Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/6438c0-54e5-4b33-9502-50f3d1ae9442/1/2UHTzqHqFMn_EYJUgv0wAWQoZl0.roa
File:                     2UHTzqHqFMn_EYJUgv0wAWQoZl0.roa (raw, json)
Hash identifier:          /FgGgIBzCS535dNpHU0kMVy8BhfGxr6yMegGfCx5m34=
Subject key identifier:   D9:41:D3:CE:A1:EA:14:C9:FF:11:82:54:82:FD:30:01:64:28:66:5D
Certificate issuer:       /CN=fbd5b573fb0d269992a79a9e6b45cdd620decc11
Certificate serial:       018D5B38194DEFA97D16C3CFFE48C805AC5C
Authority key identifier: FB:D5:B5:73:FB:0D:26:99:92:A7:9A:9E:6B:45:CD:D6:20:DE:CC:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-9W1c_sNJpmSp5qea0XN1iDezBE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/6438c0-54e5-4b33-9502-50f3d1ae9442/1/2UHTzqHqFMn_EYJUgv0wAWQoZl0.roa
Signing time:             Tue 30 Jan 2024 16:33:39 +0000
ROA not before:           Tue 30 Jan 2024 16:33:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49775
IP address blocks:        81.26.96.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/6438c0-54e5-4b33-9502-50f3d1ae9442/1/1-9W1c_sNJpmSp5qea0XN1iDezBE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/6438c0-54e5-4b33-9502-50f3d1ae9442/1/1-9W1c_sNJpmSp5qea0XN1iDezBE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-9W1c_sNJpmSp5qea0XN1iDezBE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5b:38:19:4d:ef:a9:7d:16:c3:cf:fe:48:c8:05:ac:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fbd5b573fb0d269992a79a9e6b45cdd620decc11
        Validity
            Not Before: Jan 30 16:33:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d941d3cea1ea14c9ff11825482fd30016428665d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:27:f5:8b:81:f3:0b:6c:c8:3d:1e:11:c1:18:
                    7c:46:ba:f1:f4:d1:9d:a5:31:c3:d1:f5:db:73:61:
                    4a:8c:3c:e3:24:90:88:82:f0:05:b5:e0:00:29:8f:
                    18:3a:80:15:80:49:35:a6:41:44:ef:46:ba:20:b2:
                    dd:37:28:4f:8e:8c:ff:24:eb:b7:72:18:5e:16:49:
                    dd:47:e2:aa:7e:4c:bf:22:47:7b:df:14:dc:6a:b6:
                    d6:e5:b5:3b:78:54:12:c7:74:40:bc:06:63:77:67:
                    43:5e:74:19:13:fc:79:11:63:4d:ec:7f:05:e6:b3:
                    75:ab:a1:2e:28:48:61:21:25:cf:cc:df:11:99:51:
                    e3:74:e5:44:88:70:4b:16:8d:38:f5:fb:f6:c5:a9:
                    87:d1:d2:3b:b5:e2:15:5f:6c:29:16:bd:e2:e9:c5:
                    e0:5a:d5:3a:f4:4a:8f:e1:b5:47:e6:e8:b5:77:0c:
                    7c:eb:f1:ff:1a:7f:fa:d1:e9:f2:86:bc:96:35:0b:
                    f2:25:cd:b4:b2:07:56:57:0f:9e:2d:2a:5b:07:e6:
                    0f:21:7c:70:82:de:e4:0b:91:f7:a1:d1:81:16:51:
                    85:1c:90:08:af:67:2f:f1:29:e5:b5:cd:be:8b:05:
                    f1:33:7c:b4:f3:3f:81:fe:69:5d:0f:e9:b7:f5:62:
                    15:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:41:D3:CE:A1:EA:14:C9:FF:11:82:54:82:FD:30:01:64:28:66:5D
            X509v3 Authority Key Identifier:
                keyid:FB:D5:B5:73:FB:0D:26:99:92:A7:9A:9E:6B:45:CD:D6:20:DE:CC:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-9W1c_sNJpmSp5qea0XN1iDezBE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/6438c0-54e5-4b33-9502-50f3d1ae9442/1/2UHTzqHqFMn_EYJUgv0wAWQoZl0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/6438c0-54e5-4b33-9502-50f3d1ae9442/1/1-9W1c_sNJpmSp5qea0XN1iDezBE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.26.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         4c:ff:a0:c0:57:62:9e:6d:be:8a:89:8e:fa:7c:2e:63:d1:c9:
         e8:1f:cc:bf:5b:48:71:6f:59:38:e8:17:e2:7d:d3:b8:df:83:
         cf:31:cf:60:93:f9:72:2a:55:e8:9c:6d:70:47:5b:e0:bf:1c:
         c0:81:b3:6b:93:47:86:b2:18:a5:b1:79:19:3e:3b:89:f9:a3:
         67:62:55:ee:ca:7d:e1:df:be:a6:3c:7f:56:53:34:0d:03:c6:
         6b:d6:83:ea:8a:8a:b7:19:a5:2d:91:e5:cc:92:a6:2a:7f:cd:
         8b:43:7d:8b:dc:7d:f0:72:33:58:f2:9e:fd:ac:ab:59:f5:f3:
         d1:62:4d:ca:00:8b:c2:09:b9:d1:08:e8:f7:ca:50:cf:80:f2:
         30:46:92:6c:4a:11:b7:df:a5:95:b8:ca:d2:11:76:8d:d3:37:
         b3:46:2a:cf:ae:9b:c7:78:d2:a2:38:3f:5b:a2:22:4f:a6:e9:
         8e:fd:25:2b:c6:f6:bd:43:9a:3e:e4:75:48:3e:c9:56:09:df:
         52:45:d5:d2:1d:54:d2:8a:07:2e:6c:7f:16:6e:88:4c:b6:18:
         85:90:91:85:0c:d7:c0:08:bf:75:bd:b1:34:9e:a0:0f:7a:92:
         bb:ed:46:5c:9e:f1:65:15:77:0e:a7:3e:c7:4d:21:05:9d:87:
         b9:25:3b:ab
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY1bOBlN76l9FsPP/kjIBaxcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiZDViNTczZmIwZDI2OTk5MmE3OWE5ZTZiNDVjZGQ2MjBk
ZWNjMTEwHhcNMjQwMTMwMTYzMzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTQxZDNjZWExZWExNGM5ZmYxMTgyNTQ4MmZkMzAwMTY0Mjg2NjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7if1i4HzC2zIPR4RwRh8Rrrx9NGd
pTHD0fXbc2FKjDzjJJCIgvAFteAAKY8YOoAVgEk1pkFE70a6ILLdNyhPjoz/JOu3
chheFkndR+Kqfky/Ikd73xTcarbW5bU7eFQSx3RAvAZjd2dDXnQZE/x5EWNN7H8F
5rN1q6EuKEhhISXPzN8RmVHjdOVEiHBLFo049fv2xamH0dI7teIVX2wpFr3i6cXg
WtU69EqP4bVH5ui1dwx86/H/Gn/60enyhryWNQvyJc20sgdWVw+eLSpbB+YPIXxw
gt7kC5H3odGBFlGFHJAIr2cv8Snltc2+iwXxM3y08z+B/mldD+m39WIVlQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNlB086h6hTJ/xGCVIL9MAFkKGZdMB8GA1UdIwQY
MBaAFPvVtXP7DSaZkqeanmtFzdYg3swRMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS05VzFjX3NOSnBtU3A1cWVhMFhOMWlEZXpCRS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGIvNjQzOGMwLTU0ZTUtNGIzMy05NTAy
LTUwZjNkMWFlOTQ0Mi8xLzJVSFR6cUhxRk1uX0VZSlVndjB3QVdRb1psMC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGIvNjQzOGMwLTU0ZTUtNGIzMy05NTAyLTUwZjNkMWFlOTQ0
Mi8xLzEtOVcxY19zTkpwbVNwNXFlYTBYTjFpRGV6QkUuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBANRGmAw
DQYJKoZIhvcNAQELBQADggEBAEz/oMBXYp5tvoqJjvp8LmPRyegfzL9bSHFvWTjo
F+J907jfg88xz2CT+XIqVeicbXBHW+C/HMCBs2uTR4ayGKWxeRk+O4n5o2diVe7K
feHfvqY8f1ZTNA0DxmvWg+qKircZpS2R5cySpip/zYtDfYvcffByM1jynv2sq1n1
89FiTcoAi8IJudEI6PfKUM+A8jBGkmxKEbffpZW4ytIRdo3TN7NGKs+um8d40qI4
P1uiIk+m6Y79JSvG9r1Dmj7kdUg+yVYJ31JF1dIdVNKKBy5sfxZuiEy2GIWQkYUM
18AIv3W9sTSeoA96krvtRlye8WUVdw6nPsdNIQWdh7klO6s=
-----END CERTIFICATE-----