Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/884356-7e2a-4c2a-8ff4-3568e1d29d4a/1/u1OkjoLgMl3AvXe1Gz_r6ZrMljM.roa
File:                     u1OkjoLgMl3AvXe1Gz_r6ZrMljM.roa (raw, json)
Hash identifier:          dorWPu+sUZx7wWpWA+CsnvcIy+Yu6ZTAlqiYSRoq3fw=
Subject key identifier:   BB:53:A4:8E:82:E0:32:5D:C0:BD:77:B5:1B:3F:EB:E9:9A:CC:96:33
Certificate issuer:       /CN=767c1766fbbdcff68bbc34a3c6be69a0c8a03ab9
Certificate serial:       018CF50D547ADF22701832AC6ECF00188E47
Authority key identifier: 76:7C:17:66:FB:BD:CF:F6:8B:BC:34:A3:C6:BE:69:A0:C8:A0:3A:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dnwXZvu9z_aLvDSjxr5poMigOrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/884356-7e2a-4c2a-8ff4-3568e1d29d4a/1/u1OkjoLgMl3AvXe1Gz_r6ZrMljM.roa
Signing time:             Wed 10 Jan 2024 20:25:40 +0000
ROA not before:           Wed 10 Jan 2024 20:25:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        185.143.41.0/24 maxlen: 24
                          185.143.42.0/24 maxlen: 24
                          185.143.43.0/24 maxlen: 24
                          185.143.40.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/884356-7e2a-4c2a-8ff4-3568e1d29d4a/1/dnwXZvu9z_aLvDSjxr5poMigOrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/884356-7e2a-4c2a-8ff4-3568e1d29d4a/1/dnwXZvu9z_aLvDSjxr5poMigOrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dnwXZvu9z_aLvDSjxr5poMigOrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f5:0d:54:7a:df:22:70:18:32:ac:6e:cf:00:18:8e:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=767c1766fbbdcff68bbc34a3c6be69a0c8a03ab9
        Validity
            Not Before: Jan 10 20:25:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb53a48e82e0325dc0bd77b51b3febe99acc9633
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:93:b1:6f:af:f3:08:cf:3b:df:84:26:f7:c3:
                    7f:5a:e3:d5:bf:16:2b:31:dd:e2:87:3e:68:f5:57:
                    32:d4:1b:40:92:62:50:a3:a7:31:16:7e:83:90:ac:
                    0b:99:30:1e:25:25:96:5c:50:db:0a:e5:de:c0:8e:
                    d2:f7:74:6c:86:0c:f9:06:75:01:cb:59:d1:63:4f:
                    1d:ba:78:8e:64:04:b7:c6:6e:d7:2d:44:29:9a:93:
                    5a:cb:75:b4:ee:bb:d9:17:78:13:fb:05:ce:df:71:
                    ee:91:6e:09:46:13:8e:44:99:22:d8:7d:be:8f:3c:
                    c8:73:c5:71:72:ed:32:78:19:06:df:cf:fa:0c:aa:
                    66:e5:94:2f:1c:d3:b6:6b:57:96:ad:81:0d:89:c7:
                    03:4f:ce:7c:46:63:2e:68:84:10:ca:f0:cb:18:40:
                    3c:da:78:8b:63:73:57:35:c3:a7:d4:bb:bd:7c:ff:
                    c4:53:c5:ce:4f:9f:69:f7:92:56:af:73:06:c5:be:
                    ec:b1:88:d9:af:28:6b:35:0f:3c:4f:b1:78:47:99:
                    1f:3d:27:a8:98:ec:85:da:94:b9:ef:df:c2:6c:a0:
                    28:bc:0a:55:ef:27:a6:bf:7a:dd:f6:cd:5a:b6:67:
                    84:b7:87:54:77:be:1e:f8:a5:ca:b6:05:d9:b0:34:
                    c6:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:53:A4:8E:82:E0:32:5D:C0:BD:77:B5:1B:3F:EB:E9:9A:CC:96:33
            X509v3 Authority Key Identifier:
