Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/U-ddm29i5lJoii6xSN6t59JsnLk.roa
File:                     U-ddm29i5lJoii6xSN6t59JsnLk.roa (raw, json)
Hash identifier:          2dhGpbr3c91e4Qchh4iJkBEiC/ACTE/sr3wvK7a0Q9s=
Subject key identifier:   53:E7:5D:9B:6F:62:E6:52:68:8A:2E:B1:48:DE:AD:E7:D2:6C:9C:B9
Certificate issuer:       /CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
Certificate serial:       018CC9BBC93CCD5208EB87A908666169C91D
Authority key identifier: F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/U-ddm29i5lJoii6xSN6t59JsnLk.roa
Signing time:             Tue 02 Jan 2024 10:32:56 +0000
ROA not before:           Tue 02 Jan 2024 10:32:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16015
IP address blocks:        194.149.46.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 16:02:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:c9:3c:cd:52:08:eb:87:a9:08:66:61:69:c9:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
        Validity
            Not Before: Jan  2 10:32:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53e75d9b6f62e652688a2eb148deade7d26c9cb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ce:72:c3:5c:ee:c5:ea:ac:cd:af:ea:fe:1c:
                    80:f1:94:1e:07:b3:6f:cc:c8:28:e9:5c:3b:33:4e:
                    92:1b:e7:9c:e2:8c:6f:17:fd:fd:30:e6:1d:88:e9:
                    c9:ea:85:ce:0f:01:58:25:15:47:60:ea:73:00:b5:
                    0d:06:6a:ce:db:aa:f9:a0:2b:4e:fa:f5:e6:92:fb:
                    e8:e5:60:fc:fd:ca:59:43:f4:9c:86:6e:d5:81:67:
                    25:92:37:85:9a:b2:7d:41:ac:96:85:4c:6f:44:9e:
                    c2:2a:86:93:ae:7f:da:df:7a:4e:0b:9b:a9:cd:d6:
                    69:77:de:a3:3b:82:4b:9c:5a:2e:82:7c:ec:3d:2b:
                    c3:e4:51:e7:84:a1:6b:2e:1f:4d:70:e9:fd:de:b2:
                    aa:3e:7c:e8:66:17:cc:e5:5e:d6:01:41:5d:f7:79:
                    1c:c5:4b:0c:f5:15:4f:69:f7:6a:ce:84:e1:4e:ff:
                    aa:ff:2b:1c:e5:de:ed:ee:e9:20:20:aa:30:df:11:
                    f8:4c:eb:1b:85:cc:f5:53:07:51:08:82:6d:7a:41:
                    cb:f0:10:5a:c1:d3:0c:22:7c:96:3a:17:e2:f4:18:
                    1e:87:d7:fe:d7:7a:53:e6:31:92:25:66:ca:c0:8b:
                    4a:33:ec:ac:73:b8:bc:53:81:f8:a8:37:33:e2:30:
                    94:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:E7:5D:9B:6F:62:E6:52:68:8A:2E:B1:48:DE:AD:E7:D2:6C:9C:B9
            X509v3 Authority Key Identifier:
                keyid:F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/U-ddm29i5lJoii6xSN6t59JsnLk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.149.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:90:72:25:d8:7b:9d:bd:db:4d:a1:f5:bb:37:4e:2e:44:59:
         d7:70:b0:90:d8:16:60:33:6d:45:26:f3:de:b0:c5:a2:e8:3a:
         d7:a7:51:c1:66:a1:d5:fd:3f:90:75:64:2b:94:4d:01:0b:a4:
         53:37:97:a0:c8:d8:c6:6f:d8:26:9c:63:de:5c:91:92:1c:2f:
         20:72:00:ae:33:1f:50:87:fb:c0:a2:9e:53:0f:f0:b9:4f:e6:
         18:71:fa:57:92:23:24:39:f3:d0:6e:2b:8b:0e:c8:52:24:f1:
         21:1e:b5:76:8e:77:f3:b5:91:e9:f6:40:75:f7:f6:ab:03:05:
         fe:87:8a:ec:64:13:cc:15:d5:49:92:af:9a:7e:d7:c9:a5:66:
         f2:26:a3:ca:8c:36:80:de:f5:c1:20:f4:37:95:01:61:83:2e:
         ab:24:b4:41:f8:d9:32:06:1c:a4:e2:3a:f1:90:7c:36:e7:0d:
         61:bc:41:67:27:36:71:7b:9e:68:ab:75:dc:c0:7d:d6:a0:01:
         40:78:74:30:3f:44:cd:15:12:2f:bf:46:9f:84:63:6d:53:6f:
         a3:21:2d:2b:25:ef:c9:c9:cf:b3:82:46:d2:3a:10:35:29:b3:
         6a:e8:13:5f:09:0e:00:49:8b:45:ba:22:3b:8c:9b:97:2c:c6:
         ef:dc:2f:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu8k8zVII64epCGZhackdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMmRhYzYwNWY0NjU5NzE4YzBhMTVlMWY3MzJjYmQ0ZjQ4
YWFlN2IwHhcNMjQwMTAyMTAzMjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2U3NWQ5YjZmNjJlNjUyNjg4YTJlYjE0OGRlYWRlN2QyNmM5Y2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuc5yw1zuxeqsza/q/hyA8ZQeB7Nv
zMgo6Vw7M06SG+ec4oxvF/39MOYdiOnJ6oXODwFYJRVHYOpzALUNBmrO26r5oCtO
+vXmkvvo5WD8/cpZQ/Schm7VgWclkjeFmrJ9QayWhUxvRJ7CKoaTrn/a33pOC5up
zdZpd96jO4JLnFougnzsPSvD5FHnhKFrLh9NcOn93rKqPnzoZhfM5V7WAUFd93kc
xUsM9RVPafdqzoThTv+q/ysc5d7t7ukgIKow3xH4TOsbhcz1UwdRCIJtekHL8BBa
wdMMInyWOhfi9Bgeh9f+13pT5jGSJWbKwItKM+ysc7i8U4H4qDcz4jCUMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFPnXZtvYuZSaIousUjerefSbJy5MB8GA1UdIwQY
MBaAFPAtrGBfRllxjAoV4fcyy9T0iq57MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYt
MjkyYWU0NmU2MzAyLzEvVS1kZG0yOWk1bEpvaWk2eFNONnQ1OUpzbkxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYtMjkyYWU0NmU2MzAy
LzEvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpUuMA0G
CSqGSIb3DQEBCwUAA4IBAQCHkHIl2HudvdtNofW7N04uRFnXcLCQ2BZgM21FJvPe
sMWi6DrXp1HBZqHV/T+QdWQrlE0BC6RTN5egyNjGb9gmnGPeXJGSHC8gcgCuMx9Q
h/vAop5TD/C5T+YYcfpXkiMkOfPQbiuLDshSJPEhHrV2jnfztZHp9kB19/arAwX+
h4rsZBPMFdVJkq+aftfJpWbyJqPKjDaA3vXBIPQ3lQFhgy6rJLRB+NkyBhyk4jrx
kHw25w1hvEFnJzZxe55oq3XcwH3WoAFAeHQwP0TNFRIvv0afhGNtU2+jIS0rJe/J
yc+zgkbSOhA1KbNq6BNfCQ4ASYtFuiI7jJuXLMbv3C/n
-----END CERTIFICATE-----