Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/89ff3b-1263-4cdd-9cad-23df8dddf978/1/UQKP7OpIPYREgohsx130-0qpLjM.roa
File:                     UQKP7OpIPYREgohsx130-0qpLjM.roa (raw, json)
Hash identifier:          /9NBl81TdkODjzeLG6fm2+vL/2PdVwEmz6E3cAW5TIA=
Subject key identifier:   51:02:8F:EC:EA:48:3D:84:44:82:88:6C:C7:5D:F4:FB:4A:A9:2E:33
Certificate issuer:       /CN=4f152900b0d323d36d94510ab0b01c93f4517c89
Certificate serial:       018CC3B71D3798D6F87B5D43D5185D99FFD7
Authority key identifier: 4F:15:29:00:B0:D3:23:D3:6D:94:51:0A:B0:B0:1C:93:F4:51:7C:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxUpALDTI9NtlFEKsLAck_RRfIk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/89ff3b-1263-4cdd-9cad-23df8dddf978/1/UQKP7OpIPYREgohsx130-0qpLjM.roa
Signing time:             Mon 01 Jan 2024 06:30:06 +0000
ROA not before:           Mon 01 Jan 2024 06:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2119
IP address blocks:        185.102.32.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/89ff3b-1263-4cdd-9cad-23df8dddf978/1/TxUpALDTI9NtlFEKsLAck_RRfIk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/89ff3b-1263-4cdd-9cad-23df8dddf978/1/TxUpALDTI9NtlFEKsLAck_RRfIk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxUpALDTI9NtlFEKsLAck_RRfIk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:1d:37:98:d6:f8:7b:5d:43:d5:18:5d:99:ff:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f152900b0d323d36d94510ab0b01c93f4517c89
        Validity
            Not Before: Jan  1 06:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51028fecea483d844482886cc75df4fb4aa92e33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:1e:44:9c:19:63:9b:eb:b1:86:67:83:31:12:
                    3d:79:57:87:c2:c4:70:63:91:a9:5f:2f:f7:b5:fd:
                    b0:f7:15:4a:b9:1a:b5:f8:d8:98:0a:15:45:8c:1e:
                    23:af:c2:1b:57:30:67:67:0e:09:61:b1:7f:39:37:
                    25:b3:a8:01:c5:e7:4e:e1:17:7f:88:ca:11:aa:a6:
                    2d:f1:98:e9:c7:6d:97:1e:6f:03:2b:83:4c:c5:06:
                    d4:71:1e:a3:05:b8:22:fa:46:9c:0a:7a:cc:67:06:
                    8e:7a:76:19:bc:64:10:28:25:ee:01:3d:58:65:8b:
                    0a:4a:ab:fb:a2:c8:e9:39:6d:3d:29:06:f5:f0:b4:
                    a1:fb:30:c4:d5:21:76:95:cb:99:b3:51:83:e1:02:
                    c9:65:54:22:44:1c:77:b2:f9:15:0a:fc:dc:d7:df:
                    dd:87:ff:0f:55:7e:72:ca:7a:9d:52:6d:49:70:8f:
                    4d:77:1d:9d:5e:87:7a:03:25:0f:a8:04:01:d2:5f:
                    0a:fb:ec:34:bc:e4:f5:61:2e:cf:00:37:48:03:fd:
                    4f:85:76:dd:88:3b:2d:71:58:c0:22:ec:86:37:38:
                    22:78:59:56:7d:14:f9:d9:40:6f:4a:c3:0a:a8:27:
                    14:ee:cf:7c:06:db:b8:57:eb:c7:82:2c:5e:4e:12:
                    5d:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:02:8F:EC:EA:48:3D:84:44:82:88:6C:C7:5D:F4:FB:4A:A9:2E:33
            X509v3 Authority Key Identifier:
