Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/67c3ea-ed6a-4c29-a1ac-8a8a7ffdd9fd/1/UPKDwXPpKZ6epzNOR8ihTij9R1E.roa
File:                     UPKDwXPpKZ6epzNOR8ihTij9R1E.roa (raw, json)
Hash identifier:          K6NwB+VhsH+5bGgLwzfVMfWeXBo8TJn1yWIQMCclXKs=
Subject key identifier:   50:F2:83:C1:73:E9:29:9E:9E:A7:33:4E:47:C8:A1:4E:28:FD:47:51
Certificate issuer:       /CN=5ef1315c3c9239e8e1f4aa0c5b0743c3da5d77e3
Certificate serial:       018F9EDD651FABBA7CD88360B8DBF88C4B80
Authority key identifier: 5E:F1:31:5C:3C:92:39:E8:E1:F4:AA:0C:5B:07:43:C3:DA:5D:77:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XvExXDySOejh9KoMWwdDw9pdd-M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/67c3ea-ed6a-4c29-a1ac-8a8a7ffdd9fd/1/UPKDwXPpKZ6epzNOR8ihTij9R1E.roa
Signing time:             Wed 22 May 2024 05:54:20 +0000
ROA not before:           Wed 22 May 2024 05:54:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60585
IP address blocks:        185.28.124.0/22 maxlen: 22
                          2a00:9ee0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/67c3ea-ed6a-4c29-a1ac-8a8a7ffdd9fd/1/XvExXDySOejh9KoMWwdDw9pdd-M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/67c3ea-ed6a-4c29-a1ac-8a8a7ffdd9fd/1/XvExXDySOejh9KoMWwdDw9pdd-M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XvExXDySOejh9KoMWwdDw9pdd-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:9e:dd:65:1f:ab:ba:7c:d8:83:60:b8:db:f8:8c:4b:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ef1315c3c9239e8e1f4aa0c5b0743c3da5d77e3
        Validity
            Not Before: May 22 05:54:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=50f283c173e9299e9ea7334e47c8a14e28fd4751
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:95:79:b8:8b:d7:64:e6:a0:dc:a6:ad:6e:40:
                    b2:42:02:f8:86:f2:94:26:19:59:26:67:72:8f:1c:
                    64:10:0a:7d:47:69:57:48:ce:26:d7:ba:c7:cc:71:
                    86:d1:94:5f:83:35:d8:a9:cf:21:12:53:6d:d0:3b:
                    2f:e8:a2:55:43:be:b6:f1:1c:79:f7:2b:3c:ec:72:
                    5b:b0:91:1e:50:7a:53:88:d5:e7:5e:de:fc:53:64:
                    b5:ac:5b:ec:63:06:5a:c1:61:83:dc:7b:76:f4:b6:
                    56:38:29:72:55:42:db:f9:c0:a9:30:48:d2:19:cf:
                    71:82:5d:f9:46:4d:60:11:05:61:37:a1:c8:da:fa:
                    c3:c7:b3:e5:0f:a9:e9:a0:43:78:f1:cd:fb:b2:da:
                    be:b4:21:d3:ab:10:66:6e:bf:87:c8:12:65:62:88:
                    19:6a:66:46:77:8c:74:f4:52:35:aa:30:5e:1f:24:
                    5b:28:70:e1:70:40:b5:b7:d7:56:64:08:ca:cb:11:
                    e6:53:df:8e:9b:5d:9e:7d:f0:28:53:c8:e7:01:8b:
                    e3:81:a1:df:ff:78:17:69:e9:b1:a3:88:5f:61:31:
                    6d:34:ee:db:49:34:b2:ad:2c:3d:20:72:e7:41:70:
                    cd:31:3d:68:3c:ea:76:c5:16:35:fb:03:b7:9c:37:
                    82:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:F2:83:C1:73:E9:29:9E:9E:A7:33:4E:47:C8:A1:4E:28:FD:47:51
            X509v3 Authority Key Identifier:
                keyid:5E:F1:31:5C:3C:92:39:E8:E1:F4:AA:0C:5B:07:43:C3:DA:5D:77:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XvExXDySOejh9KoMWwdDw9pdd-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/67c3ea-ed6a-4c29-a1ac-8a8a7ffdd9fd/1/UPKDwXPpKZ6epzNOR8ihTij9R1E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/67c3ea-ed6a-4c29-a1ac-8a8a7ffdd9fd/1/XvExXDySOejh9KoMWwdDw9pdd-M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.28.124.0/22
                IPv6:
                  2a00:9ee0::/32

    Signature Algorithm: sha256WithRSAEncryption
         7f:93:64:d8:98:02:a8:da:c0:f3:81:4f:81:b9:ce:ad:ba:8d:
         af:f2:e9:27:0d:66:e7:34:9f:d0:5c:90:56:ef:dd:cf:45:09:
         72:67:ec:e8:aa:66:70:e0:88:41:ef:60:0b:03:94:4e:d0:9f:
         ee:f9:14:e3:ee:d9:f0:35:9c:9c:c2:07:e7:9d:c3:15:7b:69:
         0a:81:c8:85:1e:c1:56:fc:1d:c2:8f:d4:12:db:3b:c5:7d:6a:
         60:8d:1b:03:fc:3b:81:13:9f:c0:dd:a0:02:74:85:fe:7b:37:
         90:e9:10:86:8a:fc:d0:da:d5:6a:73:89:ae:77:b4:32:53:62:
         00:63:01:16:78:2c:f4:09:2b:b9:42:59:ab:c8:09:3a:c3:39:
         4f:7b:aa:fd:e2:b1:19:86:24:a7:98:b4:91:b3:ae:55:67:7e:
         6d:82:b8:9e:4f:fe:e3:e4:43:31:72:ca:54:20:8b:f1:5f:6b:
         44:ef:7a:bf:e5:49:23:ae:8d:39:73:d9:d1:d6:f5:a5:fb:bd:
         11:39:69:ba:ef:ec:30:53:e1:5e:3b:c2:99:86:25:1e:2a:0f:
         51:56:ab:84:2d:d7:23:6d:1b:44:dd:37:55:7e:bb:92:a4:e3:
         0a:d2:7d:36:b6:35:05:89:09:9f:02:b8:7a:84:7d:46:79:d8:
         a0:e7:f0:a6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY+e3WUfq7p82INguNv4jEuAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZjEzMTVjM2M5MjM5ZThlMWY0YWEwYzViMDc0M2MzZGE1
ZDc3ZTMwHhcNMjQwNTIyMDU1NDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGYyODNjMTczZTkyOTllOWVhNzMzNGU0N2M4YTE0ZTI4ZmQ0NzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu5V5uIvXZOag3KatbkCyQgL4hvKU
JhlZJmdyjxxkEAp9R2lXSM4m17rHzHGG0ZRfgzXYqc8hElNt0Dsv6KJVQ7628Rx5
9ys87HJbsJEeUHpTiNXnXt78U2S1rFvsYwZawWGD3Ht29LZWOClyVULb+cCpMEjS
Gc9xgl35Rk1gEQVhN6HI2vrDx7PlD6npoEN48c37stq+tCHTqxBmbr+HyBJlYogZ
amZGd4x09FI1qjBeHyRbKHDhcEC1t9dWZAjKyxHmU9+Om12effAoU8jnAYvjgaHf
/3gXaemxo4hfYTFtNO7bSTSyrSw9IHLnQXDNMT1oPOp2xRY1+wO3nDeCAQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFDyg8Fz6SmenqczTkfIoU4o/UdRMB8GA1UdIwQY
MBaAFF7xMVw8kjno4fSqDFsHQ8PaXXfjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHZFeFhEeVNPZWpoOUtvTVd3ZER3OXBkZC1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS82N2MzZWEtZWQ2YS00YzI5LWExYWMt
OGE4YTdmZmRkOWZkLzEvVVBLRHdYUHBLWjZlcHpOT1I4aWhUaWo5UjFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS82N2MzZWEtZWQ2YS00YzI5LWExYWMtOGE4YTdmZmRkOWZk
LzEvWHZFeFhEeVNPZWpoOUtvTVd3ZER3OXBkZC1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuRx8MA0E
AgACMAcDBQAqAJ7gMA0GCSqGSIb3DQEBCwUAA4IBAQB/k2TYmAKo2sDzgU+Buc6t
uo2v8uknDWbnNJ/QXJBW793PRQlyZ+zoqmZw4IhB72ALA5RO0J/u+RTj7tnwNZyc
wgfnncMVe2kKgciFHsFW/B3Cj9QS2zvFfWpgjRsD/DuBE5/A3aACdIX+ezeQ6RCG
ivzQ2tVqc4mud7QyU2IAYwEWeCz0CSu5QlmryAk6wzlPe6r94rEZhiSnmLSRs65V
Z35tgrieT/7j5EMxcspUIIvxX2tE73q/5Ukjro05c9nR1vWl+70ROWm67+wwU+Fe
O8KZhiUeKg9RVquELdcjbRtE3TdVfruSpOMK0n02tjUFiQmfArh6hH1Gedig5/Cm
-----END CERTIFICATE-----