Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/ee84f7-af2a-46dc-b6c6-1fc89e99a0a1/1/UjT-wi3wQfBntUguPIo5v9JQIp0.roa
File:                     UjT-wi3wQfBntUguPIo5v9JQIp0.roa (raw, json)
Hash identifier:          FUNvYfXF0sJigqZdrThOlz++XWg+4eB1dnCtCRGRolA=
Subject key identifier:   52:34:FE:C2:2D:F0:41:F0:67:B5:48:2E:3C:8A:39:BF:D2:50:22:9D
Certificate issuer:       /CN=9c0375ada9c5e0100ddb633b2a1b747e19c2ec5b
Certificate serial:       018F168E46AF8C6A16F2C909898380A89872
Authority key identifier: 9C:03:75:AD:A9:C5:E0:10:0D:DB:63:3B:2A:1B:74:7E:19:C2:EC:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nAN1ranF4BAN22M7Kht0fhnC7Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/ee84f7-af2a-46dc-b6c6-1fc89e99a0a1/1/UjT-wi3wQfBntUguPIo5v9JQIp0.roa
Signing time:             Thu 25 Apr 2024 18:39:33 +0000
ROA not before:           Thu 25 Apr 2024 18:39:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211550
IP address blocks:        185.223.205.0/24 maxlen: 24
                          212.125.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/ee84f7-af2a-46dc-b6c6-1fc89e99a0a1/1/nAN1ranF4BAN22M7Kht0fhnC7Fs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/ee84f7-af2a-46dc-b6c6-1fc89e99a0a1/1/nAN1ranF4BAN22M7Kht0fhnC7Fs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nAN1ranF4BAN22M7Kht0fhnC7Fs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 21:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:16:8e:46:af:8c:6a:16:f2:c9:09:89:83:80:a8:98:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c0375ada9c5e0100ddb633b2a1b747e19c2ec5b
        Validity
            Not Before: Apr 25 18:39:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5234fec22df041f067b5482e3c8a39bfd250229d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:09:8a:ad:c4:34:89:7b:97:e1:35:75:56:60:
                    7b:28:a9:d6:2c:a2:c5:2e:c4:03:ae:4c:a3:56:9d:
                    26:3d:3e:09:af:b3:ce:23:5c:c5:00:ed:2d:62:05:
                    50:2a:5a:e6:73:41:3e:f6:af:12:47:ed:2a:e8:24:
                    ae:04:f7:3f:4f:01:ae:72:14:fb:d5:14:eb:18:28:
                    6a:b5:36:78:47:b3:95:57:9f:43:09:90:fa:3b:4c:
                    2c:b3:e6:23:2d:5a:de:a4:80:7d:47:4d:2c:92:03:
                    2d:14:70:70:b4:5c:d3:87:33:fc:9d:0b:e1:9e:72:
                    b3:80:0c:bb:9e:6e:b1:db:59:43:49:57:e3:c8:c7:
                    c8:c1:e3:fc:4d:0b:58:b2:a0:69:17:85:2b:6b:ea:
                    49:3b:27:ef:49:2c:4f:eb:84:a6:d8:8c:12:52:e7:
                    71:a2:aa:b0:2f:77:d4:46:5f:bd:f3:0f:13:bb:72:
                    0f:86:a1:78:67:26:ee:7b:68:02:39:50:72:5b:a3:
                    06:d1:ac:6d:4a:c5:b6:c5:b5:c9:e3:df:88:b3:aa:
                    25:49:be:9a:88:9a:56:18:18:56:12:e4:c6:9e:64:
                    71:f2:db:28:2a:22:10:48:44:7a:a5:da:72:5a:50:
                    98:30:d8:62:93:07:cb:76:cf:28:c9:bc:6b:43:21:
                    88:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:34:FE:C2:2D:F0:41:F0:67:B5:48:2E:3C:8A:39:BF:D2:50:22:9D
            X509v3 Authority Key Identifier:
                keyid:9C:03:75:AD:A9:C5:E0:10:0D:DB:63:3B:2A:1B:74:7E:19:C2:EC:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nAN1ranF4BAN22M7Kht0fhnC7Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/ee84f7-af2a-46dc-b6c6-1fc89e99a0a1/1/UjT-wi3wQfBntUguPIo5v9JQIp0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/ee84f7-af2a-46dc-b6c6-1fc89e99a0a1/1/nAN1ranF4BAN22M7Kht0fhnC7Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.223.205.0/24
                  212.125.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:33:7c:d4:c8:7e:26:8e:54:98:ad:a0:fe:cb:9c:c6:ce:cf:
         d2:e7:af:e2:c8:e2:a2:e2:b0:91:82:83:e2:b4:3a:50:d7:ec:
         11:66:36:18:fb:9c:4f:fd:98:f5:e8:31:f0:32:58:cd:68:17:
         73:87:00:d6:66:18:a9:ff:73:de:5e:44:93:53:ce:cf:f3:52:
         ec:09:7f:11:ff:d8:15:b4:f4:12:a3:7d:d3:30:a2:c9:49:c2:
         df:60:f8:dc:88:64:c7:26:ed:05:0b:a7:b7:57:6d:71:2b:e9:
         1b:c3:be:26:52:cd:ac:1c:04:5b:19:a7:98:02:4a:21:52:f7:
         3f:35:83:a4:e7:33:f7:b3:80:7d:c3:20:f1:8c:3b:b1:82:b8:
         ff:a7:2c:7d:12:d1:fb:53:bc:b0:d2:50:bd:0e:ea:b3:26:69:
         04:6d:2d:84:0d:ab:b7:76:3e:5b:4e:87:66:cf:90:03:f2:b3:
         cc:cc:db:3e:59:41:24:9b:79:d2:68:6e:a3:06:c5:7b:33:5e:
         db:36:12:36:36:52:7b:8d:06:d5:f8:5a:c3:8c:ec:fe:6f:94:
         83:86:a1:6d:a2:b7:d5:33:fd:98:fb:22:b9:7a:d7:74:75:4c:
         ae:7a:f9:67:a9:90:9f:46:26:93:df:d1:c0:cc:30:72:a8:ef:
         de:42:42:7f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY8WjkavjGoW8skJiYOAqJhyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljMDM3NWFkYTljNWUwMTAwZGRiNjMzYjJhMWI3NDdlMTlj
MmVjNWIwHhcNMjQwNDI1MTgzOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjM0ZmVjMjJkZjA0MWYwNjdiNTQ4MmUzYzhhMzliZmQyNTAyMjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoAmKrcQ0iXuX4TV1VmB7KKnWLKLF
LsQDrkyjVp0mPT4Jr7POI1zFAO0tYgVQKlrmc0E+9q8SR+0q6CSuBPc/TwGuchT7
1RTrGChqtTZ4R7OVV59DCZD6O0wss+YjLVrepIB9R00skgMtFHBwtFzThzP8nQvh
nnKzgAy7nm6x21lDSVfjyMfIweP8TQtYsqBpF4Ura+pJOyfvSSxP64Sm2IwSUudx
oqqwL3fURl+98w8Tu3IPhqF4Zybue2gCOVByW6MG0axtSsW2xbXJ49+Is6olSb6a
iJpWGBhWEuTGnmRx8tsoKiIQSER6pdpyWlCYMNhikwfLds8oybxrQyGIzwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFI0/sIt8EHwZ7VILjyKOb/SUCKdMB8GA1UdIwQY
MBaAFJwDda2pxeAQDdtjOyobdH4ZwuxbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkFOMXJhbkY0QkFOMjJNN0todDBmaG5DN0ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC9lZTg0ZjctYWYyYS00NmRjLWI2YzYt
MWZjODllOTlhMGExLzEvVWpULXdpM3dRZkJudFVndVBJbzV2OUpRSXAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC9lZTg0ZjctYWYyYS00NmRjLWI2YzYtMWZjODllOTlhMGEx
LzEvbkFOMXJhbkY0QkFOMjJNN0todDBmaG5DN0ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAud/NAwQA
1H2OMA0GCSqGSIb3DQEBCwUAA4IBAQBMM3zUyH4mjlSYraD+y5zGzs/S56/iyOKi
4rCRgoPitDpQ1+wRZjYY+5xP/Zj16DHwMljNaBdzhwDWZhip/3PeXkSTU87P81Ls
CX8R/9gVtPQSo33TMKLJScLfYPjciGTHJu0FC6e3V21xK+kbw74mUs2sHARbGaeY
AkohUvc/NYOk5zP3s4B9wyDxjDuxgrj/pyx9EtH7U7yw0lC9DuqzJmkEbS2EDau3
dj5bTodmz5AD8rPMzNs+WUEkm3nSaG6jBsV7M17bNhI2NlJ7jQbV+FrDjOz+b5SD
hqFtorfVM/2Y+yK5etd0dUyuevlnqZCfRiaT39HAzDByqO/eQkJ/
-----END CERTIFICATE-----