Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/0244e4-73e3-449d-a06a-1f689935b90f/1/u1tZdeCNLHhKS7JDBAE_0CVik4Q.roa
File:                     u1tZdeCNLHhKS7JDBAE_0CVik4Q.roa (raw, json)
Hash identifier:          vQJREFvW0eh5N0kSBggGLu9CF4P8m1EyDCmsNzCQEWA=
Subject key identifier:   BB:5B:59:75:E0:8D:2C:78:4A:4B:B2:43:04:01:3F:D0:25:62:93:84
Certificate issuer:       /CN=6810aa89239242dacc9d03e3af22d4e87a783414
Certificate serial:       018CC64B3068F0AAAB4A1A203F59AFCCF5D8
Authority key identifier: 68:10:AA:89:23:92:42:DA:CC:9D:03:E3:AF:22:D4:E8:7A:78:34:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aBCqiSOSQtrMnQPjryLU6Hp4NBQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/0244e4-73e3-449d-a06a-1f689935b90f/1/u1tZdeCNLHhKS7JDBAE_0CVik4Q.roa
Signing time:             Mon 01 Jan 2024 18:31:05 +0000
ROA not before:           Mon 01 Jan 2024 18:31:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205226
IP address blocks:        185.108.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/0244e4-73e3-449d-a06a-1f689935b90f/1/aBCqiSOSQtrMnQPjryLU6Hp4NBQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/0244e4-73e3-449d-a06a-1f689935b90f/1/aBCqiSOSQtrMnQPjryLU6Hp4NBQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aBCqiSOSQtrMnQPjryLU6Hp4NBQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:30:68:f0:aa:ab:4a:1a:20:3f:59:af:cc:f5:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6810aa89239242dacc9d03e3af22d4e87a783414
        Validity
            Not Before: Jan  1 18:31:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb5b5975e08d2c784a4bb24304013fd025629384
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:6f:ed:be:3e:7d:d7:72:61:98:3b:bd:ed:82:
                    4a:21:82:c7:3b:b3:f4:38:40:0d:02:c8:2a:b2:2a:
                    43:1c:a2:f8:6f:0f:5e:43:64:84:b1:fc:ef:a1:26:
                    98:b0:d6:90:2a:00:f7:b4:0c:80:ae:97:95:6c:bc:
                    b3:30:e6:5c:5f:a9:41:2f:a6:88:87:a7:b2:b7:fd:
                    a5:84:88:cd:ee:79:85:60:ee:d3:9d:84:41:4b:83:
                    1d:b0:df:eb:db:a3:8d:bc:a4:fa:7f:d7:f5:55:ac:
                    d6:e4:f6:ae:60:42:5e:0f:ff:1b:3c:4a:37:ad:9c:
                    df:e1:89:64:ea:6f:45:8b:7f:b8:cc:76:a3:f4:38:
                    93:99:d9:51:81:90:fa:f3:1f:9f:48:77:5a:be:56:
                    53:2e:1a:49:e3:5c:b9:5f:d1:9b:77:7f:3c:32:4b:
                    2c:a6:b3:3a:0f:3c:f0:4f:4b:c8:c5:93:42:b6:be:
                    7b:8b:fb:30:e5:d0:31:f9:50:fa:e1:71:9d:72:5f:
                    b9:9d:bb:0d:e2:39:2c:f5:d5:20:d3:b5:a1:47:38:
                    3d:4e:78:d1:be:4c:da:ac:54:6f:ea:35:fe:29:d2:
                    d4:f0:62:ff:25:dd:8b:64:ff:4b:69:0f:ba:c1:93:
                    eb:6c:a9:30:59:3e:6f:87:90:5f:5f:80:77:bf:9d:
                    a9:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:5B:59:75:E0:8D:2C:78:4A:4B:B2:43:04:01:3F:D0:25:62:93:84
            X509v3 Authority Key Identifier:
                keyid:68:10:AA:89:23:92:42:DA:CC:9D:03:E3:AF:22:D4:E8:7A:78:34:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aBCqiSOSQtrMnQPjryLU6Hp4NBQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0244e4-73e3-449d-a06a-1f689935b90f/1/u1tZdeCNLHhKS7JDBAE_0CVik4Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0244e4-73e3-449d-a06a-1f689935b90f/1/aBCqiSOSQtrMnQPjryLU6Hp4NBQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.108.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:03:67:e2:76:c2:35:da:78:6d:22:c5:a6:fc:e5:03:88:13:
         37:95:0a:3c:de:79:59:7e:c1:15:51:c3:6b:17:07:11:fe:37:
         59:4a:86:c6:ed:79:cd:1d:2c:ef:57:c5:d7:42:ed:fa:d7:22:
         80:8c:84:92:3d:59:13:bd:1b:b0:9e:bb:0d:60:31:0a:62:9d:
         b9:a1:d9:12:d9:f1:85:b1:28:a8:bb:ae:b7:2f:94:73:10:82:
         43:a4:81:02:bc:2f:e6:96:3b:12:99:5a:57:1b:14:72:33:8d:
         d4:54:d0:76:a8:2c:ee:10:e7:d3:0b:e9:32:e3:11:38:58:9a:
         d3:8d:88:02:01:00:41:21:23:dc:0b:f6:59:f3:2f:94:fe:d8:
         c2:f2:22:62:32:34:83:f8:08:82:6b:77:6b:d8:64:ec:f8:77:
         fe:d4:e1:54:9d:33:8e:a4:c1:03:a6:57:20:37:94:d3:de:f0:
         fe:7e:e6:bd:80:dd:47:bd:3d:d8:fe:31:7f:1b:de:34:56:7d:
         c0:ee:15:19:53:84:1d:20:76:17:55:58:b4:7e:26:8a:86:a9:
         f1:b1:1d:82:2f:7a:19:03:54:d2:d3:ea:b8:cc:d8:da:f2:40:
         8d:af:44:9c:92:69:2b:fa:44:fc:0a:ba:0e:86:e6:46:9d:a5:
         09:8f:95:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSzBo8KqrShogP1mvzPXYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4MTBhYTg5MjM5MjQyZGFjYzlkMDNlM2FmMjJkNGU4N2E3
ODM0MTQwHhcNMjQwMTAxMTgzMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjViNTk3NWUwOGQyYzc4NGE0YmIyNDMwNDAxM2ZkMDI1NjI5Mzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwm/tvj5913JhmDu97YJKIYLHO7P0
OEANAsgqsipDHKL4bw9eQ2SEsfzvoSaYsNaQKgD3tAyArpeVbLyzMOZcX6lBL6aI
h6eyt/2lhIjN7nmFYO7TnYRBS4MdsN/r26ONvKT6f9f1VazW5PauYEJeD/8bPEo3
rZzf4Ylk6m9Fi3+4zHaj9DiTmdlRgZD68x+fSHdavlZTLhpJ41y5X9Gbd388Mkss
prM6DzzwT0vIxZNCtr57i/sw5dAx+VD64XGdcl+5nbsN4jks9dUg07WhRzg9TnjR
vkzarFRv6jX+KdLU8GL/Jd2LZP9LaQ+6wZPrbKkwWT5vh5BfX4B3v52p6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLtbWXXgjSx4SkuyQwQBP9AlYpOEMB8GA1UdIwQY
MBaAFGgQqokjkkLazJ0D468i1Oh6eDQUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUJDcWlTT1NRdHJNblFQanJ5TFU2SHA0TkJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS8wMjQ0ZTQtNzNlMy00NDlkLWEwNmEt
MWY2ODk5MzViOTBmLzEvdTF0WmRlQ05MSGhLUzdKREJBRV8wQ1ZpazRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS8wMjQ0ZTQtNzNlMy00NDlkLWEwNmEtMWY2ODk5MzViOTBm
LzEvYUJDcWlTT1NRdHJNblFQanJ5TFU2SHA0TkJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWwTMA0G
CSqGSIb3DQEBCwUAA4IBAQANA2fidsI12nhtIsWm/OUDiBM3lQo83nlZfsEVUcNr
FwcR/jdZSobG7XnNHSzvV8XXQu361yKAjISSPVkTvRuwnrsNYDEKYp25odkS2fGF
sSiou663L5RzEIJDpIECvC/mljsSmVpXGxRyM43UVNB2qCzuEOfTC+ky4xE4WJrT
jYgCAQBBISPcC/ZZ8y+U/tjC8iJiMjSD+AiCa3dr2GTs+Hf+1OFUnTOOpMEDplcg
N5TT3vD+fua9gN1HvT3Y/jF/G940Vn3A7hUZU4QdIHYXVVi0fiaKhqnxsR2CL3oZ
A1TS0+q4zNja8kCNr0Sckmkr+kT8CroOhuZGnaUJj5U5
-----END CERTIFICATE-----