Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/3717cf-fa38-4e3e-aefc-f910e5176b5e/1/UbV8oct9LRmrXdSxt2Dy7ePKM3M.roa
File:                     UbV8oct9LRmrXdSxt2Dy7ePKM3M.roa (raw, json)
Hash identifier:          +8X1IvVAjI8JsIqxrmiZTD7IG+7zyR2bD9Y+2b3g9lQ=
Subject key identifier:   51:B5:7C:A1:CB:7D:2D:19:AB:5D:D4:B1:B7:60:F2:ED:E3:CA:33:73
Certificate issuer:       /CN=836462c62c7f63d2f5d787a701d779ab696e2236
Certificate serial:       018CC26CF1D9341B0FBB4CDB0F1B3233F54F
Authority key identifier: 83:64:62:C6:2C:7F:63:D2:F5:D7:87:A7:01:D7:79:AB:69:6E:22:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g2Rixix_Y9L114enAdd5q2luIjY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/3717cf-fa38-4e3e-aefc-f910e5176b5e/1/UbV8oct9LRmrXdSxt2Dy7ePKM3M.roa
Signing time:             Mon 01 Jan 2024 00:29:28 +0000
ROA not before:           Mon 01 Jan 2024 00:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209128
IP address blocks:        185.149.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/3717cf-fa38-4e3e-aefc-f910e5176b5e/1/g2Rixix_Y9L114enAdd5q2luIjY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/3717cf-fa38-4e3e-aefc-f910e5176b5e/1/g2Rixix_Y9L114enAdd5q2luIjY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g2Rixix_Y9L114enAdd5q2luIjY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:f1:d9:34:1b:0f:bb:4c:db:0f:1b:32:33:f5:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=836462c62c7f63d2f5d787a701d779ab696e2236
        Validity
            Not Before: Jan  1 00:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51b57ca1cb7d2d19ab5dd4b1b760f2ede3ca3373
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:a6:45:5e:34:29:a1:d7:f0:8c:4a:17:41:72:
                    64:9c:25:4a:65:f6:9c:06:78:f6:42:aa:30:62:ea:
                    9b:2c:19:94:05:69:c4:e4:53:20:ea:66:ef:01:0f:
                    ec:27:5d:c5:72:7d:40:f7:a1:b9:7e:3e:83:12:96:
                    5b:2e:6b:4c:f6:a8:94:96:b4:8f:2b:5b:58:dd:77:
                    59:53:b7:b1:15:da:9e:c1:ed:4d:b5:bd:0a:ef:c0:
                    ec:de:d1:75:3e:88:8b:d4:5b:69:e4:ec:c2:47:c3:
                    a2:86:55:38:be:37:24:93:4f:4b:2e:53:59:6e:fb:
                    3d:85:13:66:1d:44:72:38:4b:cb:59:81:54:86:80:
                    78:ea:e5:d7:01:40:e9:8b:00:6e:35:ae:28:0a:38:
                    a1:42:9d:77:30:8e:35:95:c7:9e:fe:74:57:09:1f:
                    21:5c:7e:89:bd:12:85:8a:49:49:5a:09:e0:5a:6f:
                    7c:45:d3:88:a9:a6:da:64:56:43:0e:e1:3a:c1:f8:
                    1f:7e:68:87:03:10:3b:15:4d:97:8a:87:0c:59:1b:
                    07:8b:c9:7f:fe:d3:7c:99:19:d4:75:fe:d3:1a:7a:
                    fc:47:f0:03:8a:20:19:c2:ec:e0:40:88:de:c1:95:
                    2e:d3:30:3d:3b:7e:33:ba:4f:47:46:90:c2:fb:67:
                    c9:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:B5:7C:A1:CB:7D:2D:19:AB:5D:D4:B1:B7:60:F2:ED:E3:CA:33:73
            X509v3 Authority Key Identifier:
