Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/d348b5-151c-4aa5-bd09-ef5d5011ca77/1/oHU3j1G94V5nwU0OIlP22A4CjAs.roa
File:                     oHU3j1G94V5nwU0OIlP22A4CjAs.roa (raw, json)
Hash identifier:          D6/9VtzkmE/zY3nuqJAnzpeFm6gTWLzbqQZVzkO/zPw=
Subject key identifier:   A0:75:37:8F:51:BD:E1:5E:67:C1:4D:0E:22:53:F6:D8:0E:02:8C:0B
Certificate issuer:       /CN=50a06a453fcd5f26faf4822c4b459098dcaff039
Certificate serial:       018CC86EFCA3F1690000A8194497FF45BA07
Authority key identifier: 50:A0:6A:45:3F:CD:5F:26:FA:F4:82:2C:4B:45:90:98:DC:AF:F0:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UKBqRT_NXyb69IIsS0WQmNyv8Dk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/d348b5-151c-4aa5-bd09-ef5d5011ca77/1/oHU3j1G94V5nwU0OIlP22A4CjAs.roa
Signing time:             Tue 02 Jan 2024 04:29:26 +0000
ROA not before:           Tue 02 Jan 2024 04:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43958
IP address blocks:        193.143.8.0/21 maxlen: 24
                          193.143.240.0/21 maxlen: 24
                          91.195.246.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/d348b5-151c-4aa5-bd09-ef5d5011ca77/1/UKBqRT_NXyb69IIsS0WQmNyv8Dk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/d348b5-151c-4aa5-bd09-ef5d5011ca77/1/UKBqRT_NXyb69IIsS0WQmNyv8Dk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UKBqRT_NXyb69IIsS0WQmNyv8Dk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 14:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:fc:a3:f1:69:00:00:a8:19:44:97:ff:45:ba:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50a06a453fcd5f26faf4822c4b459098dcaff039
        Validity
            Not Before: Jan  2 04:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a075378f51bde15e67c14d0e2253f6d80e028c0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:7b:7f:68:35:59:2c:1d:90:cc:62:f0:c5:7c:
                    7b:d1:e7:d8:8b:41:07:18:71:d3:ed:5e:42:56:ac:
                    36:b9:9a:c4:ff:ab:96:cc:29:9c:a2:59:68:45:dc:
                    a5:5b:f4:51:60:1f:d6:28:87:3f:7e:27:91:a5:f3:
                    9f:f1:8e:35:ef:aa:b1:d7:8a:1c:37:8e:5a:84:66:
                    a6:f4:48:5c:46:48:2b:92:96:6e:4e:aa:72:47:8a:
                    c3:1e:ec:a4:24:ae:64:b1:ef:11:0d:3e:cb:91:02:
                    4f:02:a9:f1:28:d1:53:c8:36:2c:d4:8b:59:a6:6c:
                    d6:9c:27:e5:71:de:54:74:f5:b6:45:d5:c3:df:72:
                    c1:4f:28:47:cb:fd:43:00:d2:25:3e:88:2f:eb:32:
                    a3:cc:59:6c:4d:83:b2:9d:bb:39:bd:da:2e:4d:83:
                    5e:96:50:6d:93:31:71:2a:27:e1:77:4a:ef:53:bb:
                    76:35:52:da:fb:5c:b5:93:74:6a:a6:af:bf:9d:8b:
                    52:05:62:d2:41:d1:3a:6f:16:a1:98:37:d1:15:61:
                    bc:0b:8f:9b:f1:b1:09:fc:f8:cf:1e:7e:e7:42:e5:
                    dd:c2:e2:09:bd:db:d6:14:2f:5c:35:23:d4:c8:a7:
                    64:87:27:eb:c6:b5:ad:36:01:a9:a5:c1:9c:65:cc:
                    9d:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:75:37:8F:51:BD:E1:5E:67:C1:4D:0E:22:53:F6:D8:0E:02:8C:0B
            X509v3 Authority Key Identifier:
