Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/UecAjQp8WvazwbvM2U3BvWRMe6o.roa
File:                     UecAjQp8WvazwbvM2U3BvWRMe6o.roa (raw, json)
Hash identifier:          sJODypxyeJpxbiu/Kw/bv3msoiV2Ujb/BLjKHdXAPvI=
Subject key identifier:   51:E7:00:8D:0A:7C:5A:F6:B3:C1:BB:CC:D9:4D:C1:BD:64:4C:7B:AA
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018CC56E0F0C14DF88C0550EFB8827DCF975
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/UecAjQp8WvazwbvM2U3BvWRMe6o.roa
Signing time:             Mon 01 Jan 2024 14:29:33 +0000
ROA not before:           Mon 01 Jan 2024 14:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205378
IP address blocks:        5.188.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 14:11:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:0f:0c:14:df:88:c0:55:0e:fb:88:27:dc:f9:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  1 14:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51e7008d0a7c5af6b3c1bbccd94dc1bd644c7baa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:00:31:f9:86:ea:8b:3d:63:7e:d8:a8:2b:65:
                    d2:7f:3a:37:e7:b2:46:63:d4:a7:da:7e:1e:9a:3b:
                    ca:00:38:38:16:51:45:d7:f8:a2:f1:d4:bf:19:b6:
                    f1:ec:a8:19:83:57:3e:46:b4:14:a1:d0:b0:b8:d2:
                    49:a7:1e:62:5d:39:89:be:e4:06:d9:2e:0e:ee:9b:
                    28:59:31:cd:21:7c:62:2c:ba:2d:f0:2e:f8:66:98:
                    9e:6e:24:fb:71:43:c6:f9:5c:ad:30:5e:90:2e:8c:
                    d8:20:66:a2:02:b6:09:e1:6a:2f:4c:fc:bf:1a:c5:
                    4e:9f:ff:f4:d0:70:fa:f9:cb:a7:20:3a:e0:7f:11:
                    51:c0:81:cc:05:cc:6b:24:07:c0:2d:dd:6f:54:cd:
                    75:62:1c:5b:d3:e8:bb:cc:56:bd:c9:c5:85:0c:86:
                    4a:69:3b:95:ad:fa:a1:57:d5:40:1d:f1:95:11:52:
                    9d:72:97:99:9a:84:c9:90:6b:18:18:6e:60:96:11:
                    b0:99:5f:77:1d:34:26:81:93:cf:ca:c8:b4:17:12:
                    61:bd:06:72:84:f5:3f:f0:42:9c:d5:18:fb:6c:fa:
                    c6:37:78:1a:93:b2:5c:03:82:d1:5a:a6:ea:39:e1:
                    d6:37:6b:da:cf:65:12:58:1b:d9:1e:1a:d0:17:61:
                    c6:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:E7:00:8D:0A:7C:5A:F6:B3:C1:BB:CC:D9:4D:C1:BD:64:4C:7B:AA
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/UecAjQp8WvazwbvM2U3BvWRMe6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.188.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:1b:d5:e2:95:f3:dc:43:64:1b:3f:ae:62:5c:7d:2b:59:85:
         91:51:e8:93:a4:6c:6b:0a:aa:67:93:82:41:40:67:70:ab:94:
         7a:31:4e:25:b9:26:da:0f:74:82:b3:16:bd:a9:85:82:80:ae:
         58:53:0c:2a:f1:1f:12:92:94:69:89:83:f7:f0:20:94:f4:07:
         c0:68:52:75:4d:ee:dd:33:7c:16:5f:b1:fb:07:1e:93:bd:f2:
         a2:2a:55:a5:b2:de:96:03:15:a4:a8:9e:0a:fe:80:12:1d:96:
         9c:05:42:73:3c:65:fd:bb:1c:72:13:c1:b4:6e:1c:06:e1:4d:
         92:9a:3b:c5:ee:7c:77:10:de:df:f7:b6:8a:bc:87:ae:b3:43:
         c7:e3:94:63:ee:65:5f:ab:31:50:b9:af:de:15:63:c3:6e:04:
         4b:05:90:b4:6c:d5:09:5b:f9:c7:2e:e0:62:fa:e1:de:63:a3:
         8d:2c:cb:b5:5e:c7:a4:7c:15:b5:d5:27:97:97:b6:b5:ce:a4:
         8f:24:2b:a4:65:32:a9:04:8e:27:cf:4c:55:e3:6c:59:4d:b4:
         89:e4:ee:5d:14:d2:f9:e0:25:29:15:78:6b:ba:f6:76:cb:bb:
         81:df:6b:fb:86:41:86:9a:4a:7a:69:d6:e8:c8:3d:e8:f5:8a:
         6c:b4:cd:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbg8MFN+IwFUO+4gn3Pl1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwMTAxMTQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWU3MDA4ZDBhN2M1YWY2YjNjMWJiY2NkOTRkYzFiZDY0NGM3YmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQAx+Ybqiz1jftioK2XSfzo357JG
Y9Sn2n4emjvKADg4FlFF1/ii8dS/Gbbx7KgZg1c+RrQUodCwuNJJpx5iXTmJvuQG
2S4O7psoWTHNIXxiLLot8C74ZpiebiT7cUPG+VytMF6QLozYIGaiArYJ4WovTPy/
GsVOn//00HD6+cunIDrgfxFRwIHMBcxrJAfALd1vVM11Yhxb0+i7zFa9ycWFDIZK
aTuVrfqhV9VAHfGVEVKdcpeZmoTJkGsYGG5glhGwmV93HTQmgZPPysi0FxJhvQZy
hPU/8EKc1Rj7bPrGN3gak7JcA4LRWqbqOeHWN2vaz2USWBvZHhrQF2HG3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFHnAI0KfFr2s8G7zNlNwb1kTHuqMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvVWVjQWpRcDhXdmF6d2J2TTJVM0J2V1JNZTZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbxVMA0G
CSqGSIb3DQEBCwUAA4IBAQBQG9XilfPcQ2QbP65iXH0rWYWRUeiTpGxrCqpnk4JB
QGdwq5R6MU4luSbaD3SCsxa9qYWCgK5YUwwq8R8SkpRpiYP38CCU9AfAaFJ1Te7d
M3wWX7H7Bx6TvfKiKlWlst6WAxWkqJ4K/oASHZacBUJzPGX9uxxyE8G0bhwG4U2S
mjvF7nx3EN7f97aKvIeus0PH45Rj7mVfqzFQua/eFWPDbgRLBZC0bNUJW/nHLuBi
+uHeY6ONLMu1XsekfBW11SeXl7a1zqSPJCukZTKpBI4nz0xV42xZTbSJ5O5dFNL5
4CUpFXhruvZ2y7uB32v7hkGGmkp6adboyD3o9YpstM2Q
-----END CERTIFICATE-----