Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/01484c-5f28-42f5-b9ea-0787a503ca69/1/U5GPRhAw8J8gl5ogsxCNn0xJdZg.roa
File:                     U5GPRhAw8J8gl5ogsxCNn0xJdZg.roa (raw, json)
Hash identifier:          3b3NLaaAupJKc8y+UU/PE9zN+ahChcn/TqLbn4B3QGk=
Subject key identifier:   53:91:8F:46:10:30:F0:9F:20:97:9A:20:B3:10:8D:9F:4C:49:75:98
Certificate issuer:       /CN=b02aa961b477d5423d85b7d43f3efa26326d7090
Certificate serial:       018CC2DB25C76300DB7750AEA54EEDD78C01
Authority key identifier: B0:2A:A9:61:B4:77:D5:42:3D:85:B7:D4:3F:3E:FA:26:32:6D:70:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sCqpYbR31UI9hbfUPz76JjJtcJA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/01484c-5f28-42f5-b9ea-0787a503ca69/1/U5GPRhAw8J8gl5ogsxCNn0xJdZg.roa
Signing time:             Mon 01 Jan 2024 02:29:51 +0000
ROA not before:           Mon 01 Jan 2024 02:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206241
IP address blocks:        212.87.254.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/01484c-5f28-42f5-b9ea-0787a503ca69/1/sCqpYbR31UI9hbfUPz76JjJtcJA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/01484c-5f28-42f5-b9ea-0787a503ca69/1/sCqpYbR31UI9hbfUPz76JjJtcJA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sCqpYbR31UI9hbfUPz76JjJtcJA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:25:c7:63:00:db:77:50:ae:a5:4e:ed:d7:8c:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b02aa961b477d5423d85b7d43f3efa26326d7090
        Validity
            Not Before: Jan  1 02:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53918f461030f09f20979a20b3108d9f4c497598
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:3d:7c:b2:76:7f:a8:ad:85:03:3a:78:63:3d:
                    fc:e2:36:06:42:bd:f5:cb:07:e7:d5:36:84:81:86:
                    1d:20:25:55:24:0e:be:15:d6:b6:e6:b2:47:b6:ae:
                    84:fb:29:35:a6:e5:b5:76:c1:cc:51:b5:ae:44:19:
                    c4:fb:c5:dc:58:ab:b1:47:f7:39:6e:6b:4b:5f:60:
                    36:f1:7f:a0:7e:e6:57:de:f7:22:92:b0:c3:be:8b:
                    01:d6:b9:9f:e8:dd:aa:5c:63:87:aa:39:c8:07:77:
                    ac:16:59:4d:ba:e0:1b:71:6d:95:5c:d0:02:ae:51:
                    7d:6c:48:a7:ae:90:5f:87:1d:2a:15:b5:56:41:89:
                    f2:56:af:42:97:a2:2a:3a:c3:3f:9e:20:5d:76:3c:
                    de:8f:92:cd:99:f9:56:e5:7e:78:1d:ba:dc:74:d0:
                    07:32:fd:72:91:af:27:d4:d8:c6:f5:72:cb:48:0c:
                    13:cf:c7:3d:25:c7:84:5a:33:01:a4:68:b1:a7:53:
                    39:80:85:e8:8f:37:65:ec:e3:11:40:61:18:dc:ec:
                    e0:f8:9f:a4:c4:c5:5b:29:9b:67:93:5e:b3:27:cd:
                    a2:e0:93:7d:3a:44:de:32:bd:c2:d0:7a:d7:21:de:
                    6f:6d:b8:90:b7:68:9a:71:57:c9:af:63:e5:b9:bd:
                    e6:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:91:8F:46:10:30:F0:9F:20:97:9A:20:B3:10:8D:9F:4C:49:75:98
            X509v3 Authority Key Identifier:
