Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/UZWYrdPrsWKLC4bXIOAyki_MdFk.roa
File:                     UZWYrdPrsWKLC4bXIOAyki_MdFk.roa (raw, json)
Hash identifier:          OxLzWYRxA4CYJ6jylpCc1mUzURLR7IweVtzMa1cIVcY=
Subject key identifier:   51:95:98:AD:D3:EB:B1:62:8B:0B:86:D7:20:E0:32:92:2F:CC:74:59
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       018CC64A74877D008E89C7E8B0BCAF481340
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/UZWYrdPrsWKLC4bXIOAyki_MdFk.roa
Signing time:             Mon 01 Jan 2024 18:30:17 +0000
ROA not before:           Mon 01 Jan 2024 18:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20527
IP address blocks:        178.170.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:74:87:7d:00:8e:89:c7:e8:b0:bc:af:48:13:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  1 18:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=519598add3ebb1628b0b86d720e032922fcc7459
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:cc:82:e9:e9:85:72:cf:f1:3b:fc:33:0e:1f:
                    7d:ef:0a:4c:47:4d:21:00:a8:7a:c2:cb:35:58:1a:
                    67:85:2a:d3:d4:c5:33:0e:22:e9:65:77:ac:65:41:
                    be:2c:9b:2f:90:30:f5:ab:65:ed:10:d4:05:01:6c:
                    06:ca:e3:49:08:c3:d8:8c:f9:fa:db:78:09:05:92:
                    55:29:b9:32:e3:dd:7e:7d:06:fc:b3:36:ef:19:cb:
                    d0:1d:c1:42:3b:ff:2e:b8:15:89:5e:36:2f:77:28:
                    62:f5:57:e5:f6:37:32:de:d7:c0:3e:bb:ac:c6:34:
                    4c:d2:06:ed:8e:a0:b5:f5:5e:58:99:fb:6d:62:42:
                    6e:d9:3f:c4:9d:17:16:a4:66:5d:a4:fb:13:57:d8:
                    71:3e:8b:b3:3d:33:0e:d4:a7:13:54:bb:fe:02:2f:
                    19:77:64:c3:81:a8:ec:92:c3:4c:db:2b:e6:26:3d:
                    60:1a:dc:b4:83:4d:23:57:8a:61:64:fd:ce:18:0f:
                    a5:c0:61:23:e6:d5:bc:89:1b:0b:0c:8c:6f:0c:92:
                    05:ef:4e:fa:25:c2:a5:28:60:45:60:c2:b2:83:4a:
                    a6:c9:b1:8c:30:af:b5:9b:42:b3:9c:b0:9c:b7:63:
                    b4:aa:32:b5:56:20:41:86:61:1a:b6:74:e0:8b:1c:
                    34:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:95:98:AD:D3:EB:B1:62:8B:0B:86:D7:20:E0:32:92:2F:CC:74:59
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/UZWYrdPrsWKLC4bXIOAyki_MdFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.170.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:04:db:a5:a1:a1:f9:02:fa:4c:9d:ab:3c:e4:66:8a:dc:49:
         cf:89:a5:0e:fd:bf:a3:e1:09:0f:01:8a:92:01:6c:b8:a7:44:
         38:88:e4:e3:29:77:ad:b5:53:5b:7a:38:1e:91:b5:6e:33:35:
         70:ae:75:47:3b:1c:e0:3c:9d:76:a5:9b:82:5d:e3:22:f7:8d:
         4d:da:6c:4e:cd:b0:ff:17:7d:0c:e5:d4:e0:9b:1f:26:76:a8:
         b8:3b:d3:d0:1b:ae:f7:49:17:ad:05:e1:73:d9:0c:a3:c0:55:
         94:a5:e7:30:09:78:e0:7a:82:29:d4:ab:a2:af:1e:50:37:e6:
         ff:61:ca:1b:58:d0:88:f9:23:f4:19:4a:76:85:59:7a:54:3b:
         cb:62:8f:2e:bf:b2:fa:76:28:77:5b:c9:61:ac:b6:fc:6e:97:
         cb:d7:65:5e:88:87:16:7d:e3:a7:b8:87:cd:b3:7e:6e:42:2b:
         c0:a3:50:f2:72:bc:ed:95:06:f5:5a:f1:73:34:28:4c:5b:08:
         29:9f:bc:09:c3:81:aa:f8:c1:e4:5d:03:40:de:1c:75:a3:0f:
         61:e9:0c:29:fb:fe:e8:e6:4c:c1:63:3c:b0:eb:54:a4:c6:43:
         63:ef:f0:f6:ec:d6:a5:94:36:82:43:e2:c3:f1:98:41:9a:98:
         56:a6:0c:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSnSHfQCOicfosLyvSBNAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjQwMTAxMTgzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTk1OThhZGQzZWJiMTYyOGIwYjg2ZDcyMGUwMzI5MjJmY2M3NDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj8yC6emFcs/xO/wzDh997wpMR00h
AKh6wss1WBpnhSrT1MUzDiLpZXesZUG+LJsvkDD1q2XtENQFAWwGyuNJCMPYjPn6
23gJBZJVKbky491+fQb8szbvGcvQHcFCO/8uuBWJXjYvdyhi9Vfl9jcy3tfAPrus
xjRM0gbtjqC19V5YmfttYkJu2T/EnRcWpGZdpPsTV9hxPouzPTMO1KcTVLv+Ai8Z
d2TDgajsksNM2yvmJj1gGty0g00jV4phZP3OGA+lwGEj5tW8iRsLDIxvDJIF7076
JcKlKGBFYMKyg0qmybGMMK+1m0KznLCct2O0qjK1ViBBhmEatnTgixw0UQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFGVmK3T67FiiwuG1yDgMpIvzHRZMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvVVpXWXJkUHJzV0tMQzRiWElPQXlraV9NZEZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsqrpMA0G
CSqGSIb3DQEBCwUAA4IBAQArBNuloaH5AvpMnas85GaK3EnPiaUO/b+j4QkPAYqS
AWy4p0Q4iOTjKXettVNbejgekbVuMzVwrnVHOxzgPJ12pZuCXeMi941N2mxOzbD/
F30M5dTgmx8mdqi4O9PQG673SRetBeFz2QyjwFWUpecwCXjgeoIp1Kuirx5QN+b/
YcobWNCI+SP0GUp2hVl6VDvLYo8uv7L6dih3W8lhrLb8bpfL12VeiIcWfeOnuIfN
s35uQivAo1DycrztlQb1WvFzNChMWwgpn7wJw4Gq+MHkXQNA3hx1ow9h6Qwp+/7o
5kzBYzyw61SkxkNj7/D27NallDaCQ+LD8ZhBmphWpgz8
-----END CERTIFICATE-----