Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/ujOPSZBPDilfS_I3maxQ3QefKRY.roa
File:                     ujOPSZBPDilfS_I3maxQ3QefKRY.roa (raw, json)
Hash identifier:          lf8r45S4lR//+twVRri0aT61Jjsac0/hzKKhM6NGTig=
Subject key identifier:   BA:33:8F:49:90:4F:0E:29:5F:4B:F2:37:99:AC:50:DD:07:9F:29:16
Certificate issuer:       /CN=22f344a63dcb70e89057deb8e2761dc45165881a
Certificate serial:       019265E09007DD5BA445F3A0EABCDE8A8701
Authority key identifier: 22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/ujOPSZBPDilfS_I3maxQ3QefKRY.roa
Signing time:             Mon 07 Oct 2024 07:27:48 +0000
ROA not before:           Mon 07 Oct 2024 07:27:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        85.28.52.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:65:e0:90:07:dd:5b:a4:45:f3:a0:ea:bc:de:8a:87:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22f344a63dcb70e89057deb8e2761dc45165881a
        Validity
            Not Before: Oct  7 07:27:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba338f49904f0e295f4bf23799ac50dd079f2916
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:f1:57:04:0a:49:0b:ca:88:02:9f:4d:08:95:
                    c5:42:56:b7:5b:40:d0:60:2b:33:cc:9a:ac:51:42:
                    8b:2e:6b:ae:5c:2b:3e:1b:98:09:e9:aa:1c:6f:b8:
                    85:17:9c:7d:58:bf:a0:1a:8c:96:f5:99:0f:a6:d1:
                    bf:60:b9:c8:fb:82:54:32:ef:6d:90:1d:5f:65:8a:
                    17:53:d0:22:f2:c2:84:7a:31:fe:2b:38:f1:66:18:
                    39:44:ca:5a:2f:82:a6:fc:ec:05:2a:c7:06:57:e3:
                    22:db:22:23:90:11:18:22:6c:21:07:e0:1c:8e:aa:
                    3a:49:6e:90:a8:cc:80:b2:e1:30:cc:ec:30:4b:a6:
                    4f:a9:f9:54:33:23:52:d0:a4:8c:b7:40:75:64:ff:
                    b5:5a:fd:f8:a5:31:43:82:22:3c:45:eb:3e:25:69:
                    9a:fd:8b:3d:8b:e4:2d:76:ea:0b:a7:e0:96:bf:53:
                    c5:bb:ea:dc:9c:9a:33:95:c6:a3:89:5f:70:7e:af:
                    4a:13:ab:ee:c1:1d:bf:8b:92:dc:4f:18:f3:2f:ed:
                    b1:f0:48:79:9c:2b:b9:15:9b:ba:18:c6:ee:0c:bb:
                    34:f6:81:b9:8f:fd:da:32:e6:93:04:1a:3d:9f:df:
                    da:be:6f:46:2d:bd:92:14:3d:f1:a4:6c:b6:6a:a4:
                    b1:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:33:8F:49:90:4F:0E:29:5F:4B:F2:37:99:AC:50:DD:07:9F:29:16
            X509v3 Authority Key Identifier:
                keyid:22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/ujOPSZBPDilfS_I3maxQ3QefKRY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.28.52.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8d:e0:2e:b0:db:9e:34:01:da:a4:71:ec:83:55:d7:2b:e8:98:
         ce:5d:8b:dd:6e:2b:1d:e8:59:29:8e:10:2b:ef:01:82:99:58:
         b3:6c:f3:d0:bc:60:1b:4b:ae:50:3d:62:22:3d:c6:23:ee:fc:
         13:f5:28:2d:26:62:1f:43:5a:54:f0:5f:a6:56:92:84:7d:3c:
         5c:75:21:e2:94:a3:aa:57:31:b1:d9:c9:eb:64:94:fc:75:35:
         e5:4f:61:76:ad:40:9e:78:3b:ba:b2:36:cf:f6:3b:cc:70:f3:
         49:7e:a9:69:9a:27:48:d6:2e:c4:86:52:b8:03:49:f5:e6:40:
         a6:d1:71:6a:c1:7f:d6:e5:4d:7f:0e:ed:d5:fd:ec:9f:da:96:
         b9:3a:f2:4e:dd:e9:f3:b7:8a:13:3c:1a:3b:be:79:7d:bc:50:
         e4:10:98:85:a9:04:f3:f6:13:f2:12:c1:58:9f:01:f1:86:32:
         25:ab:56:fa:e0:4c:d5:c0:6b:c0:db:56:90:1b:eb:00:27:bd:
         2e:3c:60:f7:1f:6f:57:ed:9c:2c:6e:83:73:8c:e2:00:4e:ff:
         bb:fe:9a:29:85:32:88:8e:d4:ec:93:2e:21:a4:57:af:64:63:
         63:aa:7b:19:da:f0:3a:98:d9:2d:d3:cd:df:65:4e:21:9a:40:
         bd:df:a4:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJl4JAH3VukRfOg6rzeiocBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZjM0NGE2M2RjYjcwZTg5MDU3ZGViOGUyNzYxZGM0NTE2
NTg4MWEwHhcNMjQxMDA3MDcyNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTMzOGY0OTkwNGYwZTI5NWY0YmYyMzc5OWFjNTBkZDA3OWYyOTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvPFXBApJC8qIAp9NCJXFQla3W0DQ
YCszzJqsUUKLLmuuXCs+G5gJ6aocb7iFF5x9WL+gGoyW9ZkPptG/YLnI+4JUMu9t
kB1fZYoXU9Ai8sKEejH+KzjxZhg5RMpaL4Km/OwFKscGV+Mi2yIjkBEYImwhB+Ac
jqo6SW6QqMyAsuEwzOwwS6ZPqflUMyNS0KSMt0B1ZP+1Wv34pTFDgiI8Res+JWma
/Ys9i+QtduoLp+CWv1PFu+rcnJozlcajiV9wfq9KE6vuwR2/i5LcTxjzL+2x8Eh5
nCu5FZu6GMbuDLs09oG5j/3aMuaTBBo9n9/avm9GLb2SFD3xpGy2aqSx9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLozj0mQTw4pX0vyN5msUN0HnykWMB8GA1UdIwQY
MBaAFCLzRKY9y3DokFfeuOJ2HcRRZYgaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5Yzct
ZmViYjY0YjVlMTY0LzEvdWpPUFNaQlBEaWxmU19JM21heFEzUWVmS1JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5YzctZmViYjY0YjVlMTY0
LzEvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVRw0MA0G
CSqGSIb3DQEBCwUAA4IBAQCN4C6w2540AdqkceyDVdcr6JjOXYvdbisd6FkpjhAr
7wGCmVizbPPQvGAbS65QPWIiPcYj7vwT9SgtJmIfQ1pU8F+mVpKEfTxcdSHilKOq
VzGx2cnrZJT8dTXlT2F2rUCeeDu6sjbP9jvMcPNJfqlpmidI1i7EhlK4A0n15kCm
0XFqwX/W5U1/Du3V/eyf2pa5OvJO3enzt4oTPBo7vnl9vFDkEJiFqQTz9hPyEsFY
nwHxhjIlq1b64EzVwGvA21aQG+sAJ70uPGD3H29X7ZwsboNzjOIATv+7/pophTKI
jtTsky4hpFevZGNjqnsZ2vA6mNkt083fZU4hmkC936Sy
-----END CERTIFICATE-----