Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/UZJKaPg_VphoaiYSAi6Jp5hftqs.roa
File:                     UZJKaPg_VphoaiYSAi6Jp5hftqs.roa (raw, json)
Hash identifier:          JNN079m/E64hcCFL0W+SX1wTG7arcpL8spRWm0F7Cs4=
Subject key identifier:   51:92:4A:68:F8:3F:56:98:68:6A:26:12:02:2E:89:A7:98:5F:B6:AB
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       018CC2DB67FF0D226C8C1A013C7BA5C30F81
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/UZJKaPg_VphoaiYSAi6Jp5hftqs.roa
Signing time:             Mon 01 Jan 2024 02:30:08 +0000
ROA not before:           Mon 01 Jan 2024 02:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196695
IP address blocks:        5.183.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:67:ff:0d:22:6c:8c:1a:01:3c:7b:a5:c3:0f:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 02:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51924a68f83f5698686a2612022e89a7985fb6ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:d9:45:a9:23:16:c6:59:51:08:06:72:2f:d1:
                    fe:52:50:47:0e:3c:67:5d:9b:81:72:cf:5c:98:d5:
                    ed:9b:6b:3a:1d:74:e8:75:d6:fe:f3:19:03:b8:44:
                    fd:e4:ad:1c:79:22:07:7e:ab:85:82:75:fc:c6:fa:
                    d2:3f:5d:db:87:8b:ed:06:be:c6:62:a6:ba:c7:ee:
                    9d:a0:eb:1d:9f:c4:7d:e4:25:d2:00:9e:cf:c2:72:
                    d4:86:27:1f:6f:8c:8c:06:7c:7d:b1:73:2d:f6:fa:
                    8d:4b:dd:a1:a7:d9:57:15:7b:41:b0:45:9b:af:7c:
                    43:ee:8f:71:0d:9a:9d:e2:43:5e:77:c8:c8:40:d4:
                    63:25:de:2a:8f:c2:67:c8:64:fd:9e:0e:89:23:09:
                    57:c9:a2:c0:ee:02:d1:1f:c8:b6:5c:51:85:09:83:
                    f1:d3:8d:f8:6b:9b:8f:c7:28:09:ad:0a:dd:69:4c:
                    44:ca:18:39:18:f9:68:cf:91:e5:0b:8e:ed:2c:41:
                    f2:86:fa:ee:0e:b3:c6:dd:63:ec:8c:7d:e8:a0:6d:
                    76:04:69:62:06:01:73:d5:c9:c7:a6:5a:69:43:7f:
                    b1:7c:89:ed:7b:f4:42:44:70:6f:dc:66:55:42:e4:
                    6d:ce:a8:fa:3d:e9:40:ff:25:d9:50:b8:03:93:99:
                    77:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:92:4A:68:F8:3F:56:98:68:6A:26:12:02:2E:89:A7:98:5F:B6:AB
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/UZJKaPg_VphoaiYSAi6Jp5hftqs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:29:c1:a5:db:dd:98:29:14:a9:ef:94:86:14:f6:be:a1:8c:
         4e:1f:eb:6c:04:71:4d:da:c7:45:1d:a1:b8:89:ac:3f:09:68:
         cd:b6:9c:9c:f8:6a:07:ad:b4:9c:a2:97:ff:52:81:c0:70:69:
         0b:09:fc:53:5b:8c:23:c8:24:88:39:75:a4:30:d0:ef:72:0d:
         1f:23:a0:d2:85:cc:f8:d5:6f:44:53:29:dc:3f:b9:28:c5:e3:
         55:2b:a1:28:3a:e6:d5:b5:cf:14:d9:77:fb:fa:47:ba:c0:78:
         fd:9b:2e:19:f2:62:86:d7:0d:16:29:0d:9b:2f:15:bf:33:83:
         c6:0f:a7:b9:a3:f4:f3:44:38:d5:b1:1d:f3:11:50:2f:46:8f:
         b2:bb:e1:3a:1b:30:31:e6:b1:28:49:fc:22:0e:f2:4b:4a:cc:
         d3:ac:c9:54:c4:ee:45:5d:90:89:41:2b:2e:9e:95:36:d2:0c:
         c3:72:64:9a:58:8a:6c:b9:0c:83:ef:5c:59:a6:5e:86:28:18:
         29:d6:f7:1e:eb:e2:93:53:cc:02:07:79:32:9e:f0:a7:d3:90:
         14:4b:ee:bd:d8:0d:7f:e5:1d:19:92:cf:e7:0c:92:bb:cc:4f:
         df:1c:cc:8e:e4:26:0d:17:1f:2e:e8:63:a9:fd:96:b5:be:37:
         07:55:af:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC22f/DSJsjBoBPHulww+BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjQwMTAxMDIzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTkyNGE2OGY4M2Y1Njk4Njg2YTI2MTIwMjJlODlhNzk4NWZiNmFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu9lFqSMWxllRCAZyL9H+UlBHDjxn
XZuBcs9cmNXtm2s6HXToddb+8xkDuET95K0ceSIHfquFgnX8xvrSP13bh4vtBr7G
Yqa6x+6doOsdn8R95CXSAJ7PwnLUhicfb4yMBnx9sXMt9vqNS92hp9lXFXtBsEWb
r3xD7o9xDZqd4kNed8jIQNRjJd4qj8JnyGT9ng6JIwlXyaLA7gLRH8i2XFGFCYPx
0434a5uPxygJrQrdaUxEyhg5GPloz5HlC47tLEHyhvruDrPG3WPsjH3ooG12BGli
BgFz1cnHplppQ3+xfInte/RCRHBv3GZVQuRtzqj6PelA/yXZULgDk5l3xwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFGSSmj4P1aYaGomEgIuiaeYX7arMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvVVpKS2FQZ19WcGhvYWlZU0FpNkpwNWhmdHFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbeaMA0G
CSqGSIb3DQEBCwUAA4IBAQCVKcGl292YKRSp75SGFPa+oYxOH+tsBHFN2sdFHaG4
iaw/CWjNtpyc+GoHrbScopf/UoHAcGkLCfxTW4wjyCSIOXWkMNDvcg0fI6DShcz4
1W9EUyncP7koxeNVK6EoOubVtc8U2Xf7+ke6wHj9my4Z8mKG1w0WKQ2bLxW/M4PG
D6e5o/TzRDjVsR3zEVAvRo+yu+E6GzAx5rEoSfwiDvJLSszTrMlUxO5FXZCJQSsu
npU20gzDcmSaWIpsuQyD71xZpl6GKBgp1vce6+KTU8wCB3kynvCn05AUS+692A1/
5R0Zks/nDJK7zE/fHMyO5CYNFx8u6GOp/Za1vjcHVa+l
-----END CERTIFICATE-----