Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/UCnug3VKUD3FXa61R4sRX5Hq1h4.roa
File:                     UCnug3VKUD3FXa61R4sRX5Hq1h4.roa (raw, json)
Hash identifier:          D2As3QN2SMI79Nc8MlGCxrk9sjZ9F7Rn4L0GBEFykWM=
Subject key identifier:   50:29:EE:83:75:4A:50:3D:C5:5D:AE:B5:47:8B:11:5F:91:EA:D6:1E
Certificate issuer:       /CN=d1de124e0f8adb4e7d9576ceae325f668dd224b1
Certificate serial:       018CC794CCD80A789DEF06F672BF13E683BF
Authority key identifier: D1:DE:12:4E:0F:8A:DB:4E:7D:95:76:CE:AE:32:5F:66:8D:D2:24:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/UCnug3VKUD3FXa61R4sRX5Hq1h4.roa
Signing time:             Tue 02 Jan 2024 00:31:06 +0000
ROA not before:           Tue 02 Jan 2024 00:31:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        81.199.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:cc:d8:0a:78:9d:ef:06:f6:72:bf:13:e6:83:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1de124e0f8adb4e7d9576ceae325f668dd224b1
        Validity
            Not Before: Jan  2 00:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5029ee83754a503dc55daeb5478b115f91ead61e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:02:b0:9b:36:7c:4f:02:c3:9d:53:87:46:de:
                    89:12:ef:bc:a6:43:b7:71:61:ad:ec:6f:e4:9b:4d:
                    c2:ae:2b:a1:9b:7f:c4:af:81:49:b0:e0:2d:fc:01:
                    1f:db:28:b1:9e:06:dd:d8:53:b6:b5:ba:b2:1c:99:
                    c5:12:f7:4c:6f:8b:f4:8f:b9:76:8e:8d:4d:df:7d:
                    50:57:6c:ee:52:24:5a:2a:18:0f:45:63:4b:fc:1d:
                    74:fe:a7:85:33:90:af:03:e9:96:3b:7b:b1:a4:e4:
                    ab:22:89:79:0a:09:c6:1c:48:9b:02:6a:27:d5:60:
                    ab:85:72:85:07:cc:ef:ce:35:5b:cf:0b:1a:92:8b:
                    f0:7d:91:99:45:b1:b7:a5:d8:e2:92:d7:9c:1e:7d:
                    da:50:2d:d7:36:4e:ee:18:9b:f3:c7:5e:9d:d9:a5:
                    53:9a:be:d6:4d:d5:7d:9d:7c:36:79:de:3a:34:81:
                    9d:93:6d:99:59:58:56:20:d6:35:c2:6f:e5:f2:87:
                    09:7e:17:cb:aa:6c:dc:1e:8f:da:e4:7b:a3:21:76:
                    f6:f2:1c:68:7f:54:f7:62:a7:36:77:0b:20:91:86:
                    d4:8c:33:eb:a8:b8:23:c9:fc:0e:52:e1:c6:08:b7:
                    60:a7:57:ac:72:ad:42:36:c2:81:f1:1b:23:8a:10:
                    5c:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:29:EE:83:75:4A:50:3D:C5:5D:AE:B5:47:8B:11:5F:91:EA:D6:1E
            X509v3 Authority Key Identifier:
                keyid:D1:DE:12:4E:0F:8A:DB:4E:7D:95:76:CE:AE:32:5F:66:8D:D2:24:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/UCnug3VKUD3FXa61R4sRX5Hq1h4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.199.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:80:a6:67:e3:2f:77:83:dc:2a:86:3d:76:be:84:f1:84:8c:
