Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/95dbce-d4e9-41f1-82dc-e84cb1da21bd/1/UDMhFTPHZJjzilNy8ke2W_CBMJo.roa
File:                     UDMhFTPHZJjzilNy8ke2W_CBMJo.roa (raw, json)
Hash identifier:          jv6EDoyvYQF5xzpAZz7VWRYKcynNooNktAdNb8K+7Mk=
Subject key identifier:   50:33:21:15:33:C7:64:98:F3:8A:53:72:F2:47:B6:5B:F0:81:30:9A
Certificate issuer:       /CN=2acd8d1682e6622c1c09237bc41aa516669672b7
Certificate serial:       018CCA2A3FBDEBEF1407290C9B62E3EB5392
Authority key identifier: 2A:CD:8D:16:82:E6:62:2C:1C:09:23:7B:C4:1A:A5:16:66:96:72:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ks2NFoLmYiwcCSN7xBqlFmaWcrc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/95dbce-d4e9-41f1-82dc-e84cb1da21bd/1/UDMhFTPHZJjzilNy8ke2W_CBMJo.roa
Signing time:             Tue 02 Jan 2024 12:33:35 +0000
ROA not before:           Tue 02 Jan 2024 12:33:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     40627
IP address blocks:        80.81.128.0/20 maxlen: 32
                          185.23.248.0/22 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/95dbce-d4e9-41f1-82dc-e84cb1da21bd/1/Ks2NFoLmYiwcCSN7xBqlFmaWcrc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/95dbce-d4e9-41f1-82dc-e84cb1da21bd/1/Ks2NFoLmYiwcCSN7xBqlFmaWcrc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ks2NFoLmYiwcCSN7xBqlFmaWcrc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:3f:bd:eb:ef:14:07:29:0c:9b:62:e3:eb:53:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2acd8d1682e6622c1c09237bc41aa516669672b7
        Validity
            Not Before: Jan  2 12:33:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5033211533c76498f38a5372f247b65bf081309a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:c9:42:da:2f:d3:e2:4c:95:62:79:92:61:30:
                    f0:34:59:7b:46:1c:e3:a5:b5:fc:f6:19:36:7e:22:
                    75:b6:3b:4c:d9:5a:45:1f:4f:d1:f0:0b:ca:50:14:
                    c4:52:1d:b5:88:50:06:42:0e:95:80:02:35:6e:b8:
                    32:d3:c1:a9:f4:82:b0:90:db:35:79:ae:62:8b:94:
                    45:df:c7:94:8b:f8:35:a5:44:b4:c7:e8:76:7e:4c:
                    dd:8a:0a:b7:17:ef:57:19:6f:af:12:b0:cb:cc:19:
                    d4:c2:46:6d:76:d3:e2:c3:f3:f2:97:a1:2b:f8:a3:
                    43:7a:3a:b9:2f:84:85:47:a6:c9:ab:bc:cd:33:19:
                    ac:7e:d3:49:42:cf:5a:b1:5d:b1:9d:ff:5f:fc:82:
                    e9:c9:1e:2b:1e:22:14:7b:14:2f:f5:e5:f3:89:60:
                    f8:c9:18:04:45:d1:52:4d:5a:b1:e2:5d:52:0f:ab:
                    ae:af:2f:94:e4:3f:0f:f6:9d:a9:fa:ce:be:6d:ae:
                    69:b3:c4:10:c7:e2:5a:5b:5d:e9:b6:33:aa:01:29:
                    95:bb:6f:d7:41:6b:a2:9b:1c:4b:9b:5d:40:6e:e6:
                    1d:9f:40:b0:8e:d1:9f:67:f1:aa:6c:d6:af:ce:a9:
                    de:eb:7c:9c:31:58:07:8c:66:57:15:7d:c1:08:bc:
                    01:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:33:21:15:33:C7:64:98:F3:8A:53:72:F2:47:B6:5B:F0:81:30:9A
            X509v3 Authority Key Identifier:
