Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/36720e-ebf2-4b41-8cc2-faff211ea4c6/1/U_lb42RpJP722QuhTMUBXAfuYtg.roa
File:                     U_lb42RpJP722QuhTMUBXAfuYtg.roa (raw, json)
Hash identifier:          by/aOE33cpG1o1pUfk21OmgXT0fA1bHsgJwINB4B708=
Subject key identifier:   53:F9:5B:E3:64:69:24:FE:F6:D9:0B:A1:4C:C5:01:5C:07:EE:62:D8
Certificate issuer:       /CN=015f2ef6db502994d7b0c8e49cd4a777bdb93572
Certificate serial:       018CC26D31751D86043C26FFB1E856563A8B
Authority key identifier: 01:5F:2E:F6:DB:50:29:94:D7:B0:C8:E4:9C:D4:A7:77:BD:B9:35:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AV8u9ttQKZTXsMjknNSnd725NXI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/36720e-ebf2-4b41-8cc2-faff211ea4c6/1/U_lb42RpJP722QuhTMUBXAfuYtg.roa
Signing time:             Mon 01 Jan 2024 00:29:45 +0000
ROA not before:           Mon 01 Jan 2024 00:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203123
IP address blocks:        185.144.8.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/36720e-ebf2-4b41-8cc2-faff211ea4c6/1/AV8u9ttQKZTXsMjknNSnd725NXI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/36720e-ebf2-4b41-8cc2-faff211ea4c6/1/AV8u9ttQKZTXsMjknNSnd725NXI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AV8u9ttQKZTXsMjknNSnd725NXI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:31:75:1d:86:04:3c:26:ff:b1:e8:56:56:3a:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=015f2ef6db502994d7b0c8e49cd4a777bdb93572
        Validity
            Not Before: Jan  1 00:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53f95be3646924fef6d90ba14cc5015c07ee62d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:a5:46:25:a1:b7:f0:ac:d8:c4:3c:af:cc:57:
                    39:f5:2d:60:28:33:de:58:3f:70:9c:e6:15:5d:01:
                    d3:e1:00:a5:de:05:ed:2c:01:2a:a5:6b:8a:ff:5b:
                    f0:a6:92:ba:7e:f2:ce:f7:e6:64:a6:15:4f:54:2c:
                    34:14:20:d8:b6:4a:29:d1:42:e6:81:ce:8c:dc:41:
                    c4:e2:d2:cd:45:03:eb:0e:d4:35:0b:95:16:c7:48:
                    33:92:9a:80:9a:33:1c:61:1b:f3:45:00:c0:02:67:
                    4e:3a:24:5b:e9:a9:01:d7:b8:d7:8a:39:bc:5e:12:
                    40:4a:ca:56:98:0d:09:6b:ab:ec:8d:23:6d:74:ea:
                    48:cd:49:83:6d:bb:68:40:4b:ef:de:23:cc:b1:b2:
                    94:b7:35:f8:87:56:b6:e8:94:2c:76:a9:8c:a0:e5:
                    db:8c:9e:77:7a:91:b5:4d:b7:5b:27:c8:fd:89:3d:
                    2d:cb:91:7b:14:49:b8:98:6e:c3:c8:8c:4b:2f:2e:
                    50:9e:d3:b2:54:9d:f2:a8:34:72:8b:3b:c8:9d:ad:
                    22:4f:4e:9f:2d:5a:40:49:bf:74:07:5e:ec:ad:1d:
                    7c:35:3a:4d:6e:b3:58:25:45:6a:46:3d:89:72:1c:
                    25:69:3b:88:bb:03:89:98:0c:63:56:b4:da:4a:42:
                    f9:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:F9:5B:E3:64:69:24:FE:F6:D9:0B:A1:4C:C5:01:5C:07:EE:62:D8
            X509v3 Authority Key Identifier:
                keyid:01:5F:2E:F6:DB:50:29:94:D7:B0:C8:E4:9C:D4:A7:77:BD:B9:35:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AV8u9ttQKZTXsMjknNSnd725NXI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/36720e-ebf2-4b41-8cc2-faff211ea4c6/1/U_lb42RpJP722QuhTMUBXAfuYtg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/36720e-ebf2-4b41-8cc2-faff211ea4c6/1/AV8u9ttQKZTXsMjknNSnd725NXI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.144.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3a:01:48:19:82:6d:6f:d2:6b:33:70:75:2d:0e:a5:08:d7:46:
         16:f6:93:d1:0e:bd:06:8a:d5:ee:a7:11:f3:0a:1e:ad:62:94:
         7e:21:d6:88:4f:e3:7b:aa:b2:88:1d:1a:9f:63:5a:aa:d5:ef:
         0f:fd:0b:f2:cd:4b:55:5f:12:26:be:60:13:d2:e3:c6:ec:f8:
         b4:82:5e:57:a5:16:02:4c:49:8e:90:5e:14:f3:45:cc:1e:33:
         0e:13:1a:a2:36:54:25:d0:bf:f1:f6:a1:c1:d8:d2:ae:dd:42:
         7c:26:cb:20:39:88:3b:4f:d1:0e:c5:8c:88:12:9e:41:ce:90:
         36:57:42:49:72:73:fe:13:78:4b:4f:d1:1c:3a:0f:97:5d:30:
         14:b0:00:12:43:ee:c5:29:48:15:20:c5:83:51:c0:c5:59:71:
         61:82:2a:7d:f7:4d:8c:5b:29:b6:05:56:64:76:07:07:26:19:
         c0:d1:f6:d7:08:11:45:13:3a:39:50:93:65:5b:a6:99:9c:58:
         c3:39:f6:8e:fa:68:ea:a2:89:26:86:39:1a:f1:d5:0c:1f:1f:
         5d:4a:d5:1f:f4:8c:47:b6:c8:dc:22:d5:35:8a:4f:1b:84:b8:
         ae:80:3e:cf:87:b1:1c:11:10:78:ae:a9:4a:ba:62:fa:fa:6c:
         11:af:7d:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbTF1HYYEPCb/sehWVjqLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNWYyZWY2ZGI1MDI5OTRkN2IwYzhlNDljZDRhNzc3YmRi
OTM1NzIwHhcNMjQwMTAxMDAyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2Y5NWJlMzY0NjkyNGZlZjZkOTBiYTE0Y2M1MDE1YzA3ZWU2MmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmqVGJaG38KzYxDyvzFc59S1gKDPe
WD9wnOYVXQHT4QCl3gXtLAEqpWuK/1vwppK6fvLO9+ZkphVPVCw0FCDYtkop0ULm
gc6M3EHE4tLNRQPrDtQ1C5UWx0gzkpqAmjMcYRvzRQDAAmdOOiRb6akB17jXijm8
XhJASspWmA0Ja6vsjSNtdOpIzUmDbbtoQEvv3iPMsbKUtzX4h1a26JQsdqmMoOXb
jJ53epG1TbdbJ8j9iT0ty5F7FEm4mG7DyIxLLy5QntOyVJ3yqDRyizvIna0iT06f
LVpASb90B17srR18NTpNbrNYJUVqRj2JchwlaTuIuwOJmAxjVrTaSkL57wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFP5W+NkaST+9tkLoUzFAVwH7mLYMB8GA1UdIwQY
MBaAFAFfLvbbUCmU17DI5JzUp3e9uTVyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVY4dTl0dFFLWlRYc01qa25OU25kNzI1TlhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zNjcyMGUtZWJmMi00YjQxLThjYzIt
ZmFmZjIxMWVhNGM2LzEvVV9sYjQyUnBKUDcyMlF1aFRNVUJYQWZ1WXRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zNjcyMGUtZWJmMi00YjQxLThjYzItZmFmZjIxMWVhNGM2
LzEvQVY4dTl0dFFLWlRYc01qa25OU25kNzI1TlhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZAIMA0G
CSqGSIb3DQEBCwUAA4IBAQA6AUgZgm1v0mszcHUtDqUI10YW9pPRDr0GitXupxHz
Ch6tYpR+IdaIT+N7qrKIHRqfY1qq1e8P/QvyzUtVXxImvmAT0uPG7Pi0gl5XpRYC
TEmOkF4U80XMHjMOExqiNlQl0L/x9qHB2NKu3UJ8JssgOYg7T9EOxYyIEp5BzpA2
V0JJcnP+E3hLT9EcOg+XXTAUsAASQ+7FKUgVIMWDUcDFWXFhgip9902MWym2BVZk
dgcHJhnA0fbXCBFFEzo5UJNlW6aZnFjDOfaO+mjqookmhjka8dUMHx9dStUf9IxH
tsjcItU1ik8bhLiugD7Ph7EcERB4rqlKumL6+mwRr32r
-----END CERTIFICATE-----