Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/d1f390-4ec5-4c42-8e54-01fb46a433e1/1/Uwsi8j1cBtlrJFTcUQjO7ESINJ8.roa
File:                     Uwsi8j1cBtlrJFTcUQjO7ESINJ8.roa (raw, json)
Hash identifier:          IzE2au2TDAHEoz7Ce1rnYlHbcAM1Wqv4TE6G2BXPqyc=
Subject key identifier:   53:0B:22:F2:3D:5C:06:D9:6B:24:54:DC:51:08:CE:EC:44:88:34:9F
Certificate issuer:       /CN=1230cd8e13c86d8ef835c1aac7d5f953455c035c
Certificate serial:       018CC2DB45FAB35A92EC08B56289AEA61731
Authority key identifier: 12:30:CD:8E:13:C8:6D:8E:F8:35:C1:AA:C7:D5:F9:53:45:5C:03:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EjDNjhPIbY74NcGqx9X5U0VcA1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/d1f390-4ec5-4c42-8e54-01fb46a433e1/1/Uwsi8j1cBtlrJFTcUQjO7ESINJ8.roa
Signing time:             Mon 01 Jan 2024 02:29:59 +0000
ROA not before:           Mon 01 Jan 2024 02:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20857
IP address blocks:        185.88.148.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/d1f390-4ec5-4c42-8e54-01fb46a433e1/1/EjDNjhPIbY74NcGqx9X5U0VcA1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/d1f390-4ec5-4c42-8e54-01fb46a433e1/1/EjDNjhPIbY74NcGqx9X5U0VcA1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EjDNjhPIbY74NcGqx9X5U0VcA1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 19:02:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:45:fa:b3:5a:92:ec:08:b5:62:89:ae:a6:17:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1230cd8e13c86d8ef835c1aac7d5f953455c035c
        Validity
            Not Before: Jan  1 02:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=530b22f23d5c06d96b2454dc5108ceec4488349f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:d2:8d:73:c2:e7:73:7a:51:99:9d:30:21:2b:
                    66:f5:40:8b:13:12:14:d3:b7:cf:66:0b:59:12:b0:
                    bd:0f:25:5f:a2:b1:38:49:20:8a:2b:f0:17:77:de:
                    6b:88:b4:9f:c0:a9:04:f9:49:bb:e8:ae:6f:f2:51:
                    c8:08:7c:a5:5f:98:22:95:f5:4a:fe:1a:62:f9:1a:
                    e2:1c:9b:a0:60:3d:2c:e6:e8:18:39:a2:e9:03:a6:
                    60:a0:73:3c:5c:44:6e:a1:e3:cc:62:a5:dd:14:2c:
                    3b:79:36:f9:ae:70:a7:be:44:c5:d8:74:79:e1:72:
                    78:eb:61:ee:9a:87:ba:10:21:b4:f0:3c:4e:1d:d9:
                    6b:00:43:de:73:f9:27:0a:35:7c:82:ba:5c:53:f3:
                    70:0e:96:3d:69:83:d1:31:c1:50:cd:79:03:27:02:
                    e0:8e:ce:87:0c:78:f9:a3:33:a1:65:09:27:ae:e5:
                    df:2d:c5:1f:aa:2c:d9:1e:48:9d:ef:c2:73:a1:d5:
                    ac:8a:7f:01:24:ea:48:97:76:27:3d:a3:71:b4:49:
                    78:e9:a6:94:dd:2f:88:9d:bf:1a:22:1b:da:38:43:
                    54:db:e7:9e:95:53:d7:e9:d0:56:07:bf:71:92:7d:
                    86:49:de:e2:1d:06:99:c4:e2:e8:29:60:3b:7a:e3:
                    23:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:0B:22:F2:3D:5C:06:D9:6B:24:54:DC:51:08:CE:EC:44:88:34:9F
            X509v3 Authority Key Identifier:
                keyid:12:30:CD:8E:13:C8:6D:8E:F8:35:C1:AA:C7:D5:F9:53:45:5C:03:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EjDNjhPIbY74NcGqx9X5U0VcA1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/d1f390-4ec5-4c42-8e54-01fb46a433e1/1/Uwsi8j1cBtlrJFTcUQjO7ESINJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/d1f390-4ec5-4c42-8e54-01fb46a433e1/1/EjDNjhPIbY74NcGqx9X5U0VcA1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.88.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         08:e4:9c:e4:61:3d:43:1d:5d:42:72:2e:61:ec:29:e5:8b:af:
         dd:a6:67:45:b2:af:63:56:e7:5b:58:f2:ba:1e:6b:24:04:b7:
         86:9d:69:60:ac:90:1b:2f:20:61:81:85:14:bc:9c:00:e6:0a:
         84:ff:d2:e2:d8:78:5c:4c:77:92:9b:ee:c2:d1:e3:1c:59:d0:
         08:e2:ce:b7:51:52:20:a2:02:9f:7d:cc:e8:9d:49:81:ff:1a:
         39:07:0f:48:f8:a3:5c:5c:6d:45:75:0c:8f:1d:c8:eb:fa:a7:
         99:d4:f1:a0:e2:64:08:91:18:c0:e5:ce:0c:f1:11:dd:86:c3:
         da:32:16:e0:b6:a1:7a:2f:b5:96:7f:0b:27:2e:df:e6:b8:8e:
         b0:a4:e1:af:4c:4f:0f:eb:2a:b6:37:69:e4:09:08:ac:d0:a1:
         ec:1c:7f:73:b7:60:0e:9f:b9:22:75:9f:36:c3:47:ef:8c:29:
         ea:8b:6f:c2:7e:6c:a2:d5:26:1e:3a:16:08:4c:95:b5:d8:78:
         9e:1b:c2:3b:19:13:87:ff:0c:7e:66:86:79:d0:04:6e:67:31:
         a9:4c:76:30:b7:88:dd:95:85:97:75:6c:68:75:1c:6b:d6:a1:
         fe:bb:57:6d:01:c1:5a:f7:ac:b1:7f:75:2c:7a:c1:ed:19:79:
         7b:c6:d9:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC20X6s1qS7Ai1YomuphcxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMzBjZDhlMTNjODZkOGVmODM1YzFhYWM3ZDVmOTUzNDU1
YzAzNWMwHhcNMjQwMTAxMDIyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzBiMjJmMjNkNWMwNmQ5NmIyNDU0ZGM1MTA4Y2VlYzQ0ODgzNDlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstKNc8Lnc3pRmZ0wIStm9UCLExIU
07fPZgtZErC9DyVforE4SSCKK/AXd95riLSfwKkE+Um76K5v8lHICHylX5gilfVK
/hpi+RriHJugYD0s5ugYOaLpA6ZgoHM8XERuoePMYqXdFCw7eTb5rnCnvkTF2HR5
4XJ462Humoe6ECG08DxOHdlrAEPec/knCjV8grpcU/NwDpY9aYPRMcFQzXkDJwLg
js6HDHj5ozOhZQknruXfLcUfqizZHkid78JzodWsin8BJOpIl3YnPaNxtEl46aaU
3S+Inb8aIhvaOENU2+eelVPX6dBWB79xkn2GSd7iHQaZxOLoKWA7euMjuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFMLIvI9XAbZayRU3FEIzuxEiDSfMB8GA1UdIwQY
MBaAFBIwzY4TyG2O+DXBqsfV+VNFXANcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWpETmpoUEliWTc0TmNHcXg5WDVVMFZjQTF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC9kMWYzOTAtNGVjNS00YzQyLThlNTQt
MDFmYjQ2YTQzM2UxLzEvVXdzaThqMWNCdGxySkZUY1VRak83RVNJTko4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC9kMWYzOTAtNGVjNS00YzQyLThlNTQtMDFmYjQ2YTQzM2Ux
LzEvRWpETmpoUEliWTc0TmNHcXg5WDVVMFZjQTF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuViUMA0G
CSqGSIb3DQEBCwUAA4IBAQAI5JzkYT1DHV1Cci5h7Cnli6/dpmdFsq9jVudbWPK6
HmskBLeGnWlgrJAbLyBhgYUUvJwA5gqE/9Li2HhcTHeSm+7C0eMcWdAI4s63UVIg
ogKffczonUmB/xo5Bw9I+KNcXG1FdQyPHcjr+qeZ1PGg4mQIkRjA5c4M8RHdhsPa
MhbgtqF6L7WWfwsnLt/muI6wpOGvTE8P6yq2N2nkCQis0KHsHH9zt2AOn7kidZ82
w0fvjCnqi2/Cfmyi1SYeOhYITJW12HieG8I7GROH/wx+ZoZ50ARuZzGpTHYwt4jd
lYWXdWxodRxr1qH+u1dtAcFa96yxf3UsesHtGXl7xtkN
-----END CERTIFICATE-----