Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/cULvj9sdgViYIbPS51XphWtZHG0.roa
File:                     cULvj9sdgViYIbPS51XphWtZHG0.roa (raw, json)
Hash identifier:          uDP/R/t4YX6+ugXC8PHCAb2yrmj8m1XADtF7jjrMEvA=
Subject key identifier:   71:42:EF:8F:DB:1D:81:58:98:21:B3:D2:E7:55:E9:85:6B:59:1C:6D
Certificate issuer:       /CN=954a2aee086174b01272fae779ad431eb092aeb7
Certificate serial:       018CC8DE2D1D4DC0A7C27EB77B5EA6EEB180
Authority key identifier: 95:4A:2A:EE:08:61:74:B0:12:72:FA:E7:79:AD:43:1E:B0:92:AE:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lUoq7ghhdLAScvrnea1DHrCSrrc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/cULvj9sdgViYIbPS51XphWtZHG0.roa
Signing time:             Tue 02 Jan 2024 06:30:52 +0000
ROA not before:           Tue 02 Jan 2024 06:30:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49981
IP address blocks:        185.7.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/lUoq7ghhdLAScvrnea1DHrCSrrc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/lUoq7ghhdLAScvrnea1DHrCSrrc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lUoq7ghhdLAScvrnea1DHrCSrrc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:2d:1d:4d:c0:a7:c2:7e:b7:7b:5e:a6:ee:b1:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=954a2aee086174b01272fae779ad431eb092aeb7
        Validity
            Not Before: Jan  2 06:30:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7142ef8fdb1d81589821b3d2e755e9856b591c6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:1c:41:9d:a6:65:2b:37:f3:e9:b2:4f:c9:1d:
                    f6:d9:61:bc:04:17:fc:31:c0:17:c1:7a:8a:a7:05:
                    32:3d:e9:39:03:5f:01:c7:c0:f3:5f:e5:1a:b9:30:
                    6d:6d:67:8f:b3:6c:28:fb:5a:30:ce:41:41:0b:47:
                    f0:c5:88:03:f1:29:b8:33:5e:36:16:c4:18:47:dd:
                    67:7f:77:59:ee:e1:8a:ac:18:11:c8:f7:5f:14:86:
                    e2:06:e5:3c:9e:60:1d:55:36:b3:ad:5e:49:cc:83:
                    4d:86:5b:63:60:6b:9d:f2:d3:fb:8d:87:ba:ab:b2:
                    b2:32:94:02:86:e6:a2:00:ce:16:50:66:37:56:69:
                    84:40:c0:64:49:ba:f8:b7:4e:15:38:d3:6e:11:be:
                    26:2b:4b:1b:85:1b:73:7d:15:e8:d1:7b:f2:86:f7:
                    1a:41:5a:4c:2f:ab:d3:e9:58:ef:b9:87:6a:6c:27:
                    37:f2:0f:04:42:71:4e:e2:a8:73:b2:55:05:85:d5:
                    98:88:ac:d3:4e:6d:25:1d:b6:2b:d0:b3:d9:70:d2:
                    90:63:4f:30:b5:7f:b5:3b:c1:1d:d4:b8:ed:1c:74:
                    37:7c:39:76:2e:8f:3f:03:b1:72:2f:ba:54:0a:32:
                    2b:87:e6:90:78:d4:ae:d9:58:0b:c6:c0:14:38:c6:
                    9f:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:42:EF:8F:DB:1D:81:58:98:21:B3:D2:E7:55:E9:85:6B:59:1C:6D
            X509v3 Authority Key Identifier:
