Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/9fedd0-4ed7-4419-8e73-b5ca0adf2f08/1/U0byKZnITHTL6PzOfQnnL1LGyfU.roa
File:                     U0byKZnITHTL6PzOfQnnL1LGyfU.roa (raw, json)
Hash identifier:          +gIuQzaLQ4mZAVOQy5JQENcyJzbjHyMxjPkY6yW3xxc=
Subject key identifier:   53:46:F2:29:99:C8:4C:74:CB:E8:FC:CE:7D:09:E7:2F:52:C6:C9:F5
Certificate issuer:       /CN=fff442affba1cfaef3102c981d7569502ce6515c
Certificate serial:       018CC6B82DE6B17E3889751CAD1572968F36
Authority key identifier: FF:F4:42:AF:FB:A1:CF:AE:F3:10:2C:98:1D:75:69:50:2C:E6:51:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/__RCr_uhz67zECyYHXVpUCzmUVw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/9fedd0-4ed7-4419-8e73-b5ca0adf2f08/1/U0byKZnITHTL6PzOfQnnL1LGyfU.roa
Signing time:             Mon 01 Jan 2024 20:30:08 +0000
ROA not before:           Mon 01 Jan 2024 20:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204861
IP address blocks:        185.237.172.0/22 maxlen: 24
                          2a0c:1a80::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/9fedd0-4ed7-4419-8e73-b5ca0adf2f08/1/__RCr_uhz67zECyYHXVpUCzmUVw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/9fedd0-4ed7-4419-8e73-b5ca0adf2f08/1/__RCr_uhz67zECyYHXVpUCzmUVw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/__RCr_uhz67zECyYHXVpUCzmUVw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:2d:e6:b1:7e:38:89:75:1c:ad:15:72:96:8f:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fff442affba1cfaef3102c981d7569502ce6515c
        Validity
            Not Before: Jan  1 20:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5346f22999c84c74cbe8fcce7d09e72f52c6c9f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:81:d1:21:b2:20:0d:39:6f:ad:63:9f:0e:99:
                    5f:f3:f2:99:d7:5b:98:29:da:38:10:aa:e9:16:4c:
                    1a:20:06:44:92:53:91:d7:b6:35:0e:83:47:d7:be:
                    22:70:d7:cb:44:33:01:21:cb:6b:d6:ba:9b:a5:10:
                    3f:ed:f0:a3:5a:84:88:fb:d9:14:c4:b3:b8:55:23:
                    e9:8d:b8:26:20:c3:13:26:cb:cf:78:e5:0a:84:d9:
                    17:b5:88:69:a5:7b:b4:ad:ea:ab:c1:94:30:fb:41:
                    38:65:54:3d:0b:3e:46:9e:a9:b3:42:59:ef:48:53:
                    a8:96:30:3b:3d:e3:f4:a5:ac:3f:ab:42:e6:1d:84:
                    a8:9b:72:01:e4:ad:ca:cb:ee:81:56:86:87:00:df:
                    27:05:3f:cc:2c:0d:2b:42:c7:5c:ba:16:3c:35:fa:
                    2e:5c:8f:cc:71:ef:09:a9:aa:f2:56:a3:e7:44:e0:
                    df:d8:7d:e1:fd:ab:6a:e4:72:4d:f9:73:74:60:14:
                    0a:7e:56:ad:9b:ed:76:dd:a7:ff:79:a6:94:6b:98:
                    d4:5c:57:d8:b2:26:d1:f2:ab:ef:b9:85:2f:ab:e3:
                    69:bd:45:4c:e6:5c:d6:80:5e:c5:d6:12:bc:fa:19:
                    e5:06:68:f5:1e:ac:f0:71:26:25:25:3c:e9:d5:40:
                    6e:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:46:F2:29:99:C8:4C:74:CB:E8:FC:CE:7D:09:E7:2F:52:C6:C9:F5
            X509v3 Authority Key Identifier:
