Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/UDmy9uNTZjNjDo-9bHSYuzMsvs4.roa
File:                     UDmy9uNTZjNjDo-9bHSYuzMsvs4.roa (raw, json)
Hash identifier:          P4ElWmx0ktNpC6372p5KXmg1/6tqm9aMS2+puJUpQw0=
Subject key identifier:   50:39:B2:F6:E3:53:66:33:63:0E:8F:BD:6C:74:98:BB:33:2C:BE:CE
Certificate issuer:       /CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
Certificate serial:       018CC94CA5B38E6177F715E4421690C682E1
Authority key identifier: 8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/UDmy9uNTZjNjDo-9bHSYuzMsvs4.roa
Signing time:             Tue 02 Jan 2024 08:31:32 +0000
ROA not before:           Tue 02 Jan 2024 08:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35913
IP address blocks:        188.191.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:a5:b3:8e:61:77:f7:15:e4:42:16:90:c6:82:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
        Validity
            Not Before: Jan  2 08:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5039b2f6e3536633630e8fbd6c7498bb332cbece
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:d5:fd:35:ce:da:5b:21:92:ba:72:6b:5b:20:
                    32:8a:aa:88:94:c3:4c:75:33:c1:34:b3:95:d2:26:
                    49:ae:24:c1:67:e2:93:9c:b3:dc:ea:14:e3:8f:7e:
                    3c:b9:9a:61:f9:b7:eb:4a:80:41:71:18:2d:98:3b:
                    d0:3e:ac:09:14:57:44:fd:b7:db:28:2b:13:95:71:
                    ba:ca:46:f5:2d:0e:4d:17:6f:b5:b3:d5:7f:24:78:
                    3a:ce:b0:b8:2d:02:67:71:88:c0:62:2b:19:13:c0:
                    44:91:be:c2:23:5f:dc:39:54:4b:08:9a:3b:14:ff:
                    05:aa:f6:d0:cd:79:fc:b5:4f:30:72:4c:c8:10:5c:
                    5f:38:50:ca:ba:99:29:75:bf:51:74:01:64:21:29:
                    b7:54:ea:b2:cb:18:92:c9:fc:ec:f4:22:53:4e:fc:
                    6b:c2:98:09:ff:ae:ab:21:35:b9:7c:b0:80:83:24:
                    32:36:c6:d8:2b:bb:1f:1f:b5:f3:41:9b:2e:a4:1c:
                    ff:93:40:96:ea:ac:f8:0f:7c:8a:d8:fd:8b:b6:6a:
                    b1:8d:ad:09:5b:ca:72:09:85:18:44:e9:da:82:43:
                    9b:30:06:f7:a2:7f:40:16:b1:1e:a4:05:ae:75:d6:
                    22:21:5a:21:f5:f3:ef:5c:f6:5c:87:ba:56:9f:71:
                    ae:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:39:B2:F6:E3:53:66:33:63:0E:8F:BD:6C:74:98:BB:33:2C:BE:CE
            X509v3 Authority Key Identifier:
                keyid:8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/UDmy9uNTZjNjDo-9bHSYuzMsvs4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.191.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:a8:0f:ce:98:32:bd:11:62:37:b3:91:78:27:d9:de:d5:d2:
         67:1c:6f:46:2a:3f:c2:a3:41:6d:b0:13:7e:26:8c:f8:4b:b4:
         9a:d3:6a:c7:2b:8b:f2:e1:7c:87:7f:97:00:af:bc:e3:e8:86:
         8c:44:2b:e5:0a:7e:e0:bc:71:bc:cf:30:c0:75:31:27:b0:83:
         d3:a3:ba:bf:85:27:6e:b7:fb:63:08:09:de:e7:e4:8b:f4:57:
         57:99:ff:f2:03:4c:10:3d:82:60:87:af:83:80:a0:f5:31:d5:
         08:48:0e:6f:23:2d:b6:22:d2:bf:65:bf:41:da:51:7a:54:88:
         a4:ae:7c:70:2e:cd:56:0b:ce:3f:fe:46:42:66:0a:86:17:ce:
         e4:f7:f9:e4:52:be:f6:80:9a:fc:a7:58:5e:8b:e0:8a:12:12:
         b3:72:82:ea:0e:eb:c0:d6:52:ee:05:c5:e0:ea:60:a8:af:81:
         1c:8d:bd:74:9e:c4:cd:00:d9:2c:2e:30:63:a1:21:cb:4a:3a:
         1c:b1:f7:1b:ca:9d:cc:bc:4a:92:d9:66:f0:2b:89:a3:1a:6a:
         40:23:9b:b9:6f:6e:af:8d:b4:cd:f8:8c:5e:02:c1:60:ea:75:
         dc:b4:b7:2c:ea:d0:ec:36:3e:13:2e:9e:e7:b0:ea:78:e8:87:
         ac:bd:a8:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTKWzjmF39xXkQhaQxoLhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMWFjODNlZTNhM2Y5NjhkNjZhZDJmZGY0NjE2ZTdiYjFl
NGQxZDcwHhcNMjQwMTAyMDgzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDM5YjJmNmUzNTM2NjMzNjMwZThmYmQ2Yzc0OThiYjMzMmNiZWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9X9Nc7aWyGSunJrWyAyiqqIlMNM
dTPBNLOV0iZJriTBZ+KTnLPc6hTjj348uZph+bfrSoBBcRgtmDvQPqwJFFdE/bfb
KCsTlXG6ykb1LQ5NF2+1s9V/JHg6zrC4LQJncYjAYisZE8BEkb7CI1/cOVRLCJo7
FP8FqvbQzXn8tU8wckzIEFxfOFDKupkpdb9RdAFkISm3VOqyyxiSyfzs9CJTTvxr
wpgJ/66rITW5fLCAgyQyNsbYK7sfH7XzQZsupBz/k0CW6qz4D3yK2P2Ltmqxja0J
W8pyCYUYROnagkObMAb3on9AFrEepAWuddYiIVoh9fPvXPZch7pWn3GupQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFA5svbjU2YzYw6PvWx0mLszLL7OMB8GA1UdIwQY
MBaAFI0ayD7jo/lo1mrS/fRhbnux5NHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWIt
ZGRmNTY3ZWRlZDAzLzEvVURteTl1TlRaak5qRG8tOWJIU1l1ek1zdnM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWItZGRmNTY3ZWRlZDAz
LzEvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvL9vMA0G
CSqGSIb3DQEBCwUAA4IBAQAYqA/OmDK9EWI3s5F4J9ne1dJnHG9GKj/Co0FtsBN+
Joz4S7Sa02rHK4vy4XyHf5cAr7zj6IaMRCvlCn7gvHG8zzDAdTEnsIPTo7q/hSdu
t/tjCAne5+SL9FdXmf/yA0wQPYJgh6+DgKD1MdUISA5vIy22ItK/Zb9B2lF6VIik
rnxwLs1WC84//kZCZgqGF87k9/nkUr72gJr8p1hei+CKEhKzcoLqDuvA1lLuBcXg
6mCor4Ecjb10nsTNANksLjBjoSHLSjocsfcbyp3MvEqS2WbwK4mjGmpAI5u5b26v
jbTN+IxeAsFg6nXctLcs6tDsNj4TLp7nsOp46Iesvag+
-----END CERTIFICATE-----