Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/UYyu2iB0gA0Hbmi3M_K5Q8G7dlM.roa
File:                     UYyu2iB0gA0Hbmi3M_K5Q8G7dlM.roa (raw, json)
Hash identifier:          Iy9Xp4KMZfpbUZe3zNfaWMerauHwB/+wu13RZRV7sAw=
Subject key identifier:   51:8C:AE:DA:20:74:80:0D:07:6E:68:B7:33:F2:B9:43:C1:BB:76:53
Certificate issuer:       /CN=d0b849b9bc9042a1557331937e4ad71518af61cf
Certificate serial:       018CC49332F40F4A4ED747578AD974377995
Authority key identifier: D0:B8:49:B9:BC:90:42:A1:55:73:31:93:7E:4A:D7:15:18:AF:61:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0LhJubyQQqFVczGTfkrXFRivYc8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/UYyu2iB0gA0Hbmi3M_K5Q8G7dlM.roa
Signing time:             Mon 01 Jan 2024 10:30:30 +0000
ROA not before:           Mon 01 Jan 2024 10:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60201
IP address blocks:        5.183.168.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/0LhJubyQQqFVczGTfkrXFRivYc8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/0LhJubyQQqFVczGTfkrXFRivYc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0LhJubyQQqFVczGTfkrXFRivYc8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:32:f4:0f:4a:4e:d7:47:57:8a:d9:74:37:79:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0b849b9bc9042a1557331937e4ad71518af61cf
        Validity
            Not Before: Jan  1 10:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=518caeda2074800d076e68b733f2b943c1bb7653
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:b4:17:59:5c:e8:aa:5e:fa:f1:7b:fa:fb:ed:
                    e8:8b:54:c8:0a:d8:21:70:b9:5f:d3:8d:38:2d:d2:
                    fd:60:62:55:58:a4:9c:df:ad:aa:5e:4d:7c:d2:27:
                    62:9b:c9:c5:fd:7f:af:91:6a:f1:1b:51:ae:56:ee:
                    b9:97:84:4d:9b:70:a8:25:3e:94:90:97:05:ce:63:
                    bf:25:84:2b:20:6f:c2:e1:0b:dc:2a:05:85:80:04:
                    43:6f:9c:d2:d8:db:38:b0:f3:0a:30:43:76:48:43:
                    ed:cf:8d:2b:91:78:52:85:c0:17:e4:07:bf:83:34:
                    38:3a:1d:5d:38:50:f4:9b:11:b1:66:57:14:4e:cc:
                    28:52:83:0f:a5:cc:2e:a7:ee:b3:2f:7f:d5:79:a4:
                    60:aa:b9:f6:95:5f:c2:83:e3:4b:04:25:d4:d3:84:
                    9a:3b:c5:7c:7c:af:c6:60:e2:50:1c:2c:0a:4d:82:
                    0e:9a:2d:d3:6a:95:89:e7:1d:05:5b:4d:19:f3:34:
                    83:c8:ee:df:15:cd:a9:98:6d:48:95:1c:fa:8c:39:
                    d9:c0:97:96:3d:80:ba:79:91:61:d9:e2:66:35:99:
                    c2:03:3a:13:ed:86:7c:c8:a1:7c:5c:61:57:de:06:
                    83:6f:2c:16:9e:8d:5b:f1:97:81:43:26:c8:73:1d:
                    96:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:8C:AE:DA:20:74:80:0D:07:6E:68:B7:33:F2:B9:43:C1:BB:76:53
            X509v3 Authority Key Identifier:
                keyid:D0:B8:49:B9:BC:90:42:A1:55:73:31:93:7E:4A:D7:15:18:AF:61:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0LhJubyQQqFVczGTfkrXFRivYc8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/UYyu2iB0gA0Hbmi3M_K5Q8G7dlM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/0LhJubyQQqFVczGTfkrXFRivYc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:b4:d7:8a:42:26:62:eb:75:53:4a:6e:26:b0:7b:ad:76:9e:
         9e:a4:13:94:75:d0:4e:60:31:5a:41:f4:61:ae:4a:2d:4e:14:
         d3:c7:ac:79:a0:aa:45:10:84:dd:df:56:3c:b5:17:b6:72:b9:
         89:6c:07:4f:b6:31:30:6b:dc:e8:3a:98:3d:1f:4a:a0:3f:11:
         72:94:96:3e:e2:d9:3b:40:2c:be:7a:27:f3:c4:90:85:53:50:
         cf:cb:e2:d6:da:b7:7e:6a:17:93:9a:88:44:ef:1c:d9:81:79:
         e0:f4:b9:74:60:21:06:91:5b:df:1a:29:38:05:e3:11:4b:80:
         88:23:f2:72:07:80:71:29:16:c1:55:ab:7c:d6:2c:d3:d2:d2:
         d0:0a:e8:58:bc:ae:4f:26:77:fe:3f:82:e0:86:d0:9f:de:ac:
         f5:f8:5b:64:ef:10:5f:fd:ad:1c:56:bf:a8:05:3b:77:59:d5:
         a4:09:a4:5f:dd:73:a2:7a:97:01:01:e2:b5:94:32:16:e6:03:
         cd:82:ad:1c:b3:d1:39:b2:a1:26:a2:eb:8f:74:70:86:98:64:
         d1:94:19:ba:45:30:52:a0:4f:23:34:49:c7:86:ae:af:39:57:
         b3:b7:5e:94:db:58:06:6b:58:90:14:10:5c:c8:27:69:53:6c:
         c3:59:da:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkzL0D0pO10dXitl0N3mVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwYjg0OWI5YmM5MDQyYTE1NTczMzE5MzdlNGFkNzE1MThh
ZjYxY2YwHhcNMjQwMTAxMTAzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MThjYWVkYTIwNzQ4MDBkMDc2ZTY4YjczM2YyYjk0M2MxYmI3NjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwrQXWVzoql768Xv6++3oi1TICtgh
cLlf0404LdL9YGJVWKSc362qXk180idim8nF/X+vkWrxG1GuVu65l4RNm3CoJT6U
kJcFzmO/JYQrIG/C4QvcKgWFgARDb5zS2Ns4sPMKMEN2SEPtz40rkXhShcAX5Ae/
gzQ4Oh1dOFD0mxGxZlcUTswoUoMPpcwup+6zL3/VeaRgqrn2lV/Cg+NLBCXU04Sa
O8V8fK/GYOJQHCwKTYIOmi3TapWJ5x0FW00Z8zSDyO7fFc2pmG1IlRz6jDnZwJeW
PYC6eZFh2eJmNZnCAzoT7YZ8yKF8XGFX3gaDbywWno1b8ZeBQybIcx2WewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFGMrtogdIANB25otzPyuUPBu3ZTMB8GA1UdIwQY
MBaAFNC4Sbm8kEKhVXMxk35K1xUYr2HPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMExoSnVieVFRcUZWY3pHVGZrclhGUml2WWM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9hM2ZiNjctZDUxNC00YWVlLWFkYjkt
NzJiYWQ5ZDczYzgwLzEvVVl5dTJpQjBnQTBIYm1pM01fSzVROEc3ZGxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9hM2ZiNjctZDUxNC00YWVlLWFkYjktNzJiYWQ5ZDczYzgw
LzEvMExoSnVieVFRcUZWY3pHVGZrclhGUml2WWM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbeoMA0G
CSqGSIb3DQEBCwUAA4IBAQCRtNeKQiZi63VTSm4msHutdp6epBOUddBOYDFaQfRh
rkotThTTx6x5oKpFEITd31Y8tRe2crmJbAdPtjEwa9zoOpg9H0qgPxFylJY+4tk7
QCy+eifzxJCFU1DPy+LW2rd+aheTmohE7xzZgXng9Ll0YCEGkVvfGik4BeMRS4CI
I/JyB4BxKRbBVat81izT0tLQCuhYvK5PJnf+P4LghtCf3qz1+Ftk7xBf/a0cVr+o
BTt3WdWkCaRf3XOiepcBAeK1lDIW5gPNgq0cs9E5sqEmouuPdHCGmGTRlBm6RTBS
oE8jNEnHhq6vOVezt16U21gGa1iQFBBcyCdpU2zDWdqX
-----END CERTIFICATE-----