Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/8686cd-1f1c-4845-812d-4ad4035fae7b/1/u_3EfHUeaMIw5n9n5bKIvD8o0mc.roa
File:                     u_3EfHUeaMIw5n9n5bKIvD8o0mc.roa (raw, json)
Hash identifier:          HeKpHOoudZFQMxLUC0XRtNCbkNF8DktCwsb5UTL/4uw=
Subject key identifier:   BB:FD:C4:7C:75:1E:68:C2:30:E6:7F:67:E5:B2:88:BC:3F:28:D2:67
Certificate issuer:       /CN=c49b1f76bb5bac6d0c796ba47130c768b1c73b1c
Certificate serial:       018FA95F8D37F0248818A806B487ED9AAFD8
Authority key identifier: C4:9B:1F:76:BB:5B:AC:6D:0C:79:6B:A4:71:30:C7:68:B1:C7:3B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xJsfdrtbrG0MeWukcTDHaLHHOxw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/8686cd-1f1c-4845-812d-4ad4035fae7b/1/u_3EfHUeaMIw5n9n5bKIvD8o0mc.roa
Signing time:             Fri 24 May 2024 06:52:42 +0000
ROA not before:           Fri 24 May 2024 06:52:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202405
IP address blocks:        194.147.196.0/22 maxlen: 24
                          194.147.200.0/21 maxlen: 24
                          2001:67c:2ec0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/8686cd-1f1c-4845-812d-4ad4035fae7b/1/xJsfdrtbrG0MeWukcTDHaLHHOxw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/8686cd-1f1c-4845-812d-4ad4035fae7b/1/xJsfdrtbrG0MeWukcTDHaLHHOxw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xJsfdrtbrG0MeWukcTDHaLHHOxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 21:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a9:5f:8d:37:f0:24:88:18:a8:06:b4:87:ed:9a:af:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c49b1f76bb5bac6d0c796ba47130c768b1c73b1c
        Validity
            Not Before: May 24 06:52:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bbfdc47c751e68c230e67f67e5b288bc3f28d267
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:5e:90:1b:69:f7:cb:6e:5f:29:63:32:1c:9f:
                    9d:56:7e:96:b1:27:7d:c7:68:78:c3:8a:26:70:c2:
                    5f:31:07:ac:b8:ac:f9:40:8e:be:3a:d6:a2:a9:28:
                    b3:4f:ce:b4:0b:1f:20:0e:d2:86:d4:bd:aa:66:d7:
                    6a:df:e3:66:07:24:38:c9:ce:8f:f4:72:45:92:b5:
                    91:6d:f4:0a:0b:62:a4:c9:49:f8:45:03:53:e5:52:
                    ff:5b:b9:98:cc:ca:f2:52:e1:03:40:e3:a9:ee:24:
                    64:28:94:d0:bc:63:fc:2d:12:18:33:f5:cc:01:ce:
                    74:dd:df:1e:b1:46:bd:50:49:4a:8f:10:28:de:8f:
                    45:4c:51:9e:18:e5:28:91:b4:82:21:c4:c0:9e:34:
                    06:8b:4c:ef:4e:78:b6:b1:05:b5:9d:97:4e:14:ce:
                    18:59:cb:1c:42:28:b9:c2:10:32:53:89:7c:7f:57:
                    d0:ec:d6:cb:7a:a6:b5:b2:ea:cd:49:cd:03:48:3c:
                    48:37:26:1b:49:5c:02:08:f4:99:27:7f:53:c5:af:
                    c1:7a:2a:b4:ac:94:ad:a7:9d:40:a7:48:8a:d8:6c:
                    7d:17:ec:9c:aa:b6:e3:ad:d7:17:3b:44:59:68:96:
                    90:36:47:1e:dd:ad:e9:8f:01:0c:28:1f:e7:de:aa:
                    50:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:FD:C4:7C:75:1E:68:C2:30:E6:7F:67:E5:B2:88:BC:3F:28:D2:67
            X509v3 Authority Key Identifier:
                keyid:C4:9B:1F:76:BB:5B:AC:6D:0C:79:6B:A4:71:30:C7:68:B1:C7:3B:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xJsfdrtbrG0MeWukcTDHaLHHOxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/8686cd-1f1c-4845-812d-4ad4035fae7b/1/u_3EfHUeaMIw5n9n5bKIvD8o0mc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/8686cd-1f1c-4845-812d-4ad4035fae7b/1/xJsfdrtbrG0MeWukcTDHaLHHOxw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.196.0-194.147.207.255
                IPv6:
                  2001:67c:2ec0::/48

    Signature Algorithm: sha256WithRSAEncryption
         0d:ef:0c:5a:5d:63:f9:15:e7:ce:a2:6a:fc:9d:ed:3a:c7:09:
         3e:db:dc:47:c2:57:1f:f1:85:48:95:fa:32:ce:fe:8b:ed:06:
         df:b0:ab:33:9c:4c:99:95:51:45:43:fe:2d:c4:db:e1:c7:c9:
         56:82:26:df:24:15:5a:28:d5:f9:c2:de:ed:ad:f5:21:ce:6f:
         68:66:92:e5:72:87:66:7c:61:cb:4b:44:c7:7d:7a:ff:84:e8:
         0f:3a:55:43:25:28:a5:1e:86:05:8f:16:ca:88:c8:9e:17:71:
         40:47:32:96:7a:63:85:ac:47:bc:1c:fc:69:5e:c1:29:6c:e2:
         ba:0c:8b:71:d6:99:2f:b0:47:82:0c:ea:d8:db:4a:29:d3:7e:
         66:31:ce:ec:b3:1c:68:47:4c:fd:1a:85:5d:42:d8:9b:ad:62:
         dc:3f:d1:5c:31:9c:6d:97:28:61:c2:a4:90:1d:ad:cf:da:f7:
         aa:6f:d1:80:85:8e:9d:a0:91:4d:86:00:e4:61:79:e9:96:02:
         44:42:ff:bb:f0:05:7d:7d:d7:3c:5b:31:3d:8f:ea:d8:1e:9e:
         0d:21:77:17:3c:9a:0c:f9:0c:6d:3b:a5:e8:33:3e:2a:8c:03:
         09:2f:b2:46:90:a2:15:7f:07:c7:85:a7:46:91:45:1e:8b:b7:
         91:7b:66:5d
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAY+pX4038CSIGKgGtIftmq/YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0OWIxZjc2YmI1YmFjNmQwYzc5NmJhNDcxMzBjNzY4YjFj
NzNiMWMwHhcNMjQwNTI0MDY1MjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmZkYzQ3Yzc1MWU2OGMyMzBlNjdmNjdlNWIyODhiYzNmMjhkMjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApl6QG2n3y25fKWMyHJ+dVn6WsSd9
x2h4w4omcMJfMQesuKz5QI6+OtaiqSizT860Cx8gDtKG1L2qZtdq3+NmByQ4yc6P
9HJFkrWRbfQKC2KkyUn4RQNT5VL/W7mYzMryUuEDQOOp7iRkKJTQvGP8LRIYM/XM
Ac503d8esUa9UElKjxAo3o9FTFGeGOUokbSCIcTAnjQGi0zvTni2sQW1nZdOFM4Y
WcscQii5whAyU4l8f1fQ7NbLeqa1surNSc0DSDxINyYbSVwCCPSZJ39Txa/Beiq0
rJStp51Ap0iK2Gx9F+ycqrbjrdcXO0RZaJaQNkce3a3pjwEMKB/n3qpQywIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFLv9xHx1HmjCMOZ/Z+WyiLw/KNJnMB8GA1UdIwQY
MBaAFMSbH3a7W6xtDHlrpHEwx2ixxzscMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEpzZmRydGJyRzBNZVd1a2NUREhhTEhIT3h3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi84Njg2Y2QtMWYxYy00ODQ1LTgxMmQt
NGFkNDAzNWZhZTdiLzEvdV8zRWZIVWVhTUl3NW45bjViS0l2RDhvMG1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi84Njg2Y2QtMWYxYy00ODQ1LTgxMmQtNGFkNDAzNWZhZTdi
LzEveEpzZmRydGJyRzBNZVd1a2NUREhhTEhIT3h3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAUBAIAATAOMAwDBALCk8QD
BATCk8AwDwQCAAIwCQMHACABBnwuwDANBgkqhkiG9w0BAQsFAAOCAQEADe8MWl1j
+RXnzqJq/J3tOscJPtvcR8JXH/GFSJX6Ms7+i+0G37CrM5xMmZVRRUP+LcTb4cfJ
VoIm3yQVWijV+cLe7a31Ic5vaGaS5XKHZnxhy0tEx316/4ToDzpVQyUopR6GBY8W
yojInhdxQEcylnpjhaxHvBz8aV7BKWziugyLcdaZL7BHggzq2NtKKdN+ZjHO7LMc
aEdM/RqFXULYm61i3D/RXDGcbZcoYcKkkB2tz9r3qm/RgIWOnaCRTYYA5GF56ZYC
REL/u/AFfX3XPFsxPY/q2B6eDSF3FzyaDPkMbTul6DM+KowDCS+yRpCiFX8Hx4Wn
RpFFHou3kXtmXQ==
-----END CERTIFICATE-----