Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/5531eb-dc9a-42ad-a5d6-43718f422b1f/1/UfhYK52CrZvNEw-3-NJSlAnPBvA.roa
File:                     UfhYK52CrZvNEw-3-NJSlAnPBvA.roa (raw, json)
Hash identifier:          61PN/SOyqbrQkt4OjbbAQb4CJukyxolJxQSA9E2eJ9w=
Subject key identifier:   51:F8:58:2B:9D:82:AD:9B:CD:13:0F:B7:F8:D2:52:94:09:CF:06:F0
Certificate issuer:       /CN=1dde851d53bec9b19f7f7cee4d7a61b2a8aef420
Certificate serial:       018CC8DEA82E86FCD718A00001994613E140
Authority key identifier: 1D:DE:85:1D:53:BE:C9:B1:9F:7F:7C:EE:4D:7A:61:B2:A8:AE:F4:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hd6FHVO-ybGff3zuTXphsqiu9CA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/5531eb-dc9a-42ad-a5d6-43718f422b1f/1/UfhYK52CrZvNEw-3-NJSlAnPBvA.roa
Signing time:             Tue 02 Jan 2024 06:31:24 +0000
ROA not before:           Tue 02 Jan 2024 06:31:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24904
IP address blocks:        185.200.200.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/5531eb-dc9a-42ad-a5d6-43718f422b1f/1/Hd6FHVO-ybGff3zuTXphsqiu9CA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/5531eb-dc9a-42ad-a5d6-43718f422b1f/1/Hd6FHVO-ybGff3zuTXphsqiu9CA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hd6FHVO-ybGff3zuTXphsqiu9CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:a8:2e:86:fc:d7:18:a0:00:01:99:46:13:e1:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1dde851d53bec9b19f7f7cee4d7a61b2a8aef420
        Validity
            Not Before: Jan  2 06:31:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51f8582b9d82ad9bcd130fb7f8d2529409cf06f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:49:41:4a:56:a2:7d:bf:44:a6:59:ee:07:a5:
                    7b:29:3d:f0:42:aa:ea:6c:0c:d7:95:ea:56:3c:37:
                    cf:bb:8e:e0:bd:8a:ba:ec:b4:7f:99:79:81:4b:ec:
                    c6:a7:12:b1:fa:1a:ec:67:05:c4:e5:ae:f9:9f:2c:
                    cf:50:2b:fc:14:2b:9f:b2:78:a8:a7:78:df:05:fa:
                    f6:77:81:da:16:f8:44:bb:8f:77:0a:02:2c:59:b2:
                    4e:b6:44:93:a6:bd:17:24:ad:a6:ca:17:fa:e2:05:
                    b7:ed:d1:fc:3e:57:f5:51:89:82:62:6c:ec:b9:75:
                    d9:bd:bd:bd:83:a1:2c:02:46:55:28:a5:c0:4e:39:
                    df:cc:99:6a:37:07:b6:ce:c4:bb:19:a1:e5:bb:79:
                    3b:be:79:b1:b1:7c:10:0b:5d:5b:5c:52:9c:92:0f:
                    af:40:8d:3e:8c:c6:b8:bd:67:f6:53:60:31:1d:c4:
                    e6:68:8f:9c:e5:45:44:db:a0:ad:91:b1:65:41:5d:
                    c2:94:af:bc:e6:23:fc:f5:b7:0b:49:55:12:e9:c8:
                    39:d1:d2:ec:3d:ad:0f:5d:a8:82:d3:9d:c2:34:36:
                    da:4e:59:83:2c:34:73:cc:5e:ea:04:f0:dd:19:95:
                    87:3e:5d:98:9e:9e:62:d8:b5:89:b3:64:30:41:22:
                    34:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:F8:58:2B:9D:82:AD:9B:CD:13:0F:B7:F8:D2:52:94:09:CF:06:F0
            X509v3 Authority Key Identifier:
