Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/91a5fd-e56c-4d87-bd75-654dd6442ce4/1/UEslDnph_zUFlRXnSac9S2FlQrQ.roa
File:                     UEslDnph_zUFlRXnSac9S2FlQrQ.roa (raw, json)
Hash identifier:          8hA8Lxxril5zYvRaH60UOm9TLPOsisKnmHR2e012lEM=
Subject key identifier:   50:4B:25:0E:7A:61:FF:35:05:95:15:E7:49:A7:3D:4B:61:65:42:B4
Certificate issuer:       /CN=23259da3b1b38ca0939f490fb9043fcd89cfd062
Certificate serial:       018CC50017BADCC07AECD9EB744D10786EE1
Authority key identifier: 23:25:9D:A3:B1:B3:8C:A0:93:9F:49:0F:B9:04:3F:CD:89:CF:D0:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IyWdo7GzjKCTn0kPuQQ_zYnP0GI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/91a5fd-e56c-4d87-bd75-654dd6442ce4/1/UEslDnph_zUFlRXnSac9S2FlQrQ.roa
Signing time:             Mon 01 Jan 2024 12:29:26 +0000
ROA not before:           Mon 01 Jan 2024 12:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198002
IP address blocks:        149.255.64.0/19 maxlen: 19
                          2a03:1180::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/91a5fd-e56c-4d87-bd75-654dd6442ce4/1/IyWdo7GzjKCTn0kPuQQ_zYnP0GI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/91a5fd-e56c-4d87-bd75-654dd6442ce4/1/IyWdo7GzjKCTn0kPuQQ_zYnP0GI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IyWdo7GzjKCTn0kPuQQ_zYnP0GI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 07:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:17:ba:dc:c0:7a:ec:d9:eb:74:4d:10:78:6e:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23259da3b1b38ca0939f490fb9043fcd89cfd062
        Validity
            Not Before: Jan  1 12:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=504b250e7a61ff35059515e749a73d4b616542b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:ef:f2:33:64:a7:0b:7a:0a:56:3f:5d:86:f9:
                    4b:f4:27:b5:9b:be:8a:b2:ed:57:7d:aa:27:60:93:
                    45:08:53:6b:b5:82:dc:12:35:9e:04:7f:2b:d4:8c:
                    ed:bc:e4:85:19:1c:1b:09:13:11:69:fb:ce:36:6f:
                    05:2d:28:f6:d3:83:1c:e1:6a:62:f5:e0:9e:1b:a4:
                    1a:f1:d7:51:85:c4:39:69:e7:48:f5:71:50:9a:55:
                    a8:cf:46:bb:3f:59:cf:79:da:76:07:7f:ac:25:c0:
                    b4:a9:09:e3:5b:4d:ba:41:e5:fc:98:dc:8f:05:f2:
                    45:1e:9d:80:c9:e5:f7:66:23:b7:cb:f4:ef:54:8e:
                    17:43:85:2a:07:c8:d0:9d:88:c0:09:5c:6b:6c:d3:
                    cb:57:36:54:4b:92:ae:6b:62:08:f5:64:6d:ed:4b:
                    ce:db:3d:58:94:6a:4f:0d:9a:9a:75:9d:27:c4:d9:
                    b1:ee:8a:1a:c3:e9:2c:16:ae:8b:6b:fa:84:63:86:
                    c0:c2:9a:1c:27:64:f4:a3:aa:85:7f:1b:12:5f:b2:
                    66:e3:8c:86:a9:2a:63:53:69:dc:6a:5b:c1:77:16:
                    25:db:8e:6f:14:27:3f:9b:6a:bd:2a:f2:20:7b:22:
                    3e:36:7d:0d:38:d8:99:94:63:59:1c:fc:67:20:8b:
                    58:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:4B:25:0E:7A:61:FF:35:05:95:15:E7:49:A7:3D:4B:61:65:42:B4
            X509v3 Authority Key Identifier:
