Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/690482-9dec-49f2-ab55-721d252f3526/1/Uj_14N-lY3D5PtScJ9x5vWeUls0.roa
File:                     Uj_14N-lY3D5PtScJ9x5vWeUls0.roa (raw, json)
Hash identifier:          vs0vP/kWCnfPpZpKUb9cH/Vt5Tk8I78FllNN3gDQgoA=
Subject key identifier:   52:3F:F5:E0:DF:A5:63:70:F9:3E:D4:9C:27:DC:79:BD:67:94:96:CD
Certificate issuer:       /CN=2abb5cd85f525302fd04ff2b6721862b204064d4
Certificate serial:       018CCA2A28DCD8A422A2A8021EF138AB4874
Authority key identifier: 2A:BB:5C:D8:5F:52:53:02:FD:04:FF:2B:67:21:86:2B:20:40:64:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Krtc2F9SUwL9BP8rZyGGKyBAZNQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/690482-9dec-49f2-ab55-721d252f3526/1/Uj_14N-lY3D5PtScJ9x5vWeUls0.roa
Signing time:             Tue 02 Jan 2024 12:33:29 +0000
ROA not before:           Tue 02 Jan 2024 12:33:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13060
IP address blocks:        194.153.131.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/690482-9dec-49f2-ab55-721d252f3526/1/Krtc2F9SUwL9BP8rZyGGKyBAZNQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/690482-9dec-49f2-ab55-721d252f3526/1/Krtc2F9SUwL9BP8rZyGGKyBAZNQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Krtc2F9SUwL9BP8rZyGGKyBAZNQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:28:dc:d8:a4:22:a2:a8:02:1e:f1:38:ab:48:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2abb5cd85f525302fd04ff2b6721862b204064d4
        Validity
            Not Before: Jan  2 12:33:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=523ff5e0dfa56370f93ed49c27dc79bd679496cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:ca:ff:d4:97:bc:0f:f0:14:e2:1f:f5:40:10:
                    15:fe:a5:95:d4:8f:90:2f:35:bd:75:1e:d5:b8:03:
                    8e:59:37:40:96:52:d2:94:bf:44:56:57:30:ee:0e:
                    b0:97:c2:e7:3d:49:d2:cc:9b:c0:38:ea:37:b6:19:
                    08:5a:96:4d:ed:ea:85:a7:6c:7a:c0:73:88:55:28:
                    09:c8:cf:d8:09:f7:b1:7d:db:d1:a8:12:38:c1:f5:
                    af:e2:48:15:20:88:f0:0d:2e:c4:62:01:9e:49:bf:
                    10:b2:17:3e:5a:5d:4b:ec:a7:60:22:1c:cb:0c:c9:
                    fc:f4:de:e5:1a:e1:66:b0:95:01:21:d0:4c:79:20:
                    74:5f:81:b5:5f:96:c7:61:c9:a1:2b:c5:52:0a:99:
                    aa:2c:6d:ef:ea:d8:ca:f1:77:63:e6:a5:53:6a:09:
                    6a:76:7c:de:22:48:96:09:14:bc:e9:24:c4:aa:39:
                    e6:d7:5e:89:77:6d:4f:a3:40:25:8d:a8:eb:63:ed:
                    96:b7:b1:b4:6e:69:ed:4b:81:89:cb:49:04:f4:b4:
                    db:03:c1:2f:5d:e0:bb:86:74:fd:4b:9e:31:6e:a5:
                    78:67:88:46:f8:4e:c5:e6:0a:2c:2b:b6:c5:5e:36:
                    8d:62:ff:a5:78:30:27:0c:f2:ec:45:6f:d8:6c:0b:
                    6d:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:3F:F5:E0:DF:A5:63:70:F9:3E:D4:9C:27:DC:79:BD:67:94:96:CD
            X509v3 Authority Key Identifier:
                keyid:2A:BB:5C:D8:5F:52:53:02:FD:04:FF:2B:67:21:86:2B:20:40:64:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Krtc2F9SUwL9BP8rZyGGKyBAZNQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/690482-9dec-49f2-ab55-721d252f3526/1/Uj_14N-lY3D5PtScJ9x5vWeUls0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/690482-9dec-49f2-ab55-721d252f3526/1/Krtc2F9SUwL9BP8rZyGGKyBAZNQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.153.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:80:84:aa:14:00:0d:b7:a7:76:08:66:bf:c3:35:66:0a:b8:
         fd:66:e9:9e:57:16:1c:fb:0d:d1:45:07:f9:1f:f1:8b:2b:8f:
         09:05:99:fc:eb:84:56:73:06:8b:36:1b:bb:2c:ba:15:ce:06:
         2d:5b:22:a4:38:e7:85:e9:07:21:87:db:89:40:88:39:3d:b7:
         32:b7:2e:ab:93:23:79:8d:01:80:88:f3:08:a9:13:ae:d7:33:
         e3:05:56:1e:fc:0f:c4:c3:aa:59:0a:12:58:cf:4d:34:77:1d:
         8d:8d:de:3b:d9:d0:d6:6a:54:aa:3a:16:a6:cb:fb:9e:c7:f6:
         66:c7:b6:9a:02:8f:89:a8:c4:65:47:19:ad:6d:ae:12:ab:4d:
         e1:77:1f:2f:cd:7e:7b:1a:c8:27:23:ea:ff:5e:90:da:29:14:
         25:a3:33:f4:54:18:3a:03:da:0c:09:3d:4f:b3:01:75:4f:c1:
         08:05:fd:aa:e7:b6:3e:69:35:20:f4:b2:15:a2:2e:41:f6:28:
         18:a5:fb:0a:a2:0e:50:1a:85:11:ae:48:0a:a0:14:f7:12:72:
         fd:f2:c9:6c:b3:a7:a8:17:4a:e4:2c:1b:74:98:96:20:88:ea:
         97:83:5a:05:ff:0f:5a:29:90:8f:54:e6:e7:45:53:00:40:e0:
         ab:a1:8f:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKijc2KQioqgCHvE4q0h0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYmI1Y2Q4NWY1MjUzMDJmZDA0ZmYyYjY3MjE4NjJiMjA0
MDY0ZDQwHhcNMjQwMTAyMTIzMzI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjNmZjVlMGRmYTU2MzcwZjkzZWQ0OWMyN2RjNzliZDY3OTQ5NmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkcr/1Je8D/AU4h/1QBAV/qWV1I+Q
LzW9dR7VuAOOWTdAllLSlL9EVlcw7g6wl8LnPUnSzJvAOOo3thkIWpZN7eqFp2x6
wHOIVSgJyM/YCfexfdvRqBI4wfWv4kgVIIjwDS7EYgGeSb8Qshc+Wl1L7KdgIhzL
DMn89N7lGuFmsJUBIdBMeSB0X4G1X5bHYcmhK8VSCpmqLG3v6tjK8Xdj5qVTaglq
dnzeIkiWCRS86STEqjnm116Jd21Po0AljajrY+2Wt7G0bmntS4GJy0kE9LTbA8Ev
XeC7hnT9S54xbqV4Z4hG+E7F5gosK7bFXjaNYv+leDAnDPLsRW/YbAtt1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFI/9eDfpWNw+T7UnCfceb1nlJbNMB8GA1UdIwQY
MBaAFCq7XNhfUlMC/QT/K2chhisgQGTUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3J0YzJGOVNVd0w5QlA4clp5R0dLeUJBWk5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi82OTA0ODItOWRlYy00OWYyLWFiNTUt
NzIxZDI1MmYzNTI2LzEvVWpfMTROLWxZM0Q1UHRTY0o5eDV2V2VVbHMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi82OTA0ODItOWRlYy00OWYyLWFiNTUtNzIxZDI1MmYzNTI2
LzEvS3J0YzJGOVNVd0w5QlA4clp5R0dLeUJBWk5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpmDMA0G
CSqGSIb3DQEBCwUAA4IBAQCHgISqFAANt6d2CGa/wzVmCrj9ZumeVxYc+w3RRQf5
H/GLK48JBZn864RWcwaLNhu7LLoVzgYtWyKkOOeF6Qchh9uJQIg5Pbcyty6rkyN5
jQGAiPMIqROu1zPjBVYe/A/Ew6pZChJYz000dx2Njd472dDWalSqOhamy/uex/Zm
x7aaAo+JqMRlRxmtba4Sq03hdx8vzX57GsgnI+r/XpDaKRQlozP0VBg6A9oMCT1P
swF1T8EIBf2q57Y+aTUg9LIVoi5B9igYpfsKog5QGoURrkgKoBT3EnL98slss6eo
F0rkLBt0mJYgiOqXg1oF/w9aKZCPVObnRVMAQOCroY+L
-----END CERTIFICATE-----