                keyid:1D:DE:85:1D:53:BE:C9:B1:9F:7F:7C:EE:4D:7A:61:B2:A8:AE:F4:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hd6FHVO-ybGff3zuTXphsqiu9CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/5531eb-dc9a-42ad-a5d6-43718f422b1f/1/UfhYK52CrZvNEw-3-NJSlAnPBvA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/5531eb-dc9a-42ad-a5d6-43718f422b1f/1/Hd6FHVO-ybGff3zuTXphsqiu9CA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.200.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a0:50:f0:31:23:a2:5b:9f:2f:54:8d:bd:63:60:da:43:2e:87:
         15:2b:15:2a:21:a6:9d:4d:46:6f:4f:2f:87:de:c8:6e:b3:75:
         0d:12:92:c0:08:97:e9:b4:e8:80:01:b1:af:e9:5e:0e:1b:04:
         4c:ab:c3:71:0a:fb:c4:a1:67:53:55:7e:3a:b7:b5:57:cc:bf:
         c6:8d:3a:af:d5:a7:df:f1:36:3b:54:47:df:e4:cc:a8:f5:7c:
         77:c1:a0:88:d5:35:ab:12:d6:51:5f:bf:d7:c6:a3:ca:b7:74:
         f0:bc:93:e4:5a:af:71:3f:48:b0:bb:a1:6b:15:cd:e9:20:84:
         7f:91:2f:44:b3:0f:66:2f:d2:d1:2b:53:2c:36:d1:b4:28:9b:
         6a:b3:7c:35:5a:9e:a9:84:57:ae:e9:cb:4f:a4:7b:25:73:86:
         ec:e4:b4:08:22:1b:77:47:92:51:78:43:36:74:8f:a9:bb:f5:
         91:41:37:06:56:d6:a3:97:c0:c7:83:0b:2d:a9:05:4a:94:11:
         b6:b6:6a:5d:1b:7b:e6:c1:ca:a8:fb:9f:b9:e0:14:05:96:12:
         7f:b7:66:fc:3a:fd:ff:79:88:37:ff:01:83:92:b3:e9:09:65:
         a9:3f:40:26:e4:86:f4:c5:3b:23:1b:a5:5c:05:69:a6:3f:0a:
         46:37:1e:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3qguhvzXGKAAAZlGE+FAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkZGU4NTFkNTNiZWM5YjE5ZjdmN2NlZTRkN2E2MWIyYThh
ZWY0MjAwHhcNMjQwMTAyMDYzMTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWY4NTgyYjlkODJhZDliY2QxMzBmYjdmOGQyNTI5NDA5Y2YwNmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkUlBSlaifb9EplnuB6V7KT3wQqrq
bAzXlepWPDfPu47gvYq67LR/mXmBS+zGpxKx+hrsZwXE5a75nyzPUCv8FCufsnio
p3jfBfr2d4HaFvhEu493CgIsWbJOtkSTpr0XJK2myhf64gW37dH8Plf1UYmCYmzs
uXXZvb29g6EsAkZVKKXATjnfzJlqNwe2zsS7GaHlu3k7vnmxsXwQC11bXFKckg+v
QI0+jMa4vWf2U2AxHcTmaI+c5UVE26CtkbFlQV3ClK+85iP89bcLSVUS6cg50dLs
Pa0PXaiC053CNDbaTlmDLDRzzF7qBPDdGZWHPl2Ynp5i2LWJs2QwQSI0wwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFH4WCudgq2bzRMPt/jSUpQJzwbwMB8GA1UdIwQY
MBaAFB3ehR1Tvsmxn3987k16YbKorvQgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGQ2RkhWTy15YkdmZjN6dVRYcGhzcWl1OUNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi81NTMxZWItZGM5YS00MmFkLWE1ZDYt
NDM3MThmNDIyYjFmLzEvVWZoWUs1MkNyWnZORXctMy1OSlNsQW5QQnZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi81NTMxZWItZGM5YS00MmFkLWE1ZDYtNDM3MThmNDIyYjFm
LzEvSGQ2RkhWTy15YkdmZjN6dVRYcGhzcWl1OUNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucjIMA0G
CSqGSIb3DQEBCwUAA4IBAQCgUPAxI6Jbny9Ujb1jYNpDLocVKxUqIaadTUZvTy+H
3shus3UNEpLACJfptOiAAbGv6V4OGwRMq8NxCvvEoWdTVX46t7VXzL/GjTqv1aff
8TY7VEff5Myo9Xx3waCI1TWrEtZRX7/XxqPKt3TwvJPkWq9xP0iwu6FrFc3pIIR/
kS9Esw9mL9LRK1MsNtG0KJtqs3w1Wp6phFeu6ctPpHslc4bs5LQIIht3R5JReEM2
dI+pu/WRQTcGVtajl8DHgwstqQVKlBG2tmpdG3vmwcqo+5+54BQFlhJ/t2b8Ov3/
eYg3/wGDkrPpCWWpP0Am5Ib0xTsjG6VcBWmmPwpGNx4k
-----END CERTIFICATE-----