                keyid:95:4A:2A:EE:08:61:74:B0:12:72:FA:E7:79:AD:43:1E:B0:92:AE:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lUoq7ghhdLAScvrnea1DHrCSrrc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/cULvj9sdgViYIbPS51XphWtZHG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/lUoq7ghhdLAScvrnea1DHrCSrrc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.7.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ea:c3:6d:39:51:c6:2b:8c:93:3d:d3:af:97:78:25:ae:c9:7e:
         34:f8:4d:23:9b:b3:46:40:73:42:cd:0c:50:dd:9c:17:e7:3b:
         ae:7c:ba:9e:34:82:4c:74:55:24:88:e9:0b:6d:e9:89:db:61:
         3a:3a:ce:88:18:6a:55:ef:94:56:96:56:bc:44:61:33:f6:2b:
         a3:e2:2d:a3:bc:a6:cd:97:07:b9:ba:ef:d0:04:ff:22:d9:51:
         1f:14:96:6e:82:90:94:77:e1:0a:d8:c1:ee:73:65:79:26:75:
         5c:3d:7a:6a:60:2f:67:9a:12:cc:89:78:17:00:69:cc:20:43:
         43:82:5e:dd:9c:7b:05:67:0c:3e:fb:bf:89:88:d8:a5:47:1b:
         c6:ce:ca:67:c4:39:63:e8:c7:22:f2:e3:3e:af:ba:ed:e7:b6:
         9f:26:d5:37:d4:2c:1e:5f:ae:96:ac:88:ac:08:36:c4:bc:0d:
         a6:fb:5e:b3:bf:a8:07:38:36:b4:1d:4d:1e:38:f1:b8:26:ba:
         0a:cd:08:00:bb:3f:17:6d:a0:92:d2:dd:e9:b3:80:53:ac:2d:
         19:a3:59:8d:47:ea:b0:7f:e4:1e:fa:49:68:c0:ca:ce:a2:b2:
         79:31:8e:57:b2:d3:2d:ba:f0:30:35:ff:21:bd:01:dc:83:e6:
         7d:d0:03:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3i0dTcCnwn63e16m7rGAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1NGEyYWVlMDg2MTc0YjAxMjcyZmFlNzc5YWQ0MzFlYjA5
MmFlYjcwHhcNMjQwMTAyMDYzMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTQyZWY4ZmRiMWQ4MTU4OTgyMWIzZDJlNzU1ZTk4NTZiNTkxYzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhxBnaZlKzfz6bJPyR322WG8BBf8
McAXwXqKpwUyPek5A18Bx8DzX+UauTBtbWePs2wo+1owzkFBC0fwxYgD8Sm4M142
FsQYR91nf3dZ7uGKrBgRyPdfFIbiBuU8nmAdVTazrV5JzINNhltjYGud8tP7jYe6
q7KyMpQChuaiAM4WUGY3VmmEQMBkSbr4t04VONNuEb4mK0sbhRtzfRXo0Xvyhvca
QVpML6vT6VjvuYdqbCc38g8EQnFO4qhzslUFhdWYiKzTTm0lHbYr0LPZcNKQY08w
tX+1O8Ed1LjtHHQ3fDl2Lo8/A7FyL7pUCjIrh+aQeNSu2VgLxsAUOMafMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHFC74/bHYFYmCGz0udV6YVrWRxtMB8GA1UdIwQY
MBaAFJVKKu4IYXSwEnL653mtQx6wkq63MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFVvcTdnaGhkTEFTY3ZybmVhMURIckNTcnJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS8yMzUzOTYtMGU0Mi00Mzc3LTg1NWEt
NDU2NWYwNGY4ZDg1LzEvY1VMdmo5c2RnVmlZSWJQUzUxWHBoV3RaSEcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS8yMzUzOTYtMGU0Mi00Mzc3LTg1NWEtNDU2NWYwNGY4ZDg1
LzEvbFVvcTdnaGhkTEFTY3ZybmVhMURIckNTcnJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQdRMA0G
CSqGSIb3DQEBCwUAA4IBAQDqw205UcYrjJM906+XeCWuyX40+E0jm7NGQHNCzQxQ
3ZwX5zuufLqeNIJMdFUkiOkLbemJ22E6Os6IGGpV75RWlla8RGEz9iuj4i2jvKbN
lwe5uu/QBP8i2VEfFJZugpCUd+EK2MHuc2V5JnVcPXpqYC9nmhLMiXgXAGnMIEND
gl7dnHsFZww++7+JiNilRxvGzspnxDlj6Mci8uM+r7rt57afJtU31CweX66WrIis
CDbEvA2m+16zv6gHODa0HU0eOPG4JroKzQgAuz8XbaCS0t3ps4BTrC0Zo1mNR+qw
f+Qe+klowMrOorJ5MY5XstMtuvAwNf8hvQHcg+Z90AMo
-----END CERTIFICATE-----