                keyid:23:25:9D:A3:B1:B3:8C:A0:93:9F:49:0F:B9:04:3F:CD:89:CF:D0:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IyWdo7GzjKCTn0kPuQQ_zYnP0GI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/91a5fd-e56c-4d87-bd75-654dd6442ce4/1/UEslDnph_zUFlRXnSac9S2FlQrQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/91a5fd-e56c-4d87-bd75-654dd6442ce4/1/IyWdo7GzjKCTn0kPuQQ_zYnP0GI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.255.64.0/19
                IPv6:
                  2a03:1180::/32

    Signature Algorithm: sha256WithRSAEncryption
         17:44:d8:30:e4:10:b3:2e:80:29:a6:5b:76:90:a4:07:ed:3b:
         47:5d:90:b1:67:b7:10:4f:bc:40:3f:20:2e:a3:b9:76:20:73:
         ef:f9:b7:2a:8b:7e:fe:0d:00:b2:9c:e7:94:53:3c:8a:37:51:
         ef:b7:d8:86:e5:1f:1c:31:e9:96:e1:af:5e:99:5e:8e:e8:3d:
         b1:10:20:e5:6d:66:8d:d5:83:5e:0b:f1:c3:11:7d:e9:c7:c3:
         db:84:f0:ab:13:4d:9d:3d:8a:c6:60:a0:fc:63:6b:b6:9a:b5:
         54:07:45:e3:7c:5d:9d:82:ce:60:69:1d:ad:05:0c:a1:43:3d:
         31:22:ac:5e:fc:b7:68:10:27:80:a1:d1:81:8a:44:5b:67:ba:
         7a:8e:2c:3f:5d:c0:1c:1e:43:d9:08:68:39:ce:43:2f:0b:bc:
         0e:96:7b:9b:dd:c7:26:2f:3a:d2:3a:22:7a:2b:b7:7a:70:97:
         9d:4d:d0:1c:d3:df:ad:6d:66:df:b3:16:d8:38:7f:44:fc:d2:
         03:de:ca:7c:ae:d1:07:86:6c:4f:b6:b7:68:af:d9:68:ec:a8:
         3f:c4:24:44:5c:17:f4:7c:9f:40:be:c5:b9:f1:25:50:f3:a4:
         1b:46:de:79:0d:b6:40:35:0a:21:ec:b5:64:5c:5f:82:1e:cf:
         75:c5:81:1e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFABe63MB67NnrdE0QeG7hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMjU5ZGEzYjFiMzhjYTA5MzlmNDkwZmI5MDQzZmNkODlj
ZmQwNjIwHhcNMjQwMTAxMTIyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDRiMjUwZTdhNjFmZjM1MDU5NTE1ZTc0OWE3M2Q0YjYxNjU0MmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAju/yM2SnC3oKVj9dhvlL9Ce1m76K
su1XfaonYJNFCFNrtYLcEjWeBH8r1IztvOSFGRwbCRMRafvONm8FLSj204Mc4Wpi
9eCeG6Qa8ddRhcQ5aedI9XFQmlWoz0a7P1nPedp2B3+sJcC0qQnjW026QeX8mNyP
BfJFHp2AyeX3ZiO3y/TvVI4XQ4UqB8jQnYjACVxrbNPLVzZUS5Kua2II9WRt7UvO
2z1YlGpPDZqadZ0nxNmx7ooaw+ksFq6La/qEY4bAwpocJ2T0o6qFfxsSX7Jm44yG
qSpjU2ncalvBdxYl245vFCc/m2q9KvIgeyI+Nn0NONiZlGNZHPxnIItYiQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFBLJQ56Yf81BZUV50mnPUthZUK0MB8GA1UdIwQY
MBaAFCMlnaOxs4ygk59JD7kEP82Jz9BiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXlXZG83R3pqS0NUbjBrUHVRUV96WW5QMEdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy85MWE1ZmQtZTU2Yy00ZDg3LWJkNzUt
NjU0ZGQ2NDQyY2U0LzEvVUVzbERucGhfelVGbFJYblNhYzlTMkZsUXJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy85MWE1ZmQtZTU2Yy00ZDg3LWJkNzUtNjU0ZGQ2NDQyY2U0
LzEvSXlXZG83R3pqS0NUbjBrUHVRUV96WW5QMEdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFlf9AMA0E
AgACMAcDBQAqAxGAMA0GCSqGSIb3DQEBCwUAA4IBAQAXRNgw5BCzLoApplt2kKQH
7TtHXZCxZ7cQT7xAPyAuo7l2IHPv+bcqi37+DQCynOeUUzyKN1Hvt9iG5R8cMemW
4a9emV6O6D2xECDlbWaN1YNeC/HDEX3px8PbhPCrE02dPYrGYKD8Y2u2mrVUB0Xj
fF2dgs5gaR2tBQyhQz0xIqxe/LdoECeAodGBikRbZ7p6jiw/XcAcHkPZCGg5zkMv
C7wOlnub3ccmLzrSOiJ6K7d6cJedTdAc09+tbWbfsxbYOH9E/NID3sp8rtEHhmxP
trdor9lo7Kg/xCREXBf0fJ9AvsW58SVQ86QbRt55DbZANQoh7LVkXF+CHs91xYEe
-----END CERTIFICATE-----