         34:2e:0a:54:58:08:0e:62:4b:d3:0e:fb:97:7f:5e:fc:0f:26:
         37:2e:6a:84:97:81:f2:65:89:9e:1b:d3:56:d9:bb:df:cf:7b:
         66:36:e9:52:4f:2a:5c:f5:7b:5b:63:d3:f0:c3:31:b2:c3:20:
         b3:d8:cf:e9:b9:73:76:de:b0:44:e1:df:6d:a1:bc:ca:84:05:
         e5:53:7f:2b:39:89:2e:cc:7f:56:59:54:ed:f5:15:d4:8f:c7:
         33:74:7d:de:2c:0f:1e:98:c3:cc:79:89:57:59:0d:4d:7c:18:
         1d:d2:d5:39:a0:27:b1:b4:17:b4:01:dc:f5:36:68:8e:07:63:
         4c:98:59:18:7d:50:3d:66:c4:54:df:fd:a3:40:0f:35:13:75:
         97:d8:00:d9:f0:af:18:9c:be:21:5c:3e:a6:61:a5:df:5b:5d:
         67:d8:aa:29:0e:69:4f:45:80:43:38:4e:21:74:0d:ff:56:42:
         38:f9:8b:3c:cd:d4:45:9f:fc:25:6e:1a:5f:94:d5:ab:31:6a:
         4c:cd:e2:9a:e3:ce:da:84:1f:be:2a:62:51:ba:04:3c:14:02:
         ff:29:a2:96:8f:ad:4f:4a:80:9f:e1:16:c4:20:3c:a4:66:c3:
         bc:d3:6f:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlMzYCnid7wb2cr8T5oO/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxZGUxMjRlMGY4YWRiNGU3ZDk1NzZjZWFlMzI1ZjY2OGRk
MjI0YjEwHhcNMjQwMTAyMDAzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDI5ZWU4Mzc1NGE1MDNkYzU1ZGFlYjU0NzhiMTE1ZjkxZWFkNjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuAKwmzZ8TwLDnVOHRt6JEu+8pkO3
cWGt7G/km03Criuhm3/Er4FJsOAt/AEf2yixngbd2FO2tbqyHJnFEvdMb4v0j7l2
jo1N331QV2zuUiRaKhgPRWNL/B10/qeFM5CvA+mWO3uxpOSrIol5CgnGHEibAmon
1WCrhXKFB8zvzjVbzwsakovwfZGZRbG3pdjiktecHn3aUC3XNk7uGJvzx16d2aVT
mr7WTdV9nXw2ed46NIGdk22ZWVhWINY1wm/l8ocJfhfLqmzcHo/a5HujIXb28hxo
f1T3Yqc2dwsgkYbUjDPrqLgjyfwOUuHGCLdgp1escq1CNsKB8RsjihBc/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFAp7oN1SlA9xV2utUeLEV+R6tYeMB8GA1UdIwQY
MBaAFNHeEk4PittOfZV2zq4yX2aN0iSxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGQ0U1RnLUsyMDU5bFhiT3JqSmZabzNTSkxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9hYmUxMzQtMDA5My00NjUyLTkwNTct
NGY0YzliMzQzZTkwLzEvVUNudWczVktVRDNGWGE2MVI0c1JYNUhxMWg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9hYmUxMzQtMDA5My00NjUyLTkwNTctNGY0YzliMzQzZTkw
LzEvMGQ0U1RnLUsyMDU5bFhiT3JqSmZabzNTSkxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUcccMA0G
CSqGSIb3DQEBCwUAA4IBAQAcgKZn4y93g9wqhj12voTxhIw0LgpUWAgOYkvTDvuX
f178DyY3LmqEl4HyZYmeG9NW2bvfz3tmNulSTypc9XtbY9PwwzGywyCz2M/puXN2
3rBE4d9tobzKhAXlU38rOYkuzH9WWVTt9RXUj8czdH3eLA8emMPMeYlXWQ1NfBgd
0tU5oCextBe0Adz1NmiOB2NMmFkYfVA9ZsRU3/2jQA81E3WX2ADZ8K8YnL4hXD6m
YaXfW11n2KopDmlPRYBDOE4hdA3/VkI4+Ys8zdRFn/wlbhpflNWrMWpMzeKa487a
hB++KmJRugQ8FAL/KaKWj61PSoCf4RbEIDykZsO80287
-----END CERTIFICATE-----