Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/bdab9d-458b-4d6a-9d9b-aeec7a859c59/1/UjGT8VBF9lIfq-tLtI5etMQKtEE.roa
File:                     UjGT8VBF9lIfq-tLtI5etMQKtEE.roa (raw, json)
Hash identifier:          X5DHGJC9CGu0HIsKH4iemWMhP83UyAfQBgZUlgCFC60=
Subject key identifier:   52:31:93:F1:50:45:F6:52:1F:AB:EB:4B:B4:8E:5E:B4:C4:0A:B4:41
Certificate issuer:       /CN=a61ada61202413cd8fca2f49742527ad021f9676
Certificate serial:       018CC801DFE5B3A562740615C602D347CAD1
Authority key identifier: A6:1A:DA:61:20:24:13:CD:8F:CA:2F:49:74:25:27:AD:02:1F:96:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/phraYSAkE82Pyi9JdCUnrQIflnY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/bdab9d-458b-4d6a-9d9b-aeec7a859c59/1/UjGT8VBF9lIfq-tLtI5etMQKtEE.roa
Signing time:             Tue 02 Jan 2024 02:30:15 +0000
ROA not before:           Tue 02 Jan 2024 02:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     395651
IP address blocks:        185.38.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/bdab9d-458b-4d6a-9d9b-aeec7a859c59/1/phraYSAkE82Pyi9JdCUnrQIflnY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/bdab9d-458b-4d6a-9d9b-aeec7a859c59/1/phraYSAkE82Pyi9JdCUnrQIflnY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/phraYSAkE82Pyi9JdCUnrQIflnY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 10:02:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:df:e5:b3:a5:62:74:06:15:c6:02:d3:47:ca:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a61ada61202413cd8fca2f49742527ad021f9676
        Validity
            Not Before: Jan  2 02:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=523193f15045f6521fabeb4bb48e5eb4c40ab441
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:48:8d:ff:98:7d:ee:40:2f:27:f7:00:d3:ef:
                    6a:d0:1c:41:8c:a8:54:e0:7f:66:02:0c:19:2e:d7:
                    a0:f0:6b:bc:0b:25:1f:c5:b2:05:7e:6f:5c:ab:cf:
                    73:9a:c5:ab:09:04:c8:cc:18:81:0d:f5:5b:7c:96:
                    f1:40:46:a9:4d:5a:17:1a:37:eb:04:d2:3a:0f:69:
                    fe:77:33:ee:4e:2b:80:f5:b0:81:0f:4a:4e:dd:74:
                    60:cd:f0:e2:6e:41:0d:91:0e:8c:73:52:36:17:31:
                    e4:6d:bc:31:e3:cc:91:f3:d4:77:86:a7:02:47:4a:
                    2e:1c:fc:b0:d0:cf:cd:38:31:ed:9d:e9:3d:ad:4f:
                    4c:ef:de:7a:1f:cf:52:10:8f:bf:0e:65:31:15:0c:
                    5b:a2:70:2b:4a:98:3e:25:45:09:74:55:24:63:2d:
                    0d:f6:fc:ed:c1:de:df:8a:c9:47:c6:d0:ec:3f:f8:
                    98:5e:20:97:a2:c6:7f:61:cc:41:9c:bb:95:c7:76:
                    8e:48:b0:9f:54:be:3f:93:3b:88:0d:3c:e4:fb:c7:
                    27:c7:77:a6:04:dc:39:b7:3e:96:00:01:ec:97:c7:
                    63:01:5a:0d:ec:ac:4a:58:b2:8c:aa:b5:c0:8c:0e:
                    d8:b6:60:fe:20:64:18:51:a7:44:a7:12:57:a9:d8:
                    b1:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:31:93:F1:50:45:F6:52:1F:AB:EB:4B:B4:8E:5E:B4:C4:0A:B4:41
            X509v3 Authority Key Identifier:
                keyid:A6:1A:DA:61:20:24:13:CD:8F:CA:2F:49:74:25:27:AD:02:1F:96:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/phraYSAkE82Pyi9JdCUnrQIflnY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/bdab9d-458b-4d6a-9d9b-aeec7a859c59/1/UjGT8VBF9lIfq-tLtI5etMQKtEE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/bdab9d-458b-4d6a-9d9b-aeec7a859c59/1/phraYSAkE82Pyi9JdCUnrQIflnY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.38.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:44:ff:d9:70:83:50:08:e6:15:4e:cf:95:cd:02:5c:1e:4d:
         be:ea:ea:93:b6:6f:a7:dd:a0:21:13:c4:39:b7:0d:fa:ac:d6:
         4a:95:f4:83:49:b5:d2:8d:3b:99:16:3a:6b:cd:32:1f:87:a8:
         d5:18:4f:ad:bb:20:a8:3a:b5:59:64:41:ea:5c:eb:5a:43:3b:
         5a:9b:e1:1f:ab:a5:85:4b:78:b1:4c:f1:c4:a2:b3:30:22:2b:
         e6:17:31:31:e5:5a:69:26:a8:85:d7:a7:40:13:f6:7b:1d:c4:
         6d:dd:9e:d0:14:f0:7a:b9:d4:bf:73:58:76:11:d6:27:06:13:
         c8:c0:44:b2:e4:8e:bc:e2:8c:5e:83:f9:40:2a:b6:19:81:98:
         ea:1e:f3:25:bb:f6:7f:14:17:c3:e3:25:c0:3c:55:f5:d5:97:
         77:4a:79:5e:45:e1:98:8a:8b:1a:fd:a3:e1:90:46:44:c8:8f:
         fd:8c:db:da:9d:9a:c3:3a:33:08:a2:5b:ad:74:2b:59:1f:db:
         78:39:39:ea:f4:63:81:9c:e9:e4:06:25:d8:4d:28:ff:68:4f:
         96:74:39:ab:9e:f1:42:2f:e7:e3:a9:39:61:3b:c6:84:38:86:
         49:ae:bb:5f:6f:d1:85:63:bb:62:ce:68:22:97:be:59:30:dd:
         1a:2c:5e:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAd/ls6VidAYVxgLTR8rRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MWFkYTYxMjAyNDEzY2Q4ZmNhMmY0OTc0MjUyN2FkMDIx
Zjk2NzYwHhcNMjQwMTAyMDIzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjMxOTNmMTUwNDVmNjUyMWZhYmViNGJiNDhlNWViNGM0MGFiNDQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo0iN/5h97kAvJ/cA0+9q0BxBjKhU
4H9mAgwZLteg8Gu8CyUfxbIFfm9cq89zmsWrCQTIzBiBDfVbfJbxQEapTVoXGjfr
BNI6D2n+dzPuTiuA9bCBD0pO3XRgzfDibkENkQ6Mc1I2FzHkbbwx48yR89R3hqcC
R0ouHPyw0M/NODHtnek9rU9M7956H89SEI+/DmUxFQxbonArSpg+JUUJdFUkYy0N
9vztwd7fislHxtDsP/iYXiCXosZ/YcxBnLuVx3aOSLCfVL4/kzuIDTzk+8cnx3em
BNw5tz6WAAHsl8djAVoN7KxKWLKMqrXAjA7YtmD+IGQYUadEpxJXqdixmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFIxk/FQRfZSH6vrS7SOXrTECrRBMB8GA1UdIwQY
MBaAFKYa2mEgJBPNj8ovSXQlJ60CH5Z2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGhyYVlTQWtFODJQeWk5SmRDVW5yUUlmbG5ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9iZGFiOWQtNDU4Yi00ZDZhLTlkOWIt
YWVlYzdhODU5YzU5LzEvVWpHVDhWQkY5bElmcS10THRJNWV0TVFLdEVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9iZGFiOWQtNDU4Yi00ZDZhLTlkOWItYWVlYzdhODU5YzU5
LzEvcGhyYVlTQWtFODJQeWk5SmRDVW5yUUlmbG5ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSbxMA0G
CSqGSIb3DQEBCwUAA4IBAQArRP/ZcINQCOYVTs+VzQJcHk2+6uqTtm+n3aAhE8Q5
tw36rNZKlfSDSbXSjTuZFjprzTIfh6jVGE+tuyCoOrVZZEHqXOtaQztam+Efq6WF
S3ixTPHEorMwIivmFzEx5VppJqiF16dAE/Z7HcRt3Z7QFPB6udS/c1h2EdYnBhPI
wESy5I684oxeg/lAKrYZgZjqHvMlu/Z/FBfD4yXAPFX11Zd3SnleReGYiosa/aPh
kEZEyI/9jNvanZrDOjMIolutdCtZH9t4OTnq9GOBnOnkBiXYTSj/aE+WdDmrnvFC
L+fjqTlhO8aEOIZJrrtfb9GFY7tizmgil75ZMN0aLF6C
-----END CERTIFICATE-----