Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/UCWbatgBJPQcMnt_cIrf5TLmTco.roa
File:                     UCWbatgBJPQcMnt_cIrf5TLmTco.roa (raw, json)
Hash identifier:          4jcy0IYkPMn7MDwLiqp5NkEDbpXuNSrVECnd37hVlmY=
Subject key identifier:   50:25:9B:6A:D8:01:24:F4:1C:32:7B:7F:70:8A:DF:E5:32:E6:4D:CA
Certificate issuer:       /CN=0b5f8c9447d614b86182763d9333250e2d9412e2
Certificate serial:       018EECD85BB05DED1F0A6C4DF574438A8DB0
Authority key identifier: 0B:5F:8C:94:47:D6:14:B8:61:82:76:3D:93:33:25:0E:2D:94:12:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C1-MlEfWFLhhgnY9kzMlDi2UEuI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/UCWbatgBJPQcMnt_cIrf5TLmTco.roa
Signing time:             Wed 17 Apr 2024 16:16:25 +0000
ROA not before:           Wed 17 Apr 2024 16:16:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29066
IP address blocks:        185.33.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/C1-MlEfWFLhhgnY9kzMlDi2UEuI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/C1-MlEfWFLhhgnY9kzMlDi2UEuI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C1-MlEfWFLhhgnY9kzMlDi2UEuI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 04:01:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ec:d8:5b:b0:5d:ed:1f:0a:6c:4d:f5:74:43:8a:8d:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b5f8c9447d614b86182763d9333250e2d9412e2
        Validity
            Not Before: Apr 17 16:16:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=50259b6ad80124f41c327b7f708adfe532e64dca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:4d:d6:75:e0:5b:f8:5f:54:40:10:6e:b5:bb:
                    ae:c5:17:ba:68:20:df:ee:95:4a:f6:6c:97:9d:2b:
                    ed:4c:8f:9f:8a:93:4a:45:18:9f:98:eb:d5:ad:23:
                    d5:bf:77:6a:3f:b5:a0:64:71:6d:4c:4d:1e:21:9c:
                    e8:35:c6:2b:ef:dc:4d:b2:11:cf:28:3e:25:9a:f5:
                    70:31:48:ff:f5:ae:3c:3e:e6:05:bb:dd:d9:3b:0e:
                    54:b5:c0:59:c9:22:da:c6:83:72:a5:f1:8b:c1:c4:
                    42:13:d6:41:26:19:73:e2:6b:f4:f5:61:8a:5b:e6:
                    38:84:db:b8:f9:f1:7e:3c:7a:45:89:c3:46:0f:c0:
                    25:f2:84:b8:75:63:88:cf:37:76:ac:8f:29:ef:3f:
                    04:ec:87:f4:3b:55:45:4d:f8:55:03:df:20:a7:6d:
                    78:bd:94:d5:76:68:e5:6e:ad:a7:cc:23:31:60:9e:
                    87:e9:03:bb:f2:5c:63:a6:53:16:be:83:9d:17:7f:
                    bc:7b:25:01:8e:f9:71:e2:e0:0d:80:8b:c0:6c:c7:
                    09:c7:f4:56:c9:68:6c:9c:12:ce:f8:bd:37:c0:f3:
                    b8:ec:9e:7a:0f:7f:88:60:f3:b2:0b:10:0a:b4:fd:
                    2a:3c:3b:f2:9b:2e:63:2a:0a:a9:dc:94:e9:ee:32:
                    7e:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:25:9B:6A:D8:01:24:F4:1C:32:7B:7F:70:8A:DF:E5:32:E6:4D:CA
            X509v3 Authority Key Identifier:
