Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/uAhJSfXz0z0VqG9c7B2yaqz4CbU.roa
File:                     uAhJSfXz0z0VqG9c7B2yaqz4CbU.roa (raw, json)
Hash identifier:          wjhIYnE1IwAU0gRH6YVx7QY1pW7ja/VuZpzOqNCDvKA=
Subject key identifier:   B8:08:49:49:F5:F3:D3:3D:15:A8:6F:5C:EC:1D:B2:6A:AC:F8:09:B5
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       018CC348F26817C6987C1ED7339F15623757
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/uAhJSfXz0z0VqG9c7B2yaqz4CbU.roa
Signing time:             Mon 01 Jan 2024 04:29:46 +0000
ROA not before:           Mon 01 Jan 2024 04:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61112
IP address blocks:        185.81.28.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:f2:68:17:c6:98:7c:1e:d7:33:9f:15:62:37:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: Jan  1 04:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b8084949f5f3d33d15a86f5cec1db26aacf809b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:24:ff:38:12:68:5a:52:c2:90:93:f3:69:d3:
                    b5:78:95:29:d0:37:88:b5:6f:0d:57:c9:3c:a5:82:
                    43:77:e5:18:4c:6e:a1:f5:58:bf:db:b1:af:a8:30:
                    23:67:30:4d:ed:17:e4:a6:57:fd:39:d5:4d:65:b2:
                    00:1f:2f:2a:3c:ce:66:b3:39:d2:17:c4:1a:6e:c9:
                    e3:de:0e:6f:81:b7:12:59:3f:e0:17:06:01:c4:ae:
                    27:9a:ee:60:8e:5a:ee:49:65:82:c3:8d:bb:b5:fc:
                    41:f5:fa:3b:d1:33:05:35:b5:00:b4:ca:e1:c4:9c:
                    1d:10:81:7e:30:f4:34:11:ac:48:65:d3:5b:8f:41:
                    f1:82:e9:33:f4:d3:0d:54:c4:24:fd:41:0f:c7:39:
                    7d:fd:a8:be:f4:2b:6c:4f:ef:d5:d3:18:f2:90:bb:
                    70:4c:51:93:29:8b:97:0a:b9:b1:90:19:9a:5b:10:
                    92:fb:ab:25:6e:7f:01:f2:a6:a0:7a:51:d3:a2:2f:
                    86:af:2e:e7:53:78:57:b9:13:6a:9b:65:c4:f0:5f:
                    73:f3:7a:b7:95:45:e6:30:60:ba:62:1e:ee:ff:65:
                    af:4c:d4:62:d5:17:11:d8:2f:6d:a4:a7:ed:09:45:
                    8b:72:19:2d:d4:22:b6:1a:6f:af:1d:89:32:c9:01:
                    48:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:08:49:49:F5:F3:D3:3D:15:A8:6F:5C:EC:1D:B2:6A:AC:F8:09:B5
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/uAhJSfXz0z0VqG9c7B2yaqz4CbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.81.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         23:5a:72:55:3c:af:9f:38:f5:e1:c5:0f:eb:eb:80:bd:f0:0c:
         7b:20:e5:54:9b:0e:25:00:60:e8:3c:32:19:2b:53:d6:f0:2a:
         b6:72:fc:91:1f:12:a7:cb:a9:55:b8:a0:c6:3f:b8:68:46:fb:
         26:2b:8e:5f:95:70:cb:e8:64:b2:e0:23:45:95:97:36:65:cf:
         ad:1c:80:09:8e:19:16:29:4b:f0:96:3d:3f:68:c5:b5:49:4e:
         b2:a4:63:d7:ca:9f:63:db:69:6e:60:ce:37:4e:cd:1d:23:b7:
         10:94:70:b8:c0:9d:28:75:54:3e:93:2c:6f:c0:f7:fb:fe:a4:
         29:73:de:94:7b:a1:a9:04:67:85:20:49:01:0a:f0:77:62:3d:
         1a:f7:71:5f:99:c4:eb:b3:27:10:08:24:31:6e:f7:e8:0d:f9:
         c8:76:76:6a:31:34:94:44:8c:2b:1c:db:94:b1:eb:cd:61:27:
         ac:9e:78:ef:16:5a:c8:64:42:76:3f:43:87:a6:81:97:d0:ad:
         ad:89:b2:20:ca:58:4b:3e:c2:88:f8:b5:1f:bf:7b:11:a4:19:
         ce:66:a3:82:a4:e6:f5:f5:9d:23:ca:a6:9f:3d:e3:77:a4:4f:
         e4:21:98:1d:8e:47:2c:30:fe:6a:96:3e:3d:28:78:3a:97:2e:
         d9:c7:cd:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSPJoF8aYfB7XM58VYjdXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjQwMTAxMDQyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODA4NDk0OWY1ZjNkMzNkMTVhODZmNWNlYzFkYjI2YWFjZjgwOWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCT/OBJoWlLCkJPzadO1eJUp0DeI
tW8NV8k8pYJDd+UYTG6h9Vi/27GvqDAjZzBN7Rfkplf9OdVNZbIAHy8qPM5msznS
F8Qabsnj3g5vgbcSWT/gFwYBxK4nmu5gjlruSWWCw427tfxB9fo70TMFNbUAtMrh
xJwdEIF+MPQ0EaxIZdNbj0Hxgukz9NMNVMQk/UEPxzl9/ai+9CtsT+/V0xjykLtw
TFGTKYuXCrmxkBmaWxCS+6slbn8B8qagelHToi+Gry7nU3hXuRNqm2XE8F9z83q3
lUXmMGC6Yh7u/2WvTNRi1RcR2C9tpKftCUWLchkt1CK2Gm+vHYkyyQFIIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLgISUn189M9FahvXOwdsmqs+Am1MB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEvdUFoSlNmWHowejBWcUc5YzdCMnlhcXo0Q2JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuVEcMA0G
CSqGSIb3DQEBCwUAA4IBAQAjWnJVPK+fOPXhxQ/r64C98Ax7IOVUmw4lAGDoPDIZ
K1PW8Cq2cvyRHxKny6lVuKDGP7hoRvsmK45flXDL6GSy4CNFlZc2Zc+tHIAJjhkW
KUvwlj0/aMW1SU6ypGPXyp9j22luYM43Ts0dI7cQlHC4wJ0odVQ+kyxvwPf7/qQp
c96Ue6GpBGeFIEkBCvB3Yj0a93FfmcTrsycQCCQxbvfoDfnIdnZqMTSURIwrHNuU
sevNYSesnnjvFlrIZEJ2P0OHpoGX0K2tibIgylhLPsKI+LUfv3sRpBnOZqOCpOb1
9Z0jyqafPeN3pE/kIZgdjkcsMP5qlj49KHg6ly7Zx83b
-----END CERTIFICATE-----