Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/26fcba-78ae-4d38-acaf-31428b050fd7/1/Ubz_fNNl2azdz8EuMXZpRVvC24c.roa
File:                     Ubz_fNNl2azdz8EuMXZpRVvC24c.roa (raw, json)
Hash identifier:          o8v5qGVk7UYlHO8OjzcTZH8TDrC5r//UO2RLIh28Vwg=
Subject key identifier:   51:BC:FF:7C:D3:65:D9:AC:DD:CF:C1:2E:31:76:69:45:5B:C2:DB:87
Certificate issuer:       /CN=de3d81211f492edf029a22cc66c20a3b94583590
Certificate serial:       018CC5010E7698EBB7A4AF801DC0FD9C75EB
Authority key identifier: DE:3D:81:21:1F:49:2E:DF:02:9A:22:CC:66:C2:0A:3B:94:58:35:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3j2BIR9JLt8CmiLMZsIKO5RYNZA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/26fcba-78ae-4d38-acaf-31428b050fd7/1/Ubz_fNNl2azdz8EuMXZpRVvC24c.roa
Signing time:             Mon 01 Jan 2024 12:30:29 +0000
ROA not before:           Mon 01 Jan 2024 12:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2119
IP address blocks:        82.193.160.0/19 maxlen: 19
                          2a02:2580::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/26fcba-78ae-4d38-acaf-31428b050fd7/1/3j2BIR9JLt8CmiLMZsIKO5RYNZA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/26fcba-78ae-4d38-acaf-31428b050fd7/1/3j2BIR9JLt8CmiLMZsIKO5RYNZA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3j2BIR9JLt8CmiLMZsIKO5RYNZA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:0e:76:98:eb:b7:a4:af:80:1d:c0:fd:9c:75:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de3d81211f492edf029a22cc66c20a3b94583590
        Validity
            Not Before: Jan  1 12:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51bcff7cd365d9acddcfc12e317669455bc2db87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:7f:f6:96:d5:e5:e0:c3:c4:36:57:ea:99:a1:
                    18:47:1b:81:c6:24:4d:ef:e3:a3:c9:a8:35:ce:0b:
                    c9:fd:35:af:43:36:4b:c4:19:d1:22:ee:d9:50:69:
                    3c:0b:65:fe:dc:25:b5:1d:ec:73:c8:db:43:23:6a:
                    91:59:13:98:25:d0:21:ec:ad:11:3a:ec:c2:01:a6:
                    ea:d0:01:ef:c9:74:a8:e6:c2:0a:b1:9f:8c:a2:01:
                    87:a9:3b:43:01:74:62:b8:4d:bb:f1:6d:f3:e8:d7:
                    b9:81:c4:2f:d7:2e:18:07:07:af:d0:54:c7:1f:54:
                    d5:11:bc:ae:af:7a:ca:09:5f:92:c6:24:1f:2d:7d:
                    c0:21:09:42:ff:dd:45:12:95:cb:74:e6:aa:1a:fb:
                    78:03:24:1b:2c:9a:79:69:75:57:62:23:e7:02:60:
                    39:b3:11:17:56:b2:fd:28:85:07:ee:58:d8:4c:43:
                    bd:bf:be:eb:f0:dc:25:2e:7b:a0:41:7a:a8:15:11:
                    92:fc:12:a2:52:a1:90:56:61:8c:22:38:fd:9e:c1:
                    35:20:7e:cc:b7:d3:45:09:83:b5:67:c8:03:30:a4:
                    5d:23:8c:2c:06:87:33:db:09:a1:40:19:7f:35:6f:
                    ed:06:37:81:78:a6:6e:2d:51:66:63:b0:43:24:c0:
                    dd:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:BC:FF:7C:D3:65:D9:AC:DD:CF:C1:2E:31:76:69:45:5B:C2:DB:87
            X509v3 Authority Key Identifier:
