Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/uMb_8McJNSLun_ZCs7iiObatOIw.roa
File:                     uMb_8McJNSLun_ZCs7iiObatOIw.roa (raw, json)
Hash identifier:          0JXp4o7dINiAJD9Ja9j93EAoCA7LcaRkSXimzQW9FpE=
Subject key identifier:   B8:C6:FF:F0:C7:09:35:22:EE:9F:F6:42:B3:B8:A2:39:B6:AD:38:8C
Certificate issuer:       /CN=3433ae1c60672c7591a8f97d68f79fb2a5ee8da7
Certificate serial:       018CF3397FB54F6623329D47EA64162F40FC
Authority key identifier: 34:33:AE:1C:60:67:2C:75:91:A8:F9:7D:68:F7:9F:B2:A5:EE:8D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NDOuHGBnLHWRqPl9aPefsqXujac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/uMb_8McJNSLun_ZCs7iiObatOIw.roa
Signing time:             Wed 10 Jan 2024 11:54:40 +0000
ROA not before:           Wed 10 Jan 2024 11:54:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216444
IP address blocks:        5.199.164.0/22 maxlen: 32
                          5.199.165.0/24 maxlen: 32
                          2a02:ae00:1000::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/NDOuHGBnLHWRqPl9aPefsqXujac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/NDOuHGBnLHWRqPl9aPefsqXujac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NDOuHGBnLHWRqPl9aPefsqXujac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f3:39:7f:b5:4f:66:23:32:9d:47:ea:64:16:2f:40:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3433ae1c60672c7591a8f97d68f79fb2a5ee8da7
        Validity
            Not Before: Jan 10 11:54:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b8c6fff0c7093522ee9ff642b3b8a239b6ad388c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:02:f5:57:58:5c:ab:4d:81:6b:b6:8d:11:21:
                    4f:8d:9b:59:5e:97:3c:3b:ba:ae:75:57:32:ef:0b:
                    ba:2d:f5:e0:3a:2c:84:9d:c5:f9:db:29:a3:5e:71:
                    9f:70:f1:c9:85:53:34:b4:9f:92:9e:ef:31:9b:79:
                    cd:41:86:a0:0d:35:7c:7b:80:96:06:58:49:b6:ff:
                    46:63:d5:7b:85:30:44:23:e3:e1:52:13:50:3e:a4:
                    4a:4a:e4:67:68:88:95:28:53:74:66:00:0c:8f:5f:
                    aa:25:53:3e:1e:3a:e3:10:20:62:c7:e0:e9:80:d5:
                    8d:e3:40:bf:bc:7b:42:70:c5:e6:41:9d:e6:95:60:
                    4e:3b:81:64:3b:a7:34:42:71:a3:58:08:0e:0e:f5:
                    92:89:8e:1b:4b:71:ca:fa:75:5d:ec:f6:ca:43:84:
                    11:7f:1a:e1:52:05:5f:a5:2b:56:31:6a:ec:02:01:
                    a3:08:56:6d:62:67:79:bf:ac:00:4a:4f:1b:5f:55:
                    87:c9:7c:b9:a2:25:b5:6d:c7:c3:3d:9d:4d:42:f5:
                    24:b0:4e:0e:ff:c9:07:10:72:44:38:cf:25:ac:91:
                    96:52:70:8d:17:18:aa:7b:d2:b3:c3:8f:c3:6c:3e:
                    37:a6:8c:66:8b:a9:48:86:9d:34:5c:42:cf:69:ae:
                    dc:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:C6:FF:F0:C7:09:35:22:EE:9F:F6:42:B3:B8:A2:39:B6:AD:38:8C
            X509v3 Authority Key Identifier:
