Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/UnMVx9MrTFqpwrz7bsJIgRN03tc.roa
File:                     UnMVx9MrTFqpwrz7bsJIgRN03tc.roa (raw, json)
Hash identifier:          gtnDSVWf+nxibB2V8m8rfDjtBcfnHSFMdPz7oj4RGuU=
Subject key identifier:   52:73:15:C7:D3:2B:4C:5A:A9:C2:BC:FB:6E:C2:48:81:13:74:DE:D7
Certificate issuer:       /CN=d0b849b9bc9042a1557331937e4ad71518af61cf
Certificate serial:       018CC49331F0F23C332DB725E5084404DFCF
Authority key identifier: D0:B8:49:B9:BC:90:42:A1:55:73:31:93:7E:4A:D7:15:18:AF:61:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0LhJubyQQqFVczGTfkrXFRivYc8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/UnMVx9MrTFqpwrz7bsJIgRN03tc.roa
Signing time:             Mon 01 Jan 2024 10:30:29 +0000
ROA not before:           Mon 01 Jan 2024 10:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57668
IP address blocks:        5.183.169.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/0LhJubyQQqFVczGTfkrXFRivYc8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/0LhJubyQQqFVczGTfkrXFRivYc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0LhJubyQQqFVczGTfkrXFRivYc8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:31:f0:f2:3c:33:2d:b7:25:e5:08:44:04:df:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0b849b9bc9042a1557331937e4ad71518af61cf
        Validity
            Not Before: Jan  1 10:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=527315c7d32b4c5aa9c2bcfb6ec248811374ded7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:88:3a:12:bf:f3:8e:25:98:30:0a:a9:49:79:
                    24:d3:76:8b:7c:0c:56:2b:b8:72:a1:ff:a4:a2:b9:
                    99:fc:47:ed:07:fd:dd:f7:65:67:0d:af:8d:fa:b5:
                    5b:3c:cf:68:e5:d9:f7:f3:08:dc:49:07:7e:39:65:
                    8f:2e:a3:e0:89:93:19:36:4f:a0:ae:cc:73:63:aa:
                    8c:07:0d:d4:39:00:f4:4d:22:8e:c0:db:06:0c:9a:
                    b7:91:4a:e2:fd:50:19:e5:19:a9:d2:c7:cb:16:b8:
                    1c:68:67:3e:8c:9b:a6:fe:37:0a:9b:ca:bf:7b:d1:
                    87:a8:78:e5:21:0e:d4:2a:70:2d:01:88:81:16:93:
                    bb:1c:b2:65:d2:c5:dd:45:70:86:ba:97:6a:a8:35:
                    64:6c:29:46:fb:fc:72:93:58:49:5c:4a:28:64:ff:
                    41:fb:1b:d0:36:26:1e:9a:44:9d:b6:64:10:3a:b6:
                    e8:00:eb:85:d0:f1:8a:4d:18:7c:f9:f2:14:70:18:
                    81:d1:58:40:d0:d0:1d:d2:7e:a9:a7:a1:3c:79:73:
                    c0:b5:eb:a2:76:68:5a:4c:8f:ba:72:87:70:cf:9d:
                    66:06:35:72:35:91:6f:ef:7e:ce:0b:fc:d6:4c:90:
                    3b:e6:43:44:8d:56:2a:97:4a:41:50:5e:a8:0e:e1:
                    88:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:73:15:C7:D3:2B:4C:5A:A9:C2:BC:FB:6E:C2:48:81:13:74:DE:D7
            X509v3 Authority Key Identifier:
                keyid:D0:B8:49:B9:BC:90:42:A1:55:73:31:93:7E:4A:D7:15:18:AF:61:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0LhJubyQQqFVczGTfkrXFRivYc8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/UnMVx9MrTFqpwrz7bsJIgRN03tc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/0LhJubyQQqFVczGTfkrXFRivYc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:3f:c8:4a:2c:61:87:30:a4:27:f1:7d:b6:d6:0b:d2:e4:0f:
         3b:d0:c0:1e:37:bc:43:ba:65:cd:09:9f:35:68:3e:f5:37:25:
         57:e2:45:6d:f2:79:35:63:0b:44:7d:ea:28:8f:69:72:13:d6:
         6e:c0:3d:10:55:e2:47:e6:3a:d6:92:80:2e:48:1e:da:81:57:
         9e:d2:06:9e:ff:e2:5c:59:ce:c7:67:57:e7:7c:af:06:74:00:
         c2:96:36:cf:08:8a:d1:48:ab:2c:33:8f:5c:20:8b:63:07:d7:
         e0:33:ce:94:69:c4:dc:57:4b:f6:9e:27:7c:08:fa:bd:67:e0:
         06:82:42:5d:10:00:06:66:2c:63:9f:07:c1:d2:b5:81:d4:b9:
         ca:e1:8e:9b:0d:93:47:2d:2e:81:8e:08:75:f0:a9:27:ec:2e:
         f8:44:a3:13:78:9d:be:7a:13:55:d3:4f:fc:f7:cb:63:99:a1:
         11:27:14:9b:2c:0a:e0:15:83:20:37:62:42:02:ef:2f:54:18:
         ff:e4:22:4a:89:ad:1a:15:e2:57:31:c4:db:bb:7a:13:b9:e6:
         31:ac:a3:02:0f:61:c8:87:4b:9c:1e:4d:85:32:a5:b4:50:c4:
         77:88:74:46:d5:a3:3c:e4:10:bb:d4:79:39:b8:13:44:80:c3:
         db:73:37:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkzHw8jwzLbcl5QhEBN/PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwYjg0OWI5YmM5MDQyYTE1NTczMzE5MzdlNGFkNzE1MThh
ZjYxY2YwHhcNMjQwMTAxMTAzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjczMTVjN2QzMmI0YzVhYTljMmJjZmI2ZWMyNDg4MTEzNzRkZWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhog6Er/zjiWYMAqpSXkk03aLfAxW
K7hyof+kormZ/EftB/3d92VnDa+N+rVbPM9o5dn38wjcSQd+OWWPLqPgiZMZNk+g
rsxzY6qMBw3UOQD0TSKOwNsGDJq3kUri/VAZ5Rmp0sfLFrgcaGc+jJum/jcKm8q/
e9GHqHjlIQ7UKnAtAYiBFpO7HLJl0sXdRXCGupdqqDVkbClG+/xyk1hJXEooZP9B
+xvQNiYemkSdtmQQOrboAOuF0PGKTRh8+fIUcBiB0VhA0NAd0n6pp6E8eXPAteui
dmhaTI+6codwz51mBjVyNZFv737OC/zWTJA75kNEjVYql0pBUF6oDuGIhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFJzFcfTK0xaqcK8+27CSIETdN7XMB8GA1UdIwQY
MBaAFNC4Sbm8kEKhVXMxk35K1xUYr2HPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMExoSnVieVFRcUZWY3pHVGZrclhGUml2WWM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9hM2ZiNjctZDUxNC00YWVlLWFkYjkt
NzJiYWQ5ZDczYzgwLzEvVW5NVng5TXJURnFwd3J6N2JzSklnUk4wM3RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9hM2ZiNjctZDUxNC00YWVlLWFkYjktNzJiYWQ5ZDczYzgw
LzEvMExoSnVieVFRcUZWY3pHVGZrclhGUml2WWM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbepMA0G
CSqGSIb3DQEBCwUAA4IBAQAdP8hKLGGHMKQn8X221gvS5A870MAeN7xDumXNCZ81
aD71NyVX4kVt8nk1YwtEfeooj2lyE9ZuwD0QVeJH5jrWkoAuSB7agVee0gae/+Jc
Wc7HZ1fnfK8GdADCljbPCIrRSKssM49cIItjB9fgM86UacTcV0v2nid8CPq9Z+AG
gkJdEAAGZixjnwfB0rWB1LnK4Y6bDZNHLS6Bjgh18Kkn7C74RKMTeJ2+ehNV00/8
98tjmaERJxSbLArgFYMgN2JCAu8vVBj/5CJKia0aFeJXMcTbu3oTueYxrKMCD2HI
h0ucHk2FMqW0UMR3iHRG1aM85BC71Hk5uBNEgMPbczd6
-----END CERTIFICATE-----