                keyid:0B:5F:8C:94:47:D6:14:B8:61:82:76:3D:93:33:25:0E:2D:94:12:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C1-MlEfWFLhhgnY9kzMlDi2UEuI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/UCWbatgBJPQcMnt_cIrf5TLmTco.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/C1-MlEfWFLhhgnY9kzMlDi2UEuI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.33.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:a1:b2:32:17:b8:cb:1e:3b:6d:de:f5:43:57:ba:44:22:27:
         33:b1:b7:23:7d:53:d4:79:98:f8:87:85:da:9a:9e:cc:f9:6f:
         c9:ab:0c:70:d5:24:5a:b6:c4:fb:79:e7:c1:bf:d2:e2:1d:98:
         cd:9f:e1:10:8d:a9:30:45:ae:61:89:17:66:43:0b:be:29:f9:
         fb:af:41:fc:cc:6a:dc:5b:13:fb:73:73:1d:a0:6e:13:1f:43:
         c7:b0:bf:eb:7d:4c:3e:6e:98:d5:0c:47:05:09:e6:c2:32:ba:
         c9:a3:d6:7b:fa:1b:58:d4:be:f3:f9:10:23:9b:4e:48:94:5b:
         53:82:d8:2c:84:dc:eb:30:3c:32:51:39:53:fb:22:f4:58:85:
         16:b1:78:20:49:dd:35:e7:74:e5:f8:6b:da:0a:a8:73:fa:6a:
         db:02:3b:9f:68:c6:b8:96:74:3b:13:19:12:90:d6:c1:00:f1:
         f9:99:ee:eb:09:d4:3c:ae:30:fd:ef:c0:10:c9:36:f3:05:2e:
         e8:bf:03:6d:a9:af:b5:6f:e1:bd:b6:7c:4b:53:7e:d1:4b:4c:
         d3:2a:cf:38:98:08:79:28:77:45:f1:b1:b3:c6:cf:be:da:cb:
         44:be:18:5c:9e:f8:2d:00:71:8f:51:25:9e:05:38:52:a6:9d:
         8a:0e:f4:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7s2FuwXe0fCmxN9XRDio2wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNWY4Yzk0NDdkNjE0Yjg2MTgyNzYzZDkzMzMyNTBlMmQ5
NDEyZTIwHhcNMjQwNDE3MTYxNjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDI1OWI2YWQ4MDEyNGY0MWMzMjdiN2Y3MDhhZGZlNTMyZTY0ZGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxE3WdeBb+F9UQBButbuuxRe6aCDf
7pVK9myXnSvtTI+fipNKRRifmOvVrSPVv3dqP7WgZHFtTE0eIZzoNcYr79xNshHP
KD4lmvVwMUj/9a48PuYFu93ZOw5UtcBZySLaxoNypfGLwcRCE9ZBJhlz4mv09WGK
W+Y4hNu4+fF+PHpFicNGD8Al8oS4dWOIzzd2rI8p7z8E7If0O1VFTfhVA98gp214
vZTVdmjlbq2nzCMxYJ6H6QO78lxjplMWvoOdF3+8eyUBjvlx4uANgIvAbMcJx/RW
yWhsnBLO+L03wPO47J56D3+IYPOyCxAKtP0qPDvymy5jKgqp3JTp7jJ+IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFAlm2rYAST0HDJ7f3CK3+Uy5k3KMB8GA1UdIwQY
MBaAFAtfjJRH1hS4YYJ2PZMzJQ4tlBLiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzEtTWxFZldGTGhoZ25ZOWt6TWxEaTJVRXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9mN2Y2YzAtMDlkMC00OTJjLTkyZTYt
OGE5NWU2Mzc3MzMyLzEvVUNXYmF0Z0JKUFFjTW50X2NJcmY1VExtVGNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9mN2Y2YzAtMDlkMC00OTJjLTkyZTYtOGE5NWU2Mzc3MzMy
LzEvQzEtTWxFZldGTGhoZ25ZOWt6TWxEaTJVRXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSEaMA0G
CSqGSIb3DQEBCwUAA4IBAQA1obIyF7jLHjtt3vVDV7pEIiczsbcjfVPUeZj4h4Xa
mp7M+W/Jqwxw1SRatsT7eefBv9LiHZjNn+EQjakwRa5hiRdmQwu+Kfn7r0H8zGrc
WxP7c3MdoG4TH0PHsL/rfUw+bpjVDEcFCebCMrrJo9Z7+htY1L7z+RAjm05IlFtT
gtgshNzrMDwyUTlT+yL0WIUWsXggSd0153Tl+GvaCqhz+mrbAjufaMa4lnQ7ExkS
kNbBAPH5me7rCdQ8rjD978AQyTbzBS7ovwNtqa+1b+G9tnxLU37RS0zTKs84mAh5
KHdF8bGzxs++2stEvhhcnvgtAHGPUSWeBThSpp2KDvQn
-----END CERTIFICATE-----