Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/UI10HeKpZ12yElideg6Ypy0YOrI.roa
File:                     UI10HeKpZ12yElideg6Ypy0YOrI.roa (raw, json)
Hash identifier:          nGRGGu6pkeVRXFPWe1y7x9bYJMVRgA7xuawV8vIW0Ik=
Subject key identifier:   50:8D:74:1D:E2:A9:67:5D:B2:12:58:9D:7A:0E:98:A7:2D:18:3A:B2
Certificate issuer:       /CN=ff698eeb2e49fcb5f9c65a99857af29ce06641d9
Certificate serial:       018CC6499AF1427D8B7413BAAE0A73194B49
Authority key identifier: FF:69:8E:EB:2E:49:FC:B5:F9:C6:5A:99:85:7A:F2:9C:E0:66:41:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_2mO6y5J_LX5xlqZhXrynOBmQdk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/UI10HeKpZ12yElideg6Ypy0YOrI.roa
Signing time:             Mon 01 Jan 2024 18:29:21 +0000
ROA not before:           Mon 01 Jan 2024 18:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24972
IP address blocks:        195.244.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/_2mO6y5J_LX5xlqZhXrynOBmQdk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/_2mO6y5J_LX5xlqZhXrynOBmQdk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_2mO6y5J_LX5xlqZhXrynOBmQdk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:9a:f1:42:7d:8b:74:13:ba:ae:0a:73:19:4b:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff698eeb2e49fcb5f9c65a99857af29ce06641d9
        Validity
            Not Before: Jan  1 18:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=508d741de2a9675db212589d7a0e98a72d183ab2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:66:33:d1:d8:d1:9b:ac:87:7e:01:aa:16:74:
                    a5:63:19:1b:4a:b6:8a:20:57:b5:29:67:e0:e0:da:
                    e0:95:83:e9:55:75:0b:50:45:e2:e9:21:22:91:04:
                    76:34:d4:16:3d:b2:30:f7:dd:d7:1d:86:37:83:cd:
                    26:d1:c2:81:23:a2:d1:e1:0d:43:d1:75:5c:73:7b:
                    6c:92:5a:05:ef:e8:f1:12:c7:95:a7:98:2c:a0:a5:
                    4c:50:85:82:50:e1:9c:ea:ae:67:67:27:b4:67:f7:
                    22:e8:04:de:09:b2:e3:30:56:a1:ef:30:f2:fa:ed:
                    78:89:31:86:ff:b9:c7:65:34:69:70:36:c2:4e:db:
                    78:24:5c:65:4d:91:1e:c2:42:36:74:c5:b5:64:3d:
                    fb:71:9b:bb:f7:28:72:86:6e:e2:51:4d:65:97:b3:
                    8a:47:38:aa:55:5c:9b:3e:da:dd:6b:6c:fe:af:cf:
                    60:d6:fc:de:9e:3a:16:7e:ca:64:72:85:aa:b8:cd:
                    a5:d9:1e:58:15:44:5d:ee:42:2d:47:c9:96:a6:b9:
                    ac:cf:a5:a1:10:e6:9b:58:43:2a:ea:da:58:74:73:
                    c1:8c:b7:69:b4:4d:e2:d8:f9:6f:98:fb:36:4a:04:
                    f1:8d:43:dc:fb:de:74:93:7b:9b:99:f8:9f:00:f5:
                    30:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:8D:74:1D:E2:A9:67:5D:B2:12:58:9D:7A:0E:98:A7:2D:18:3A:B2
            X509v3 Authority Key Identifier:
