Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/b934ee-c4ba-4391-80b0-e75a5ea89fd1/1/UrXeYZV5KYbluNmIOyV48FxaP00.roa
File:                     UrXeYZV5KYbluNmIOyV48FxaP00.roa (raw, json)
Hash identifier:          IRT7Pkrr6E9u8IBPjeY5rl1BDmgfgI4Cllo7ibszJ08=
Subject key identifier:   52:B5:DE:61:95:79:29:86:E5:B8:D9:88:3B:25:78:F0:5C:5A:3F:4D
Certificate issuer:       /CN=7fd62e42c08e1601c4571e0d88a349a0509dea5e
Certificate serial:       018CC8DF72FEE0EAD315DD79994EB7D29FA5
Authority key identifier: 7F:D6:2E:42:C0:8E:16:01:C4:57:1E:0D:88:A3:49:A0:50:9D:EA:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f9YuQsCOFgHEVx4NiKNJoFCd6l4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/b934ee-c4ba-4391-80b0-e75a5ea89fd1/1/UrXeYZV5KYbluNmIOyV48FxaP00.roa
Signing time:             Tue 02 Jan 2024 06:32:16 +0000
ROA not before:           Tue 02 Jan 2024 06:32:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15955
IP address blocks:        212.77.32.0/19 maxlen: 19
                          185.101.48.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/b934ee-c4ba-4391-80b0-e75a5ea89fd1/1/f9YuQsCOFgHEVx4NiKNJoFCd6l4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/b934ee-c4ba-4391-80b0-e75a5ea89fd1/1/f9YuQsCOFgHEVx4NiKNJoFCd6l4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f9YuQsCOFgHEVx4NiKNJoFCd6l4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:72:fe:e0:ea:d3:15:dd:79:99:4e:b7:d2:9f:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7fd62e42c08e1601c4571e0d88a349a0509dea5e
        Validity
            Not Before: Jan  2 06:32:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=52b5de6195792986e5b8d9883b2578f05c5a3f4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:ff:2a:69:bf:85:72:81:23:8d:a2:43:cf:0c:
                    b3:70:ca:a1:0d:1c:a9:c8:15:38:ea:30:d0:51:60:
                    10:1f:a6:c9:0f:f3:18:b6:bb:76:3d:ee:d8:1f:d0:
                    f3:9d:cf:92:11:9f:78:8e:8d:1f:3d:e2:4e:7c:59:
                    44:3b:25:12:9c:a4:5a:4c:84:98:c3:43:ef:63:9a:
                    65:0e:de:ec:15:21:19:1b:ce:87:6d:c0:38:8a:fa:
                    79:78:81:55:20:c3:9d:a9:4b:dc:69:c6:02:32:cc:
                    b2:d0:2c:08:56:32:8e:8b:bf:0d:99:26:dc:96:b3:
                    7c:99:11:f4:e3:7e:e7:34:72:95:17:3b:a7:df:d2:
                    2d:d1:3a:b8:a5:96:81:a5:d2:ee:3f:a2:fb:69:3c:
                    77:a4:93:93:20:a7:4a:89:a8:aa:6a:24:94:db:4b:
                    c8:6b:d4:77:2b:09:a7:46:22:03:b8:92:d5:64:bc:
                    91:d0:02:40:a9:38:a8:58:f9:b9:8e:75:8a:25:ea:
                    80:e7:e0:c8:b5:78:da:2a:1f:94:3a:66:4d:f6:fd:
                    9d:be:ce:62:2d:97:da:76:83:71:19:61:53:5f:f6:
                    51:49:c7:8e:0f:f5:38:ea:d2:d4:cf:06:dd:47:9d:
                    e1:d5:26:a4:65:96:eb:6e:e5:99:69:9c:9b:bf:d3:
                    52:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:B5:DE:61:95:79:29:86:E5:B8:D9:88:3B:25:78:F0:5C:5A:3F:4D
            X509v3 Authority Key Identifier:
                keyid:7F:D6:2E:42:C0:8E:16:01:C4:57:1E:0D:88:A3:49:A0:50:9D:EA:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9YuQsCOFgHEVx4NiKNJoFCd6l4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/b934ee-c4ba-4391-80b0-e75a5ea89fd1/1/UrXeYZV5KYbluNmIOyV48FxaP00.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/b934ee-c4ba-4391-80b0-e75a5ea89fd1/1/f9YuQsCOFgHEVx4NiKNJoFCd6l4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.101.48.0/22
                  212.77.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         25:29:42:ae:8a:af:68:3f:49:f8:07:79:f0:1f:46:66:09:4f:
         8c:21:fe:42:b0:48:35:74:88:dd:bd:59:3f:07:85:af:46:d3:
         34:06:b3:76:ab:a3:54:ac:70:71:5a:10:71:ac:e3:94:e1:8f:
         1c:c6:54:60:e3:c6:70:69:47:32:e1:79:fc:9c:ac:90:db:4d:
         f0:9e:7a:a8:09:b7:df:22:29:44:53:b5:47:2d:98:d4:df:d9:
         b4:60:ed:f2:4a:37:43:72:88:a8:09:e2:15:e7:b2:67:34:86:
         37:3d:45:7d:c5:93:cb:08:9c:c3:07:f1:e6:0c:f7:ea:6e:1d:
         ca:33:df:b3:41:be:41:3e:80:06:6a:a8:9d:c1:10:58:18:ec:
         2c:35:3e:28:65:72:50:19:c1:29:58:64:49:bc:ab:87:ef:6a:
         cc:7e:c0:98:fe:aa:27:e0:8e:7e:75:91:c5:b2:40:30:83:ab:
         49:41:cb:a1:5f:0c:ad:7d:8c:9b:39:38:c8:96:49:fe:03:08:
         9b:c2:04:b1:d1:73:70:1d:a3:d2:64:c4:66:99:00:19:cd:6a:
         e5:28:56:31:35:98:ec:ee:e1:d5:8d:ee:12:06:4b:1e:dd:6d:
         a0:31:a6:e7:f2:86:ea:4d:e6:46:b0:f7:d3:c5:18:d1:53:41:
         cb:ec:85:87
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI33L+4OrTFd15mU630p+lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmZDYyZTQyYzA4ZTE2MDFjNDU3MWUwZDg4YTM0OWEwNTA5
ZGVhNWUwHhcNMjQwMTAyMDYzMjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmI1ZGU2MTk1NzkyOTg2ZTViOGQ5ODgzYjI1NzhmMDVjNWEzZjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqP8qab+FcoEjjaJDzwyzcMqhDRyp
yBU46jDQUWAQH6bJD/MYtrt2Pe7YH9Dznc+SEZ94jo0fPeJOfFlEOyUSnKRaTISY
w0PvY5plDt7sFSEZG86HbcA4ivp5eIFVIMOdqUvcacYCMsyy0CwIVjKOi78NmSbc
lrN8mRH0437nNHKVFzun39It0Tq4pZaBpdLuP6L7aTx3pJOTIKdKiaiqaiSU20vI
a9R3KwmnRiIDuJLVZLyR0AJAqTioWPm5jnWKJeqA5+DItXjaKh+UOmZN9v2dvs5i
LZfadoNxGWFTX/ZRSceOD/U46tLUzwbdR53h1SakZZbrbuWZaZybv9NSiwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFK13mGVeSmG5bjZiDslePBcWj9NMB8GA1UdIwQY
MBaAFH/WLkLAjhYBxFceDYijSaBQnepeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjlZdVFzQ09GZ0hFVng0TmlLTkpvRkNkNmw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9iOTM0ZWUtYzRiYS00MzkxLTgwYjAt
ZTc1YTVlYTg5ZmQxLzEvVXJYZVlaVjVLWWJsdU5tSU95VjQ4RnhhUDAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9iOTM0ZWUtYzRiYS00MzkxLTgwYjAtZTc1YTVlYTg5ZmQx
LzEvZjlZdVFzQ09GZ0hFVng0TmlLTkpvRkNkNmw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuWUwAwQF
1E0gMA0GCSqGSIb3DQEBCwUAA4IBAQAlKUKuiq9oP0n4B3nwH0ZmCU+MIf5CsEg1
dIjdvVk/B4WvRtM0BrN2q6NUrHBxWhBxrOOU4Y8cxlRg48ZwaUcy4Xn8nKyQ203w
nnqoCbffIilEU7VHLZjU39m0YO3ySjdDcoioCeIV57JnNIY3PUV9xZPLCJzDB/Hm
DPfqbh3KM9+zQb5BPoAGaqidwRBYGOwsNT4oZXJQGcEpWGRJvKuH72rMfsCY/qon
4I5+dZHFskAwg6tJQcuhXwytfYybOTjIlkn+AwibwgSx0XNwHaPSZMRmmQAZzWrl
KFYxNZjs7uHVje4SBkse3W2gMabn8obqTeZGsPfTxRjRU0HL7IWH
-----END CERTIFICATE-----