                keyid:2A:CD:8D:16:82:E6:62:2C:1C:09:23:7B:C4:1A:A5:16:66:96:72:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ks2NFoLmYiwcCSN7xBqlFmaWcrc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/95dbce-d4e9-41f1-82dc-e84cb1da21bd/1/UDMhFTPHZJjzilNy8ke2W_CBMJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/95dbce-d4e9-41f1-82dc-e84cb1da21bd/1/Ks2NFoLmYiwcCSN7xBqlFmaWcrc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.81.128.0/20
                  185.23.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         34:d5:16:fc:cf:59:f0:da:77:b7:37:e4:c0:9e:f5:e6:2d:88:
         3d:13:b3:4f:ab:be:1d:23:ef:8e:de:14:29:f1:7a:9a:6f:d5:
         ea:3b:d4:16:c6:df:01:be:01:65:9d:dc:7c:ec:e7:73:d1:01:
         b8:64:0a:73:f6:e8:fd:a5:97:b7:41:c2:e2:ec:d3:9c:74:9e:
         20:9d:bf:24:37:fb:9c:b3:4e:64:0f:d4:8a:2d:ec:46:f8:ae:
         49:ae:59:be:62:1a:72:4d:30:d6:19:34:5f:16:94:b4:91:28:
         ba:2b:63:97:32:7a:d6:19:8b:a5:52:75:de:c4:de:88:1d:b2:
         a7:3a:46:dd:a6:57:5a:2b:cc:5e:c1:05:d0:16:df:91:5e:ac:
         24:f5:ab:2c:0d:af:11:97:c1:fe:d0:ab:ac:a2:33:bc:f9:18:
         22:f4:b5:95:a2:c8:55:a7:be:fd:57:6f:34:0d:ad:a1:4e:37:
         1c:fe:b8:be:57:9e:b3:ee:d3:48:33:ae:84:07:22:2c:bf:5c:
         68:b8:f6:95:a9:2f:42:e7:a1:3a:47:8e:f4:fd:cd:ad:9e:fb:
         e4:fe:a7:d7:88:87:46:62:a0:af:ec:7a:39:8a:07:f0:4f:84:
         de:a2:4d:0f:04:5e:59:53:df:2e:1f:d8:00:c1:76:4e:20:b6:
         10:7d:34:8a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKj+96+8UBykMm2Lj61OSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhY2Q4ZDE2ODJlNjYyMmMxYzA5MjM3YmM0MWFhNTE2NjY5
NjcyYjcwHhcNMjQwMTAyMTIzMzM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDMzMjExNTMzYzc2NDk4ZjM4YTUzNzJmMjQ3YjY1YmYwODEzMDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnclC2i/T4kyVYnmSYTDwNFl7Rhzj
pbX89hk2fiJ1tjtM2VpFH0/R8AvKUBTEUh21iFAGQg6VgAI1brgy08Gp9IKwkNs1
ea5ii5RF38eUi/g1pUS0x+h2fkzdigq3F+9XGW+vErDLzBnUwkZtdtPiw/Pyl6Er
+KNDejq5L4SFR6bJq7zNMxmsftNJQs9asV2xnf9f/ILpyR4rHiIUexQv9eXziWD4
yRgERdFSTVqx4l1SD6uury+U5D8P9p2p+s6+ba5ps8QQx+JaW13ptjOqASmVu2/X
QWuimxxLm11AbuYdn0CwjtGfZ/GqbNavzqne63ycMVgHjGZXFX3BCLwBcQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFAzIRUzx2SY84pTcvJHtlvwgTCaMB8GA1UdIwQY
MBaAFCrNjRaC5mIsHAkje8QapRZmlnK3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3MyTkZvTG1ZaXdjQ1NON3hCcWxGbWFXY3JjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS85NWRiY2UtZDRlOS00MWYxLTgyZGMt
ZTg0Y2IxZGEyMWJkLzEvVURNaEZUUEhaSmp6aWxOeThrZTJXX0NCTUpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS85NWRiY2UtZDRlOS00MWYxLTgyZGMtZTg0Y2IxZGEyMWJk
LzEvS3MyTkZvTG1ZaXdjQ1NON3hCcWxGbWFXY3JjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEUFGAAwQC
uRf4MA0GCSqGSIb3DQEBCwUAA4IBAQA01Rb8z1nw2ne3N+TAnvXmLYg9E7NPq74d
I++O3hQp8Xqab9XqO9QWxt8BvgFlndx87Odz0QG4ZApz9uj9pZe3QcLi7NOcdJ4g
nb8kN/ucs05kD9SKLexG+K5Jrlm+YhpyTTDWGTRfFpS0kSi6K2OXMnrWGYulUnXe
xN6IHbKnOkbdpldaK8xewQXQFt+RXqwk9assDa8Rl8H+0KusojO8+Rgi9LWVoshV
p779V280Da2hTjcc/ri+V56z7tNIM66EByIsv1xouPaVqS9C56E6R470/c2tnvvk
/qfXiIdGYqCv7Ho5igfwT4Teok0PBF5ZU98uH9gAwXZOILYQfTSK
-----END CERTIFICATE-----