGJjV1NzZFpZWmZIOFNIV19LRlhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2PVQMA0G
CSqGSIb3DQEBCwUAA4IBAQCLWc5c+x95EDCRL+GpmXECa6mIxdRotQL8IWIgSoZ+
TpXqvTuKSow2Nn5W7zo7AXJ9kScseVSvkQXczpe7qgiGPbcMtVzBHHxeux5+Goy/
SQIBmeRzyu5VGFByf6uQ2uYn0ZlG7BAS10XmCcwD9IX/MNmkf5Rj8GRZxvNU1Dii
ytCaUxRSNqA3dz9VKPcdbn03tgIpnhIvAjdN5Py/lRgv++8u2UK3RK9xNJV43TAc
C1QqYKqcBGSbMzRY88mIN4rMDGO/g8QHD7RlH5mZsyU5cWO87CtxmoPUcciWH/Hc
XtLmpmta24O8JzglhJ8FLymQAcK7uGFCVyiMzKywytEy
-----END CERTIFICATE-----