Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/04ecc0-663c-460e-920d-332ee5425c7a/1/U5dmkgQ-q2Eg8iJB2CpuDNnc3i8.roa
File:                     U5dmkgQ-q2Eg8iJB2CpuDNnc3i8.roa (raw, json)
Hash identifier:          Sif7eYaVBLP2WcOTNq5mDmNlfWQjNAQKKOsiC1wPico=
Subject key identifier:   53:97:66:92:04:3E:AB:61:20:F2:22:41:D8:2A:6E:0C:D9:DC:DE:2F
Certificate issuer:       /CN=0a0214a1bf1d3afd2dd66b23a9973106b5d316ca
Certificate serial:       018CC42554050979399886B6D5B33D523E0C
Authority key identifier: 0A:02:14:A1:BF:1D:3A:FD:2D:D6:6B:23:A9:97:31:06:B5:D3:16:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CgIUob8dOv0t1msjqZcxBrXTFso.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/04ecc0-663c-460e-920d-332ee5425c7a/1/U5dmkgQ-q2Eg8iJB2CpuDNnc3i8.roa
Signing time:             Mon 01 Jan 2024 08:30:29 +0000
ROA not before:           Mon 01 Jan 2024 08:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49981
IP address blocks:        185.11.217.0/24 maxlen: 24
                          2a03:69c0:100::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/04ecc0-663c-460e-920d-332ee5425c7a/1/CgIUob8dOv0t1msjqZcxBrXTFso.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/04ecc0-663c-460e-920d-332ee5425c7a/1/CgIUob8dOv0t1msjqZcxBrXTFso.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CgIUob8dOv0t1msjqZcxBrXTFso.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 04:02:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:54:05:09:79:39:98:86:b6:d5:b3:3d:52:3e:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a0214a1bf1d3afd2dd66b23a9973106b5d316ca
        Validity
            Not Before: Jan  1 08:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53976692043eab6120f22241d82a6e0cd9dcde2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:81:35:ce:54:c3:5d:3b:a9:66:12:4e:f0:95:
                    38:a2:14:07:7d:f2:34:54:c7:60:c3:77:61:a6:0b:
                    54:5e:c1:1c:1a:a1:cd:e8:16:f7:90:04:5c:3a:33:
                    fb:96:bb:b0:ce:c1:93:ca:73:3e:18:0f:22:03:98:
                    51:6a:80:89:bc:94:78:a1:bc:84:e5:aa:07:05:cf:
                    1a:66:29:2d:a1:f0:e0:cb:8c:23:18:a7:75:96:10:
                    7b:87:13:60:99:4a:46:9e:96:3d:da:16:65:c9:3b:
                    47:0d:66:bd:7c:ed:22:ca:a2:59:b3:5e:a4:9b:03:
                    68:a4:85:39:43:86:38:bd:7d:df:83:ab:e8:38:09:
                    5a:cb:64:ab:cc:67:97:60:d5:11:d0:ff:86:54:93:
                    63:00:44:e1:45:3a:42:7f:bd:ee:7a:d6:31:0a:2b:
                    4a:06:81:80:a9:a9:72:9f:2b:12:e5:9f:f2:8b:80:
                    13:f4:f9:c0:d3:48:db:b2:41:df:40:4f:d6:4c:c9:
                    f6:01:18:be:52:62:03:ca:a2:25:88:44:cb:21:02:
                    33:16:8d:be:6c:be:a0:85:f3:ea:44:4a:a1:cb:44:
                    1c:f1:a1:e9:2d:89:de:66:04:b6:ca:9e:4a:38:6f:
                    a9:1d:9a:67:8a:f7:1f:f3:80:ae:fa:a7:92:92:5d:
                    32:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:97:66:92:04:3E:AB:61:20:F2:22:41:D8:2A:6E:0C:D9:DC:DE:2F
            X509v3 Authority Key Identifier:
                keyid:0A:02:14:A1:BF:1D:3A:FD:2D:D6:6B:23:A9:97:31:06:B5:D3:16:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CgIUob8dOv0t1msjqZcxBrXTFso.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/04ecc0-663c-460e-920d-332ee5425c7a/1/U5dmkgQ-q2Eg8iJB2CpuDNnc3i8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/04ecc0-663c-460e-920d-332ee5425c7a/1/CgIUob8dOv0t1msjqZcxBrXTFso.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.11.217.0/24
                IPv6:
                  2a03:69c0:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         4d:fd:17:2a:bb:13:30:9b:33:7b:d7:6d:93:4f:b4:65:94:c3:
         07:5d:6c:91:7b:01:d6:31:ff:ad:c5:76:ff:ee:d6:4c:9d:1d:
         65:40:04:8b:41:b8:9e:3a:f5:6b:96:0e:08:23:96:9d:a2:dd:
         79:fd:1d:15:fb:e2:96:eb:a9:36:7e:13:47:10:e7:4a:0e:f1:
         17:44:60:66:d6:44:b7:8a:20:70:61:19:bf:25:6b:8a:33:d4:
         29:3b:a8:2d:32:74:3a:e1:7f:b7:f3:73:7e:c0:3f:11:cb:4a:
         e0:e1:3c:e1:01:e2:f8:8c:c4:90:10:b2:46:9b:ab:64:ea:d7:
         b9:f9:4e:74:23:d3:2d:0b:ae:74:6c:02:5e:4f:83:c0:97:ac:
         d8:48:ea:b9:20:81:c4:67:7c:af:4e:ec:11:ae:85:e3:c3:10:
         ad:73:22:e5:a3:50:01:2a:50:d8:10:11:06:92:b3:ea:0e:a3:
         c5:6f:dc:1e:7a:80:25:65:01:a5:9d:42:36:08:f2:5f:94:e6:
         aa:e3:44:af:b5:07:c7:e6:70:fb:2d:b7:7c:b2:25:9a:cc:11:
         99:67:6d:3f:a0:ab:89:49:5f:16:03:ac:88:50:51:b0:7f:6a:
         dc:8f:fd:e3:31:fa:cb:47:c6:b5:97:e2:d2:7e:62:03:c6:ce:
         f9:dc:65:7a
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzEJVQFCXk5mIa21bM9Uj4MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMDIxNGExYmYxZDNhZmQyZGQ2NmIyM2E5OTczMTA2YjVk
MzE2Y2EwHhcNMjQwMTAxMDgzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Mzk3NjY5MjA0M2VhYjYxMjBmMjIyNDFkODJhNmUwY2Q5ZGNkZTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjIE1zlTDXTupZhJO8JU4ohQHffI0
VMdgw3dhpgtUXsEcGqHN6Bb3kARcOjP7lruwzsGTynM+GA8iA5hRaoCJvJR4obyE
5aoHBc8aZiktofDgy4wjGKd1lhB7hxNgmUpGnpY92hZlyTtHDWa9fO0iyqJZs16k
mwNopIU5Q4Y4vX3fg6voOAlay2SrzGeXYNUR0P+GVJNjAEThRTpCf73uetYxCitK
BoGAqalynysS5Z/yi4AT9PnA00jbskHfQE/WTMn2ARi+UmIDyqIliETLIQIzFo2+
bL6ghfPqREqhy0Qc8aHpLYneZgS2yp5KOG+pHZpnivcf84Cu+qeSkl0yDwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFFOXZpIEPqthIPIiQdgqbgzZ3N4vMB8GA1UdIwQY
MBaAFAoCFKG/HTr9LdZrI6mXMQa10xbKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2dJVW9iOGRPdjB0MW1zanFaY3hCclhURnNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8wNGVjYzAtNjYzYy00NjBlLTkyMGQt
MzMyZWU1NDI1YzdhLzEvVTVkbWtnUS1xMkVnOGlKQjJDcHVETm5jM2k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS8wNGVjYzAtNjYzYy00NjBlLTkyMGQtMzMyZWU1NDI1Yzdh
LzEvQ2dJVW9iOGRPdjB0MW1zanFaY3hCclhURnNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAuQvZMA4E
AgACMAgDBgAqA2nAATANBgkqhkiG9w0BAQsFAAOCAQEATf0XKrsTMJsze9dtk0+0
ZZTDB11skXsB1jH/rcV2/+7WTJ0dZUAEi0G4njr1a5YOCCOWnaLdef0dFfviluup
Nn4TRxDnSg7xF0RgZtZEt4ogcGEZvyVrijPUKTuoLTJ0OuF/t/NzfsA/EctK4OE8
4QHi+IzEkBCyRpurZOrXuflOdCPTLQuudGwCXk+DwJes2EjquSCBxGd8r07sEa6F
48MQrXMi5aNQASpQ2BARBpKz6g6jxW/cHnqAJWUBpZ1CNgjyX5TmquNEr7UHx+Zw
+y23fLIlmswRmWdtP6CriUlfFgOsiFBRsH9q3I/94zH6y0fGtZfi0n5iA8bO+dxl
eg==
-----END CERTIFICATE-----