Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/bf4263-ffae-42d7-be0f-6295b854df86/1/udY2sbJt-uRqMVg-0S1_W1YwP3A.roa
File:                     udY2sbJt-uRqMVg-0S1_W1YwP3A.roa (raw, json)
Hash identifier:          TutDCwnsEl0pUQ6XDxvpjMnfDS+Vt48gzzvIA4uZ5Wo=
Subject key identifier:   B9:D6:36:B1:B2:6D:FA:E4:6A:31:58:3E:D1:2D:7F:5B:56:30:3F:70
Certificate issuer:       /CN=01538851167b4e3d6f64d53797b08cb41371870f
Certificate serial:       018CC64ABC6D536F798BF7A5A881DDDA93DF
Authority key identifier: 01:53:88:51:16:7B:4E:3D:6F:64:D5:37:97:B0:8C:B4:13:71:87:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AVOIURZ7Tj1vZNU3l7CMtBNxhw8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/bf4263-ffae-42d7-be0f-6295b854df86/1/udY2sbJt-uRqMVg-0S1_W1YwP3A.roa
Signing time:             Mon 01 Jan 2024 18:30:35 +0000
ROA not before:           Mon 01 Jan 2024 18:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60111
IP address blocks:        185.182.204.0/22 maxlen: 22
                          2a0a:f880::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/bf4263-ffae-42d7-be0f-6295b854df86/1/AVOIURZ7Tj1vZNU3l7CMtBNxhw8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/bf4263-ffae-42d7-be0f-6295b854df86/1/AVOIURZ7Tj1vZNU3l7CMtBNxhw8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AVOIURZ7Tj1vZNU3l7CMtBNxhw8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 10:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:bc:6d:53:6f:79:8b:f7:a5:a8:81:dd:da:93:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01538851167b4e3d6f64d53797b08cb41371870f
        Validity
            Not Before: Jan  1 18:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9d636b1b26dfae46a31583ed12d7f5b56303f70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:6b:3a:0e:62:5d:82:b7:46:23:72:6e:60:6d:
                    44:e9:c6:20:19:f2:42:17:f5:c6:10:a5:27:78:64:
                    1f:09:81:2e:d6:4d:1b:14:7e:ab:57:a1:37:75:b1:
                    b6:42:3d:dc:fa:32:dd:86:43:27:6b:79:77:0c:7a:
                    1e:70:6e:fe:9f:6a:90:82:37:2f:4e:02:c8:a3:d2:
                    03:38:39:c8:0d:21:26:9c:31:2b:a9:66:83:7e:62:
                    2d:af:ee:9e:14:c5:0c:a2:38:02:f5:9f:e4:ac:a5:
                    60:8d:da:ae:ef:b5:d9:2f:1d:01:3d:48:d6:79:54:
                    1e:f1:40:d5:8c:fd:14:fd:c8:2c:2c:51:0b:8c:d7:
                    75:71:ac:a5:cb:5c:c9:77:12:3b:e1:d0:ff:0b:59:
                    48:11:30:5e:25:85:c3:22:52:be:39:ce:d0:08:cd:
                    27:7f:6a:f8:c5:d6:57:af:71:d3:69:df:f6:bd:13:
                    0a:f6:2e:d5:4a:42:9d:f4:8f:24:e7:2a:aa:35:fa:
                    91:8e:4d:6f:2a:da:31:56:a1:16:c0:74:7c:6f:56:
                    16:6a:05:aa:af:c1:01:c5:79:00:33:76:a8:a8:23:
                    5f:dc:96:a0:11:8b:ce:92:87:5f:14:ff:e9:4d:0c:
                    48:a6:cd:04:46:02:dc:39:56:4b:62:d9:d4:93:f7:
                    bb:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:D6:36:B1:B2:6D:FA:E4:6A:31:58:3E:D1:2D:7F:5B:56:30:3F:70
            X509v3 Authority Key Identifier:
