Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/u-vKMruTDNsUxVFWOoTlyHR4P_s.roa
File:                     u-vKMruTDNsUxVFWOoTlyHR4P_s.roa (raw, json)
Hash identifier:          9rZkb/JMRMrIPqK7MoFjr3XsdonFG+n9BC+dOZGn1eM=
Subject key identifier:   BB:EB:CA:32:BB:93:0C:DB:14:C5:51:56:3A:84:E5:C8:74:78:3F:FB
Certificate issuer:       /CN=dcef58d4cfa35543f8488a2756e6924e647b4589
Certificate serial:       018CC94E6EFF4B6FF064F65EEB6A73362A6F
Authority key identifier: DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/u-vKMruTDNsUxVFWOoTlyHR4P_s.roa
Signing time:             Tue 02 Jan 2024 08:33:29 +0000
ROA not before:           Tue 02 Jan 2024 08:33:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43704
IP address blocks:        185.248.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:6e:ff:4b:6f:f0:64:f6:5e:eb:6a:73:36:2a:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcef58d4cfa35543f8488a2756e6924e647b4589
        Validity
            Not Before: Jan  2 08:33:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bbebca32bb930cdb14c551563a84e5c874783ffb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:76:10:1e:62:4b:0a:f6:92:49:d7:2d:7b:a6:
                    9b:36:b2:30:0c:89:31:0e:19:32:28:4c:be:86:0c:
                    24:71:48:bc:9e:b6:45:20:09:9e:00:ef:e2:6b:de:
                    cc:e1:2d:8a:47:9a:a1:f7:f9:95:98:75:03:3f:4c:
                    6a:db:b1:07:f6:76:c3:3f:f1:06:5b:0d:2c:63:72:
                    d0:9f:6d:6a:08:21:5c:81:18:79:5f:8c:82:a2:0b:
                    1e:d3:a4:e3:6b:9f:cc:83:be:5e:d3:d5:a5:ac:e5:
                    04:f7:a6:bd:08:d2:71:c7:b4:cf:72:11:38:d9:61:
                    ab:bf:8c:a5:cd:41:06:2f:44:ec:a6:8f:0f:5c:d2:
                    5a:09:97:6e:70:3e:5b:d6:2a:48:eb:3c:b3:d7:e8:
                    0f:f0:98:cc:4f:2b:97:94:7e:93:74:69:fa:d9:37:
                    21:d9:0e:04:04:44:ea:eb:5f:34:71:8d:a3:79:ab:
                    9e:16:67:2d:8d:67:56:e5:15:8f:e5:1e:40:86:8a:
                    88:4a:1c:ef:b3:f5:2c:e7:87:6c:3a:f4:e0:43:08:
                    c6:3e:43:01:d5:0e:d9:e9:cd:fb:4b:c6:6a:2c:57:
                    0c:ad:7b:29:ee:46:74:ac:05:0c:9e:10:01:75:7e:
                    6a:af:9f:ec:05:15:a2:c0:4a:98:7d:12:8a:60:cc:
                    97:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:EB:CA:32:BB:93:0C:DB:14:C5:51:56:3A:84:E5:C8:74:78:3F:FB
            X509v3 Authority Key Identifier:
                keyid:DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/u-vKMruTDNsUxVFWOoTlyHR4P_s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.248.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:df:9f:b4:a0:2b:74:6d:42:46:a4:8f:6b:fd:53:36:e9:62:
         00:50:9e:5a:04:42:6d:25:75:f8:37:48:17:f1:0c:32:52:d3:
         df:73:4d:52:4b:21:7d:15:01:ed:ae:6f:cb:66:95:74:da:14:
         ac:2d:44:4a:22:0c:a0:a3:61:bc:81:32:00:09:3d:f8:c0:71:
         b0:d8:55:6b:b0:28:0f:c1:12:71:51:ec:56:45:44:26:17:4c:
         b7:c1:bc:fc:63:98:97:23:9f:33:9e:8d:ea:40:7c:c6:94:89:
         cf:1c:73:fb:25:c2:26:3f:91:9e:a2:b6:a3:82:72:dc:69:47:
         75:84:9c:f2:4c:67:11:4e:c4:b1:a0:97:3d:c6:6e:87:53:b4:
         44:ac:d8:31:c8:fa:ee:d7:30:bf:36:49:ac:e6:be:48:0a:d2:
         60:40:f7:f2:2a:db:ce:36:19:8f:68:c5:1c:27:50:05:21:56:
         fb:09:e9:18:75:24:82:4b:50:62:28:4f:a6:81:a7:0c:e7:b5:
         9a:91:52:1e:93:78:54:be:3a:cb:4d:1a:10:eb:ab:9b:7c:b7:
         85:bc:a4:38:4a:49:49:8c:84:7b:05:12:bc:f4:fa:6d:c0:43:
         f8:58:08:88:3f:24:b9:03:44:1b:b5:06:07:2e:df:83:08:87:
         a0:30:bc:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTm7/S2/wZPZe62pzNipvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZWY1OGQ0Y2ZhMzU1NDNmODQ4OGEyNzU2ZTY5MjRlNjQ3
YjQ1ODkwHhcNMjQwMTAyMDgzMzI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmViY2EzMmJiOTMwY2RiMTRjNTUxNTYzYTg0ZTVjODc0NzgzZmZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu3YQHmJLCvaSSdcte6abNrIwDIkx
DhkyKEy+hgwkcUi8nrZFIAmeAO/ia97M4S2KR5qh9/mVmHUDP0xq27EH9nbDP/EG
Ww0sY3LQn21qCCFcgRh5X4yCogse06Tja5/Mg75e09WlrOUE96a9CNJxx7TPchE4
2WGrv4ylzUEGL0Tspo8PXNJaCZducD5b1ipI6zyz1+gP8JjMTyuXlH6TdGn62Tch
2Q4EBETq6180cY2jeaueFmctjWdW5RWP5R5AhoqIShzvs/Us54dsOvTgQwjGPkMB
1Q7Z6c37S8ZqLFcMrXsp7kZ0rAUMnhABdX5qr5/sBRWiwEqYfRKKYMyXtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLvryjK7kwzbFMVRVjqE5ch0eD/7MB8GA1UdIwQY
MBaAFNzvWNTPo1VD+EiKJ1bmkk5ke0WJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMt
MmVjZTA0ZTE4NWMyLzEvdS12S01ydVRETnNVeFZGV09vVGx5SFI0UF9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMtMmVjZTA0ZTE4NWMy
LzEvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufiJMA0G
CSqGSIb3DQEBCwUAA4IBAQCp35+0oCt0bUJGpI9r/VM26WIAUJ5aBEJtJXX4N0gX
8QwyUtPfc01SSyF9FQHtrm/LZpV02hSsLURKIgygo2G8gTIACT34wHGw2FVrsCgP
wRJxUexWRUQmF0y3wbz8Y5iXI58zno3qQHzGlInPHHP7JcImP5GeorajgnLcaUd1
hJzyTGcRTsSxoJc9xm6HU7RErNgxyPru1zC/Nkms5r5ICtJgQPfyKtvONhmPaMUc
J1AFIVb7CekYdSSCS1BiKE+mgacM57WakVIek3hUvjrLTRoQ66ubfLeFvKQ4SklJ
jIR7BRK89PptwEP4WAiIPyS5A0QbtQYHLt+DCIegMLyF
-----END CERTIFICATE-----