Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/f116d7-8519-4924-8d1d-4c77d605afec/1/tUckTWwCii0oe4MX4orJfzAOb6Q.roa
File:                     tUckTWwCii0oe4MX4orJfzAOb6Q.roa (raw, json)
Hash identifier:          //WcP1h0WQaQ8alXRU6jbqZcTGYLgBumm4TKW1pErTM=
Subject key identifier:   B5:47:24:4D:6C:02:8A:2D:28:7B:83:17:E2:8A:C9:7F:30:0E:6F:A4
Certificate issuer:       /CN=5f99fde0d63b11b5c2dd816c0f93c2ea58350336
Certificate serial:       018CC3491A9285F303BD1E499BE439B2FCD7
Authority key identifier: 5F:99:FD:E0:D6:3B:11:B5:C2:DD:81:6C:0F:93:C2:EA:58:35:03:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X5n94NY7EbXC3YFsD5PC6lg1AzY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/f116d7-8519-4924-8d1d-4c77d605afec/1/tUckTWwCii0oe4MX4orJfzAOb6Q.roa
Signing time:             Mon 01 Jan 2024 04:29:57 +0000
ROA not before:           Mon 01 Jan 2024 04:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3292
IP address blocks:        185.81.14.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/f116d7-8519-4924-8d1d-4c77d605afec/1/X5n94NY7EbXC3YFsD5PC6lg1AzY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/f116d7-8519-4924-8d1d-4c77d605afec/1/X5n94NY7EbXC3YFsD5PC6lg1AzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X5n94NY7EbXC3YFsD5PC6lg1AzY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 23:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:1a:92:85:f3:03:bd:1e:49:9b:e4:39:b2:fc:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f99fde0d63b11b5c2dd816c0f93c2ea58350336
        Validity
            Not Before: Jan  1 04:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b547244d6c028a2d287b8317e28ac97f300e6fa4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:4c:2f:85:00:ed:ef:21:33:4c:6d:81:9d:65:
                    81:eb:b6:11:16:35:86:0a:a1:f7:18:8b:66:44:d5:
                    b0:00:a5:ce:89:ca:ef:e5:71:e7:c4:b0:c2:ab:df:
                    b9:aa:27:6a:ae:13:bc:b9:11:ff:5b:49:5d:a7:2f:
                    57:4b:63:6c:38:e1:bb:bf:f5:7e:c2:11:7e:9f:70:
                    6b:20:1c:e0:7c:36:ce:ef:5e:18:7a:53:d6:d3:8a:
                    37:c9:96:9f:19:73:8e:92:a6:1d:8d:1f:df:5a:0f:
                    04:65:e0:31:2c:f4:43:89:b6:f7:f4:d2:32:00:48:
                    9b:68:6b:80:e2:9f:18:4b:e9:a9:af:e3:52:a2:ee:
                    20:1d:4f:8c:6a:14:63:01:9d:86:b8:4b:49:b6:9b:
                    2b:69:ae:8c:d0:6b:13:44:89:c7:cb:6f:63:29:f7:
                    83:00:12:38:aa:74:5d:b2:13:ea:6b:22:09:1d:46:
                    c5:ac:5e:7d:15:20:d2:43:b1:09:f6:69:ba:53:93:
                    d4:de:d7:bd:9f:40:44:24:65:4d:4f:fe:e1:7e:f2:
                    0d:b6:0f:28:27:47:ea:27:34:33:ce:a6:a6:51:d5:
                    26:57:04:cf:5a:c9:b0:e2:38:a7:67:16:9a:0e:86:
                    e3:3d:5f:2b:9c:fc:c7:c8:fe:20:30:d2:04:c7:22:
                    df:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:47:24:4D:6C:02:8A:2D:28:7B:83:17:E2:8A:C9:7F:30:0E:6F:A4
            X509v3 Authority Key Identifier:
                keyid:5F:99:FD:E0:D6:3B:11:B5:C2:DD:81:6C:0F:93:C2:EA:58:35:03:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X5n94NY7EbXC3YFsD5PC6lg1AzY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/f116d7-8519-4924-8d1d-4c77d605afec/1/tUckTWwCii0oe4MX4orJfzAOb6Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/f116d7-8519-4924-8d1d-4c77d605afec/1/X5n94NY7EbXC3YFsD5PC6lg1AzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.81.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4c:bc:f3:5e:ab:92:03:e6:29:50:27:90:de:e2:ff:61:6f:8e:
         67:3d:ae:69:8e:22:cd:f6:7c:21:ce:79:26:52:72:e9:0e:cf:
         05:cb:6d:09:df:fb:9c:ed:6b:68:3a:8d:e3:47:f2:8c:1b:5d:
         4f:d9:26:cd:ff:b5:14:f4:5f:98:de:4e:0b:f5:03:a2:51:2d:
         5a:04:e8:94:5d:59:c8:2c:a9:f7:47:ea:0f:74:d7:00:d7:91:
         03:18:9c:55:7f:97:0c:21:65:41:f7:fd:cc:f1:7c:04:d7:d9:
         4d:a9:c6:2c:2b:9b:53:0b:4f:e9:d4:bd:70:84:ba:7b:4c:43:
         15:e3:c4:d0:57:17:a0:41:fa:6f:95:75:8e:bc:52:e3:c6:a1:
         04:46:f7:70:ee:f3:34:0e:1e:e9:3c:f6:c2:d2:63:04:72:e0:
         db:ad:bd:fc:9b:57:8a:32:b7:70:9f:99:b4:24:83:8d:b2:49:
         50:57:d0:ae:0e:91:15:10:f9:e4:c4:48:2b:d8:f4:9c:4b:04:
         84:21:62:36:36:72:9e:3f:34:d4:b4:a6:4d:27:7d:81:3a:26:
         dc:98:1f:56:a4:38:e0:37:e2:46:54:5d:0d:b3:5e:ce:b8:4c:
         7c:30:6b:a3:63:b3:71:36:9d:78:c1:46:1c:c2:e9:5c:23:27:
         9f:20:1f:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSRqShfMDvR5Jm+Q5svzXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmOTlmZGUwZDYzYjExYjVjMmRkODE2YzBmOTNjMmVhNTgz
NTAzMzYwHhcNMjQwMTAxMDQyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTQ3MjQ0ZDZjMDI4YTJkMjg3YjgzMTdlMjhhYzk3ZjMwMGU2ZmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUwvhQDt7yEzTG2BnWWB67YRFjWG
CqH3GItmRNWwAKXOicrv5XHnxLDCq9+5qidqrhO8uRH/W0ldpy9XS2NsOOG7v/V+
whF+n3BrIBzgfDbO714YelPW04o3yZafGXOOkqYdjR/fWg8EZeAxLPRDibb39NIy
AEibaGuA4p8YS+mpr+NSou4gHU+MahRjAZ2GuEtJtpsraa6M0GsTRInHy29jKfeD
ABI4qnRdshPqayIJHUbFrF59FSDSQ7EJ9mm6U5PU3te9n0BEJGVNT/7hfvINtg8o
J0fqJzQzzqamUdUmVwTPWsmw4jinZxaaDobjPV8rnPzHyP4gMNIExyLfWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLVHJE1sAootKHuDF+KKyX8wDm+kMB8GA1UdIwQY
MBaAFF+Z/eDWOxG1wt2BbA+TwupYNQM2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDVuOTROWTdFYlhDM1lGc0Q1UEM2bGcxQXpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9mMTE2ZDctODUxOS00OTI0LThkMWQt
NGM3N2Q2MDVhZmVjLzEvdFVja1RXd0NpaTBvZTRNWDRvckpmekFPYjZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9mMTE2ZDctODUxOS00OTI0LThkMWQtNGM3N2Q2MDVhZmVj
LzEvWDVuOTROWTdFYlhDM1lGc0Q1UEM2bGcxQXpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuVEOMA0G
CSqGSIb3DQEBCwUAA4IBAQBMvPNeq5ID5ilQJ5De4v9hb45nPa5pjiLN9nwhznkm
UnLpDs8Fy20J3/uc7WtoOo3jR/KMG11P2SbN/7UU9F+Y3k4L9QOiUS1aBOiUXVnI
LKn3R+oPdNcA15EDGJxVf5cMIWVB9/3M8XwE19lNqcYsK5tTC0/p1L1whLp7TEMV
48TQVxegQfpvlXWOvFLjxqEERvdw7vM0Dh7pPPbC0mMEcuDbrb38m1eKMrdwn5m0
JIONsklQV9CuDpEVEPnkxEgr2PScSwSEIWI2NnKePzTUtKZNJ32BOibcmB9WpDjg
N+JGVF0Ns17OuEx8MGujY7NxNp14wUYcwulcIyefIB9X
-----END CERTIFICATE-----