Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/upe53w-Im1pT-k4nk4vq83iNybI.roa
File:                     upe53w-Im1pT-k4nk4vq83iNybI.roa (raw, json)
Hash identifier:          092ShStGKew3Y7Gcus/zQRYAR3nXOBRbg7A95hUuMMU=
Subject key identifier:   BA:97:B9:DF:0F:88:9B:5A:53:FA:4E:27:93:8B:EA:F3:78:8D:C9:B2
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       018CC9BA9A082193D32326DAECC51A089675
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/upe53w-Im1pT-k4nk4vq83iNybI.roa
Signing time:             Tue 02 Jan 2024 10:31:38 +0000
ROA not before:           Tue 02 Jan 2024 10:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48716
IP address blocks:        94.241.138.0/24 maxlen: 24
                          94.241.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:ba:9a:08:21:93:d3:23:26:da:ec:c5:1a:08:96:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Jan  2 10:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba97b9df0f889b5a53fa4e27938beaf3788dc9b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:90:5c:dc:cd:87:ce:53:07:70:6e:40:f4:69:
                    40:d4:ff:1d:41:2e:30:3b:f7:52:5f:1c:31:b8:a6:
                    2c:d2:8d:2d:b3:25:3a:bb:63:41:3e:56:e6:ea:8f:
                    7b:0e:6b:01:40:7c:f5:29:0e:20:92:f0:9e:18:e0:
                    cc:9e:30:a9:f4:57:1d:c9:40:36:ee:a8:d9:2e:a0:
                    6e:a6:7f:e4:8f:54:87:c2:42:c8:ff:35:58:31:f6:
                    83:37:05:82:92:75:48:9d:29:1d:32:8f:3f:e1:dc:
                    af:81:f8:b3:14:3f:84:ad:c5:c0:c5:13:a9:75:a8:
                    2c:34:e4:1c:de:16:e5:ac:d3:2c:36:91:c4:1a:ba:
                    24:15:39:02:dd:a6:8b:c9:8e:6b:df:9d:ec:ba:00:
                    7f:b2:eb:ff:2c:ef:06:36:cc:a3:36:f7:a7:93:a3:
                    55:8b:f0:ac:11:75:9a:b3:da:c2:1f:a0:e8:09:4b:
                    ee:6d:c7:ad:73:62:11:44:81:e6:1f:59:30:93:4e:
                    9c:b1:71:a8:1a:de:d9:47:47:51:e9:92:d2:01:d2:
                    7f:01:9d:cd:e6:4c:67:11:a8:90:81:3a:95:80:ab:
                    55:c6:66:e8:46:00:e1:8d:1f:bf:ac:c7:e3:96:de:
                    11:3c:07:a3:03:49:98:63:e7:a6:a3:92:e7:9f:55:
                    31:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:97:B9:DF:0F:88:9B:5A:53:FA:4E:27:93:8B:EA:F3:78:8D:C9:B2
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/upe53w-Im1pT-k4nk4vq83iNybI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.241.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         59:30:02:9e:e3:98:04:6b:4c:ac:29:a4:7b:58:f0:9a:d6:1c:
         63:36:17:96:b6:c9:58:a4:77:c1:aa:84:70:4b:cb:d5:81:02:
         2f:b3:94:06:a5:4e:db:ef:db:11:28:a6:cc:d5:14:8f:fa:da:
         e6:89:31:ff:a4:30:b9:5f:69:ab:73:bc:5f:27:d0:6d:da:b4:
         e1:9c:ba:9c:32:8c:7b:53:eb:8f:19:64:ea:47:10:ab:5b:33:
         d6:fb:bc:01:bb:be:bb:16:9a:93:c6:54:f0:8a:3e:1c:59:e2:
         2b:d9:d2:13:d1:23:95:88:5d:79:c0:54:66:f3:ad:06:bf:61:
         2e:bb:55:83:93:b5:3d:f2:12:b6:fa:09:b6:a7:67:a1:dd:e4:
         5c:b3:64:7e:43:62:a1:0a:8c:2e:4a:91:16:0b:d6:02:aa:4e:
         44:1b:34:af:36:97:0c:33:a6:7b:8f:46:dd:84:aa:4d:89:3b:
         89:e8:13:9c:50:3a:83:66:51:bd:26:be:5f:c9:5d:57:2b:a2:
         18:b6:a6:3f:98:f2:a7:13:92:8d:ff:04:a6:66:71:60:1f:b3:
         c5:e6:ac:5d:a0:f1:a5:80:ba:b1:c8:58:a3:d6:8f:37:e0:7f:
         67:9d:77:ad:3f:4e:0e:67:7e:fe:b8:e0:23:25:84:97:a7:46:
         de:a7:cb:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJupoIIZPTIyba7MUaCJZ1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQwMTAyMTAzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTk3YjlkZjBmODg5YjVhNTNmYTRlMjc5MzhiZWFmMzc4OGRjOWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjJBc3M2HzlMHcG5A9GlA1P8dQS4w
O/dSXxwxuKYs0o0tsyU6u2NBPlbm6o97DmsBQHz1KQ4gkvCeGODMnjCp9FcdyUA2
7qjZLqBupn/kj1SHwkLI/zVYMfaDNwWCknVInSkdMo8/4dyvgfizFD+ErcXAxROp
dagsNOQc3hblrNMsNpHEGrokFTkC3aaLyY5r353sugB/suv/LO8GNsyjNvenk6NV
i/CsEXWas9rCH6DoCUvubcetc2IRRIHmH1kwk06csXGoGt7ZR0dR6ZLSAdJ/AZ3N
5kxnEaiQgTqVgKtVxmboRgDhjR+/rMfjlt4RPAejA0mYY+emo5Lnn1UxqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLqXud8PiJtaU/pOJ5OL6vN4jcmyMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvdXBlNTN3LUltMXBULWs0bms0dnE4M2lOeWJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXvGKMA0G
CSqGSIb3DQEBCwUAA4IBAQBZMAKe45gEa0ysKaR7WPCa1hxjNheWtslYpHfBqoRw
S8vVgQIvs5QGpU7b79sRKKbM1RSP+trmiTH/pDC5X2mrc7xfJ9Bt2rThnLqcMox7
U+uPGWTqRxCrWzPW+7wBu767FpqTxlTwij4cWeIr2dIT0SOViF15wFRm860Gv2Eu
u1WDk7U98hK2+gm2p2eh3eRcs2R+Q2KhCowuSpEWC9YCqk5EGzSvNpcMM6Z7j0bd
hKpNiTuJ6BOcUDqDZlG9Jr5fyV1XK6IYtqY/mPKnE5KN/wSmZnFgH7PF5qxdoPGl
gLqxyFij1o834H9nnXetP04OZ37+uOAjJYSXp0bep8un
-----END CERTIFICATE-----