                keyid:4F:15:29:00:B0:D3:23:D3:6D:94:51:0A:B0:B0:1C:93:F4:51:7C:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxUpALDTI9NtlFEKsLAck_RRfIk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/89ff3b-1263-4cdd-9cad-23df8dddf978/1/UQKP7OpIPYREgohsx130-0qpLjM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/89ff3b-1263-4cdd-9cad-23df8dddf978/1/TxUpALDTI9NtlFEKsLAck_RRfIk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.102.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         67:88:ec:d4:d4:a6:86:05:86:16:ac:fb:75:b5:f9:49:2e:1d:
         cd:fd:a5:22:ae:24:a7:4f:bd:e1:09:02:fd:1d:5b:b9:16:8a:
         76:7c:97:c0:79:11:67:92:b7:9a:6e:c4:74:5a:59:b3:ee:b6:
         6d:6f:b7:e1:4a:fe:41:64:a1:57:d4:79:f2:56:4e:f4:c6:2f:
         00:0c:35:8f:b3:9e:1d:c4:eb:86:84:d2:27:b4:e7:fa:a0:1a:
         57:6f:6d:a4:3f:ea:70:98:0b:08:ad:1c:6c:7b:6a:8f:3b:e4:
         06:cb:12:c5:5b:be:bb:92:73:3d:17:8a:49:b3:49:58:32:98:
         43:d9:45:d9:c1:69:92:9c:b1:c1:27:e6:1f:b1:88:4e:de:cf:
         23:9d:c1:1b:8c:0e:e4:ee:2b:82:fa:33:56:ce:82:24:94:11:
         20:2a:9b:68:4a:9f:c8:3c:fa:2c:3a:b2:34:1c:f5:1d:e1:6f:
         89:e5:5e:63:18:a9:46:03:90:5b:79:8b:39:d2:40:4a:dc:69:
         86:65:6d:80:71:f2:21:ce:6e:7f:c4:42:49:9c:d4:7e:e3:b1:
         77:79:51:25:07:0d:b4:74:3a:91:9e:f4:db:f5:1a:48:4b:da:
         e9:9b:6f:cc:79:8f:47:44:13:06:64:90:3f:c1:a1:52:7d:c5:
         2b:1b:e5:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtx03mNb4e11D1Rhdmf/XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTUyOTAwYjBkMzIzZDM2ZDk0NTEwYWIwYjAxYzkzZjQ1
MTdjODkwHhcNMjQwMTAxMDYzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTAyOGZlY2VhNDgzZDg0NDQ4Mjg4NmNjNzVkZjRmYjRhYTkyZTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlB5EnBljm+uxhmeDMRI9eVeHwsRw
Y5GpXy/3tf2w9xVKuRq1+NiYChVFjB4jr8IbVzBnZw4JYbF/OTcls6gBxedO4Rd/
iMoRqqYt8Zjpx22XHm8DK4NMxQbUcR6jBbgi+kacCnrMZwaOenYZvGQQKCXuAT1Y
ZYsKSqv7osjpOW09KQb18LSh+zDE1SF2lcuZs1GD4QLJZVQiRBx3svkVCvzc19/d
h/8PVX5yynqdUm1JcI9Ndx2dXod6AyUPqAQB0l8K++w0vOT1YS7PADdIA/1PhXbd
iDstcVjAIuyGNzgieFlWfRT52UBvSsMKqCcU7s98Btu4V+vHgixeThJdRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFECj+zqSD2ERIKIbMdd9PtKqS4zMB8GA1UdIwQY
MBaAFE8VKQCw0yPTbZRRCrCwHJP0UXyJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhVcEFMRFRJOU50bEZFS3NMQWNrX1JSZklrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC84OWZmM2ItMTI2My00Y2RkLTljYWQt
MjNkZjhkZGRmOTc4LzEvVVFLUDdPcElQWVJFZ29oc3gxMzAtMHFwTGpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC84OWZmM2ItMTI2My00Y2RkLTljYWQtMjNkZjhkZGRmOTc4
LzEvVHhVcEFMRFRJOU50bEZFS3NMQWNrX1JSZklrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWYgMA0G
CSqGSIb3DQEBCwUAA4IBAQBniOzU1KaGBYYWrPt1tflJLh3N/aUiriSnT73hCQL9
HVu5Fop2fJfAeRFnkreabsR0Wlmz7rZtb7fhSv5BZKFX1HnyVk70xi8ADDWPs54d
xOuGhNIntOf6oBpXb22kP+pwmAsIrRxse2qPO+QGyxLFW767knM9F4pJs0lYMphD
2UXZwWmSnLHBJ+YfsYhO3s8jncEbjA7k7iuC+jNWzoIklBEgKptoSp/IPPosOrI0
HPUd4W+J5V5jGKlGA5BbeYs50kBK3GmGZW2AcfIhzm5/xEJJnNR+47F3eVElBw20
dDqRnvTb9RpIS9rpm2/MeY9HRBMGZJA/waFSfcUrG+Vm
-----END CERTIFICATE-----