Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/UcHdjQSRv2w0jD4OS1iHwh6Vb5Y.roa
File:                     UcHdjQSRv2w0jD4OS1iHwh6Vb5Y.roa (raw, json)
Hash identifier:          4DolfB/lAsRW7BE8veGi/JfZRsTv84OYpKsfyFsLnjM=
Subject key identifier:   51:C1:DD:8D:04:91:BF:6C:34:8C:3E:0E:4B:58:87:C2:1E:95:6F:96
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC79546FFAB0EFB4EF9AD48B93B1A9851
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/UcHdjQSRv2w0jD4OS1iHwh6Vb5Y.roa
Signing time:             Tue 02 Jan 2024 00:31:38 +0000
ROA not before:           Tue 02 Jan 2024 00:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34951
IP address blocks:        85.204.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 13:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:46:ff:ab:0e:fb:4e:f9:ad:48:b9:3b:1a:98:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51c1dd8d0491bf6c348c3e0e4b5887c21e956f96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:0d:8b:77:af:58:b8:ef:a2:b0:76:d2:5f:b1:
                    0d:29:1e:6a:92:46:67:4a:9f:eb:55:9b:40:a6:1c:
                    ee:ad:15:bc:09:19:18:ca:48:cc:d3:8b:74:b1:43:
                    2c:0d:4e:3b:41:f2:4c:fb:b6:6b:f9:9d:b9:f6:f3:
                    5f:69:8a:6c:b8:21:30:41:1e:2c:ef:d9:82:ab:1b:
                    01:6d:97:9a:87:e1:09:ab:ac:a6:a3:1e:f3:29:c5:
                    9b:8b:1b:2a:2e:74:66:a8:df:a1:11:4a:fd:7f:a4:
                    70:0f:f1:c5:9d:85:0d:ff:51:c7:54:12:0b:3a:65:
                    b1:eb:2b:de:61:d2:38:9e:56:aa:b9:a4:f9:05:1c:
                    66:ce:45:86:0f:61:78:2b:1b:80:b8:a5:dc:01:45:
                    4e:57:dd:95:7f:81:fc:df:5c:fe:69:1f:1d:91:8d:
                    56:6a:3d:9c:68:39:08:10:e7:f6:b5:80:3e:a7:c3:
                    21:61:00:54:bd:fe:3d:b1:d0:71:27:04:1f:75:06:
                    79:e5:69:8a:ae:ab:c0:65:a1:98:07:eb:dd:97:09:
                    ae:72:53:17:ee:4c:b5:6c:8c:e7:06:87:0b:7c:00:
                    f4:ca:32:e2:1e:63:0d:a2:de:2e:ab:20:f8:20:d9:
                    f1:32:1b:1d:6b:f1:ba:b4:4a:10:86:9e:68:e2:ba:
                    e5:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:C1:DD:8D:04:91:BF:6C:34:8C:3E:0E:4B:58:87:C2:1E:95:6F:96
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/UcHdjQSRv2w0jD4OS1iHwh6Vb5Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e0:ad:a2:8f:96:a3:6a:eb:b9:80:af:15:b3:83:90:b5:3e:d9:
         1b:d5:58:c8:71:90:fe:47:5f:1c:4a:1b:50:68:61:e5:bb:26:
         70:20:dd:27:78:97:62:6e:8e:b2:12:f8:75:23:20:cb:8c:9f:
         22:2f:94:0e:fc:62:a1:89:14:f0:76:f6:47:48:ad:ab:aa:a3:
         8a:cf:77:3b:c6:9c:88:4a:8e:0d:f6:6c:db:a7:7e:e2:ba:27:
         e4:90:04:d8:46:68:4e:49:97:15:f5:cf:c5:61:2c:4d:e2:c2:
         13:ea:ea:2b:6b:54:2e:9f:c5:e7:9c:07:c1:6b:8c:f8:10:f0:
         9a:ca:76:86:ae:2f:48:77:98:54:7e:72:a3:67:0d:e5:4f:2f:
         55:96:5e:bf:16:d9:6b:28:ac:ba:5e:44:c2:e1:80:0d:21:35:
         97:8d:40:7a:31:b5:7f:c9:a8:be:b7:10:a5:e8:5b:68:bc:fc:
         39:46:31:fe:33:4a:ea:d1:3c:2e:c7:b3:64:5a:b9:de:26:6c:
         63:29:e7:0b:32:ff:dd:87:a9:7a:83:f5:5c:d5:3e:9b:13:0e:
         e1:28:8b:6e:d1:2c:22:3b:26:27:9c:4e:fb:67:7a:4e:4d:0c:
         61:66:06:46:af:e1:85:1f:06:72:c6:8d:f0:08:26:72:b1:bc:
         cc:9f:62:63
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlUb/qw77TvmtSLk7GphRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWMxZGQ4ZDA0OTFiZjZjMzQ4YzNlMGU0YjU4ODdjMjFlOTU2Zjk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgQ2Ld69YuO+isHbSX7ENKR5qkkZn
Sp/rVZtAphzurRW8CRkYykjM04t0sUMsDU47QfJM+7Zr+Z259vNfaYpsuCEwQR4s
79mCqxsBbZeah+EJq6ymox7zKcWbixsqLnRmqN+hEUr9f6RwD/HFnYUN/1HHVBIL
OmWx6yveYdI4nlaquaT5BRxmzkWGD2F4KxuAuKXcAUVOV92Vf4H831z+aR8dkY1W
aj2caDkIEOf2tYA+p8MhYQBUvf49sdBxJwQfdQZ55WmKrqvAZaGYB+vdlwmuclMX
7ky1bIznBocLfAD0yjLiHmMNot4uqyD4INnxMhsda/G6tEoQhp5o4rrloQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFHB3Y0Ekb9sNIw+DktYh8IelW+WMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL1VjSGRqUVNSdjJ3MGpENE9TMWlId2g2VmI1WS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABVzMcw
DQYJKoZIhvcNAQELBQADggEBAOCtoo+Wo2rruYCvFbODkLU+2RvVWMhxkP5HXxxK
G1BoYeW7JnAg3Sd4l2JujrIS+HUjIMuMnyIvlA78YqGJFPB29kdIrauqo4rPdzvG
nIhKjg32bNunfuK6J+SQBNhGaE5JlxX1z8VhLE3iwhPq6itrVC6fxeecB8FrjPgQ
8JrKdoauL0h3mFR+cqNnDeVPL1WWXr8W2WsorLpeRMLhgA0hNZeNQHoxtX/JqL63
EKXoW2i8/DlGMf4zSurRPC7Hs2Raud4mbGMp5wsy/92HqXqD9VzVPpsTDuEoi27R
LCI7JiecTvtnek5NDGFmBkav4YUfBnLGjfAIJnKxvMyfYmM=
-----END CERTIFICATE-----