                keyid:76:7C:17:66:FB:BD:CF:F6:8B:BC:34:A3:C6:BE:69:A0:C8:A0:3A:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dnwXZvu9z_aLvDSjxr5poMigOrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/884356-7e2a-4c2a-8ff4-3568e1d29d4a/1/u1OkjoLgMl3AvXe1Gz_r6ZrMljM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/884356-7e2a-4c2a-8ff4-3568e1d29d4a/1/dnwXZvu9z_aLvDSjxr5poMigOrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.143.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         58:b2:2c:6b:52:80:26:e5:6b:aa:79:db:67:25:a7:03:04:16:
         87:17:6f:4e:e6:0a:5d:f0:6f:57:92:a1:7c:aa:6b:f4:fa:d8:
         55:4a:71:f0:65:ce:ec:c6:4d:83:ec:1d:7a:2c:5f:2c:d4:10:
         35:ff:a4:74:8d:36:af:6f:f9:f1:8a:fa:e3:88:1e:47:bb:35:
         5c:d3:67:60:f8:a0:87:86:54:c0:d1:9b:c4:9b:b7:17:71:0d:
         b5:53:67:6a:c8:34:a8:69:d6:f8:14:9b:15:db:22:73:e3:f4:
         f7:4c:d5:46:7c:04:ed:79:6c:da:15:46:b4:56:eb:2a:9e:05:
         3f:35:0b:f2:26:54:86:28:91:02:d1:0e:71:93:e2:c7:b4:32:
         2e:b0:d3:f1:09:25:f8:4b:cd:9a:ef:fc:3e:11:b4:32:2c:89:
         de:73:ca:13:5b:c7:46:80:6e:2d:04:13:81:de:4e:d4:85:24:
         18:b5:f0:db:cd:25:1f:b2:93:ef:9a:ab:5b:e0:fd:45:71:8d:
         80:38:36:28:6b:da:ef:ce:35:5c:71:63:de:ad:e9:88:19:ac:
         b5:6e:1f:f9:3f:1a:0f:c1:96:c2:d5:9f:2c:11:bd:8e:44:08:
         a0:7c:0b:fe:ae:9e:ba:f8:8d:21:67:25:b4:76:32:3e:f4:91:
         9a:aa:a4:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYz1DVR63yJwGDKsbs8AGI5HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2N2MxNzY2ZmJiZGNmZjY4YmJjMzRhM2M2YmU2OWEwYzhh
MDNhYjkwHhcNMjQwMTEwMjAyNTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjUzYTQ4ZTgyZTAzMjVkYzBiZDc3YjUxYjNmZWJlOTlhY2M5NjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkpOxb6/zCM8734Qm98N/WuPVvxYr
Md3ihz5o9Vcy1BtAkmJQo6cxFn6DkKwLmTAeJSWWXFDbCuXewI7S93Rshgz5BnUB
y1nRY08duniOZAS3xm7XLUQpmpNay3W07rvZF3gT+wXO33HukW4JRhOORJki2H2+
jzzIc8Vxcu0yeBkG38/6DKpm5ZQvHNO2a1eWrYENiccDT858RmMuaIQQyvDLGEA8
2niLY3NXNcOn1Lu9fP/EU8XOT59p95JWr3MGxb7ssYjZryhrNQ88T7F4R5kfPSeo
mOyF2pS579/CbKAovApV7yemv3rd9s1atmeEt4dUd74e+KXKtgXZsDTG9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLtTpI6C4DJdwL13tRs/6+mazJYzMB8GA1UdIwQY
MBaAFHZ8F2b7vc/2i7w0o8a+aaDIoDq5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG53WFp2dTl6X2FMdkRTanhyNXBvTWlnT3JrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS84ODQzNTYtN2UyYS00YzJhLThmZjQt
MzU2OGUxZDI5ZDRhLzEvdTFPa2pvTGdNbDNBdlhlMUd6X3I2WnJNbGpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS84ODQzNTYtN2UyYS00YzJhLThmZjQtMzU2OGUxZDI5ZDRh
LzEvZG53WFp2dTl6X2FMdkRTanhyNXBvTWlnT3JrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuY8oMA0G
CSqGSIb3DQEBCwUAA4IBAQBYsixrUoAm5WuqedtnJacDBBaHF29O5gpd8G9XkqF8
qmv0+thVSnHwZc7sxk2D7B16LF8s1BA1/6R0jTavb/nxivrjiB5HuzVc02dg+KCH
hlTA0ZvEm7cXcQ21U2dqyDSoadb4FJsV2yJz4/T3TNVGfATteWzaFUa0VusqngU/
NQvyJlSGKJEC0Q5xk+LHtDIusNPxCSX4S82a7/w+EbQyLInec8oTW8dGgG4tBBOB
3k7UhSQYtfDbzSUfspPvmqtb4P1FcY2AODYoa9rvzjVccWPeremIGay1bh/5PxoP
wZbC1Z8sEb2ORAigfAv+rp66+I0hZyW0djI+9JGaqqR8
-----END CERTIFICATE-----