                keyid:83:64:62:C6:2C:7F:63:D2:F5:D7:87:A7:01:D7:79:AB:69:6E:22:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g2Rixix_Y9L114enAdd5q2luIjY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/3717cf-fa38-4e3e-aefc-f910e5176b5e/1/UbV8oct9LRmrXdSxt2Dy7ePKM3M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/3717cf-fa38-4e3e-aefc-f910e5176b5e/1/g2Rixix_Y9L114enAdd5q2luIjY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:75:18:d9:a4:8e:87:b9:19:89:ca:a6:29:c4:3d:90:84:30:
         7a:45:6f:45:94:63:74:5c:ea:61:63:ac:c9:34:bb:ab:29:84:
         f4:1b:2e:67:e1:62:68:90:0a:14:a7:bb:cc:bd:e7:41:ef:9c:
         90:59:fc:60:d0:fd:40:e7:9c:ef:ea:37:0c:be:04:91:4b:4e:
         89:de:a5:76:c2:08:da:28:1e:9b:d9:37:8c:c3:a0:4a:04:eb:
         61:a6:9d:ca:27:48:45:56:77:36:9e:43:d5:49:08:2a:cc:d4:
         1f:ba:73:cf:83:a6:2f:91:30:b0:18:7c:17:e9:ea:87:71:51:
         f8:b7:a0:2e:84:58:bc:7a:32:20:bc:71:59:13:47:2d:7d:cb:
         5e:36:d1:44:fd:f7:4a:0d:44:8f:e9:6f:25:2a:fd:81:51:d7:
         db:1f:3f:90:05:58:6b:5e:cc:fb:b2:42:4a:6f:38:74:fe:a6:
         4f:c6:8f:7d:27:54:ba:cd:ed:ff:4b:74:16:f8:a4:fe:1b:06:
         9e:fe:07:04:e1:ad:76:fb:a5:f2:0d:7f:9c:46:9c:a6:bb:32:
         10:6b:c0:70:c1:fc:95:75:a3:87:57:59:dd:11:d6:ef:d5:8f:
         0d:16:01:b7:3a:a0:0b:50:a5:e2:91:12:65:41:df:e6:94:31:
         d4:be:9f:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbPHZNBsPu0zbDxsyM/VPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNjQ2MmM2MmM3ZjYzZDJmNWQ3ODdhNzAxZDc3OWFiNjk2
ZTIyMzYwHhcNMjQwMTAxMDAyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWI1N2NhMWNiN2QyZDE5YWI1ZGQ0YjFiNzYwZjJlZGUzY2EzMzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzaZFXjQpodfwjEoXQXJknCVKZfac
Bnj2QqowYuqbLBmUBWnE5FMg6mbvAQ/sJ13Fcn1A96G5fj6DEpZbLmtM9qiUlrSP
K1tY3XdZU7exFdqewe1Ntb0K78Ds3tF1PoiL1Ftp5OzCR8OihlU4vjckk09LLlNZ
bvs9hRNmHURyOEvLWYFUhoB46uXXAUDpiwBuNa4oCjihQp13MI41lcee/nRXCR8h
XH6JvRKFiklJWgngWm98RdOIqabaZFZDDuE6wfgffmiHAxA7FU2XiocMWRsHi8l/
/tN8mRnUdf7TGnr8R/ADiiAZwuzgQIjewZUu0zA9O34zuk9HRpDC+2fJqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFG1fKHLfS0Zq13Usbdg8u3jyjNzMB8GA1UdIwQY
MBaAFINkYsYsf2PS9deHpwHXeatpbiI2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzJSaXhpeF9ZOUwxMTRlbkFkZDVxMmx1SWpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni8zNzE3Y2YtZmEzOC00ZTNlLWFlZmMt
ZjkxMGU1MTc2YjVlLzEvVWJWOG9jdDlMUm1yWGRTeHQyRHk3ZVBLTTNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni8zNzE3Y2YtZmEzOC00ZTNlLWFlZmMtZjkxMGU1MTc2YjVl
LzEvZzJSaXhpeF9ZOUwxMTRlbkFkZDVxMmx1SWpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZV5MA0G
CSqGSIb3DQEBCwUAA4IBAQCKdRjZpI6HuRmJyqYpxD2QhDB6RW9FlGN0XOphY6zJ
NLurKYT0Gy5n4WJokAoUp7vMvedB75yQWfxg0P1A55zv6jcMvgSRS06J3qV2wgja
KB6b2TeMw6BKBOthpp3KJ0hFVnc2nkPVSQgqzNQfunPPg6YvkTCwGHwX6eqHcVH4
t6AuhFi8ejIgvHFZE0ctfcteNtFE/fdKDUSP6W8lKv2BUdfbHz+QBVhrXsz7skJK
bzh0/qZPxo99J1S6ze3/S3QW+KT+Gwae/gcE4a12+6XyDX+cRpymuzIQa8BwwfyV
daOHV1ndEdbv1Y8NFgG3OqALUKXikRJlQd/mlDHUvp82
-----END CERTIFICATE-----