Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/7c0f14-5b24-4b1b-8eb5-b4d8c2b7a103/1/UtksEOoi3JE8PewTHGA879GWEGY.roa
File:                     UtksEOoi3JE8PewTHGA879GWEGY.roa (raw, json)
Hash identifier:          aydC1TG0OdhEsbIA3OdFc2DuQc0VYExfzGh+sAQLqOE=
Subject key identifier:   52:D9:2C:10:EA:22:DC:91:3C:3D:EC:13:1C:60:3C:EF:D1:96:10:66
Certificate issuer:       /CN=fe31ddef25d96c84b001a2ac5047b04e060a0ac3
Certificate serial:       018CC94ACC093F5E787A1E1C487EA198753F
Authority key identifier: FE:31:DD:EF:25:D9:6C:84:B0:01:A2:AC:50:47:B0:4E:06:0A:0A:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_jHd7yXZbISwAaKsUEewTgYKCsM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/7c0f14-5b24-4b1b-8eb5-b4d8c2b7a103/1/UtksEOoi3JE8PewTHGA879GWEGY.roa
Signing time:             Tue 02 Jan 2024 08:29:31 +0000
ROA not before:           Tue 02 Jan 2024 08:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48492
IP address blocks:        185.56.192.0/24 maxlen: 24
                          185.56.192.0/22 maxlen: 22
                          185.56.193.0/24 maxlen: 24
                          185.56.194.0/24 maxlen: 24
                          185.56.195.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/7c0f14-5b24-4b1b-8eb5-b4d8c2b7a103/1/_jHd7yXZbISwAaKsUEewTgYKCsM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/7c0f14-5b24-4b1b-8eb5-b4d8c2b7a103/1/_jHd7yXZbISwAaKsUEewTgYKCsM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_jHd7yXZbISwAaKsUEewTgYKCsM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:cc:09:3f:5e:78:7a:1e:1c:48:7e:a1:98:75:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe31ddef25d96c84b001a2ac5047b04e060a0ac3
        Validity
            Not Before: Jan  2 08:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=52d92c10ea22dc913c3dec131c603cefd1961066
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:be:90:5c:6e:d8:fc:d9:67:ff:5c:e1:a0:91:
                    13:0b:4b:19:08:94:04:78:1e:dc:15:06:fc:a9:23:
                    de:7b:c2:3e:df:3f:cc:fe:01:f0:ea:21:48:99:9c:
                    49:24:89:ce:b4:f0:72:13:fe:48:df:4d:1a:14:f4:
                    fd:0a:ca:8b:04:73:14:64:aa:7f:51:7f:64:81:95:
                    59:38:d2:07:35:1a:c6:6c:2d:0b:15:fe:57:2b:26:
                    6e:36:35:85:e1:91:5f:12:99:12:55:dd:d8:8b:23:
                    1c:89:03:f7:ad:e9:2d:17:b0:d9:64:99:8b:f5:35:
                    94:5e:96:5c:88:95:26:a7:27:1f:44:c0:02:e8:a0:
                    df:0f:d0:90:de:5a:b1:ca:a7:82:ab:62:3a:7d:e6:
                    85:88:34:83:c8:61:31:d5:77:24:d4:59:6f:20:40:
                    a9:df:72:b1:89:96:77:ed:45:7a:97:e6:b1:f2:e0:
                    f5:a5:b4:2d:12:1a:65:1a:7f:97:ff:30:c8:72:de:
                    5c:e1:58:36:04:66:49:96:89:b0:af:01:e4:ff:b2:
                    53:21:63:0c:1a:ea:73:79:2f:bc:af:0e:40:9f:e2:
                    1b:57:07:63:b4:bd:30:a0:c0:58:23:67:85:3a:a3:
                    75:c1:3e:ec:0c:db:dd:b2:ed:11:ac:67:a8:f6:d1:
                    24:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:D9:2C:10:EA:22:DC:91:3C:3D:EC:13:1C:60:3C:EF:D1:96:10:66