                keyid:01:53:88:51:16:7B:4E:3D:6F:64:D5:37:97:B0:8C:B4:13:71:87:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AVOIURZ7Tj1vZNU3l7CMtBNxhw8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/bf4263-ffae-42d7-be0f-6295b854df86/1/udY2sbJt-uRqMVg-0S1_W1YwP3A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/bf4263-ffae-42d7-be0f-6295b854df86/1/AVOIURZ7Tj1vZNU3l7CMtBNxhw8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.182.204.0/22
                IPv6:
                  2a0a:f880::/29

    Signature Algorithm: sha256WithRSAEncryption
         ab:ac:d3:16:19:25:34:d5:86:5b:92:10:6e:0d:89:75:da:7c:
         7b:1c:6e:9a:73:90:f5:14:e9:a1:04:a6:1f:89:65:5a:19:26:
         a7:df:b7:9a:d4:08:07:60:6f:58:1a:97:7d:8f:52:8c:e0:db:
         85:e3:c7:69:de:67:d4:3f:bb:76:8a:40:a1:e5:80:64:bf:f4:
         81:6d:fd:f9:33:72:9e:d4:1c:5f:70:b6:25:68:95:96:1a:c8:
         ca:20:fc:21:9c:4c:4a:6f:76:bd:e3:05:60:0b:69:05:8e:17:
         f6:03:f1:00:97:93:43:5b:b1:3b:f0:7a:82:fb:5d:ee:ec:bd:
         76:57:78:88:5f:bc:92:27:1c:bc:6d:4a:36:b7:d7:ad:0b:f2:
         17:ed:9b:31:0c:82:f2:e3:82:06:c8:1f:13:a1:0e:8c:70:f6:
         04:d7:57:38:26:65:4d:5e:60:fa:2c:c0:7e:31:ec:a2:9b:af:
         d4:46:44:a0:5b:bc:cc:a2:36:04:ab:d8:a9:4b:d9:14:7e:65:
         ed:9b:16:1b:13:3c:63:fb:34:fb:24:b1:a1:92:38:50:a5:60:
         b2:be:cd:14:1e:ed:2d:bb:18:b2:31:2c:5d:3c:61:de:97:5e:
         79:2d:f3:48:03:7c:f6:20:06:c5:14:10:41:82:79:36:49:88:
         82:79:a6:2f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGSrxtU295i/elqIHd2pPfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNTM4ODUxMTY3YjRlM2Q2ZjY0ZDUzNzk3YjA4Y2I0MTM3
MTg3MGYwHhcNMjQwMTAxMTgzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWQ2MzZiMWIyNmRmYWU0NmEzMTU4M2VkMTJkN2Y1YjU2MzAzZjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkGs6DmJdgrdGI3JuYG1E6cYgGfJC
F/XGEKUneGQfCYEu1k0bFH6rV6E3dbG2Qj3c+jLdhkMna3l3DHoecG7+n2qQgjcv
TgLIo9IDODnIDSEmnDErqWaDfmItr+6eFMUMojgC9Z/krKVgjdqu77XZLx0BPUjW
eVQe8UDVjP0U/cgsLFELjNd1cayly1zJdxI74dD/C1lIETBeJYXDIlK+Oc7QCM0n
f2r4xdZXr3HTad/2vRMK9i7VSkKd9I8k5yqqNfqRjk1vKtoxVqEWwHR8b1YWagWq
r8EBxXkAM3aoqCNf3JagEYvOkodfFP/pTQxIps0ERgLcOVZLYtnUk/e77QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLnWNrGybfrkajFYPtEtf1tWMD9wMB8GA1UdIwQY
MBaAFAFTiFEWe049b2TVN5ewjLQTcYcPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVZPSVVSWjdUajF2Wk5VM2w3Q010Qk54aHc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC9iZjQyNjMtZmZhZS00MmQ3LWJlMGYt
NjI5NWI4NTRkZjg2LzEvdWRZMnNiSnQtdVJxTVZnLTBTMV9XMVl3UDNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC9iZjQyNjMtZmZhZS00MmQ3LWJlMGYtNjI5NWI4NTRkZjg2
LzEvQVZPSVVSWjdUajF2Wk5VM2w3Q010Qk54aHc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCubbMMA0E
AgACMAcDBQMqCviAMA0GCSqGSIb3DQEBCwUAA4IBAQCrrNMWGSU01YZbkhBuDYl1
2nx7HG6ac5D1FOmhBKYfiWVaGSan37ea1AgHYG9YGpd9j1KM4NuF48dp3mfUP7t2
ikCh5YBkv/SBbf35M3Ke1BxfcLYlaJWWGsjKIPwhnExKb3a94wVgC2kFjhf2A/EA
l5NDW7E78HqC+13u7L12V3iIX7ySJxy8bUo2t9etC/IX7ZsxDILy44IGyB8ToQ6M
cPYE11c4JmVNXmD6LMB+Meyim6/URkSgW7zMojYEq9ipS9kUfmXtmxYbEzxj+zT7
JLGhkjhQpWCyvs0UHu0tuxiyMSxdPGHel155LfNIA3z2IAbFFBBBgnk2SYiCeaYv
-----END CERTIFICATE-----