Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/ukFjoYAWgcleNCkUhqHBS-CEwdo.roa
File:                     ukFjoYAWgcleNCkUhqHBS-CEwdo.roa (raw, json)
Hash identifier:          QtZJcOFRWFO1fsBdMiHZCaWC5qYtcnGAvv2Wnd0dEQo=
Subject key identifier:   BA:41:63:A1:80:16:81:C9:5E:34:29:14:86:A1:C1:4B:E0:84:C1:DA
Certificate issuer:       /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial:       018E0DC0779A80EF44A40664130B1E65F6F4
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/ukFjoYAWgcleNCkUhqHBS-CEwdo.roa
Signing time:             Tue 05 Mar 2024 08:35:01 +0000
ROA not before:           Tue 05 Mar 2024 08:35:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206757
IP address blocks:        5.154.37.0/24 maxlen: 24
                          78.136.68.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:0d:c0:77:9a:80:ef:44:a4:06:64:13:0b:1e:65:f6:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
        Validity
            Not Before: Mar  5 08:35:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba4163a1801681c95e34291486a1c14be084c1da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:5e:c8:4c:3c:c7:20:da:30:dd:af:9a:f9:8f:
                    6f:bd:68:c7:39:bd:83:10:e0:6c:79:cb:ee:de:47:
                    ea:b5:4a:6a:c9:1a:56:3d:b4:09:34:29:ff:d6:93:
                    7c:84:84:c8:0d:40:c2:ed:c8:1d:d2:43:d9:42:f3:
                    4b:4d:5b:16:41:cf:4c:8c:7d:48:27:51:31:cd:55:
                    1f:ae:03:23:10:04:d3:2a:39:da:40:62:7f:41:86:
                    86:02:ad:96:95:4a:44:97:6e:46:98:e0:c9:2b:72:
                    49:c3:0b:b8:4c:ad:19:a8:2b:3f:31:0a:3c:1e:84:
                    c4:8c:24:2d:f7:e6:ad:27:27:1c:1c:c2:da:cc:f6:
                    1f:22:b4:67:97:00:4e:c4:8c:25:37:4b:d3:fb:d1:
                    39:ea:24:2b:86:d5:78:cb:69:62:62:0c:2c:c4:65:
                    79:6e:6b:bc:9a:2f:4f:0b:09:cc:f1:22:52:01:dc:
                    3b:5e:46:65:76:57:40:98:10:ee:9c:cb:13:41:32:
                    43:66:7a:3e:0c:f5:d0:6c:3c:f7:0c:d9:1d:2c:5a:
                    ac:59:f8:d6:01:4a:87:71:bb:74:82:f2:05:3e:97:
                    80:61:49:82:18:1b:e0:b7:49:59:27:c2:11:4d:0d:
                    11:16:e9:a6:a3:96:62:9f:43:fa:a2:a9:21:d2:4d:
                    d5:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:41:63:A1:80:16:81:C9:5E:34:29:14:86:A1:C1:4B:E0:84:C1:DA
            X509v3 Authority Key Identifier:
                keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/ukFjoYAWgcleNCkUhqHBS-CEwdo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.154.37.0/24
                  78.136.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:57:32:70:d2:34:5b:68:69:28:90:3d:e2:76:3e:55:66:1e:
         af:41:3a:67:78:29:b1:f9:7e:07:07:29:94:bb:41:68:5a:19:
         c2:70:49:bc:9c:a7:d3:83:9a:ea:d9:a8:fa:dc:64:6c:35:4d:
         e7:40:66:e9:f0:87:ff:e4:66:93:9b:be:89:ba:4c:a9:ec:55:
         44:fd:4a:0c:b1:83:ef:5e:4d:d2:b6:d8:79:f6:c0:d1:cd:eb:
         b0:2c:8b:92:77:84:9b:cc:2e:e1:a8:76:2e:a8:1b:97:2e:57:
         e6:c4:db:05:fc:20:8d:5d:f4:fa:da:c1:53:68:88:40:5c:78:
         a1:01:27:bf:fb:9a:11:42:a4:b8:a3:f3:20:4f:f7:0c:0c:29:
         cf:c6:61:c7:77:5f:43:fd:0d:9a:6c:46:ee:f9:5c:dc:de:be:
         91:9f:45:b1:75:8a:f1:73:ea:32:98:20:54:2d:ca:70:1a:c7:
         15:41:4a:e9:a5:80:5f:35:63:83:16:52:71:3a:bd:79:38:6e:
         52:48:af:d1:b2:86:a4:a9:fb:49:4a:64:2f:2a:0d:de:a5:d4:
         9f:24:5a:70:f1:3f:57:27:87:46:db:24:45:59:01:55:8d:2d:
         23:bd:60:85:60:cc:a1:67:09:e1:8f:01:23:d9:c3:b5:ac:01:
         49:2e:ff:b8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY4NwHeagO9EpAZkEwseZfb0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjQwMzA1MDgzNTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTQxNjNhMTgwMTY4MWM5NWUzNDI5MTQ4NmExYzE0YmUwODRjMWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3V7ITDzHINow3a+a+Y9vvWjHOb2D
EOBsecvu3kfqtUpqyRpWPbQJNCn/1pN8hITIDUDC7cgd0kPZQvNLTVsWQc9MjH1I
J1ExzVUfrgMjEATTKjnaQGJ/QYaGAq2WlUpEl25GmODJK3JJwwu4TK0ZqCs/MQo8
HoTEjCQt9+atJyccHMLazPYfIrRnlwBOxIwlN0vT+9E56iQrhtV4y2liYgwsxGV5
bmu8mi9PCwnM8SJSAdw7XkZldldAmBDunMsTQTJDZno+DPXQbDz3DNkdLFqsWfjW
AUqHcbt0gvIFPpeAYUmCGBvgt0lZJ8IRTQ0RFummo5Zin0P6oqkh0k3VRQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLpBY6GAFoHJXjQpFIahwUvghMHaMB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEvdWtGam9ZQVdnY2xlTkNrVWhxSEJTLUNFd2RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAtY2YwNmQxOTgzYmEx
LzEvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABZolAwQA
TohEMA0GCSqGSIb3DQEBCwUAA4IBAQAwVzJw0jRbaGkokD3idj5VZh6vQTpneCmx
+X4HBymUu0FoWhnCcEm8nKfTg5rq2aj63GRsNU3nQGbp8If/5GaTm76Jukyp7FVE
/UoMsYPvXk3Stth59sDRzeuwLIuSd4SbzC7hqHYuqBuXLlfmxNsF/CCNXfT62sFT
aIhAXHihASe/+5oRQqS4o/MgT/cMDCnPxmHHd19D/Q2abEbu+Vzc3r6Rn0WxdYrx
c+oymCBULcpwGscVQUrppYBfNWODFlJxOr15OG5SSK/RsoakqftJSmQvKg3epdSf
JFpw8T9XJ4dG2yRFWQFVjS0jvWCFYMyhZwnhjwEj2cO1rAFJLv+4
-----END CERTIFICATE-----