Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/U2lIGh5rtqCB-MLqUk0-PC_o0M8.roa
File:                     U2lIGh5rtqCB-MLqUk0-PC_o0M8.roa (raw, json)
Hash identifier:          xBMkUUKPZHYlQr9ldVVNpXpRqpFR57TgDI1lXc8jeog=
Subject key identifier:   53:69:48:1A:1E:6B:B6:A0:81:F8:C2:EA:52:4D:3E:3C:2F:E8:D0:CF
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       018CC2DAD5DC2C6D6751A19C1BD5BE57FECC
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/U2lIGh5rtqCB-MLqUk0-PC_o0M8.roa
Signing time:             Mon 01 Jan 2024 02:29:30 +0000
ROA not before:           Mon 01 Jan 2024 02:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209632
IP address blocks:        139.28.188.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:d5:dc:2c:6d:67:51:a1:9c:1b:d5:be:57:fe:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 02:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5369481a1e6bb6a081f8c2ea524d3e3c2fe8d0cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:f8:61:ae:42:2b:b9:fa:31:ac:64:68:40:46:
                    c2:53:8c:0f:52:90:57:3d:be:e5:dd:e2:fa:25:8c:
                    eb:18:bf:74:51:15:49:25:f6:9c:b8:23:25:42:3f:
                    95:1b:44:e2:7a:01:03:81:01:82:74:1b:70:db:ed:
                    e9:11:fc:95:34:99:e7:a6:ed:70:38:1a:12:dd:90:
                    02:f5:66:f2:e9:51:30:49:bb:42:76:96:2e:d1:32:
                    68:0e:b8:4e:bb:4f:8e:e1:5a:c4:db:58:f8:8d:f2:
                    71:36:34:03:2d:f0:95:43:ae:91:7a:43:82:86:be:
                    12:52:c0:f8:f2:65:38:55:2b:c7:e9:a8:b7:58:bc:
                    6d:bd:cd:a3:89:2e:9d:be:3c:73:dd:fa:b4:3b:18:
                    15:0d:fc:b2:4e:50:8d:e4:e7:e8:19:ea:f1:14:c3:
                    a8:41:b3:9a:bf:f3:d5:29:35:91:7e:c5:19:cd:1d:
                    8b:7c:2c:bd:66:b0:68:05:28:2d:51:42:88:ba:2c:
                    98:bc:ac:a5:b1:75:84:6f:52:82:1a:2c:87:bd:ac:
                    22:c5:ea:99:1e:25:90:93:b2:28:c5:35:87:09:48:
                    22:57:4b:f0:5c:1a:91:e1:a0:a9:23:12:ef:26:56:
                    3b:55:45:ab:28:2b:ab:23:41:20:43:e3:cb:61:68:
                    67:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:69:48:1A:1E:6B:B6:A0:81:F8:C2:EA:52:4D:3E:3C:2F:E8:D0:CF
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/U2lIGh5rtqCB-MLqUk0-PC_o0M8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.28.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         04:7f:09:5e:2e:ce:e1:2d:1d:02:5c:15:bd:3a:4c:a3:77:d3:
         c5:a3:96:99:a5:4d:86:65:7f:da:98:fe:e8:74:5d:c4:9b:3a:
         64:f7:81:a1:0b:39:3c:10:75:06:43:8e:4b:e2:69:1e:20:cd:
         c1:c4:28:55:bf:87:90:45:36:0d:a7:25:d1:b5:a6:fb:86:d2:
         59:53:4f:1e:f6:b1:72:3c:dd:a3:4d:35:61:c9:45:8d:25:53:
         e8:1e:45:8a:a8:e2:7a:18:69:29:9c:2c:35:1b:61:6c:6f:c4:
         db:2c:bf:49:df:4c:1f:c3:66:da:f9:88:60:59:9e:d1:a8:d5:
         07:fd:7f:28:25:0e:f0:fe:e0:e7:ca:4a:d3:29:d0:7b:69:d7:
         8f:9f:44:3e:dc:ab:ee:ea:08:8f:29:cd:9d:58:92:2a:91:b5:
         d6:72:0a:7d:d4:73:b6:38:c3:f4:f5:46:43:44:30:af:3f:11:
         2f:7f:1d:05:db:f1:6e:61:70:78:90:2d:fb:a1:58:5c:ce:ee:
         d9:26:62:6d:f9:ba:eb:12:3e:19:2e:b6:c6:d6:d2:30:47:63:
         bd:90:2a:c1:81:69:39:6c:f9:1a:40:04:8c:1d:81:a3:7b:cd:
         6e:7e:a3:cc:70:dc:62:8d:31:84:7b:63:ed:e4:43:5d:e7:ca:
         c2:3c:53:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2tXcLG1nUaGcG9W+V/7MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjQwMTAxMDIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzY5NDgxYTFlNmJiNmEwODFmOGMyZWE1MjRkM2UzYzJmZThkMGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPhhrkIrufoxrGRoQEbCU4wPUpBX
Pb7l3eL6JYzrGL90URVJJfacuCMlQj+VG0TiegEDgQGCdBtw2+3pEfyVNJnnpu1w
OBoS3ZAC9Wby6VEwSbtCdpYu0TJoDrhOu0+O4VrE21j4jfJxNjQDLfCVQ66RekOC
hr4SUsD48mU4VSvH6ai3WLxtvc2jiS6dvjxz3fq0OxgVDfyyTlCN5OfoGerxFMOo
QbOav/PVKTWRfsUZzR2LfCy9ZrBoBSgtUUKIuiyYvKylsXWEb1KCGiyHvawixeqZ
HiWQk7IoxTWHCUgiV0vwXBqR4aCpIxLvJlY7VUWrKCurI0EgQ+PLYWhn1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFNpSBoea7aggfjC6lJNPjwv6NDPMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvVTJsSUdoNXJ0cUNCLU1McVVrMC1QQ19vME04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCixy8MA0G
CSqGSIb3DQEBCwUAA4IBAQAEfwleLs7hLR0CXBW9Okyjd9PFo5aZpU2GZX/amP7o
dF3Emzpk94GhCzk8EHUGQ45L4mkeIM3BxChVv4eQRTYNpyXRtab7htJZU08e9rFy
PN2jTTVhyUWNJVPoHkWKqOJ6GGkpnCw1G2Fsb8TbLL9J30wfw2ba+YhgWZ7RqNUH
/X8oJQ7w/uDnykrTKdB7adePn0Q+3Kvu6giPKc2dWJIqkbXWcgp91HO2OMP09UZD
RDCvPxEvfx0F2/FuYXB4kC37oVhczu7ZJmJt+brrEj4ZLrbG1tIwR2O9kCrBgWk5
bPkaQASMHYGje81ufqPMcNxijTGEe2Pt5ENd58rCPFMw
-----END CERTIFICATE-----