Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/0UTXOAgdv44NT-webbKqrJ6I32k.roa
File:                     0UTXOAgdv44NT-webbKqrJ6I32k.roa (raw, json)
Hash identifier:          NIKsY0aYORF0kVJ0BESW1Gb/BnS6Y4YoelmHVE7jyFw=
Subject key identifier:   D1:44:D7:38:08:1D:BF:8E:0D:4F:EC:1E:6D:B2:AA:AC:9E:88:DF:69
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       018CC5DC1F4EF279587AD8A6811841E1CE1E
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/0UTXOAgdv44NT-webbKqrJ6I32k.roa
Signing time:             Mon 01 Jan 2024 16:29:46 +0000
ROA not before:           Mon 01 Jan 2024 16:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200724
IP address blocks:        213.33.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:1f:4e:f2:79:58:7a:d8:a6:81:18:41:e1:ce:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Jan  1 16:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d144d738081dbf8e0d4fec1e6db2aaac9e88df69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:ae:e1:f4:4d:47:fb:13:2c:72:e6:87:42:fc:
                    b4:65:6b:f5:ff:e5:05:39:ad:ce:45:93:74:3a:ca:
                    bd:26:e0:8e:8e:dc:8c:ee:a3:11:eb:cc:a5:1a:a9:
                    22:ce:b4:a3:6b:28:1e:88:96:cb:f3:e4:ad:89:9c:
                    d8:c1:2a:e2:f2:45:c7:34:9c:e7:b5:43:9d:76:45:
                    b4:54:59:0f:ee:ce:dc:1c:5d:d9:dc:d4:5f:30:e0:
                    a8:7f:e9:29:ea:30:8a:27:09:7c:9d:d4:ed:35:51:
                    c3:6a:d5:c6:15:0f:9d:3a:40:72:67:8b:83:6a:ec:
                    6e:d9:1a:3a:44:df:5f:ab:69:db:59:5b:e0:47:dd:
                    cc:44:b4:5d:cb:57:f3:fa:2d:aa:52:ab:09:a7:a8:
                    51:bd:81:76:bd:a7:d1:be:00:48:96:8a:b6:10:90:
                    d6:16:98:bc:47:df:53:91:37:4d:d7:68:a5:53:91:
                    2e:4f:10:1a:15:34:48:ed:55:07:95:32:b4:fc:b0:
                    59:3e:f6:31:5f:9c:79:ee:51:5d:4f:03:8d:a2:0d:
                    49:6e:2a:99:0c:67:d9:73:3a:54:7e:75:4a:87:53:
                    6d:11:3a:e4:41:82:d0:64:0d:57:55:22:ce:f6:75:
                    f7:52:c4:e1:45:23:d8:89:16:59:3b:c9:6c:f3:04:
                    ca:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:44:D7:38:08:1D:BF:8E:0D:4F:EC:1E:6D:B2:AA:AC:9E:88:DF:69
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/0UTXOAgdv44NT-webbKqrJ6I32k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.33.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c4:f5:8d:05:c3:39:c5:f6:38:8c:41:75:15:b7:4f:31:fb:f5:
         45:5f:25:53:05:92:6d:66:d5:1c:fe:69:46:8e:39:fe:6a:5c:
         15:8f:6c:77:48:7c:27:ce:f0:41:62:43:f5:9a:ee:e9:d3:a0:
         b1:44:68:ed:4e:07:04:34:b6:20:4e:6c:e0:4c:d9:bd:f7:a9:
         04:0c:38:79:81:3c:b4:f5:67:37:25:52:f1:a2:69:f3:d9:43:
         8b:c3:54:d6:de:34:94:e4:e6:f3:45:fa:19:f1:59:11:3f:b5:
         14:1e:a5:b0:c4:66:85:07:44:e5:2b:52:50:83:48:05:e3:99:
         3e:15:2d:4c:bb:03:a0:b7:a8:76:50:3f:25:2b:5b:30:27:0b:
         4a:33:91:b5:d6:c1:b8:1d:07:da:ec:a0:f3:37:34:a1:99:cc:
         40:14:20:b1:50:ec:25:fb:16:1a:55:a9:c8:0f:fd:ae:f5:26:
         78:eb:43:1a:6c:fa:2c:99:b6:fd:81:30:f5:3b:fb:1d:09:67:
         69:a2:47:25:c2:d9:11:c3:af:5d:a1:18:ee:6a:74:cd:ba:44:
         b3:c5:ff:6a:8d:ea:ad:f5:c2:a1:53:8e:e0:ac:6b:09:73:63:
         9d:63:f6:f2:dd:12:c5:ff:5a:cc:c2:2b:d5:08:05:77:3c:55:
         74:97:06:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3B9O8nlYetimgRhB4c4eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjQwMTAxMTYyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTQ0ZDczODA4MWRiZjhlMGQ0ZmVjMWU2ZGIyYWFhYzllODhkZjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh67h9E1H+xMscuaHQvy0ZWv1/+UF
Oa3ORZN0Osq9JuCOjtyM7qMR68ylGqkizrSjaygeiJbL8+StiZzYwSri8kXHNJzn
tUOddkW0VFkP7s7cHF3Z3NRfMOCof+kp6jCKJwl8ndTtNVHDatXGFQ+dOkByZ4uD
auxu2Ro6RN9fq2nbWVvgR93MRLRdy1fz+i2qUqsJp6hRvYF2vafRvgBIloq2EJDW
Fpi8R99TkTdN12ilU5EuTxAaFTRI7VUHlTK0/LBZPvYxX5x57lFdTwONog1JbiqZ
DGfZczpUfnVKh1NtETrkQYLQZA1XVSLO9nX3UsThRSPYiRZZO8ls8wTKSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNFE1zgIHb+ODU/sHm2yqqyeiN9pMB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEvMFVUWE9BZ2R2NDROVC13ZWJiS3FySjZJMzJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1SE1MA0G
CSqGSIb3DQEBCwUAA4IBAQDE9Y0FwznF9jiMQXUVt08x+/VFXyVTBZJtZtUc/mlG
jjn+alwVj2x3SHwnzvBBYkP1mu7p06CxRGjtTgcENLYgTmzgTNm996kEDDh5gTy0
9Wc3JVLxomnz2UOLw1TW3jSU5ObzRfoZ8VkRP7UUHqWwxGaFB0TlK1JQg0gF45k+
FS1MuwOgt6h2UD8lK1swJwtKM5G11sG4HQfa7KDzNzShmcxAFCCxUOwl+xYaVanI
D/2u9SZ460MabPosmbb9gTD1O/sdCWdpokclwtkRw69doRjuanTNukSzxf9qjeqt
9cKhU47grGsJc2OdY/by3RLF/1rMwivVCAV3PFV0lwZQ
-----END CERTIFICATE-----