Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/c9e704-958d-413f-8acc-6ea3cbfd3a84/1/uRSgYEXDuBZIPtqgRWXLepoW5dw.roa
File:                     uRSgYEXDuBZIPtqgRWXLepoW5dw.roa (raw, json)
Hash identifier:          4REuZj+CfHFxA65p1GNuwkrSoq70jIqbW2SsecVRdaY=
Subject key identifier:   B9:14:A0:60:45:C3:B8:16:48:3E:DA:A0:45:65:CB:7A:9A:16:E5:DC
Certificate issuer:       /CN=b8e0f79841c0210d95b4ef56ff68441c2aa9fc0f
Certificate serial:       018CC802185C7A95EA53EEC8F5C7CF28E903
Authority key identifier: B8:E0:F7:98:41:C0:21:0D:95:B4:EF:56:FF:68:44:1C:2A:A9:FC:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uOD3mEHAIQ2VtO9W_2hEHCqp_A8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/c9e704-958d-413f-8acc-6ea3cbfd3a84/1/uRSgYEXDuBZIPtqgRWXLepoW5dw.roa
Signing time:             Tue 02 Jan 2024 02:30:29 +0000
ROA not before:           Tue 02 Jan 2024 02:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200409
IP address blocks:        185.156.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/c9e704-958d-413f-8acc-6ea3cbfd3a84/1/uOD3mEHAIQ2VtO9W_2hEHCqp_A8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/c9e704-958d-413f-8acc-6ea3cbfd3a84/1/uOD3mEHAIQ2VtO9W_2hEHCqp_A8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uOD3mEHAIQ2VtO9W_2hEHCqp_A8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:18:5c:7a:95:ea:53:ee:c8:f5:c7:cf:28:e9:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8e0f79841c0210d95b4ef56ff68441c2aa9fc0f
        Validity
            Not Before: Jan  2 02:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b914a06045c3b816483edaa04565cb7a9a16e5dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:57:71:84:6b:f3:9a:9a:ad:62:ea:e4:b1:b3:
                    3b:36:82:d9:7a:e6:00:b1:92:69:50:ab:05:9b:18:
                    22:6a:93:53:bc:5a:5e:18:6a:8a:b4:a8:0f:33:a8:
                    2b:0e:54:5b:f0:ac:92:14:6b:f3:d5:f8:e4:f8:82:
                    f8:2e:0e:2e:70:b3:97:e6:c6:86:b2:ed:43:e6:89:
                    b9:2a:4e:3f:52:fa:31:e0:5e:68:62:38:57:6c:64:
                    57:09:d6:7e:66:0a:6d:a4:f8:fb:8e:53:4d:ec:82:
                    09:9c:d6:b5:61:39:4a:9b:39:9f:b4:37:59:d4:5c:
                    b5:e8:e2:78:49:62:40:e8:18:4e:9e:51:e9:4b:a9:
                    88:ac:3b:06:21:9b:8e:80:be:50:97:8c:dd:71:5a:
                    c2:70:e8:14:c4:71:da:de:87:ce:c2:ec:34:93:07:
                    2b:91:ea:e8:4b:80:0f:a4:f4:3e:d9:dd:80:46:3c:
                    3a:ed:b3:aa:ea:11:66:fa:1a:06:58:5a:90:63:b3:
                    0f:6a:44:19:26:4b:b5:36:95:3b:1e:91:3e:c8:82:
                    d0:b1:77:7c:1d:70:8e:52:d3:ea:ba:8d:a3:b3:8a:
                    78:96:c4:d2:ec:fc:42:5a:bb:21:27:41:7c:00:c5:
                    9a:9a:a1:71:94:24:84:4f:5c:e0:88:b7:c5:78:75:
                    4b:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:14:A0:60:45:C3:B8:16:48:3E:DA:A0:45:65:CB:7A:9A:16:E5:DC
            X509v3 Authority Key Identifier:
                keyid:B8:E0:F7:98:41:C0:21:0D:95:B4:EF:56:FF:68:44:1C:2A:A9:FC:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uOD3mEHAIQ2VtO9W_2hEHCqp_A8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/c9e704-958d-413f-8acc-6ea3cbfd3a84/1/uRSgYEXDuBZIPtqgRWXLepoW5dw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/c9e704-958d-413f-8acc-6ea3cbfd3a84/1/uOD3mEHAIQ2VtO9W_2hEHCqp_A8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.156.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:22:fa:89:fc:59:73:6b:1f:86:7e:0b:8f:ba:9f:3e:f1:34:
         85:c1:fe:01:fe:a5:b2:33:07:1e:c3:42:68:9b:ae:fa:99:ae:
         3c:b9:9a:41:17:1d:63:5c:1c:57:cf:97:8c:1a:8d:e5:a4:64:
         7b:6d:f1:06:33:b4:50:22:d9:85:39:f7:3b:93:15:d4:b8:11:
         15:66:68:63:33:e6:40:1f:9e:e8:b0:c3:cf:0a:ca:b7:b3:0a:
         4f:e0:38:1d:9b:41:93:2f:4e:4a:69:2b:75:a1:e3:41:6e:d3:
         ff:76:89:93:20:44:d0:e4:bd:49:0c:c3:85:d5:b4:17:7e:d7:
         9b:bc:62:d9:e4:e2:e3:4d:02:ed:28:77:58:24:eb:30:51:64:
         0a:9e:88:23:a5:64:5d:b1:49:61:3b:fb:65:43:a0:f9:cb:e0:
         49:a1:82:e7:3c:60:a0:d6:92:78:eb:7e:26:9a:3e:30:96:fb:
         c6:0d:ef:00:0d:3f:cd:46:e5:ea:3d:de:2b:09:2d:7d:af:83:
         39:c6:51:6b:be:38:aa:ac:39:2f:92:e7:90:9b:37:9f:8b:1e:
         3e:d6:9a:27:92:d2:97:46:81:9f:62:ae:a7:73:1c:00:a8:e4:
         71:31:0a:b1:68:37:49:0f:72:17:24:ab:d2:88:32:7e:bf:8c:
         fe:e8:bf:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAhhcepXqU+7I9cfPKOkDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4ZTBmNzk4NDFjMDIxMGQ5NWI0ZWY1NmZmNjg0NDFjMmFh
OWZjMGYwHhcNMjQwMTAyMDIzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTE0YTA2MDQ1YzNiODE2NDgzZWRhYTA0NTY1Y2I3YTlhMTZlNWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhFdxhGvzmpqtYurksbM7NoLZeuYA
sZJpUKsFmxgiapNTvFpeGGqKtKgPM6grDlRb8KySFGvz1fjk+IL4Lg4ucLOX5saG
su1D5om5Kk4/Uvox4F5oYjhXbGRXCdZ+ZgptpPj7jlNN7IIJnNa1YTlKmzmftDdZ
1Fy16OJ4SWJA6BhOnlHpS6mIrDsGIZuOgL5Ql4zdcVrCcOgUxHHa3ofOwuw0kwcr
keroS4APpPQ+2d2ARjw67bOq6hFm+hoGWFqQY7MPakQZJku1NpU7HpE+yILQsXd8
HXCOUtPquo2js4p4lsTS7PxCWrshJ0F8AMWamqFxlCSET1zgiLfFeHVLLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLkUoGBFw7gWSD7aoEVly3qaFuXcMB8GA1UdIwQY
MBaAFLjg95hBwCENlbTvVv9oRBwqqfwPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdU9EM21FSEFJUTJWdE85V18yaEVIQ3FwX0E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9jOWU3MDQtOTU4ZC00MTNmLThhY2Mt
NmVhM2NiZmQzYTg0LzEvdVJTZ1lFWER1QlpJUHRxZ1JXWExlcG9XNWR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9jOWU3MDQtOTU4ZC00MTNmLThhY2MtNmVhM2NiZmQzYTg0
LzEvdU9EM21FSEFJUTJWdE85V18yaEVIQ3FwX0E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZyXMA0G
CSqGSIb3DQEBCwUAA4IBAQCUIvqJ/Flzax+GfguPup8+8TSFwf4B/qWyMwcew0Jo
m676ma48uZpBFx1jXBxXz5eMGo3lpGR7bfEGM7RQItmFOfc7kxXUuBEVZmhjM+ZA
H57osMPPCsq3swpP4Dgdm0GTL05KaSt1oeNBbtP/domTIETQ5L1JDMOF1bQXfteb
vGLZ5OLjTQLtKHdYJOswUWQKnogjpWRdsUlhO/tlQ6D5y+BJoYLnPGCg1pJ4634m
mj4wlvvGDe8ADT/NRuXqPd4rCS19r4M5xlFrvjiqrDkvkueQmzefix4+1ponktKX
RoGfYq6ncxwAqORxMQqxaDdJD3IXJKvSiDJ+v4z+6L/a
-----END CERTIFICATE-----