Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/bbba88-1344-4d89-8f52-6df7bf59e326/1/1-UjowN_UmJK1FNib-NKli7Bki40.roa
File:                     1-UjowN_UmJK1FNib-NKli7Bki40.roa (raw, json)
Hash identifier:          MAUqkEQi3gpPSaGZE26c1zgiIW+/oHY/XqNeWLb/EyQ=
Subject key identifier:   F9:48:E8:C0:DF:D4:98:92:B5:14:D8:9B:F8:D2:A5:8B:B0:64:8B:8D
Certificate issuer:       /CN=252c4e2bf5f2138462ef4a5d9e0f6e7a763530fe
Certificate serial:       018CC86FD44214C561F811681ABD0B279015
Authority key identifier: 25:2C:4E:2B:F5:F2:13:84:62:EF:4A:5D:9E:0F:6E:7A:76:35:30:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JSxOK_XyE4Ri70pdng9uenY1MP4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/bbba88-1344-4d89-8f52-6df7bf59e326/1/1-UjowN_UmJK1FNib-NKli7Bki40.roa
Signing time:             Tue 02 Jan 2024 04:30:21 +0000
ROA not before:           Tue 02 Jan 2024 04:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211987
IP address blocks:        185.234.102.0/24 maxlen: 24
                          2a10:da80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/bbba88-1344-4d89-8f52-6df7bf59e326/1/JSxOK_XyE4Ri70pdng9uenY1MP4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/bbba88-1344-4d89-8f52-6df7bf59e326/1/JSxOK_XyE4Ri70pdng9uenY1MP4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JSxOK_XyE4Ri70pdng9uenY1MP4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:d4:42:14:c5:61:f8:11:68:1a:bd:0b:27:90:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=252c4e2bf5f2138462ef4a5d9e0f6e7a763530fe
        Validity
            Not Before: Jan  2 04:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f948e8c0dfd49892b514d89bf8d2a58bb0648b8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:a7:b3:2a:5b:60:06:0d:51:05:d2:4d:19:85:
                    2f:58:55:bf:7a:1c:08:dc:b2:c5:da:78:02:4b:b6:
                    62:8d:3e:d8:dd:fa:1a:45:a5:da:d1:45:f4:ca:4f:
                    b0:50:2d:a1:7a:3f:b7:23:22:cd:05:a4:17:cc:57:
                    76:69:de:af:cc:6c:66:f2:10:63:83:cd:54:5a:40:
                    91:f8:da:e5:68:d1:b3:da:4e:36:b4:bb:91:28:f2:
                    23:ae:17:9f:f2:41:a9:ca:e8:13:c5:d2:72:ce:ec:
                    0e:51:f4:9b:84:8b:fd:82:bb:b4:29:4d:33:64:15:
                    e2:19:7d:c8:1a:1d:8c:f0:5b:7f:40:b3:ad:b3:75:
                    17:2c:28:06:b7:35:e7:27:a3:e2:67:fd:b2:f4:0c:
                    23:75:bb:2b:1b:d3:16:00:52:69:4a:c9:11:88:b5:
                    01:5e:70:b6:39:7d:a8:f5:5d:5b:34:0b:3b:e9:c3:
                    6e:15:fb:e7:e1:1e:12:46:7a:ab:ff:6e:34:c1:2e:
                    ef:f8:df:fb:41:51:f8:b1:90:34:3c:a5:2e:39:75:
                    da:10:8e:bf:c1:bd:62:c3:00:d4:94:73:56:53:8a:
                    87:2d:cb:7c:02:b8:db:fd:c9:7f:51:d2:2c:c9:0a:
                    bb:fd:56:07:b0:84:30:a7:fd:31:c5:08:eb:0a:b9:
                    8c:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:48:E8:C0:DF:D4:98:92:B5:14:D8:9B:F8:D2:A5:8B:B0:64:8B:8D
            X509v3 Authority Key Identifier:
                keyid:25:2C:4E:2B:F5:F2:13:84:62:EF:4A:5D:9E:0F:6E:7A:76:35:30:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JSxOK_XyE4Ri70pdng9uenY1MP4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/bbba88-1344-4d89-8f52-6df7bf59e326/1/1-UjowN_UmJK1FNib-NKli7Bki40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/bbba88-1344-4d89-8f52-6df7bf59e326/1/JSxOK_XyE4Ri70pdng9uenY1MP4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.234.102.0/24
                IPv6:
                  2a10:da80::/29

    Signature Algorithm: sha256WithRSAEncryption
         56:ff:9d:dd:cc:b1:27:bc:7d:c5:ec:34:30:71:b7:ee:37:47:
         d6:06:83:6c:ba:58:48:34:2b:41:91:44:61:56:23:a7:27:47:
         a8:f6:9a:2b:87:9e:5d:52:54:d0:ae:5d:b8:1b:5b:69:0e:09:
         9f:f4:8a:71:98:f0:b3:04:4f:7b:e3:fd:06:42:a8:d5:da:b8:
         df:16:83:ef:6f:a5:cf:9f:9a:0c:91:26:19:4c:c8:4e:e7:7b:
         33:84:9b:0c:ba:a5:63:ed:db:71:6b:b4:65:96:42:6a:60:fe:
         9a:9d:f8:26:5f:bb:e0:df:b2:a3:20:82:6a:ef:e0:c7:8a:9d:
         fa:93:fd:75:35:24:b5:8d:e9:ca:ef:58:bd:26:41:47:27:eb:
         4e:d3:13:69:02:70:7e:7e:02:48:04:11:27:29:fa:9e:74:85:
         ae:31:65:50:c5:fe:90:50:7e:55:4d:d2:fd:a2:7b:90:56:5f:
         49:af:e3:46:4d:c2:d8:67:5f:94:45:89:88:07:c2:83:b0:ae:
         17:01:76:04:cb:17:fd:81:0c:93:a4:89:88:05:ba:7b:ed:6b:
         d6:20:77:80:cf:b0:50:62:a5:fd:fe:ca:be:a8:be:99:fb:4f:
         b1:a2:d0:57:0f:2a:f5:64:dd:66:ca:5c:0b:d4:64:c5:99:b8:
         49:e2:c4:25
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzIb9RCFMVh+BFoGr0LJ5AVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1MmM0ZTJiZjVmMjEzODQ2MmVmNGE1ZDllMGY2ZTdhNzYz
NTMwZmUwHhcNMjQwMTAyMDQzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTQ4ZThjMGRmZDQ5ODkyYjUxNGQ4OWJmOGQyYTU4YmIwNjQ4YjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+aezKltgBg1RBdJNGYUvWFW/ehwI
3LLF2ngCS7ZijT7Y3foaRaXa0UX0yk+wUC2hej+3IyLNBaQXzFd2ad6vzGxm8hBj
g81UWkCR+NrlaNGz2k42tLuRKPIjrhef8kGpyugTxdJyzuwOUfSbhIv9gru0KU0z
ZBXiGX3IGh2M8Ft/QLOts3UXLCgGtzXnJ6PiZ/2y9AwjdbsrG9MWAFJpSskRiLUB
XnC2OX2o9V1bNAs76cNuFfvn4R4SRnqr/240wS7v+N/7QVH4sZA0PKUuOXXaEI6/
wb1iwwDUlHNWU4qHLct8Arjb/cl/UdIsyQq7/VYHsIQwp/0xxQjrCrmMGQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFPlI6MDf1JiStRTYm/jSpYuwZIuNMB8GA1UdIwQY
MBaAFCUsTiv18hOEYu9KXZ4Pbnp2NTD+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlN4T0tfWHlFNFJpNzBwZG5nOXVlblkxTVA0LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi9iYmJhODgtMTM0NC00ZDg5LThmNTIt
NmRmN2JmNTllMzI2LzEvMS1Vam93Tl9VbUpLMUZOaWItTktsaTdCa2k0MC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzIvYmJiYTg4LTEzNDQtNGQ4OS04ZjUyLTZkZjdiZjU5ZTMy
Ni8xL0pTeE9LX1h5RTRSaTcwcGRuZzl1ZW5ZMU1QNC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAuBggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEALnqZjAN
BAIAAjAHAwUDKhDagDANBgkqhkiG9w0BAQsFAAOCAQEAVv+d3cyxJ7x9xew0MHG3
7jdH1gaDbLpYSDQrQZFEYVYjpydHqPaaK4eeXVJU0K5duBtbaQ4Jn/SKcZjwswRP
e+P9BkKo1dq43xaD72+lz5+aDJEmGUzITud7M4SbDLqlY+3bcWu0ZZZCamD+mp34
Jl+74N+yoyCCau/gx4qd+pP9dTUktY3pyu9YvSZBRyfrTtMTaQJwfn4CSAQRJyn6
nnSFrjFlUMX+kFB+VU3S/aJ7kFZfSa/jRk3C2GdflEWJiAfCg7CuFwF2BMsX/YEM
k6SJiAW6e+1r1iB3gM+wUGKl/f7Kvqi+mftPsaLQVw8q9WTdZspcC9RkxZm4SeLE
JQ==
-----END CERTIFICATE-----