            X509v3 Authority Key Identifier:
                keyid:FE:31:DD:EF:25:D9:6C:84:B0:01:A2:AC:50:47:B0:4E:06:0A:0A:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_jHd7yXZbISwAaKsUEewTgYKCsM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/7c0f14-5b24-4b1b-8eb5-b4d8c2b7a103/1/UtksEOoi3JE8PewTHGA879GWEGY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/7c0f14-5b24-4b1b-8eb5-b4d8c2b7a103/1/_jHd7yXZbISwAaKsUEewTgYKCsM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.56.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8d:2d:0f:b1:25:da:5e:bc:5a:d6:97:62:27:cc:c5:9f:ce:47:
         5a:1f:b0:d0:eb:26:43:ad:c3:ed:38:af:dc:31:13:1a:da:7d:
         2e:3a:e2:b3:e0:a0:b5:74:45:3d:b3:07:e2:a2:a4:98:36:17:
         03:8d:f4:b6:14:40:34:f0:d6:f0:a5:f5:42:a4:67:99:fe:db:
         d6:1e:54:c1:98:47:14:29:96:76:1b:0d:2b:39:7c:6d:cc:28:
         f7:05:e3:db:3c:0f:6a:cc:c5:c1:72:b7:12:4b:c9:3e:e3:4b:
         4e:09:7f:98:c5:4d:23:77:37:25:99:c0:b6:28:55:8c:16:84:
         4e:10:c3:21:25:58:db:60:90:04:f9:97:b6:1f:a1:18:2c:59:
         a1:47:fd:80:1b:da:93:a3:f5:81:c2:ef:ee:59:fd:c2:35:c7:
         f1:02:5c:d9:76:91:6a:dc:f9:38:a2:39:f8:12:34:21:df:38:
         85:bf:70:cc:85:3f:62:17:1d:49:66:b4:c2:d3:4c:46:27:f5:
         fb:b7:73:7e:06:7e:dc:b6:49:05:36:c0:33:bb:97:ad:e0:a2:
         d8:d4:c6:bf:c6:54:f1:0b:45:84:d4:25:66:51:da:3c:93:7b:
         6e:93:2e:c6:51:16:45:9d:55:68:2d:57:97:ba:87:01:84:69:
         5a:9a:79:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJSswJP154eh4cSH6hmHU/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlMzFkZGVmMjVkOTZjODRiMDAxYTJhYzUwNDdiMDRlMDYw
YTBhYzMwHhcNMjQwMTAyMDgyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmQ5MmMxMGVhMjJkYzkxM2MzZGVjMTMxYzYwM2NlZmQxOTYxMDY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg76QXG7Y/Nln/1zhoJETC0sZCJQE
eB7cFQb8qSPee8I+3z/M/gHw6iFImZxJJInOtPByE/5I300aFPT9CsqLBHMUZKp/
UX9kgZVZONIHNRrGbC0LFf5XKyZuNjWF4ZFfEpkSVd3YiyMciQP3rektF7DZZJmL
9TWUXpZciJUmpycfRMAC6KDfD9CQ3lqxyqeCq2I6feaFiDSDyGEx1Xck1FlvIECp
33KxiZZ37UV6l+ax8uD1pbQtEhplGn+X/zDIct5c4Vg2BGZJlomwrwHk/7JTIWMM
GupzeS+8rw5An+IbVwdjtL0woMBYI2eFOqN1wT7sDNvdsu0RrGeo9tEkTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFLZLBDqItyRPD3sExxgPO/RlhBmMB8GA1UdIwQY
MBaAFP4x3e8l2WyEsAGirFBHsE4GCgrDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2pIZDd5WFpiSVN3QWFLc1VFZXdUZ1lLQ3NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy83YzBmMTQtNWIyNC00YjFiLThlYjUt
YjRkOGMyYjdhMTAzLzEvVXRrc0VPb2kzSkU4UGV3VEhHQTg3OUdXRUdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy83YzBmMTQtNWIyNC00YjFiLThlYjUtYjRkOGMyYjdhMTAz
LzEvX2pIZDd5WFpiSVN3QWFLc1VFZXdUZ1lLQ3NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTjAMA0G
CSqGSIb3DQEBCwUAA4IBAQCNLQ+xJdpevFrWl2InzMWfzkdaH7DQ6yZDrcPtOK/c
MRMa2n0uOuKz4KC1dEU9swfioqSYNhcDjfS2FEA08NbwpfVCpGeZ/tvWHlTBmEcU
KZZ2Gw0rOXxtzCj3BePbPA9qzMXBcrcSS8k+40tOCX+YxU0jdzclmcC2KFWMFoRO
EMMhJVjbYJAE+Ze2H6EYLFmhR/2AG9qTo/WBwu/uWf3CNcfxAlzZdpFq3Pk4ojn4
EjQh3ziFv3DMhT9iFx1JZrTC00xGJ/X7t3N+Bn7ctkkFNsAzu5et4KLY1Ma/xlTx
C0WE1CVmUdo8k3tuky7GURZFnVVoLVeXuocBhGlamnl8
-----END CERTIFICATE-----