                keyid:FF:69:8E:EB:2E:49:FC:B5:F9:C6:5A:99:85:7A:F2:9C:E0:66:41:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_2mO6y5J_LX5xlqZhXrynOBmQdk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/UI10HeKpZ12yElideg6Ypy0YOrI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/_2mO6y5J_LX5xlqZhXrynOBmQdk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.244.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:31:23:3f:24:5f:f4:f7:10:7c:4a:76:b9:f5:5c:30:46:41:
         45:b3:22:3f:79:cc:99:38:9e:7f:c3:10:80:41:0c:09:50:d0:
         47:8b:aa:3e:34:3a:a5:21:3b:3c:2d:d7:84:ff:62:07:01:a3:
         b9:e1:9a:f7:38:48:d5:42:36:07:54:78:16:f6:de:2f:eb:97:
         c1:81:b1:da:89:94:0e:ce:e7:84:a7:59:1c:62:99:a2:c8:13:
         cd:32:e4:87:4c:fe:86:f5:4d:80:ad:54:37:d9:e0:fc:37:24:
         84:7e:4b:76:d7:58:cd:9e:40:d7:2b:84:d3:aa:cb:57:01:b2:
         88:4b:46:a1:c6:7c:70:42:b4:47:0c:e9:77:4e:90:97:fe:22:
         a1:f9:43:f1:ff:6e:e8:58:70:50:76:f0:fd:59:69:1d:d6:33:
         db:f7:14:23:78:dc:8c:0d:4a:66:18:82:4d:87:07:0d:ba:e4:
         6d:3f:a5:89:e6:99:dc:5c:74:77:e3:f2:b0:33:7c:af:7c:69:
         f9:a1:da:6b:f0:41:24:97:cf:40:c4:c5:73:ab:21:c3:79:2a:
         61:3a:4b:19:4c:ba:67:ce:9a:1b:12:c1:cf:6a:20:b8:25:4d:
         e3:66:52:84:68:04:7d:d3:05:db:9d:c6:d8:4e:23:bc:85:7f:
         a8:31:a5:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSZrxQn2LdBO6rgpzGUtJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmNjk4ZWViMmU0OWZjYjVmOWM2NWE5OTg1N2FmMjljZTA2
NjQxZDkwHhcNMjQwMTAxMTgyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDhkNzQxZGUyYTk2NzVkYjIxMjU4OWQ3YTBlOThhNzJkMTgzYWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApGYz0djRm6yHfgGqFnSlYxkbSraK
IFe1KWfg4NrglYPpVXULUEXi6SEikQR2NNQWPbIw993XHYY3g80m0cKBI6LR4Q1D
0XVcc3tskloF7+jxEseVp5gsoKVMUIWCUOGc6q5nZye0Z/ci6ATeCbLjMFah7zDy
+u14iTGG/7nHZTRpcDbCTtt4JFxlTZEewkI2dMW1ZD37cZu79yhyhm7iUU1ll7OK
RziqVVybPtrda2z+r89g1vzenjoWfspkcoWquM2l2R5YFURd7kItR8mWprmsz6Wh
EOabWEMq6tpYdHPBjLdptE3i2PlvmPs2SgTxjUPc+950k3ubmfifAPUwUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFCNdB3iqWddshJYnXoOmKctGDqyMB8GA1UdIwQY
MBaAFP9pjusuSfy1+cZamYV68pzgZkHZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzJtTzZ5NUpfTFg1eGxxWmhYcnluT0JtUWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNGQ3NWQtOTUzYS00MDM2LTk4Mzkt
NTdjZDY4ZDljYjRlLzEvVUkxMEhlS3BaMTJ5RWxpZGVnNllweTBZT3JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iNGQ3NWQtOTUzYS00MDM2LTk4MzktNTdjZDY4ZDljYjRl
LzEvXzJtTzZ5NUpfTFg1eGxxWmhYcnluT0JtUWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/SdMA0G
CSqGSIb3DQEBCwUAA4IBAQC6MSM/JF/09xB8Sna59VwwRkFFsyI/ecyZOJ5/wxCA
QQwJUNBHi6o+NDqlITs8LdeE/2IHAaO54Zr3OEjVQjYHVHgW9t4v65fBgbHaiZQO
zueEp1kcYpmiyBPNMuSHTP6G9U2ArVQ32eD8NySEfkt211jNnkDXK4TTqstXAbKI
S0ahxnxwQrRHDOl3TpCX/iKh+UPx/27oWHBQdvD9WWkd1jPb9xQjeNyMDUpmGIJN
hwcNuuRtP6WJ5pncXHR34/KwM3yvfGn5odpr8EEkl89AxMVzqyHDeSphOksZTLpn
zpobEsHPaiC4JU3jZlKEaAR90wXbncbYTiO8hX+oMaVi
-----END CERTIFICATE-----