Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/ubUyK-onMdxpvEvxaCPUwzNeVLE.roa
File:                     ubUyK-onMdxpvEvxaCPUwzNeVLE.roa (raw, json)
Hash identifier:          YJUExEmjwb7C2Y0ArW/xKKwv3kkPDOC0EQfCpzEnCuo=
Subject key identifier:   B9:B5:32:2B:EA:27:31:DC:69:BC:4B:F1:68:23:D4:C3:33:5E:54:B1
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       018CC94D0A539E79662741A266C83049AB1A
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/ubUyK-onMdxpvEvxaCPUwzNeVLE.roa
Signing time:             Tue 02 Jan 2024 08:31:58 +0000
ROA not before:           Tue 02 Jan 2024 08:31:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203333
IP address blocks:        2a0a:280:1b00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 13:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:0a:53:9e:79:66:27:41:a2:66:c8:30:49:ab:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Jan  2 08:31:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9b5322bea2731dc69bc4bf16823d4c3335e54b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:5d:38:9e:44:08:06:61:05:5b:bb:25:de:c2:
                    d4:c3:1b:a5:bc:0f:ac:a1:ff:41:b6:f7:97:83:fc:
                    e5:56:bd:b3:8f:8e:f4:5c:9e:c6:dd:96:3c:d9:7e:
                    9a:b0:9b:41:51:35:d3:bb:f5:5d:34:bc:36:d9:a8:
                    d8:a0:7c:9d:4c:e3:47:e8:dd:5a:0d:a1:71:cb:dc:
                    92:ee:65:48:25:cd:c7:0a:58:45:cb:74:65:26:ed:
                    19:e2:ae:fd:ed:3f:60:8d:42:47:a8:70:8b:c9:44:
                    84:13:2e:84:01:cf:11:c9:13:10:31:8f:62:ca:ba:
                    e1:43:d8:a1:96:22:49:b2:db:0c:7f:dc:b4:2f:df:
                    6b:15:28:77:56:3d:cb:27:68:23:ae:b1:13:e6:a5:
                    96:7b:4d:86:7e:f9:14:98:27:77:9f:bc:c0:ab:bb:
                    70:89:bd:ba:33:28:ac:5d:1a:52:b5:b7:22:25:d3:
                    1e:d3:b0:1e:2b:e9:5b:8e:a1:79:16:17:a1:d1:6a:
                    a3:ac:af:63:3b:dd:61:88:5d:9d:40:68:f5:d4:f5:
                    6b:5a:7b:b2:ed:a8:58:32:97:e1:56:aa:9d:a1:ae:
                    80:96:f6:d6:5b:6e:11:a5:35:f7:e6:9b:5b:fc:ac:
                    cb:7b:ae:ef:84:db:af:b9:f4:23:72:69:d4:60:3a:
                    db:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:B5:32:2B:EA:27:31:DC:69:BC:4B:F1:68:23:D4:C3:33:5E:54:B1
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/ubUyK-onMdxpvEvxaCPUwzNeVLE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:1b00::/40

    Signature Algorithm: sha256WithRSAEncryption
         35:c6:d0:1d:7b:51:30:df:18:10:e8:49:8c:2e:c5:3a:c2:28:
         45:b7:88:6b:eb:7b:27:87:ca:c7:18:fc:06:c9:71:e9:bc:8d:
         3d:7b:1e:ef:a9:0d:cc:d1:10:d9:c7:74:25:39:48:e9:4b:3d:
         78:0a:a9:5b:72:17:e1:c6:6e:a1:76:fa:08:96:2e:11:f6:76:
         97:d8:c4:f4:ef:c3:e7:a0:ce:5c:ab:02:e6:5d:dd:f1:8f:30:
         69:2a:24:ac:7c:1f:da:64:e9:72:c9:d0:21:5c:b9:79:1e:78:
         d6:a0:17:c2:19:f6:9b:30:3f:1a:b1:3a:a6:2e:7e:5c:1b:53:
         f1:6a:b4:3f:b5:7e:29:73:70:cc:94:97:c3:aa:3b:e3:9a:57:
         09:5c:b2:6b:e5:53:9a:89:50:7e:73:d6:53:de:8e:1a:e1:60:
         b6:89:8a:db:73:1c:9c:66:33:a1:cf:8d:6f:d8:10:61:d8:a0:
         65:fa:02:27:db:dc:94:97:06:58:61:44:42:70:80:66:fd:f0:
         40:f0:84:50:de:c3:0e:7c:29:fe:4e:c2:8d:45:c2:85:fb:12:
         8c:60:a9:5f:08:d4:b8:89:aa:aa:ea:54:72:69:54:99:28:27:
         81:42:e8:f2:a7:75:05:8e:ed:c8:7a:15:11:59:e6:f4:be:13:
         d1:45:be:2d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJTQpTnnlmJ0GiZsgwSasaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjQwMTAyMDgzMTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWI1MzIyYmVhMjczMWRjNjliYzRiZjE2ODIzZDRjMzMzNWU1NGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApV04nkQIBmEFW7sl3sLUwxulvA+s
of9BtveXg/zlVr2zj470XJ7G3ZY82X6asJtBUTXTu/VdNLw22ajYoHydTONH6N1a
DaFxy9yS7mVIJc3HClhFy3RlJu0Z4q797T9gjUJHqHCLyUSEEy6EAc8RyRMQMY9i
yrrhQ9ihliJJstsMf9y0L99rFSh3Vj3LJ2gjrrET5qWWe02GfvkUmCd3n7zAq7tw
ib26MyisXRpStbciJdMe07AeK+lbjqF5Fheh0WqjrK9jO91hiF2dQGj11PVrWnuy
7ahYMpfhVqqdoa6AlvbWW24RpTX35ptb/KzLe67vhNuvufQjcmnUYDrbCwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLm1MivqJzHcabxL8Wgj1MMzXlSxMB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvdWJVeUstb25NZHhwdkV2eGFDUFV3ek5lVkxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgoCgBsw
DQYJKoZIhvcNAQELBQADggEBADXG0B17UTDfGBDoSYwuxTrCKEW3iGvreyeHyscY
/AbJcem8jT17Hu+pDczRENnHdCU5SOlLPXgKqVtyF+HGbqF2+giWLhH2dpfYxPTv
w+egzlyrAuZd3fGPMGkqJKx8H9pk6XLJ0CFcuXkeeNagF8IZ9pswPxqxOqYuflwb
U/FqtD+1filzcMyUl8OqO+OaVwlcsmvlU5qJUH5z1lPejhrhYLaJittzHJxmM6HP
jW/YEGHYoGX6Aifb3JSXBlhhREJwgGb98EDwhFDeww58Kf5Owo1FwoX7EoxgqV8I
1LiJqqrqVHJpVJkoJ4FC6PKndQWO7ch6FRFZ5vS+E9FFvi0=
-----END CERTIFICATE-----