Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/738f78-438c-4bfd-806b-73bfad832d2d/1/UnbhcfIzhGbR_1uuINotcdF0_7k.roa
File:                     UnbhcfIzhGbR_1uuINotcdF0_7k.roa (raw, json)
Hash identifier:          VIh6/Jhl7/DE/pOTIlcBH9E4vqYyaXX49a/aoflQ/Qk=
Subject key identifier:   52:76:E1:71:F2:33:84:66:D1:FF:5B:AE:20:DA:2D:71:D1:74:FF:B9
Certificate issuer:       /CN=091cc5d90c9b681a6cb4e772ccaebec342fb9b05
Certificate serial:       018CC5DBE04351C8BD17E209041C98F1A9A2
Authority key identifier: 09:1C:C5:D9:0C:9B:68:1A:6C:B4:E7:72:CC:AE:BE:C3:42:FB:9B:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CRzF2QybaBpstOdyzK6-w0L7mwU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/738f78-438c-4bfd-806b-73bfad832d2d/1/UnbhcfIzhGbR_1uuINotcdF0_7k.roa
Signing time:             Mon 01 Jan 2024 16:29:30 +0000
ROA not before:           Mon 01 Jan 2024 16:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31175
IP address blocks:        185.117.204.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/738f78-438c-4bfd-806b-73bfad832d2d/1/CRzF2QybaBpstOdyzK6-w0L7mwU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/738f78-438c-4bfd-806b-73bfad832d2d/1/CRzF2QybaBpstOdyzK6-w0L7mwU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CRzF2QybaBpstOdyzK6-w0L7mwU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:e0:43:51:c8:bd:17:e2:09:04:1c:98:f1:a9:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=091cc5d90c9b681a6cb4e772ccaebec342fb9b05
        Validity
            Not Before: Jan  1 16:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5276e171f2338466d1ff5bae20da2d71d174ffb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:dc:d1:a3:c7:e8:48:48:60:e7:ee:d5:23:c4:
                    9e:48:04:1f:8b:ce:7f:2d:ce:ed:94:a8:70:55:2d:
                    82:28:22:ed:23:01:3c:69:b1:fc:99:c8:21:e8:4f:
                    13:4c:dd:22:fe:fa:d8:64:45:69:f0:34:b0:25:3a:
                    56:df:f8:86:7e:9e:a2:85:74:c4:6c:38:7a:61:c6:
                    c2:97:1a:47:36:e3:a4:cd:86:e0:6d:09:eb:8c:53:
                    27:2c:c7:c6:b5:9b:0e:bb:89:2e:d2:7f:d8:e1:cd:
                    80:cb:2f:6c:70:14:79:4d:b8:07:fa:e9:c5:44:06:
                    a1:99:ce:8f:0e:ee:25:b8:4f:7c:66:37:fe:20:4e:
                    14:e8:07:9a:6b:53:c5:fa:7a:39:2b:b7:28:a8:39:
                    27:ba:25:4d:51:83:82:ad:82:80:27:35:36:a3:cb:
                    1e:fd:f8:ba:4f:5c:c2:21:d4:a7:16:65:29:7f:48:
                    eb:5b:6e:b1:69:fd:47:60:36:49:14:e0:a8:68:3f:
                    b0:9f:d3:a7:2a:a7:17:9e:61:da:2e:40:79:92:64:
                    f2:6e:23:83:a5:7a:00:49:f5:63:f8:01:45:d7:aa:
                    eb:42:1f:7b:dd:4f:08:51:b5:29:86:3e:10:22:85:
                    8a:1a:17:53:a8:23:33:b6:e6:a6:3e:4f:59:c9:4b:
                    b9:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:76:E1:71:F2:33:84:66:D1:FF:5B:AE:20:DA:2D:71:D1:74:FF:B9
            X509v3 Authority Key Identifier:
                keyid:09:1C:C5:D9:0C:9B:68:1A:6C:B4:E7:72:CC:AE:BE:C3:42:FB:9B:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CRzF2QybaBpstOdyzK6-w0L7mwU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/738f78-438c-4bfd-806b-73bfad832d2d/1/UnbhcfIzhGbR_1uuINotcdF0_7k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/738f78-438c-4bfd-806b-73bfad832d2d/1/CRzF2QybaBpstOdyzK6-w0L7mwU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.117.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         82:25:e3:31:e3:73:03:5d:88:25:54:96:1e:3c:d3:29:2f:1c:
         c4:38:e8:89:ef:f8:5c:23:1c:2e:98:26:ed:a3:ee:3f:58:c2:
         3e:47:7c:4b:e2:23:44:cd:3a:3b:9a:0f:1d:2b:7d:16:7f:69:
         82:85:18:a6:28:47:d9:1b:39:78:4a:52:66:78:78:68:15:63:
         94:c3:95:d9:6c:24:3e:47:34:5e:e2:b1:f1:16:ab:b0:3d:54:
         f7:1b:f6:7d:48:41:34:7e:01:69:ef:6a:1c:ed:56:a9:6e:c5:
         67:ab:ab:ec:19:15:66:d2:fd:9f:7e:08:8a:26:e8:4f:38:dc:
         a0:15:17:eb:d6:93:36:84:6d:38:17:7c:e8:4f:2e:51:8c:b3:
         f0:74:1f:5e:6c:02:79:89:a5:1e:68:7a:c4:36:2e:12:b1:54:
         88:05:f9:37:8e:df:e1:70:42:d8:7f:b1:70:cb:c3:e4:14:7b:
         f7:0e:09:3a:f7:4b:02:3b:b3:74:b6:86:d6:e4:f7:2e:81:cb:
         fe:61:59:7b:00:c3:a8:96:33:e6:a6:88:b9:4f:7b:69:31:56:
         58:76:03:ac:35:29:95:ac:47:1f:f8:f6:d0:78:d3:d7:c4:74:
         97:ef:ba:31:b2:2b:72:8d:fe:61:b7:18:66:d3:ad:65:3c:55:
         89:d5:d6:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2+BDUci9F+IJBByY8amiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MWNjNWQ5MGM5YjY4MWE2Y2I0ZTc3MmNjYWViZWMzNDJm
YjliMDUwHhcNMjQwMTAxMTYyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Mjc2ZTE3MWYyMzM4NDY2ZDFmZjViYWUyMGRhMmQ3MWQxNzRmZmI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9zRo8foSEhg5+7VI8SeSAQfi85/
Lc7tlKhwVS2CKCLtIwE8abH8mcgh6E8TTN0i/vrYZEVp8DSwJTpW3/iGfp6ihXTE
bDh6YcbClxpHNuOkzYbgbQnrjFMnLMfGtZsOu4ku0n/Y4c2Ayy9scBR5TbgH+unF
RAahmc6PDu4luE98Zjf+IE4U6Aeaa1PF+no5K7coqDknuiVNUYOCrYKAJzU2o8se
/fi6T1zCIdSnFmUpf0jrW26xaf1HYDZJFOCoaD+wn9OnKqcXnmHaLkB5kmTybiOD
pXoASfVj+AFF16rrQh973U8IUbUphj4QIoWKGhdTqCMztuamPk9ZyUu5kwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFJ24XHyM4Rm0f9briDaLXHRdP+5MB8GA1UdIwQY
MBaAFAkcxdkMm2gabLTncsyuvsNC+5sFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1J6RjJReWJhQnBzdE9keXpLNi13MEw3bXdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny83MzhmNzgtNDM4Yy00YmZkLTgwNmIt
NzNiZmFkODMyZDJkLzEvVW5iaGNmSXpoR2JSXzF1dUlOb3RjZEYwXzdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny83MzhmNzgtNDM4Yy00YmZkLTgwNmItNzNiZmFkODMyZDJk
LzEvQ1J6RjJReWJhQnBzdE9keXpLNi13MEw3bXdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXXMMA0G
CSqGSIb3DQEBCwUAA4IBAQCCJeMx43MDXYglVJYePNMpLxzEOOiJ7/hcIxwumCbt
o+4/WMI+R3xL4iNEzTo7mg8dK30Wf2mChRimKEfZGzl4SlJmeHhoFWOUw5XZbCQ+
RzRe4rHxFquwPVT3G/Z9SEE0fgFp72oc7VapbsVnq6vsGRVm0v2ffgiKJuhPONyg
FRfr1pM2hG04F3zoTy5RjLPwdB9ebAJ5iaUeaHrENi4SsVSIBfk3jt/hcELYf7Fw
y8PkFHv3Dgk690sCO7N0tobW5Pcugcv+YVl7AMOoljPmpoi5T3tpMVZYdgOsNSmV
rEcf+PbQeNPXxHSX77oxsityjf5htxhm061lPFWJ1dZ4
-----END CERTIFICATE-----