                keyid:DE:3D:81:21:1F:49:2E:DF:02:9A:22:CC:66:C2:0A:3B:94:58:35:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3j2BIR9JLt8CmiLMZsIKO5RYNZA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/26fcba-78ae-4d38-acaf-31428b050fd7/1/Ubz_fNNl2azdz8EuMXZpRVvC24c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/26fcba-78ae-4d38-acaf-31428b050fd7/1/3j2BIR9JLt8CmiLMZsIKO5RYNZA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.193.160.0/19
                IPv6:
                  2a02:2580::/32

    Signature Algorithm: sha256WithRSAEncryption
         27:c0:c3:e1:09:4a:34:79:d8:5b:c1:b2:76:03:ed:c2:8d:45:
         c3:d5:c5:b0:e2:8f:c2:2c:ce:98:5d:9d:bf:52:e8:51:63:2a:
         6e:15:3d:06:f3:1d:88:b2:bf:b5:d2:f7:db:38:7e:46:7c:91:
         f4:d5:a1:79:52:11:fa:b5:64:d4:9d:9b:1c:7b:6c:d0:8a:19:
         fc:f4:18:f1:93:59:af:34:68:de:f0:ca:f9:67:e7:81:a5:7d:
         86:56:f1:4d:83:cd:30:9a:ad:48:bb:a4:0f:fd:43:2f:5c:c6:
         b4:90:30:11:6c:25:d6:6d:82:06:67:d8:6a:5c:0c:67:a3:d6:
         73:81:80:b6:b3:c7:58:92:1d:26:6c:54:10:06:92:3b:bd:08:
         62:aa:0e:a1:f2:ae:b6:a4:10:fe:b2:46:44:1d:99:8a:eb:5b:
         f7:1a:37:55:8b:62:9e:48:ad:d4:83:2e:0f:3e:cd:3a:72:61:
         fc:1e:b9:e0:83:f0:43:8b:ca:6f:6f:33:99:41:47:3c:f5:cd:
         1e:fc:72:75:ce:0f:d2:e2:0d:25:f9:7f:98:4b:2a:33:72:d7:
         3d:b0:1b:0c:ec:17:cb:7b:a4:df:ae:e7:e5:c6:f6:cf:25:8a:
         0a:82:11:30:00:82:5a:29:ed:c4:b9:27:d5:cc:da:1f:4c:2d:
         d8:2d:56:9b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAQ52mOu3pK+AHcD9nHXrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlM2Q4MTIxMWY0OTJlZGYwMjlhMjJjYzY2YzIwYTNiOTQ1
ODM1OTAwHhcNMjQwMTAxMTIzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWJjZmY3Y2QzNjVkOWFjZGRjZmMxMmUzMTc2Njk0NTViYzJkYjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiH/2ltXl4MPENlfqmaEYRxuBxiRN
7+Ojyag1zgvJ/TWvQzZLxBnRIu7ZUGk8C2X+3CW1HexzyNtDI2qRWROYJdAh7K0R
OuzCAabq0AHvyXSo5sIKsZ+MogGHqTtDAXRiuE278W3z6Ne5gcQv1y4YBwev0FTH
H1TVEbyur3rKCV+SxiQfLX3AIQlC/91FEpXLdOaqGvt4AyQbLJp5aXVXYiPnAmA5
sxEXVrL9KIUH7ljYTEO9v77r8NwlLnugQXqoFRGS/BKiUqGQVmGMIjj9nsE1IH7M
t9NFCYO1Z8gDMKRdI4wsBocz2wmhQBl/NW/tBjeBeKZuLVFmY7BDJMDd0QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFG8/3zTZdms3c/BLjF2aUVbwtuHMB8GA1UdIwQY
MBaAFN49gSEfSS7fApoizGbCCjuUWDWQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2oyQklSOUpMdDhDbWlMTVpzSUtPNVJZTlpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8yNmZjYmEtNzhhZS00ZDM4LWFjYWYt
MzE0MjhiMDUwZmQ3LzEvVWJ6X2ZOTmwyYXpkejhFdU1YWnBSVnZDMjRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8yNmZjYmEtNzhhZS00ZDM4LWFjYWYtMzE0MjhiMDUwZmQ3
LzEvM2oyQklSOUpMdDhDbWlMTVpzSUtPNVJZTlpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFUsGgMA0E
AgACMAcDBQAqAiWAMA0GCSqGSIb3DQEBCwUAA4IBAQAnwMPhCUo0edhbwbJ2A+3C
jUXD1cWw4o/CLM6YXZ2/UuhRYypuFT0G8x2Isr+10vfbOH5GfJH01aF5UhH6tWTU
nZsce2zQihn89Bjxk1mvNGje8Mr5Z+eBpX2GVvFNg80wmq1Iu6QP/UMvXMa0kDAR
bCXWbYIGZ9hqXAxno9ZzgYC2s8dYkh0mbFQQBpI7vQhiqg6h8q62pBD+skZEHZmK
61v3GjdVi2KeSK3Ugy4PPs06cmH8Hrngg/BDi8pvbzOZQUc89c0e/HJ1zg/S4g0l
+X+YSyozctc9sBsM7BfLe6TfruflxvbPJYoKghEwAIJaKe3EuSfVzNofTC3YLVab
-----END CERTIFICATE-----