Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/a1882e-0c4c-4696-885d-cd6a503163d6/1/umzwH2fI0EJt6piDCH5ddChTvUM.roa
File:                     umzwH2fI0EJt6piDCH5ddChTvUM.roa (raw, json)
Hash identifier:          2lzsQGR/WhKO8WvDrwWY1SmLC0wWebQ0TZcoy3/QvfE=
Subject key identifier:   BA:6C:F0:1F:67:C8:D0:42:6D:EA:98:83:08:7E:5D:74:28:53:BD:43
Certificate issuer:       /CN=8c3f538f8a01edd0a76b008b4d45d41f67821bd2
Certificate serial:       018ED1FE49FC74D385B60CCF745DEC9DABCC
Authority key identifier: 8C:3F:53:8F:8A:01:ED:D0:A7:6B:00:8B:4D:45:D4:1F:67:82:1B:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jD9Tj4oB7dCnawCLTUXUH2eCG9I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/a1882e-0c4c-4696-885d-cd6a503163d6/1/umzwH2fI0EJt6piDCH5ddChTvUM.roa
Signing time:             Fri 12 Apr 2024 11:08:06 +0000
ROA not before:           Fri 12 Apr 2024 11:08:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41354
IP address blocks:        185.25.92.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/a1882e-0c4c-4696-885d-cd6a503163d6/1/jD9Tj4oB7dCnawCLTUXUH2eCG9I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/a1882e-0c4c-4696-885d-cd6a503163d6/1/jD9Tj4oB7dCnawCLTUXUH2eCG9I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jD9Tj4oB7dCnawCLTUXUH2eCG9I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 02:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d1:fe:49:fc:74:d3:85:b6:0c:cf:74:5d:ec:9d:ab:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c3f538f8a01edd0a76b008b4d45d41f67821bd2
        Validity
            Not Before: Apr 12 11:08:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba6cf01f67c8d0426dea9883087e5d742853bd43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:c9:da:4a:19:a5:a1:f0:87:88:d2:fa:c3:47:
                    c0:50:3d:13:fd:98:fd:c4:72:94:97:b4:82:89:65:
                    2e:46:dc:ca:a6:22:c9:3c:f4:e9:5a:61:19:a9:35:
                    70:4a:36:11:8b:83:05:da:06:f0:fa:8f:19:b3:0d:
                    3b:a6:e9:1a:85:07:42:ac:ec:c5:cc:dc:9b:63:cd:
                    53:5b:db:c2:d1:50:35:71:43:80:ac:63:2a:0c:97:
                    0c:aa:58:a9:9d:eb:7b:87:a3:06:1d:40:53:47:0b:
                    32:db:dc:71:04:9b:a6:33:15:b6:d3:1c:22:b7:17:
                    85:e2:81:aa:44:43:cd:76:3c:b3:3f:9d:b8:15:94:
                    7b:e4:2e:9b:0d:85:43:ed:f5:49:e4:73:53:e5:67:
                    fc:c1:4a:76:72:41:e6:1d:de:50:ee:a9:a2:4a:51:
                    9e:d8:ad:b2:9c:87:d1:4e:7c:e7:3b:f9:bc:0d:d1:
                    9a:21:41:c7:39:df:4d:40:90:df:a2:a2:4b:94:35:
                    80:09:1b:8d:85:b1:c1:e1:83:d4:cd:f6:4a:48:55:
                    6f:25:cf:f2:41:2a:28:df:80:92:f9:42:9d:a5:67:
                    d6:5c:fb:73:10:0c:76:af:c3:3e:0a:58:83:d0:d1:
                    82:42:50:3d:ff:da:5b:30:c5:e6:f3:7e:24:49:5f:
                    c3:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:6C:F0:1F:67:C8:D0:42:6D:EA:98:83:08:7E:5D:74:28:53:BD:43
            X509v3 Authority Key Identifier:
                keyid:8C:3F:53:8F:8A:01:ED:D0:A7:6B:00:8B:4D:45:D4:1F:67:82:1B:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jD9Tj4oB7dCnawCLTUXUH2eCG9I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a1882e-0c4c-4696-885d-cd6a503163d6/1/umzwH2fI0EJt6piDCH5ddChTvUM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a1882e-0c4c-4696-885d-cd6a503163d6/1/jD9Tj4oB7dCnawCLTUXUH2eCG9I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.25.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:b4:e3:d7:5c:96:98:d0:1d:4f:1f:48:c4:8f:04:75:87:58:
         b1:95:7d:54:f0:14:21:39:cb:97:b7:ef:14:d3:dd:ee:9b:d5:
         8d:49:24:2f:e3:0b:d0:69:06:a2:66:9f:da:fe:f2:18:9d:9d:
         65:c2:66:89:d7:f4:f3:a9:07:7c:d4:d4:2a:84:09:ee:40:13:
         74:48:d2:c9:2a:8e:b1:34:1f:59:a5:85:89:31:b4:05:47:a7:
         5d:b9:69:71:9f:11:f6:9a:73:52:65:7e:84:91:55:88:ca:ff:
         0b:ac:6a:f2:ce:a7:4c:75:35:9e:2b:b2:d5:56:f4:5c:82:5a:
         eb:92:d4:0e:12:37:e6:df:f8:a5:e0:c2:e4:ed:80:11:23:8a:
         32:73:0e:00:4c:e6:29:25:88:79:95:18:2d:78:1f:a2:9f:11:
         6f:0d:99:34:04:8a:48:a5:1e:14:0d:99:2c:00:77:ae:c7:c7:
         a4:4a:f5:0f:63:ab:7a:36:a7:5a:f0:73:71:a3:80:0a:f6:74:
         e6:ff:bd:2a:0d:14:42:49:80:8c:36:3e:34:13:06:ee:8b:88:
         ae:39:d2:5c:26:24:31:34:a0:0d:e8:5f:8d:cb:81:bf:6a:bb:
         a9:ad:83:f8:cf:5f:c6:02:65:a5:5c:da:9b:cd:32:9d:69:47:
         89:a4:f5:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7R/kn8dNOFtgzPdF3snavMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjM2Y1MzhmOGEwMWVkZDBhNzZiMDA4YjRkNDVkNDFmNjc4
MjFiZDIwHhcNMjQwNDEyMTEwODA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTZjZjAxZjY3YzhkMDQyNmRlYTk4ODMwODdlNWQ3NDI4NTNiZDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhcnaShmlofCHiNL6w0fAUD0T/Zj9
xHKUl7SCiWUuRtzKpiLJPPTpWmEZqTVwSjYRi4MF2gbw+o8Zsw07pukahQdCrOzF
zNybY81TW9vC0VA1cUOArGMqDJcMqlipnet7h6MGHUBTRwsy29xxBJumMxW20xwi
txeF4oGqREPNdjyzP524FZR75C6bDYVD7fVJ5HNT5Wf8wUp2ckHmHd5Q7qmiSlGe
2K2ynIfRTnznO/m8DdGaIUHHOd9NQJDfoqJLlDWACRuNhbHB4YPUzfZKSFVvJc/y
QSoo34CS+UKdpWfWXPtzEAx2r8M+CliD0NGCQlA9/9pbMMXm834kSV/DdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLps8B9nyNBCbeqYgwh+XXQoU71DMB8GA1UdIwQY
MBaAFIw/U4+KAe3Qp2sAi01F1B9nghvSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakQ5VGo0b0I3ZENuYXdDTFRVWFVIMmVDRzlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9hMTg4MmUtMGM0Yy00Njk2LTg4NWQt
Y2Q2YTUwMzE2M2Q2LzEvdW16d0gyZkkwRUp0NnBpRENINWRkQ2hUdlVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9hMTg4MmUtMGM0Yy00Njk2LTg4NWQtY2Q2YTUwMzE2M2Q2
LzEvakQ5VGo0b0I3ZENuYXdDTFRVWFVIMmVDRzlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRlcMA0G
CSqGSIb3DQEBCwUAA4IBAQBdtOPXXJaY0B1PH0jEjwR1h1ixlX1U8BQhOcuXt+8U
093um9WNSSQv4wvQaQaiZp/a/vIYnZ1lwmaJ1/TzqQd81NQqhAnuQBN0SNLJKo6x
NB9ZpYWJMbQFR6dduWlxnxH2mnNSZX6EkVWIyv8LrGryzqdMdTWeK7LVVvRcglrr
ktQOEjfm3/il4MLk7YARI4oycw4ATOYpJYh5lRgteB+inxFvDZk0BIpIpR4UDZks
AHeux8ekSvUPY6t6Nqda8HNxo4AK9nTm/70qDRRCSYCMNj40Ewbui4iuOdJcJiQx
NKAN6F+Ny4G/aruprYP4z1/GAmWlXNqbzTKdaUeJpPVR
-----END CERTIFICATE-----