Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/Uh8NfV6vByce58ziWyEyb7R5EfY.roa
File:                     Uh8NfV6vByce58ziWyEyb7R5EfY.roa (raw, json)
Hash identifier:          /a/EqQRr21nDqVeB0mJ9uRNfVJpZWbo6iC/NnXTKZjU=
Subject key identifier:   52:1F:0D:7D:5E:AF:07:27:1E:E7:CC:E2:5B:21:32:6F:B4:79:11:F6
Certificate issuer:       /CN=4cf8ffc088591e4f243baafa21b4298bfb366026
Certificate serial:       018CC3B6D5AB04EF9BDD0C88F60582FD5567
Authority key identifier: 4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/Uh8NfV6vByce58ziWyEyb7R5EfY.roa
Signing time:             Mon 01 Jan 2024 06:29:48 +0000
ROA not before:           Mon 01 Jan 2024 06:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     141420
IP address blocks:        193.118.168.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:d5:ab:04:ef:9b:dd:0c:88:f6:05:82:fd:55:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cf8ffc088591e4f243baafa21b4298bfb366026
        Validity
            Not Before: Jan  1 06:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=521f0d7d5eaf07271ee7cce25b21326fb47911f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:35:07:3c:9c:42:c7:18:bf:1a:10:cc:5f:ed:
                    8d:86:87:c3:27:77:9e:af:63:97:b4:8f:2c:57:5f:
                    fa:08:23:74:5c:73:65:95:08:93:08:2c:03:b0:16:
                    5d:7a:16:40:74:b4:7f:a2:af:fb:34:19:91:16:89:
                    88:3a:a3:70:cb:23:44:6a:7c:72:fc:c5:c7:d7:6b:
                    67:a0:58:ed:80:4a:47:b7:93:f9:f8:f2:54:27:59:
                    d2:5d:88:75:39:d1:35:1a:14:8f:00:13:83:2a:77:
                    8e:02:16:69:bd:c4:3d:96:ac:32:d0:fa:85:e4:05:
                    09:49:b7:bd:74:41:f8:00:8e:56:0f:2d:a7:5f:b2:
                    2a:dc:48:19:06:21:42:ca:71:59:83:aa:46:3b:75:
                    ec:77:86:1d:40:63:d5:fd:f9:3c:8a:5b:2d:15:5a:
                    62:bd:bd:14:51:1f:ef:7d:dd:7d:92:4b:83:59:56:
                    a8:55:82:c6:a3:f2:e2:83:9b:f2:29:9a:c3:0d:46:
                    c2:2a:15:fa:a4:08:91:96:98:85:86:c4:64:c4:57:
                    a2:b9:5c:58:dc:44:0b:5e:c7:8c:58:32:1a:dd:9a:
                    11:be:52:17:03:6f:aa:0f:d2:d2:6b:c5:8c:f8:a5:
                    c1:b3:ce:b3:72:18:04:85:69:d6:a5:32:e9:55:df:
                    fa:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:1F:0D:7D:5E:AF:07:27:1E:E7:CC:E2:5B:21:32:6F:B4:79:11:F6
            X509v3 Authority Key Identifier:
                keyid:4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/Uh8NfV6vByce58ziWyEyb7R5EfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.118.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:c4:f8:e4:0f:af:51:fd:dd:63:d4:10:d2:cb:73:3a:cb:05:
         ba:a1:9a:5a:75:fd:a5:75:33:7f:59:8b:ee:13:1c:17:91:de:
         52:e7:0c:d4:bf:5e:76:a1:74:2f:96:f2:92:cb:22:46:e7:5e:
         87:34:21:27:83:fa:9b:45:8d:4e:84:c9:9e:7c:fe:63:06:6f:
         e5:c4:93:91:8e:cf:ae:cc:c0:2f:47:b9:3a:d7:55:f9:49:ea:
         ab:8d:14:aa:02:eb:2b:02:c8:1e:f3:61:97:bc:22:49:6e:a7:
         fe:78:1f:45:2d:fe:24:8b:1d:b6:6e:23:62:4a:c3:80:2e:49:
         3d:9e:32:a1:4c:69:ca:36:32:f5:3e:4b:a7:1a:18:e2:93:32:
         04:ee:a4:9e:9e:ff:93:b8:18:4b:16:bd:20:ea:ea:05:df:9f:
         27:4d:ac:91:78:77:74:0c:a0:81:bc:41:99:a9:80:fc:48:1a:
         ca:22:d6:55:76:f2:f5:a4:c9:15:cf:da:28:d1:4a:90:3b:7a:
         1e:98:59:b1:7d:8e:c1:18:aa:da:a7:bf:6d:cd:68:78:ec:89:
         68:ce:2d:f4:4a:41:20:b1:49:6f:62:3b:78:2f:dd:85:8b:b1:
         26:a7:6a:d8:53:b8:6b:c9:ee:0f:72:c3:ab:e8:67:fa:5a:ee:
         f3:84:f1:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDttWrBO+b3QyI9gWC/VVnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZjhmZmMwODg1OTFlNGYyNDNiYWFmYTIxYjQyOThiZmIz
NjYwMjYwHhcNMjQwMTAxMDYyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjFmMGQ3ZDVlYWYwNzI3MWVlN2NjZTI1YjIxMzI2ZmI0NzkxMWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApjUHPJxCxxi/GhDMX+2NhofDJ3ee
r2OXtI8sV1/6CCN0XHNllQiTCCwDsBZdehZAdLR/oq/7NBmRFomIOqNwyyNEanxy
/MXH12tnoFjtgEpHt5P5+PJUJ1nSXYh1OdE1GhSPABODKneOAhZpvcQ9lqwy0PqF
5AUJSbe9dEH4AI5WDy2nX7Iq3EgZBiFCynFZg6pGO3Xsd4YdQGPV/fk8ilstFVpi
vb0UUR/vfd19kkuDWVaoVYLGo/Lig5vyKZrDDUbCKhX6pAiRlpiFhsRkxFeiuVxY
3EQLXseMWDIa3ZoRvlIXA2+qD9LSa8WM+KXBs86zchgEhWnWpTLpVd/64QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFIfDX1erwcnHufM4lshMm+0eRH2MB8GA1UdIwQY
MBaAFEz4/8CIWR5PJDuq+iG0KYv7NmAmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMt
YjNiNzhiMGI2NmVhLzEvVWg4TmZWNnZCeWNlNTh6aVd5RXliN1I1RWZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMtYjNiNzhiMGI2NmVh
LzEvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwXaoMA0G
CSqGSIb3DQEBCwUAA4IBAQBcxPjkD69R/d1j1BDSy3M6ywW6oZpadf2ldTN/WYvu
ExwXkd5S5wzUv152oXQvlvKSyyJG516HNCEng/qbRY1OhMmefP5jBm/lxJORjs+u
zMAvR7k611X5SeqrjRSqAusrAsge82GXvCJJbqf+eB9FLf4kix22biNiSsOALkk9
njKhTGnKNjL1PkunGhjikzIE7qSenv+TuBhLFr0g6uoF358nTayReHd0DKCBvEGZ
qYD8SBrKItZVdvL1pMkVz9oo0UqQO3oemFmxfY7BGKrap79tzWh47Ilozi30SkEg
sUlvYjt4L92Fi7Emp2rYU7hrye4PcsOr6Gf6Wu7zhPEH
-----END CERTIFICATE-----