Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/48b50b-adfe-4dfb-ad80-103b206ba28b/1/umBp9NELIBkg0lfaCW7HwP4SUuA.roa
File:                     umBp9NELIBkg0lfaCW7HwP4SUuA.roa (raw, json)
Hash identifier:          sPUwL3R1QuiAdk3refceyVluw5BNrkjIUAWu9oVN5dM=
Subject key identifier:   BA:60:69:F4:D1:0B:20:19:20:D2:57:DA:09:6E:C7:C0:FE:12:52:E0
Certificate issuer:       /CN=f724cba521c080db72a6e54a1b8cf4495cbbc7d6
Certificate serial:       018CFA541CF25A724A5BD2B75C772E7498A2
Authority key identifier: F7:24:CB:A5:21:C0:80:DB:72:A6:E5:4A:1B:8C:F4:49:5C:BB:C7:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9yTLpSHAgNtypuVKG4z0SVy7x9Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/48b50b-adfe-4dfb-ad80-103b206ba28b/1/umBp9NELIBkg0lfaCW7HwP4SUuA.roa
Signing time:             Thu 11 Jan 2024 21:01:05 +0000
ROA not before:           Thu 11 Jan 2024 21:01:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211894
IP address blocks:        185.116.114.0/24 maxlen: 24
                          185.203.113.0/24 maxlen: 24
                          2a0a:5480::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/48b50b-adfe-4dfb-ad80-103b206ba28b/1/9yTLpSHAgNtypuVKG4z0SVy7x9Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/48b50b-adfe-4dfb-ad80-103b206ba28b/1/9yTLpSHAgNtypuVKG4z0SVy7x9Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9yTLpSHAgNtypuVKG4z0SVy7x9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 07:03:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:fa:54:1c:f2:5a:72:4a:5b:d2:b7:5c:77:2e:74:98:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f724cba521c080db72a6e54a1b8cf4495cbbc7d6
        Validity
            Not Before: Jan 11 21:01:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba6069f4d10b201920d257da096ec7c0fe1252e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:0b:4c:d2:99:4f:e3:8a:c9:3c:a1:5b:86:14:
                    24:b2:94:eb:a2:57:b7:df:dd:17:3e:1c:f9:30:a6:
                    87:93:b4:85:93:26:fa:e8:70:e7:a8:c8:56:a9:4d:
                    9b:17:e8:e2:b7:05:f1:0e:51:10:8a:7d:7e:ec:6e:
                    d2:9f:ad:f9:49:0f:58:9e:18:d9:cd:09:86:61:1c:
                    0e:bd:22:70:8a:4a:2d:24:9e:09:ce:25:30:cb:99:
                    45:87:3a:76:00:09:77:1a:cc:bd:46:1a:19:a8:d6:
                    a6:aa:c5:b6:7e:c7:57:2f:ac:3c:d1:e2:04:7f:1f:
                    7d:46:68:9e:8c:49:ec:7e:9b:44:65:5b:c0:0a:16:
                    d4:6e:d0:7e:1b:06:85:19:ea:8f:5d:7d:ae:ba:aa:
                    76:e3:40:30:75:07:30:68:20:24:34:0b:62:d9:36:
                    23:c0:d6:c3:b0:f5:d1:97:c5:61:be:c9:9f:94:ea:
                    76:4c:66:b8:19:30:de:84:a8:0b:a5:25:ad:e4:d9:
                    cc:af:8b:8a:b4:24:25:75:36:8d:ba:f8:5c:85:9a:
                    35:de:89:04:d9:ed:fd:ca:17:76:7a:22:3e:0c:0c:
                    0b:7f:78:05:c0:cf:85:48:8b:82:11:ae:d5:a9:0a:
                    00:42:cb:c6:a4:e7:59:01:e7:cf:2b:29:b4:0e:c6:
                    fa:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:60:69:F4:D1:0B:20:19:20:D2:57:DA:09:6E:C7:C0:FE:12:52:E0
            X509v3 Authority Key Identifier:
                keyid:F7:24:CB:A5:21:C0:80:DB:72:A6:E5:4A:1B:8C:F4:49:5C:BB:C7:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9yTLpSHAgNtypuVKG4z0SVy7x9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/48b50b-adfe-4dfb-ad80-103b206ba28b/1/umBp9NELIBkg0lfaCW7HwP4SUuA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/48b50b-adfe-4dfb-ad80-103b206ba28b/1/9yTLpSHAgNtypuVKG4z0SVy7x9Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.116.114.0/24
                  185.203.113.0/24
                IPv6:
                  2a0a:5480::/29

    Signature Algorithm: sha256WithRSAEncryption
         80:15:2c:cd:ab:e5:02:3e:94:07:5f:1a:9b:8b:af:ac:f7:bb:
         bb:8a:dc:51:0a:f8:b9:81:9a:23:94:19:d9:74:7c:4a:a3:a9:
         9a:a5:89:ea:28:1f:56:af:66:ab:19:fb:7c:66:7e:79:b7:53:
         f1:c4:77:5d:5e:76:2d:02:04:e5:d3:95:40:fc:6a:97:67:96:
         8b:0d:84:5a:be:0c:7c:84:6d:e1:3d:f7:8c:a7:57:e0:64:8f:
         9e:28:d9:1b:3a:eb:bf:d1:c8:ce:fd:0f:88:63:de:93:4c:ff:
         05:be:02:96:5e:25:0e:f2:fa:cd:4f:f4:31:72:d3:c9:8a:da:
         94:86:0d:d4:4e:cd:81:b4:d7:14:f2:b1:5e:e2:7b:24:14:ba:
         7a:b1:5d:ea:60:b5:ca:76:fb:c2:4d:56:d5:60:9c:21:9f:16:
         60:b7:32:b1:4d:4b:7b:f4:0d:80:35:99:f2:1d:ed:68:5a:62:
         0f:45:45:5a:dd:53:ba:28:57:87:cc:46:bb:c4:8a:ba:35:ad:
         c1:58:c7:f3:b9:14:61:b2:50:d2:a3:a1:f7:97:48:fb:51:99:
         89:58:c4:23:8c:1c:04:6b:dd:b7:c4:bd:13:a5:9f:6f:2a:b5:
         13:a8:c5:8d:6c:e8:70:2c:e3:86:d1:00:b3:d8:39:67:5c:d2:
         8b:2c:2e:9d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYz6VBzyWnJKW9K3XHcudJiiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3MjRjYmE1MjFjMDgwZGI3MmE2ZTU0YTFiOGNmNDQ5NWNi
YmM3ZDYwHhcNMjQwMTExMjEwMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTYwNjlmNGQxMGIyMDE5MjBkMjU3ZGEwOTZlYzdjMGZlMTI1MmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlAtM0plP44rJPKFbhhQkspTrole3
390XPhz5MKaHk7SFkyb66HDnqMhWqU2bF+jitwXxDlEQin1+7G7Sn635SQ9YnhjZ
zQmGYRwOvSJwikotJJ4JziUwy5lFhzp2AAl3Gsy9RhoZqNamqsW2fsdXL6w80eIE
fx99RmiejEnsfptEZVvAChbUbtB+GwaFGeqPXX2uuqp240AwdQcwaCAkNAti2TYj
wNbDsPXRl8VhvsmflOp2TGa4GTDehKgLpSWt5NnMr4uKtCQldTaNuvhchZo13okE
2e39yhd2eiI+DAwLf3gFwM+FSIuCEa7VqQoAQsvGpOdZAefPKym0Dsb6LwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLpgafTRCyAZINJX2glux8D+ElLgMB8GA1UdIwQY
MBaAFPcky6UhwIDbcqblShuM9Elcu8fWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXlUTHBTSEFnTnR5cHVWS0c0ejBTVnk3eDlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy80OGI1MGItYWRmZS00ZGZiLWFkODAt
MTAzYjIwNmJhMjhiLzEvdW1CcDlORUxJQmtnMGxmYUNXN0h3UDRTVXVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy80OGI1MGItYWRmZS00ZGZiLWFkODAtMTAzYjIwNmJhMjhi
LzEvOXlUTHBTSEFnTnR5cHVWS0c0ejBTVnk3eDlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAuXRyAwQA
uctxMA0EAgACMAcDBQMqClSAMA0GCSqGSIb3DQEBCwUAA4IBAQCAFSzNq+UCPpQH
Xxqbi6+s97u7itxRCvi5gZojlBnZdHxKo6mapYnqKB9Wr2arGft8Zn55t1PxxHdd
XnYtAgTl05VA/GqXZ5aLDYRavgx8hG3hPfeMp1fgZI+eKNkbOuu/0cjO/Q+IY96T
TP8FvgKWXiUO8vrNT/QxctPJitqUhg3UTs2BtNcU8rFe4nskFLp6sV3qYLXKdvvC
TVbVYJwhnxZgtzKxTUt79A2ANZnyHe1oWmIPRUVa3VO6KFeHzEa7xIq6Na3BWMfz
uRRhslDSo6H3l0j7UZmJWMQjjBwEa923xL0TpZ9vKrUTqMWNbOhwLOOG0QCz2Dln
XNKLLC6d
-----END CERTIFICATE-----