                keyid:50:A0:6A:45:3F:CD:5F:26:FA:F4:82:2C:4B:45:90:98:DC:AF:F0:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UKBqRT_NXyb69IIsS0WQmNyv8Dk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d348b5-151c-4aa5-bd09-ef5d5011ca77/1/oHU3j1G94V5nwU0OIlP22A4CjAs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d348b5-151c-4aa5-bd09-ef5d5011ca77/1/UKBqRT_NXyb69IIsS0WQmNyv8Dk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.195.246.0/23
                  193.143.8.0/21
                  193.143.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         73:8d:5f:20:7e:fe:cd:a1:af:60:f2:af:0d:4b:e8:06:02:a3:
         29:dc:fb:04:59:f0:2c:27:c8:2a:5d:31:22:60:45:da:67:04:
         e4:e9:61:3d:a0:b2:40:eb:00:bb:f9:b9:68:91:3f:30:de:28:
         d4:8d:14:9b:99:a3:08:31:e3:21:c9:b3:a7:b0:90:d4:9e:6a:
         14:c4:8e:e6:e6:ce:27:39:c4:b8:66:9f:c9:d3:c2:d7:a9:1c:
         13:64:6a:6c:ed:87:46:2a:18:87:76:ef:e7:5a:a9:5e:86:6b:
         87:84:b9:8b:55:5f:9e:97:30:5e:04:6a:51:bf:03:36:b1:93:
         8c:93:6b:3a:7c:9e:36:d5:6d:ef:58:8a:35:c8:df:5d:d1:e2:
         f6:95:ca:40:e0:2b:cc:84:5e:83:86:5a:de:5d:05:b5:8f:b5:
         37:46:c5:76:8c:18:30:07:43:57:7d:aa:1b:ea:a6:e6:3b:a6:
         c2:22:58:2c:4d:5a:4b:09:e9:5a:02:45:64:58:de:45:17:9c:
         1d:0d:a9:1d:8d:62:ee:3b:5c:b2:b6:fa:00:33:ef:54:e2:4d:
         bc:82:dd:aa:aa:04:bc:f7:52:e3:ca:76:2f:e0:2f:71:f8:21:
         2c:4f:61:79:43:c3:8e:93:ae:fd:8b:d0:9f:4c:0a:5b:9c:9f:
         77:dd:26:d7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzIbvyj8WkAAKgZRJf/RboHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwYTA2YTQ1M2ZjZDVmMjZmYWY0ODIyYzRiNDU5MDk4ZGNh
ZmYwMzkwHhcNMjQwMTAyMDQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDc1Mzc4ZjUxYmRlMTVlNjdjMTRkMGUyMjUzZjZkODBlMDI4YzBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhHt/aDVZLB2QzGLwxXx70efYi0EH
GHHT7V5CVqw2uZrE/6uWzCmcolloRdylW/RRYB/WKIc/fieRpfOf8Y4176qx14oc
N45ahGam9EhcRkgrkpZuTqpyR4rDHuykJK5kse8RDT7LkQJPAqnxKNFTyDYs1ItZ
pmzWnCflcd5UdPW2RdXD33LBTyhHy/1DANIlPogv6zKjzFlsTYOynbs5vdouTYNe
llBtkzFxKifhd0rvU7t2NVLa+1y1k3Rqpq+/nYtSBWLSQdE6bxahmDfRFWG8C4+b
8bEJ/PjPHn7nQuXdwuIJvdvWFC9cNSPUyKdkhyfrxrWtNgGppcGcZcydLQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKB1N49RveFeZ8FNDiJT9tgOAowLMB8GA1UdIwQY
MBaAFFCgakU/zV8m+vSCLEtFkJjcr/A5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUtCcVJUX05YeWI2OUlJc1MwV1FtTnl2OERrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9kMzQ4YjUtMTUxYy00YWE1LWJkMDkt
ZWY1ZDUwMTFjYTc3LzEvb0hVM2oxRzk0VjVud1UwT0lsUDIyQTRDakFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9kMzQ4YjUtMTUxYy00YWE1LWJkMDktZWY1ZDUwMTFjYTc3
LzEvVUtCcVJUX05YeWI2OUlJc1MwV1FtTnl2OERrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBW8P2AwQD
wY8IAwQDwY/wMA0GCSqGSIb3DQEBCwUAA4IBAQBzjV8gfv7Noa9g8q8NS+gGAqMp
3PsEWfAsJ8gqXTEiYEXaZwTk6WE9oLJA6wC7+blokT8w3ijUjRSbmaMIMeMhybOn
sJDUnmoUxI7m5s4nOcS4Zp/J08LXqRwTZGps7YdGKhiHdu/nWqlehmuHhLmLVV+e
lzBeBGpRvwM2sZOMk2s6fJ421W3vWIo1yN9d0eL2lcpA4CvMhF6DhlreXQW1j7U3
RsV2jBgwB0NXfaob6qbmO6bCIlgsTVpLCelaAkVkWN5FF5wdDakdjWLuO1yytvoA
M+9U4k28gt2qqgS891LjynYv4C9x+CEsT2F5Q8OOk679i9CfTApbnJ933SbX
-----END CERTIFICATE-----