                keyid:B0:2A:A9:61:B4:77:D5:42:3D:85:B7:D4:3F:3E:FA:26:32:6D:70:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sCqpYbR31UI9hbfUPz76JjJtcJA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/01484c-5f28-42f5-b9ea-0787a503ca69/1/U5GPRhAw8J8gl5ogsxCNn0xJdZg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/01484c-5f28-42f5-b9ea-0787a503ca69/1/sCqpYbR31UI9hbfUPz76JjJtcJA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.87.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         20:36:14:a2:51:92:2f:21:d5:d0:90:a9:30:85:d9:38:20:90:
         46:18:fd:4f:37:42:5d:15:75:1f:a8:8d:50:58:49:84:6f:d1:
         08:c8:f5:a7:a9:fc:ce:1a:a9:74:a8:90:64:2e:09:ae:58:f7:
         88:37:a3:b4:7d:18:56:d5:5e:40:d4:cd:94:74:0a:19:d8:01:
         58:9b:99:62:cb:64:ed:2b:10:03:92:05:ba:00:e9:8d:3e:e4:
         3c:77:3b:56:85:7f:e8:5b:cb:86:85:f7:c1:33:45:58:c6:17:
         a2:0d:5c:5e:5b:e3:52:c7:bf:bc:ab:1a:23:59:9a:77:a0:bc:
         e0:ff:32:06:b6:66:16:e7:6c:65:03:a0:5a:72:ab:b8:63:ea:
         ce:26:08:c7:f6:b3:d7:df:b0:db:3e:d7:58:c6:d0:04:7a:63:
         44:3d:4f:4c:6a:41:26:b0:58:27:72:29:59:fa:39:5b:2e:b4:
         62:dc:4e:21:6c:6a:a5:8d:d7:40:79:57:d5:55:fb:24:b8:9b:
         e1:97:98:2e:4f:7a:a2:b0:36:97:ac:fc:02:35:ba:10:d1:41:
         7f:3e:af:f2:e4:62:a0:7e:87:1e:63:f3:f9:c1:77:35:06:14:
         31:7e:5f:c6:fd:f6:09:a7:d9:d2:38:56:19:f7:4d:11:8a:41:
         56:37:b6:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2yXHYwDbd1CupU7t14wBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwMmFhOTYxYjQ3N2Q1NDIzZDg1YjdkNDNmM2VmYTI2MzI2
ZDcwOTAwHhcNMjQwMTAxMDIyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzkxOGY0NjEwMzBmMDlmMjA5NzlhMjBiMzEwOGQ5ZjRjNDk3NTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxT18snZ/qK2FAzp4Yz384jYGQr31
ywfn1TaEgYYdICVVJA6+Fda25rJHtq6E+yk1puW1dsHMUbWuRBnE+8XcWKuxR/c5
bmtLX2A28X+gfuZX3vcikrDDvosB1rmf6N2qXGOHqjnIB3esFllNuuAbcW2VXNAC
rlF9bEinrpBfhx0qFbVWQYnyVq9Cl6IqOsM/niBddjzej5LNmflW5X54HbrcdNAH
Mv1yka8n1NjG9XLLSAwTz8c9JceEWjMBpGixp1M5gIXojzdl7OMRQGEY3Ozg+J+k
xMVbKZtnk16zJ82i4JN9OkTeMr3C0HrXId5vbbiQt2iacVfJr2Plub3mUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFORj0YQMPCfIJeaILMQjZ9MSXWYMB8GA1UdIwQY
MBaAFLAqqWG0d9VCPYW31D8++iYybXCQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0NxcFliUjMxVUk5aGJmVVB6NzZKakp0Y0pBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8wMTQ4NGMtNWYyOC00MmY1LWI5ZWEt
MDc4N2E1MDNjYTY5LzEvVTVHUFJoQXc4SjhnbDVvZ3N4Q05uMHhKZFpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8wMTQ4NGMtNWYyOC00MmY1LWI5ZWEtMDc4N2E1MDNjYTY5
LzEvc0NxcFliUjMxVUk5aGJmVVB6NzZKakp0Y0pBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1Ff+MA0G
CSqGSIb3DQEBCwUAA4IBAQAgNhSiUZIvIdXQkKkwhdk4IJBGGP1PN0JdFXUfqI1Q
WEmEb9EIyPWnqfzOGql0qJBkLgmuWPeIN6O0fRhW1V5A1M2UdAoZ2AFYm5liy2Tt
KxADkgW6AOmNPuQ8dztWhX/oW8uGhffBM0VYxheiDVxeW+NSx7+8qxojWZp3oLzg
/zIGtmYW52xlA6Bacqu4Y+rOJgjH9rPX37DbPtdYxtAEemNEPU9MakEmsFgncilZ
+jlbLrRi3E4hbGqljddAeVfVVfskuJvhl5guT3qisDaXrPwCNboQ0UF/Pq/y5GKg
foceY/P5wXc1BhQxfl/G/fYJp9nSOFYZ900RikFWN7Y/
-----END CERTIFICATE-----