Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/1f86d3-087d-4d69-b8e7-73b0c74e9b64/1/UkFDmZlP7sJGCE2UTx4IbrRuT9k.roa
File:                     UkFDmZlP7sJGCE2UTx4IbrRuT9k.roa (raw, json)
Hash identifier:          pKnaU4HjoehLZFiOboepsBcbv/6O5j8TGl42vqVYZkw=
Subject key identifier:   52:41:43:99:99:4F:EE:C2:46:08:4D:94:4F:1E:08:6E:B4:6E:4F:D9
Certificate issuer:       /CN=f49502c97482b28502852c97ef9bd3a0a2a5e9f0
Certificate serial:       018CC5DC32B1C3C81E1DDAE486AE8510EE5C
Authority key identifier: F4:95:02:C9:74:82:B2:85:02:85:2C:97:EF:9B:D3:A0:A2:A5:E9:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9JUCyXSCsoUChSyX75vToKKl6fA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/1f86d3-087d-4d69-b8e7-73b0c74e9b64/1/UkFDmZlP7sJGCE2UTx4IbrRuT9k.roa
Signing time:             Mon 01 Jan 2024 16:29:51 +0000
ROA not before:           Mon 01 Jan 2024 16:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208310
IP address blocks:        94.137.128.0/20 maxlen: 20
                          193.223.248.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/1f86d3-087d-4d69-b8e7-73b0c74e9b64/1/9JUCyXSCsoUChSyX75vToKKl6fA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/1f86d3-087d-4d69-b8e7-73b0c74e9b64/1/9JUCyXSCsoUChSyX75vToKKl6fA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9JUCyXSCsoUChSyX75vToKKl6fA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 01:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:32:b1:c3:c8:1e:1d:da:e4:86:ae:85:10:ee:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f49502c97482b28502852c97ef9bd3a0a2a5e9f0
        Validity
            Not Before: Jan  1 16:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=52414399994feec246084d944f1e086eb46e4fd9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:35:02:c0:00:0b:90:8d:28:c2:a7:23:7a:4e:
                    f8:d4:cc:3d:06:ba:c0:e0:f5:bf:ab:fb:dd:fd:cf:
                    52:5b:8c:e0:d0:30:8e:37:a6:83:63:08:92:7c:19:
                    50:17:73:58:b6:1b:80:5c:8a:40:52:f3:ec:23:d1:
                    81:ba:3f:cb:25:9e:14:7f:c6:96:12:08:88:41:7c:
                    7a:7f:9e:b0:fa:2a:6e:86:ac:d2:ba:22:9b:ad:2c:
                    d8:10:d8:1b:ce:e6:05:4c:4e:f2:bc:c4:89:fc:a2:
                    6f:22:c0:57:99:17:36:31:dd:55:f3:57:5a:3e:28:
                    e5:af:eb:81:9e:bd:b1:d1:2a:70:f6:84:2c:9c:63:
                    e2:ba:1a:5a:8a:06:fb:ac:3a:ea:84:38:3e:a4:c5:
                    33:07:13:b3:81:41:04:4c:d5:7e:b6:28:14:b6:51:
                    c9:d8:66:ba:88:39:2e:0a:29:c8:b8:43:6d:b7:b1:
                    3f:ae:60:13:2f:c8:0e:7e:19:e1:89:3e:ad:c4:86:
                    fb:3f:90:43:35:11:03:68:d2:bb:68:10:4e:16:9d:
                    c9:62:ae:3f:89:b7:bd:5d:18:ca:1a:f9:a6:c1:52:
                    a8:6c:91:a7:60:3c:28:51:a5:c2:31:4f:d3:d1:39:
                    1d:b4:87:0e:c5:84:5b:3e:93:7b:06:63:b1:79:42:
                    50:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:41:43:99:99:4F:EE:C2:46:08:4D:94:4F:1E:08:6E:B4:6E:4F:D9
            X509v3 Authority Key Identifier:
                keyid:F4:95:02:C9:74:82:B2:85:02:85:2C:97:EF:9B:D3:A0:A2:A5:E9:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9JUCyXSCsoUChSyX75vToKKl6fA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/1f86d3-087d-4d69-b8e7-73b0c74e9b64/1/UkFDmZlP7sJGCE2UTx4IbrRuT9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/1f86d3-087d-4d69-b8e7-73b0c74e9b64/1/9JUCyXSCsoUChSyX75vToKKl6fA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.137.128.0/20
                  193.223.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         29:60:36:bc:39:fb:db:5d:a6:42:9b:12:a2:bf:f3:bf:5c:ba:
         06:05:b1:92:0d:23:cf:13:43:71:9d:1a:68:5e:53:c9:02:aa:
         07:0e:b0:72:f7:79:7b:61:ac:3c:42:35:3a:96:2e:33:3d:19:
         6d:0c:54:5b:72:81:2f:13:f1:02:e3:06:91:05:f0:63:84:0f:
         25:bd:2b:e1:84:dd:6b:1f:c7:b8:9c:d2:1b:4f:70:34:a9:fa:
         f5:5f:c5:e2:db:68:ae:13:3d:c0:ec:bf:b1:38:b3:dd:ce:c0:
         53:ed:e2:b3:02:6f:ad:f4:59:4a:02:3f:9a:b2:0f:94:85:2a:
         3e:f9:db:b8:14:07:e8:5d:bf:3e:a1:6a:a9:80:7d:cc:80:88:
         ed:41:da:15:98:fa:07:7d:94:82:a0:4a:40:94:c1:27:58:f1:
         22:40:7a:70:1d:10:dd:de:ff:57:55:ba:5d:ef:b4:1c:c7:eb:
         19:75:a7:02:93:fa:59:c9:d4:cd:34:4a:69:80:bc:f2:48:42:
         4a:34:45:78:15:1a:a5:83:93:c9:31:7e:cf:d4:47:7b:f0:81:
         5a:17:38:ec:a0:71:b0:e5:db:75:3b:30:3d:81:43:ca:d4:fe:
         ab:b8:bc:6d:39:2f:75:e2:7b:fe:b2:f3:45:1d:c7:24:d4:14:
         cd:ff:88:51
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzF3DKxw8geHdrkhq6FEO5cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0OTUwMmM5NzQ4MmIyODUwMjg1MmM5N2VmOWJkM2EwYTJh
NWU5ZjAwHhcNMjQwMTAxMTYyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjQxNDM5OTk5NGZlZWMyNDYwODRkOTQ0ZjFlMDg2ZWI0NmU0ZmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAizUCwAALkI0owqcjek741Mw9BrrA
4PW/q/vd/c9SW4zg0DCON6aDYwiSfBlQF3NYthuAXIpAUvPsI9GBuj/LJZ4Uf8aW
EgiIQXx6f56w+ipuhqzSuiKbrSzYENgbzuYFTE7yvMSJ/KJvIsBXmRc2Md1V81da
Pijlr+uBnr2x0Spw9oQsnGPiuhpaigb7rDrqhDg+pMUzBxOzgUEETNV+tigUtlHJ
2Ga6iDkuCinIuENtt7E/rmATL8gOfhnhiT6txIb7P5BDNREDaNK7aBBOFp3JYq4/
ibe9XRjKGvmmwVKobJGnYDwoUaXCMU/T0TkdtIcOxYRbPpN7BmOxeUJQPwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFJBQ5mZT+7CRghNlE8eCG60bk/ZMB8GA1UdIwQY
MBaAFPSVAsl0grKFAoUsl++b06CipenwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUpVQ3lYU0Nzb1VDaFN5WDc1dlRvS0tsNmZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi8xZjg2ZDMtMDg3ZC00ZDY5LWI4ZTct
NzNiMGM3NGU5YjY0LzEvVWtGRG1abFA3c0pHQ0UyVVR4NEliclJ1VDlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi8xZjg2ZDMtMDg3ZC00ZDY5LWI4ZTctNzNiMGM3NGU5YjY0
LzEvOUpVQ3lYU0Nzb1VDaFN5WDc1dlRvS0tsNmZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEXomAAwQC
wd/4MA0GCSqGSIb3DQEBCwUAA4IBAQApYDa8OfvbXaZCmxKiv/O/XLoGBbGSDSPP
E0NxnRpoXlPJAqoHDrBy93l7Yaw8QjU6li4zPRltDFRbcoEvE/EC4waRBfBjhA8l
vSvhhN1rH8e4nNIbT3A0qfr1X8Xi22iuEz3A7L+xOLPdzsBT7eKzAm+t9FlKAj+a
sg+UhSo++du4FAfoXb8+oWqpgH3MgIjtQdoVmPoHfZSCoEpAlMEnWPEiQHpwHRDd
3v9XVbpd77Qcx+sZdacCk/pZydTNNEppgLzySEJKNEV4FRqlg5PJMX7P1Ed78IFa
FzjsoHGw5dt1OzA9gUPK1P6ruLxtOS914nv+svNFHcck1BTN/4hR
-----END CERTIFICATE-----