Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/186333-b1f6-4ce6-afcb-dcc25aa16c69/1/lUp96AKKHWzNfS4EjIMn3cK6EM8.roa
File:                     lUp96AKKHWzNfS4EjIMn3cK6EM8.roa (raw, json)
Hash identifier:          WWbtYVUheRSDDGuUq+9S52dOexC08C7KD3LXlPvcNkU=
Subject key identifier:   95:4A:7D:E8:02:8A:1D:6C:CD:7D:2E:04:8C:83:27:DD:C2:BA:10:CF
Certificate issuer:       /CN=cfbb863380a3d4e0ac8607c9bec2389f75dd73c5
Certificate serial:       01902ABDB67267886283A8A4CE973B684A76
Authority key identifier: CF:BB:86:33:80:A3:D4:E0:AC:86:07:C9:BE:C2:38:9F:75:DD:73:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z7uGM4Cj1OCshgfJvsI4n3Xdc8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/186333-b1f6-4ce6-afcb-dcc25aa16c69/1/lUp96AKKHWzNfS4EjIMn3cK6EM8.roa
Signing time:             Tue 18 Jun 2024 09:46:34 +0000
ROA not before:           Tue 18 Jun 2024 09:46:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203916
IP address blocks:        185.135.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/186333-b1f6-4ce6-afcb-dcc25aa16c69/1/z7uGM4Cj1OCshgfJvsI4n3Xdc8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/186333-b1f6-4ce6-afcb-dcc25aa16c69/1/z7uGM4Cj1OCshgfJvsI4n3Xdc8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z7uGM4Cj1OCshgfJvsI4n3Xdc8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:2a:bd:b6:72:67:88:62:83:a8:a4:ce:97:3b:68:4a:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfbb863380a3d4e0ac8607c9bec2389f75dd73c5
        Validity
            Not Before: Jun 18 09:46:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=954a7de8028a1d6ccd7d2e048c8327ddc2ba10cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:f3:73:fc:33:50:ab:03:67:fa:13:96:24:07:
                    95:c8:9a:89:2a:4c:f3:8d:ab:cf:f3:74:cb:84:85:
                    22:81:6e:15:5d:6f:b1:d6:37:ed:7c:05:b3:17:0f:
                    56:44:4f:3d:80:6a:84:64:95:67:72:99:14:6d:3d:
                    98:35:19:9a:94:1e:ec:9b:a3:6c:c8:be:7d:09:79:
                    9b:3b:0f:e5:8c:6a:b7:44:3d:77:c2:fd:ad:be:f8:
                    4c:ea:03:e1:1a:fb:bc:4e:27:f8:31:96:f8:36:6b:
                    85:4c:2c:7d:c0:e8:e7:b9:8e:9b:7e:d7:d0:c6:64:
                    f1:9a:c8:ec:7c:ff:b3:6c:d7:b9:00:d4:69:0e:42:
                    2e:ae:30:81:95:46:2e:79:51:db:c6:31:79:ce:fa:
                    2e:4f:f3:03:ba:c4:d3:a1:3a:b2:50:40:e5:a3:65:
                    20:64:d2:0c:d0:c0:63:28:7e:f0:df:26:4f:90:4c:
                    5a:0f:93:4e:7a:a0:87:fb:f7:96:0b:29:ef:90:49:
                    05:df:3f:41:d2:00:d3:dc:35:f7:64:a8:a5:a7:cd:
                    36:3c:82:d4:84:61:1d:cd:57:4a:93:2a:19:20:3d:
                    67:2b:07:4d:3a:d6:b8:17:5a:b7:ca:b5:e1:e7:a2:
                    1c:c3:96:dd:b7:70:60:b7:2a:a0:28:94:d9:94:0a:
                    05:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:4A:7D:E8:02:8A:1D:6C:CD:7D:2E:04:8C:83:27:DD:C2:BA:10:CF
            X509v3 Authority Key Identifier:
                keyid:CF:BB:86:33:80:A3:D4:E0:AC:86:07:C9:BE:C2:38:9F:75:DD:73:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z7uGM4Cj1OCshgfJvsI4n3Xdc8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/186333-b1f6-4ce6-afcb-dcc25aa16c69/1/lUp96AKKHWzNfS4EjIMn3cK6EM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/186333-b1f6-4ce6-afcb-dcc25aa16c69/1/z7uGM4Cj1OCshgfJvsI4n3Xdc8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.135.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:04:f0:2d:cb:0a:07:60:2e:a7:d5:67:b0:3b:0f:23:6f:0f:
         3e:a2:ed:29:de:56:66:23:eb:9f:8a:c2:f0:df:5d:77:82:ca:
         29:74:36:7a:f8:1f:4e:16:a9:0c:72:00:be:e6:25:3e:da:cb:
         10:73:a7:36:cf:b0:77:f7:f2:10:e2:34:de:25:9f:e2:5f:ee:
         fb:09:ad:9f:f6:b1:40:a7:e5:d2:02:bc:25:ac:5b:ca:71:2b:
         69:1a:0d:0d:22:90:d5:6e:fa:f5:54:4c:62:e8:7f:e2:22:99:
         1d:45:9f:08:9d:62:af:fc:cf:a2:3f:6d:51:41:62:ec:ad:d6:
         99:cd:74:8a:fa:94:00:02:3c:e7:77:9c:c9:35:66:82:87:f2:
         1a:c4:73:2a:95:7e:fa:a4:37:99:6d:b3:85:7b:a2:ae:78:ba:
         36:8e:c6:52:be:30:be:9e:70:4d:93:2d:5b:1f:05:00:2a:5f:
         84:82:09:b7:84:20:9e:3e:ab:95:1a:ce:82:67:4e:4a:34:da:
         7b:b4:b0:6f:f2:26:09:97:ba:60:26:59:a7:02:70:03:4a:15:
         d2:a5:15:e2:71:e2:ef:6d:ee:ec:46:d8:0e:ba:cf:f9:2d:3f:
         f7:2e:36:81:d4:d3:76:eb:22:d7:27:70:62:0c:20:19:c3:39:
         83:e8:ab:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAqvbZyZ4hig6ikzpc7aEp2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmYmI4NjMzODBhM2Q0ZTBhYzg2MDdjOWJlYzIzODlmNzVk
ZDczYzUwHhcNMjQwNjE4MDk0NjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTRhN2RlODAyOGExZDZjY2Q3ZDJlMDQ4YzgzMjdkZGMyYmExMGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0PNz/DNQqwNn+hOWJAeVyJqJKkzz
javP83TLhIUigW4VXW+x1jftfAWzFw9WRE89gGqEZJVncpkUbT2YNRmalB7sm6Ns
yL59CXmbOw/ljGq3RD13wv2tvvhM6gPhGvu8Tif4MZb4NmuFTCx9wOjnuY6bftfQ
xmTxmsjsfP+zbNe5ANRpDkIurjCBlUYueVHbxjF5zvouT/MDusTToTqyUEDlo2Ug
ZNIM0MBjKH7w3yZPkExaD5NOeqCH+/eWCynvkEkF3z9B0gDT3DX3ZKilp802PILU
hGEdzVdKkyoZID1nKwdNOta4F1q3yrXh56Icw5bdt3BgtyqgKJTZlAoFOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJVKfegCih1szX0uBIyDJ93CuhDPMB8GA1UdIwQY
MBaAFM+7hjOAo9TgrIYHyb7COJ913XPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejd1R000Q2oxT0NzaGdmSnZzSTRuM1hkYzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC8xODYzMzMtYjFmNi00Y2U2LWFmY2It
ZGNjMjVhYTE2YzY5LzEvbFVwOTZBS0tIV3pOZlM0RWpJTW4zY0s2RU04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC8xODYzMzMtYjFmNi00Y2U2LWFmY2ItZGNjMjVhYTE2YzY5
LzEvejd1R000Q2oxT0NzaGdmSnZzSTRuM1hkYzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYcvMA0G
CSqGSIb3DQEBCwUAA4IBAQAOBPAtywoHYC6n1WewOw8jbw8+ou0p3lZmI+ufisLw
3113gsopdDZ6+B9OFqkMcgC+5iU+2ssQc6c2z7B39/IQ4jTeJZ/iX+77Ca2f9rFA
p+XSArwlrFvKcStpGg0NIpDVbvr1VExi6H/iIpkdRZ8InWKv/M+iP21RQWLsrdaZ
zXSK+pQAAjznd5zJNWaCh/IaxHMqlX76pDeZbbOFe6KueLo2jsZSvjC+nnBNky1b
HwUAKl+Eggm3hCCePquVGs6CZ05KNNp7tLBv8iYJl7pgJlmnAnADShXSpRXiceLv
be7sRtgOus/5LT/3LjaB1NN26yLXJ3BiDCAZwzmD6KsP
-----END CERTIFICATE-----