                keyid:FF:F4:42:AF:FB:A1:CF:AE:F3:10:2C:98:1D:75:69:50:2C:E6:51:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/__RCr_uhz67zECyYHXVpUCzmUVw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/9fedd0-4ed7-4419-8e73-b5ca0adf2f08/1/U0byKZnITHTL6PzOfQnnL1LGyfU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/9fedd0-4ed7-4419-8e73-b5ca0adf2f08/1/__RCr_uhz67zECyYHXVpUCzmUVw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.237.172.0/22
                IPv6:
                  2a0c:1a80::/29

    Signature Algorithm: sha256WithRSAEncryption
         78:fb:80:d6:ba:13:2b:d1:57:91:18:18:a6:c8:27:aa:87:6d:
         22:34:29:4d:f2:ca:fd:c8:33:51:f0:cd:e9:13:f2:bc:29:63:
         f8:e7:42:54:5b:a7:c3:e8:e6:da:6a:6e:69:85:57:e5:f3:9b:
         c8:06:66:ac:30:24:e9:20:73:61:f8:02:71:0f:a7:66:a8:27:
         cf:8c:c7:23:99:ea:37:f2:6c:55:ce:65:2e:50:68:c4:f8:8f:
         b0:ff:c7:2c:01:df:dc:09:12:94:80:f6:a8:6c:7b:f1:bb:eb:
         79:d3:58:63:58:b4:6d:fb:4f:18:1b:c3:10:4b:2c:73:f7:78:
         01:03:3d:d2:ae:10:3b:74:db:7d:97:2c:5c:ef:22:d8:83:7b:
         bb:44:aa:3c:45:1f:74:a7:3f:0a:2a:43:d4:a6:bf:5f:c6:b7:
         7e:88:0a:f2:ab:f1:ab:94:e2:37:fb:cf:9a:06:de:af:d2:61:
         a4:f5:2b:c8:3d:41:a9:3e:db:b3:a2:74:f4:12:57:96:d8:ad:
         7f:e9:61:c0:16:66:cd:96:6b:d1:c8:1d:fb:a3:84:e3:f7:24:
         4f:64:a4:76:a2:87:7e:4e:53:31:5c:87:e9:59:e5:48:a4:5d:
         07:48:ce:84:ef:79:85:f1:6d:08:47:23:b7:78:20:a3:30:d9:
         ee:9c:a7:50
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGuC3msX44iXUcrRVylo82MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmZjQ0MmFmZmJhMWNmYWVmMzEwMmM5ODFkNzU2OTUwMmNl
NjUxNWMwHhcNMjQwMTAxMjAzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzQ2ZjIyOTk5Yzg0Yzc0Y2JlOGZjY2U3ZDA5ZTcyZjUyYzZjOWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj4HRIbIgDTlvrWOfDplf8/KZ11uY
Kdo4EKrpFkwaIAZEklOR17Y1DoNH174icNfLRDMBIctr1rqbpRA/7fCjWoSI+9kU
xLO4VSPpjbgmIMMTJsvPeOUKhNkXtYhppXu0reqrwZQw+0E4ZVQ9Cz5GnqmzQlnv
SFOoljA7PeP0paw/q0LmHYSom3IB5K3Ky+6BVoaHAN8nBT/MLA0rQsdcuhY8Nfou
XI/Mce8JqaryVqPnRODf2H3h/atq5HJN+XN0YBQKflatm+123af/eaaUa5jUXFfY
sibR8qvvuYUvq+NpvUVM5lzWgF7F1hK8+hnlBmj1HqzwcSYlJTzp1UBuHwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFNG8imZyEx0y+j8zn0J5y9Sxsn1MB8GA1UdIwQY
MBaAFP/0Qq/7oc+u8xAsmB11aVAs5lFcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX19SQ3JfdWh6Njd6RUN5WUhYVnBVQ3ptVVZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC85ZmVkZDAtNGVkNy00NDE5LThlNzMt
YjVjYTBhZGYyZjA4LzEvVTBieUtabklUSFRMNlB6T2ZRbm5MMUxHeWZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC85ZmVkZDAtNGVkNy00NDE5LThlNzMtYjVjYTBhZGYyZjA4
LzEvX19SQ3JfdWh6Njd6RUN5WUhYVnBVQ3ptVVZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCue2sMA0E
AgACMAcDBQMqDBqAMA0GCSqGSIb3DQEBCwUAA4IBAQB4+4DWuhMr0VeRGBimyCeq
h20iNClN8sr9yDNR8M3pE/K8KWP450JUW6fD6Obaam5phVfl85vIBmasMCTpIHNh
+AJxD6dmqCfPjMcjmeo38mxVzmUuUGjE+I+w/8csAd/cCRKUgPaobHvxu+t501hj
WLRt+08YG8MQSyxz93gBAz3SrhA7dNt9lyxc7yLYg3u7RKo8RR90pz8KKkPUpr9f
xrd+iAryq/GrlOI3+8+aBt6v0mGk9SvIPUGpPtuzonT0EleW2K1/6WHAFmbNlmvR
yB37o4Tj9yRPZKR2ood+TlMxXIfpWeVIpF0HSM6E73mF8W0IRyO3eCCjMNnunKdQ
-----END CERTIFICATE-----