Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/umvm6-_HhOymyezd6yYmG00VHv0.roa
File:                     umvm6-_HhOymyezd6yYmG00VHv0.roa (raw, json)
Hash identifier:          fFo9U9jtUYnxGm8zzKNGcnQTTfEUrtRg0nHwt51R8yY=
Subject key identifier:   BA:6B:E6:EB:EF:C7:84:EC:A6:C9:EC:DD:EB:26:26:1B:4D:15:1E:FD
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       018CC8DE8FC9081FDCFF6689C036EAF61BB4
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/umvm6-_HhOymyezd6yYmG00VHv0.roa
Signing time:             Tue 02 Jan 2024 06:31:18 +0000
ROA not before:           Tue 02 Jan 2024 06:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207994
IP address blocks:        5.253.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:8f:c9:08:1f:dc:ff:66:89:c0:36:ea:f6:1b:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  2 06:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba6be6ebefc784eca6c9ecddeb26261b4d151efd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:bc:e3:2d:cf:5c:de:46:9c:6c:07:91:a3:d8:
                    71:2c:53:e2:4a:5e:1f:3b:02:8e:3a:a8:9a:68:64:
                    b9:fc:c7:c0:95:f4:ed:da:88:76:ca:be:d8:3c:17:
                    3a:75:02:28:36:38:df:c9:60:61:a8:d8:08:b4:0b:
                    99:32:5c:63:e0:a4:94:57:11:37:08:35:f6:66:0d:
                    be:d2:b6:24:89:ef:2a:f9:60:1b:13:40:13:83:53:
                    4d:68:fa:5d:e9:e8:c6:b6:f0:c1:dd:29:a9:d8:a0:
                    15:18:79:6e:0f:75:1c:ba:f4:76:70:99:0e:c7:bd:
                    88:6a:62:d0:a7:d8:f7:3f:21:3b:3a:08:03:da:b3:
                    7b:f6:ca:b4:91:56:8b:09:02:2c:9b:4f:39:5b:f4:
                    29:2a:91:2d:09:5c:f6:e7:75:df:b3:60:87:63:68:
                    c9:ff:4f:0b:7e:11:2e:e4:dd:72:dd:e8:ee:1f:6e:
                    7c:81:d5:f7:20:48:b6:f8:b0:10:2c:81:e7:be:eb:
                    d4:a2:cd:c0:68:aa:87:ce:df:97:18:79:70:ff:b6:
                    21:28:55:3b:77:4c:ea:49:0b:54:a8:66:21:6f:f9:
                    e0:ca:dc:54:c1:8f:cf:10:c4:a7:16:da:50:d6:4c:
                    3a:f9:39:79:2d:d9:e9:c8:41:b5:43:5e:a2:a7:e0:
                    70:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:6B:E6:EB:EF:C7:84:EC:A6:C9:EC:DD:EB:26:26:1B:4D:15:1E:FD
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/umvm6-_HhOymyezd6yYmG00VHv0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:94:f4:16:fa:f1:57:36:a2:87:ea:da:b4:78:9e:e6:b0:cc:
         2c:f1:ca:e4:f5:1b:7d:75:81:2d:ab:2b:95:aa:04:c1:4e:07:
         14:ad:c4:68:8c:4d:68:de:3d:19:82:66:65:e2:e0:63:39:76:
         e8:98:a0:15:a7:2b:5e:11:f9:f0:36:9a:7c:f3:f0:e8:0c:91:
         20:68:4d:8d:ab:58:4b:dc:ed:fb:ed:9d:40:74:f6:3a:f6:ad:
         4f:9f:28:46:5e:97:b7:9e:90:57:5b:4d:a7:6a:f1:f2:6f:cd:
         6d:ab:6e:fa:1b:d5:94:bf:69:2d:5f:0c:a4:45:c9:89:64:69:
         16:1b:53:aa:6d:30:bc:56:31:94:d6:a7:98:b4:0d:d9:07:fc:
         ab:39:e4:ba:96:14:ea:60:39:51:fe:85:80:e8:8e:de:20:01:
         c5:23:de:1a:d9:69:e3:dd:38:a4:1d:5c:b8:68:bb:b6:50:bc:
         5e:53:6b:6f:47:3d:0f:31:e0:54:79:b8:d2:46:2e:39:47:78:
         19:35:71:f0:f8:e8:4a:99:51:26:44:48:c7:fd:82:b9:22:eb:
         4e:24:d2:59:ac:74:3a:69:c1:c8:4c:e0:d4:7b:fd:0a:e0:bb:
         76:14:12:7b:bf:5f:08:54:4f:ae:48:4c:83:44:07:83:5f:b3:
         41:93:ca:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3o/JCB/c/2aJwDbq9hu0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQwMTAyMDYzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTZiZTZlYmVmYzc4NGVjYTZjOWVjZGRlYjI2MjYxYjRkMTUxZWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjLzjLc9c3kacbAeRo9hxLFPiSl4f
OwKOOqiaaGS5/MfAlfTt2oh2yr7YPBc6dQIoNjjfyWBhqNgItAuZMlxj4KSUVxE3
CDX2Zg2+0rYkie8q+WAbE0ATg1NNaPpd6ejGtvDB3Smp2KAVGHluD3UcuvR2cJkO
x72IamLQp9j3PyE7OggD2rN79sq0kVaLCQIsm085W/QpKpEtCVz253Xfs2CHY2jJ
/08LfhEu5N1y3ejuH258gdX3IEi2+LAQLIHnvuvUos3AaKqHzt+XGHlw/7YhKFU7
d0zqSQtUqGYhb/ngytxUwY/PEMSnFtpQ1kw6+Tl5LdnpyEG1Q16ip+BwmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLpr5uvvx4Tspsns3esmJhtNFR79MB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvdW12bTYtX0hoT3lteWV6ZDZ5WW1HMDBWSHYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABf0lMA0G
CSqGSIb3DQEBCwUAA4IBAQAQlPQW+vFXNqKH6tq0eJ7msMws8crk9Rt9dYEtqyuV
qgTBTgcUrcRojE1o3j0ZgmZl4uBjOXbomKAVpyteEfnwNpp88/DoDJEgaE2Nq1hL
3O377Z1AdPY69q1PnyhGXpe3npBXW02navHyb81tq276G9WUv2ktXwykRcmJZGkW
G1OqbTC8VjGU1qeYtA3ZB/yrOeS6lhTqYDlR/oWA6I7eIAHFI94a2Wnj3TikHVy4
aLu2ULxeU2tvRz0PMeBUebjSRi45R3gZNXHw+OhKmVEmREjH/YK5IutOJNJZrHQ6
acHITODUe/0K4Lt2FBJ7v18IVE+uSEyDRAeDX7NBk8r9
-----END CERTIFICATE-----