                keyid:34:33:AE:1C:60:67:2C:75:91:A8:F9:7D:68:F7:9F:B2:A5:EE:8D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NDOuHGBnLHWRqPl9aPefsqXujac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/uMb_8McJNSLun_ZCs7iiObatOIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/NDOuHGBnLHWRqPl9aPefsqXujac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.199.164.0/22
                IPv6:
                  2a02:ae00:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         27:84:eb:8e:1f:98:39:02:93:f5:4c:75:31:11:1e:f3:96:9b:
         15:47:5b:aa:e0:b0:aa:3a:4b:94:00:f7:3b:db:7c:3f:e3:4a:
         7b:f3:30:0e:f9:ce:ce:c3:ff:62:e1:d9:77:7c:67:ae:ef:0a:
         92:fa:61:c5:6b:38:4e:9d:80:36:14:f9:bd:03:45:4d:d1:e0:
         0c:f0:ad:c9:ef:33:6b:68:67:64:45:da:e4:73:02:af:fd:6f:
         54:49:c4:db:da:58:32:0c:a9:84:6e:7a:91:0b:d2:c9:59:a8:
         72:61:c4:70:5c:4a:b5:63:8f:71:f5:99:a8:ab:07:af:2a:a4:
         4e:09:7c:76:eb:c7:07:83:e2:21:ed:44:01:33:c3:eb:a6:23:
         89:a8:91:a2:3e:1c:ca:f3:97:bb:a1:e4:65:ca:b6:4e:77:66:
         57:ee:96:ee:0e:da:01:83:0a:42:06:62:37:f2:73:e7:b5:ad:
         1d:0e:f4:4f:e7:2d:0b:fa:30:f9:49:ac:e5:73:71:1d:69:6e:
         25:82:fd:38:93:eb:f6:16:00:be:07:0f:08:09:05:1d:56:08:
         62:d0:49:70:35:09:4c:af:57:b4:cb:8c:d4:6d:f3:ac:35:e2:
         da:11:15:dd:df:56:31:ec:87:2a:f1:cf:7d:c4:12:6d:93:04:
         9e:d2:ff:cc
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzzOX+1T2YjMp1H6mQWL0D8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0MzNhZTFjNjA2NzJjNzU5MWE4Zjk3ZDY4Zjc5ZmIyYTVl
ZThkYTcwHhcNMjQwMTEwMTE1NDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGM2ZmZmMGM3MDkzNTIyZWU5ZmY2NDJiM2I4YTIzOWI2YWQzODhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAugL1V1hcq02Ba7aNESFPjZtZXpc8
O7qudVcy7wu6LfXgOiyEncX52ymjXnGfcPHJhVM0tJ+Snu8xm3nNQYagDTV8e4CW
BlhJtv9GY9V7hTBEI+PhUhNQPqRKSuRnaIiVKFN0ZgAMj1+qJVM+HjrjECBix+Dp
gNWN40C/vHtCcMXmQZ3mlWBOO4FkO6c0QnGjWAgODvWSiY4bS3HK+nVd7PbKQ4QR
fxrhUgVfpStWMWrsAgGjCFZtYmd5v6wASk8bX1WHyXy5oiW1bcfDPZ1NQvUksE4O
/8kHEHJEOM8lrJGWUnCNFxiqe9Kzw4/DbD43poxmi6lIhp00XELPaa7cnQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFLjG//DHCTUi7p/2QrO4ojm2rTiMMB8GA1UdIwQY
MBaAFDQzrhxgZyx1kaj5fWj3n7Kl7o2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkRPdUhHQm5MSFdScVBsOWFQZWZzcVh1amFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My85Y2E0NDYtZmM1Yy00NzQ2LWIyNmYt
MzBjZTgzNzAxYjM5LzEvdU1iXzhNY0pOU0x1bl9aQ3M3aWlPYmF0T0l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My85Y2E0NDYtZmM1Yy00NzQ2LWIyNmYtMzBjZTgzNzAxYjM5
LzEvTkRPdUhHQm5MSFdScVBsOWFQZWZzcVh1amFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQCBcekMA4E
AgACMAgDBgQqAq4AEDANBgkqhkiG9w0BAQsFAAOCAQEAJ4Trjh+YOQKT9Ux1MREe
85abFUdbquCwqjpLlAD3O9t8P+NKe/MwDvnOzsP/YuHZd3xnru8KkvphxWs4Tp2A
NhT5vQNFTdHgDPCtye8za2hnZEXa5HMCr/1vVEnE29pYMgyphG56kQvSyVmocmHE
cFxKtWOPcfWZqKsHryqkTgl8duvHB4PiIe1EATPD66YjiaiRoj4cyvOXu6HkZcq2
TndmV+6W7g7aAYMKQgZiN/Jz57WtHQ70T+ctC/ow+Ums5XNxHWluJYL9OJPr9hYA
vgcPCAkFHVYIYtBJcDUJTK9XtMuM1G3zrDXi2hEV3d9WMeyHKvHPfcQSbZMEntL/
zA==
-----END CERTIFICATE-----