Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/uDbDp0pE9mllF5oSjiodxcvNQTs.roa
File:                     uDbDp0pE9mllF5oSjiodxcvNQTs.roa (raw, json)
Hash identifier:          sTik4OBYLkTWryLL1aAaiNhCoEUbPnb9HWZuMZYpBVU=
Subject key identifier:   B8:36:C3:A7:4A:44:F6:69:65:17:9A:12:8E:2A:1D:C5:CB:CD:41:3B
Certificate issuer:       /CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Certificate serial:       018CC3B68BBBC7570F3CC821B43C3214C3B2
Authority key identifier: 83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/uDbDp0pE9mllF5oSjiodxcvNQTs.roa
Signing time:             Mon 01 Jan 2024 06:29:29 +0000
ROA not before:           Mon 01 Jan 2024 06:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208604
IP address blocks:        188.68.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:8b:bb:c7:57:0f:3c:c8:21:b4:3c:32:14:c3:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
        Validity
            Not Before: Jan  1 06:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b836c3a74a44f66965179a128e2a1dc5cbcd413b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:8c:4b:4c:67:e2:80:82:46:fa:7a:5c:89:39:
                    69:9a:6d:5d:3f:37:1d:51:1e:8f:03:4b:d5:e5:38:
                    70:cd:76:62:15:8f:6e:04:58:c1:23:76:2f:e4:f7:
                    a0:68:4e:3d:b9:11:f0:52:d4:2d:77:97:07:8c:35:
                    e1:c3:5e:f7:b5:6c:0d:38:a7:2a:25:e3:f7:0d:31:
                    5d:76:50:ae:6d:41:92:fe:c4:87:a5:64:0c:03:20:
                    a9:c9:aa:c0:35:be:24:95:85:b5:44:53:40:d4:89:
                    9b:ae:80:a9:72:01:e3:bb:a7:61:92:3a:3b:66:64:
                    5c:c6:19:da:2a:1f:d0:b9:6c:a5:f4:77:9e:83:90:
                    f2:92:13:b7:39:4b:9f:7f:80:1c:12:2a:0c:0e:52:
                    2d:b5:28:d7:bc:1e:7a:b0:ea:98:cc:03:38:ea:ae:
                    03:9d:af:b3:30:9b:68:3f:12:19:a4:11:c6:4e:0a:
                    2a:09:f1:54:21:93:fe:0c:49:08:31:92:99:e7:4b:
                    ed:0b:77:5d:f8:af:24:08:85:38:af:29:38:2b:5b:
                    de:d4:45:26:8e:b3:ba:2e:f1:da:ae:8f:2f:63:56:
                    39:2b:07:76:81:f7:35:57:4f:df:fd:07:20:b1:29:
                    d6:fa:f1:54:91:91:f8:39:fa:0c:3d:43:c1:26:0b:
                    6d:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:36:C3:A7:4A:44:F6:69:65:17:9A:12:8E:2A:1D:C5:CB:CD:41:3B
            X509v3 Authority Key Identifier:
                keyid:83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/uDbDp0pE9mllF5oSjiodxcvNQTs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.68.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:db:df:9c:65:26:a2:26:cc:48:57:b3:6e:f4:07:a0:9a:af:
         62:a6:16:27:d0:d0:87:46:bb:a4:58:c2:27:e5:ba:2c:b2:33:
         d8:3f:c1:0d:e7:b9:31:e3:79:57:c2:c2:d0:38:53:28:f5:e3:
         d6:f9:4a:d4:85:e8:6d:74:3c:eb:b5:32:35:11:f9:71:39:93:
         1b:f8:ec:65:c8:e6:2b:f3:78:a6:98:62:2e:2d:db:a1:b2:72:
         92:b6:4a:42:55:e6:e4:01:db:db:9b:55:c3:a9:f8:a9:58:d1:
         a9:9a:cd:dc:0b:cc:92:34:65:65:5d:f5:25:cf:81:b8:31:1a:
         d2:56:a0:21:c5:a4:58:67:15:b9:00:15:30:22:6d:7f:99:fa:
         90:34:d7:c9:fa:80:23:42:32:e7:da:6f:ed:34:4a:e2:44:23:
         b3:c7:9b:b0:b5:80:4f:be:0e:52:70:ad:77:b9:92:63:c4:2f:
         74:1b:59:f6:4d:08:09:a2:8c:96:52:5f:ba:12:35:8a:03:c2:
         85:0a:80:c5:e4:0c:5c:22:c1:27:0f:02:de:6e:bb:cd:f0:84:
         0b:67:83:14:f0:a3:fe:2e:ea:3c:87:7e:af:4d:e1:e2:c8:f8:
         c6:de:e1:85:c6:37:8b:43:d5:9d:2a:f1:82:d0:e4:ea:47:58:
         32:e5:e0:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtou7x1cPPMghtDwyFMOyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzhlZjQxYjJjMDEwNWE5MWNjYmI5Yzg5MzM3ZmFlYjEy
OWZmODQwHhcNMjQwMTAxMDYyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODM2YzNhNzRhNDRmNjY5NjUxNzlhMTI4ZTJhMWRjNWNiY2Q0MTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiIxLTGfigIJG+npciTlpmm1dPzcd
UR6PA0vV5ThwzXZiFY9uBFjBI3Yv5PegaE49uRHwUtQtd5cHjDXhw173tWwNOKcq
JeP3DTFddlCubUGS/sSHpWQMAyCpyarANb4klYW1RFNA1ImbroCpcgHju6dhkjo7
ZmRcxhnaKh/QuWyl9Heeg5DykhO3OUuff4AcEioMDlIttSjXvB56sOqYzAM46q4D
na+zMJtoPxIZpBHGTgoqCfFUIZP+DEkIMZKZ50vtC3dd+K8kCIU4ryk4K1ve1EUm
jrO6LvHaro8vY1Y5Kwd2gfc1V0/f/QcgsSnW+vFUkZH4OfoMPUPBJgttKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLg2w6dKRPZpZReaEo4qHcXLzUE7MB8GA1UdIwQY
MBaAFIM470GywBBakcy7nIkzf66xKf+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3Mzgt
MjhmYzc3OTY3NzYzLzEvdURiRHAwcEU5bWxsRjVvU2ppb2R4Y3ZOUVRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3MzgtMjhmYzc3OTY3NzYz
LzEvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvEQGMA0G
CSqGSIb3DQEBCwUAA4IBAQBQ29+cZSaiJsxIV7Nu9Aegmq9iphYn0NCHRrukWMIn
5bossjPYP8EN57kx43lXwsLQOFMo9ePW+UrUhehtdDzrtTI1EflxOZMb+OxlyOYr
83immGIuLduhsnKStkpCVebkAdvbm1XDqfipWNGpms3cC8ySNGVlXfUlz4G4MRrS
VqAhxaRYZxW5ABUwIm1/mfqQNNfJ+oAjQjLn2m/tNEriRCOzx5uwtYBPvg5ScK13
uZJjxC90G1n2TQgJooyWUl+6EjWKA8KFCoDF5AxcIsEnDwLebrvN8IQLZ4MU8KP+
Luo8h36vTeHiyPjG3uGFxjeLQ9WdKvGC0OTqR1gy5eA3
-----END CERTIFICATE-----