Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/_UBWiA5SbxfGU8IJwclf_0CS9Jg.roa
File:                     _UBWiA5SbxfGU8IJwclf_0CS9Jg.roa (raw, json)
Hash identifier:          IOlQfKGFOnaabt4KBQ+vn1NL+QqjuyiTyNPQ+JDiwoQ=
Subject key identifier:   FD:40:56:88:0E:52:6F:17:C6:53:C2:09:C1:C9:5F:FF:40:92:F4:98
Certificate issuer:       /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial:       018CC86FC8B0468634108F7E89FB151F7770
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/_UBWiA5SbxfGU8IJwclf_0CS9Jg.roa
Signing time:             Tue 02 Jan 2024 04:30:18 +0000
ROA not before:           Tue 02 Jan 2024 04:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397451
IP address blocks:        89.46.112.0/23 maxlen: 23
                          85.204.196.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:c8:b0:46:86:34:10:8f:7e:89:fb:15:1f:77:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
        Validity
            Not Before: Jan  2 04:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd4056880e526f17c653c209c1c95fff4092f498
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:0b:8c:d7:4c:d5:f3:0a:88:5b:5a:91:7b:a8:
                    7c:e2:48:5a:d9:64:4c:80:2b:61:c5:ce:69:17:98:
                    5c:9c:df:4f:bb:9d:36:82:d4:cb:f6:7d:7a:56:09:
                    1e:27:98:d5:98:dc:ac:11:0d:a5:17:29:6c:1f:ba:
                    bc:75:8c:c8:5e:bf:9b:a7:43:42:c4:47:8f:51:42:
                    64:80:a8:84:f7:f0:1d:3b:59:72:e7:f5:da:73:1f:
                    87:eb:50:84:7a:4d:07:2c:ad:cc:99:7c:aa:40:6a:
                    bc:a0:84:24:c6:01:d1:58:78:9d:9a:66:c1:84:d0:
                    56:f2:ef:a5:45:cd:d5:49:ed:70:23:a7:ff:17:49:
                    e2:de:91:0d:7e:21:1c:f7:ed:02:44:cc:2a:d8:f3:
                    cb:75:b0:d4:62:57:62:b1:ea:d6:c1:98:c9:7e:15:
                    5e:50:45:fb:18:97:b1:52:d4:b2:75:00:40:60:c8:
                    ba:99:b7:a9:b9:84:77:42:05:5b:df:33:f0:f6:79:
                    70:59:8f:93:9c:37:bd:5f:0f:c4:79:6b:c4:bc:9a:
                    a1:90:c8:cb:4a:78:f0:5e:32:cd:7f:dc:cb:4a:f9:
                    d4:98:13:36:ac:79:3e:8a:af:8e:b7:05:c0:6f:4f:
                    9d:d6:eb:27:5f:4a:10:8a:67:1e:bb:32:a7:18:0f:
                    55:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:40:56:88:0E:52:6F:17:C6:53:C2:09:C1:C9:5F:FF:40:92:F4:98
            X509v3 Authority Key Identifier:
                keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/_UBWiA5SbxfGU8IJwclf_0CS9Jg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.196.0/23
                  89.46.112.0/23

    Signature Algorithm: sha256WithRSAEncryption
         98:b3:9c:d6:4e:13:2e:c7:a7:5f:12:93:8a:4c:43:ec:4a:79:
         4c:3f:6d:55:d2:e3:9a:d6:30:99:84:3a:65:02:04:ac:72:dd:
         d8:db:0a:99:4f:c3:9c:60:56:c6:b0:59:88:00:ce:e1:a9:2a:
         11:27:87:35:3f:90:b4:e9:ea:36:79:48:12:61:00:90:5a:9b:
         4e:c4:bc:01:46:d3:6e:c4:f5:63:cb:d9:f0:5b:9c:0d:d6:2d:
         14:88:2f:8e:a7:e2:98:68:ed:57:38:c2:d3:31:e8:0e:19:b2:
         60:6f:88:40:6d:f1:9b:e5:5d:a9:3b:13:e2:14:1a:99:d0:e2:
         c7:72:90:63:d4:13:66:95:26:86:a2:1d:e0:ca:5b:a3:fe:bb:
         cd:e6:f0:54:06:38:98:7f:2c:fd:57:34:90:e6:09:3f:ef:d4:
         11:a2:a3:f3:fa:bd:cf:88:5c:f2:04:ea:b0:d2:1c:5e:99:2d:
         8d:7e:09:4a:b2:a8:27:cc:9c:aa:21:60:56:bf:bc:8e:21:4f:
         45:b4:ad:d7:ba:7e:a3:04:91:f9:b8:72:e4:9d:c4:23:1a:b7:
         4b:28:91:30:e7:de:77:a8:ee:18:6f:4d:af:0d:a9:0d:bf:1b:
         21:8f:29:3f:2c:bf:cd:f3:f9:0a:78:09:f2:e8:04:44:ff:2b:
         a3:84:3d:0a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIb8iwRoY0EI9+ifsVH3dwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjQwMTAyMDQzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDQwNTY4ODBlNTI2ZjE3YzY1M2MyMDljMWM5NWZmZjQwOTJmNDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApAuM10zV8wqIW1qRe6h84kha2WRM
gCthxc5pF5hcnN9Pu502gtTL9n16VgkeJ5jVmNysEQ2lFylsH7q8dYzIXr+bp0NC
xEePUUJkgKiE9/AdO1ly5/Xacx+H61CEek0HLK3MmXyqQGq8oIQkxgHRWHidmmbB
hNBW8u+lRc3VSe1wI6f/F0ni3pENfiEc9+0CRMwq2PPLdbDUYldiserWwZjJfhVe
UEX7GJexUtSydQBAYMi6mbepuYR3QgVb3zPw9nlwWY+TnDe9Xw/EeWvEvJqhkMjL
SnjwXjLNf9zLSvnUmBM2rHk+iq+OtwXAb0+d1usnX0oQimceuzKnGA9V9QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP1AVogOUm8XxlPCCcHJX/9AkvSYMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvX1VCV2lBNVNieGZHVThJSndjbGZfMENTOUpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBVczEAwQB
WS5wMA0GCSqGSIb3DQEBCwUAA4IBAQCYs5zWThMux6dfEpOKTEPsSnlMP21V0uOa
1jCZhDplAgSsct3Y2wqZT8OcYFbGsFmIAM7hqSoRJ4c1P5C06eo2eUgSYQCQWptO
xLwBRtNuxPVjy9nwW5wN1i0UiC+Op+KYaO1XOMLTMegOGbJgb4hAbfGb5V2pOxPi
FBqZ0OLHcpBj1BNmlSaGoh3gyluj/rvN5vBUBjiYfyz9VzSQ5gk/79QRoqPz+r3P
iFzyBOqw0hxemS2NfglKsqgnzJyqIWBWv7yOIU9FtK3Xun6jBJH5uHLkncQjGrdL
KJEw5953qO4Yb02vDakNvxshjyk/LL/N8/kKeAny6ARE/yujhD0K
-----END CERTIFICATE-----