Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/ab2389-8d36-43fe-af42-9a3841967181/1/UsFu_huS1Sr0j5HEjrdt_dMK-3E.roa
File:                     UsFu_huS1Sr0j5HEjrdt_dMK-3E.roa (raw, json)
Hash identifier:          tIQlDrKnOxIRKHV+O0gMb0sC3/ng+tCf9R3CWM459vY=
Subject key identifier:   52:C1:6E:FE:1B:92:D5:2A:F4:8F:91:C4:8E:B7:6D:FD:D3:0A:FB:71
Certificate issuer:       /CN=473163527e83542dce693b16d0aedcd126d3319a
Certificate serial:       018CC56ED433403AA0494C54726B56C79F97
Authority key identifier: 47:31:63:52:7E:83:54:2D:CE:69:3B:16:D0:AE:DC:D1:26:D3:31:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RzFjUn6DVC3OaTsW0K7c0SbTMZo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/ab2389-8d36-43fe-af42-9a3841967181/1/UsFu_huS1Sr0j5HEjrdt_dMK-3E.roa
Signing time:             Mon 01 Jan 2024 14:30:24 +0000
ROA not before:           Mon 01 Jan 2024 14:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201152
IP address blocks:        185.55.248.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/ab2389-8d36-43fe-af42-9a3841967181/1/RzFjUn6DVC3OaTsW0K7c0SbTMZo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/ab2389-8d36-43fe-af42-9a3841967181/1/RzFjUn6DVC3OaTsW0K7c0SbTMZo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RzFjUn6DVC3OaTsW0K7c0SbTMZo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:d4:33:40:3a:a0:49:4c:54:72:6b:56:c7:9f:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=473163527e83542dce693b16d0aedcd126d3319a
        Validity
            Not Before: Jan  1 14:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=52c16efe1b92d52af48f91c48eb76dfdd30afb71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b1:3d:8e:88:b2:01:f7:6b:7f:65:1a:00:14:
                    5b:27:62:c2:38:ef:1c:87:fa:3b:90:3a:16:e8:93:
                    cd:11:aa:4d:54:3b:0c:41:26:20:f4:bd:d0:ad:47:
                    fb:e8:ac:49:ca:17:74:70:46:91:e9:ef:1d:a9:26:
                    b2:42:63:8d:84:a0:bf:05:7a:fb:29:20:ba:a7:78:
                    4a:94:6f:4d:b7:90:2a:90:92:d5:80:f8:e7:c8:5b:
                    01:3d:94:a2:4c:54:fc:9c:78:ab:60:b0:cc:22:15:
                    11:61:68:cf:67:ad:8c:d2:98:18:da:12:3b:4f:31:
                    32:2c:6f:b7:96:5a:2e:65:d1:76:cc:bb:27:e8:6c:
                    22:7e:1c:69:dc:83:2c:08:13:0e:a6:b8:3b:d6:1e:
                    b5:d4:bc:14:1d:1a:de:92:de:40:d8:36:12:55:5e:
                    af:d6:bb:5b:7d:de:04:66:f2:61:ad:48:b0:1f:5a:
                    88:4d:73:a9:ad:97:c2:18:fc:24:1b:71:bf:1b:8a:
                    10:4c:c6:5b:da:4b:39:b0:65:77:ab:54:ba:a1:e3:
                    ec:99:dd:90:c2:f2:b0:42:2c:29:61:42:2e:18:ec:
                    dc:1a:41:b3:b8:87:9d:00:e9:6b:9e:50:97:ff:be:
                    5e:6f:cb:80:29:98:ab:4e:0f:37:dd:6c:b5:be:6b:
                    c4:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:C1:6E:FE:1B:92:D5:2A:F4:8F:91:C4:8E:B7:6D:FD:D3:0A:FB:71
            X509v3 Authority Key Identifier:
                keyid:47:31:63:52:7E:83:54:2D:CE:69:3B:16:D0:AE:DC:D1:26:D3:31:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RzFjUn6DVC3OaTsW0K7c0SbTMZo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/ab2389-8d36-43fe-af42-9a3841967181/1/UsFu_huS1Sr0j5HEjrdt_dMK-3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/ab2389-8d36-43fe-af42-9a3841967181/1/RzFjUn6DVC3OaTsW0K7c0SbTMZo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.55.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         45:3f:aa:c6:e4:f2:03:5e:7b:bc:80:96:88:87:1e:b8:a1:59:
         c2:5b:9c:7d:fb:61:f5:b7:7d:32:ea:e4:2c:f5:37:c2:cb:77:
         61:a9:3d:cc:b8:8a:3c:11:8f:82:f4:2e:6d:11:02:1c:7c:b4:
         df:5e:da:03:2a:26:5a:1b:7c:ee:b0:30:10:26:87:bc:c1:58:
         17:11:62:97:80:de:b1:25:cd:32:bc:2a:44:ea:15:3c:1b:ee:
         8b:ab:21:80:d1:94:66:c1:68:3f:eb:01:e2:37:85:53:20:e3:
         68:41:7d:8a:23:28:54:6d:21:52:97:60:ca:dd:6c:24:71:72:
         f5:24:49:f6:bb:e7:25:34:e2:fa:e2:18:7d:33:da:2b:6e:a6:
         ed:4d:28:ac:ed:65:80:49:3a:c2:49:5c:14:9c:9f:0c:6d:42:
         a9:7b:21:57:c9:35:30:2d:5a:5e:bb:a1:31:1d:33:05:2d:7c:
         66:5d:cd:eb:c5:48:3f:40:e3:63:3a:66:02:63:85:0b:44:25:
         a2:c7:e8:c3:4d:3e:e6:8d:d2:35:94:0f:eb:66:90:1d:30:a1:
         a7:ad:ba:63:f9:34:26:9c:70:f3:78:3d:21:d3:28:87:ff:dc:
         c2:67:c3:67:6f:f2:f2:66:53:fa:e8:a5:b5:b5:3d:dc:eb:38:
         92:a6:cf:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbtQzQDqgSUxUcmtWx5+XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3MzE2MzUyN2U4MzU0MmRjZTY5M2IxNmQwYWVkY2QxMjZk
MzMxOWEwHhcNMjQwMTAxMTQzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmMxNmVmZTFiOTJkNTJhZjQ4ZjkxYzQ4ZWI3NmRmZGQzMGFmYjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLE9joiyAfdrf2UaABRbJ2LCOO8c
h/o7kDoW6JPNEapNVDsMQSYg9L3QrUf76KxJyhd0cEaR6e8dqSayQmONhKC/BXr7
KSC6p3hKlG9Nt5AqkJLVgPjnyFsBPZSiTFT8nHirYLDMIhURYWjPZ62M0pgY2hI7
TzEyLG+3llouZdF2zLsn6Gwifhxp3IMsCBMOprg71h611LwUHRrekt5A2DYSVV6v
1rtbfd4EZvJhrUiwH1qITXOprZfCGPwkG3G/G4oQTMZb2ks5sGV3q1S6oePsmd2Q
wvKwQiwpYUIuGOzcGkGzuIedAOlrnlCX/75eb8uAKZirTg833Wy1vmvEmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFLBbv4bktUq9I+RxI63bf3TCvtxMB8GA1UdIwQY
MBaAFEcxY1J+g1Qtzmk7FtCu3NEm0zGaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnpGalVuNkRWQzNPYVRzVzBLN2MwU2JUTVpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9hYjIzODktOGQzNi00M2ZlLWFmNDIt
OWEzODQxOTY3MTgxLzEvVXNGdV9odVMxU3IwajVIRWpyZHRfZE1LLTNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9hYjIzODktOGQzNi00M2ZlLWFmNDItOWEzODQxOTY3MTgx
LzEvUnpGalVuNkRWQzNPYVRzVzBLN2MwU2JUTVpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTf4MA0G
CSqGSIb3DQEBCwUAA4IBAQBFP6rG5PIDXnu8gJaIhx64oVnCW5x9+2H1t30y6uQs
9TfCy3dhqT3MuIo8EY+C9C5tEQIcfLTfXtoDKiZaG3zusDAQJoe8wVgXEWKXgN6x
Jc0yvCpE6hU8G+6LqyGA0ZRmwWg/6wHiN4VTIONoQX2KIyhUbSFSl2DK3WwkcXL1
JEn2u+clNOL64hh9M9orbqbtTSis7WWASTrCSVwUnJ8MbUKpeyFXyTUwLVpeu6Ex
HTMFLXxmXc3rxUg/QONjOmYCY4ULRCWix+jDTT7mjdI1lA/rZpAdMKGnrbpj+TQm
nHDzeD0h0yiH/9zCZ8Nnb/LyZlP66KW1tT3c6ziSps/s
-----END CERTIFICATE-----