Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/5f343d-9b42-44b4-9067-7cae040e49e8/1/6dNbbqQUNp4acrE933Dd_umtpek.roa
File:                     6dNbbqQUNp4acrE933Dd_umtpek.roa (raw, json)
Hash identifier:          72QXiwBRqmNUu4SX5dahAOWVzCHTp6zv2+scdlxgU6s=
Subject key identifier:   E9:D3:5B:6E:A4:14:36:9E:1A:72:B1:3D:DF:70:DD:FE:E9:AD:A5:E9
Certificate issuer:       /CN=785b490d766f4b1c211d7dadd6efa770f6eb9e25
Certificate serial:       018CC492B9CE4509043D0AF081EDEE97E20C
Authority key identifier: 78:5B:49:0D:76:6F:4B:1C:21:1D:7D:AD:D6:EF:A7:70:F6:EB:9E:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eFtJDXZvSxwhHX2t1u-ncPbrniU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/5f343d-9b42-44b4-9067-7cae040e49e8/1/6dNbbqQUNp4acrE933Dd_umtpek.roa
Signing time:             Mon 01 Jan 2024 10:29:59 +0000
ROA not before:           Mon 01 Jan 2024 10:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202289
IP address blocks:        185.155.16.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/5f343d-9b42-44b4-9067-7cae040e49e8/1/eFtJDXZvSxwhHX2t1u-ncPbrniU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/5f343d-9b42-44b4-9067-7cae040e49e8/1/eFtJDXZvSxwhHX2t1u-ncPbrniU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eFtJDXZvSxwhHX2t1u-ncPbrniU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:b9:ce:45:09:04:3d:0a:f0:81:ed:ee:97:e2:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=785b490d766f4b1c211d7dadd6efa770f6eb9e25
        Validity
            Not Before: Jan  1 10:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e9d35b6ea414369e1a72b13ddf70ddfee9ada5e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:94:b8:a6:61:45:9d:7a:ce:c9:41:bc:08:73:
                    e5:6d:dc:d5:74:d3:65:f8:98:e6:be:42:22:10:8c:
                    95:ce:25:43:42:57:40:f1:a9:9a:c7:50:70:83:54:
                    f6:c1:81:ad:03:ad:d8:a6:8c:42:69:63:b4:48:0b:
                    a2:4b:72:c1:2d:ca:5d:42:76:a6:91:e6:88:d7:74:
                    54:70:96:46:17:56:93:a8:3c:af:8e:d4:49:23:dc:
                    95:20:af:df:44:dd:7b:4d:b6:0d:91:66:95:b5:34:
                    06:f1:ce:d2:47:28:da:e2:03:50:0b:68:a9:de:3a:
                    37:d8:de:9c:87:a8:76:a1:f7:64:48:14:8a:ea:e1:
                    28:ca:93:cb:0f:64:2a:ab:50:80:46:49:d1:4b:53:
                    43:17:af:e8:d8:a9:8a:48:83:c7:41:2d:39:da:0b:
                    0d:78:61:9b:3b:03:13:da:6a:b3:c2:50:b3:5e:f0:
                    a3:8b:74:dc:5e:25:66:9b:44:59:24:7f:2d:4e:6a:
                    53:36:b4:b0:84:7d:e4:d1:b6:17:2d:52:8d:65:9a:
                    c5:81:ae:7f:6d:6e:c8:be:de:10:a4:00:63:34:24:
                    30:15:e1:ae:5b:45:e8:45:01:d2:49:cd:97:7c:f8:
                    34:37:13:90:33:ae:47:d4:0f:84:9b:ab:6b:b5:80:
                    68:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:D3:5B:6E:A4:14:36:9E:1A:72:B1:3D:DF:70:DD:FE:E9:AD:A5:E9
            X509v3 Authority Key Identifier:
                keyid:78:5B:49:0D:76:6F:4B:1C:21:1D:7D:AD:D6:EF:A7:70:F6:EB:9E:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eFtJDXZvSxwhHX2t1u-ncPbrniU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/5f343d-9b42-44b4-9067-7cae040e49e8/1/6dNbbqQUNp4acrE933Dd_umtpek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/5f343d-9b42-44b4-9067-7cae040e49e8/1/eFtJDXZvSxwhHX2t1u-ncPbrniU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:62:68:ec:d1:d2:91:64:1b:41:b5:ce:5b:39:a4:6d:cc:bb:
         fa:61:48:ad:7c:09:10:fa:a3:94:06:42:bf:38:a3:f0:8a:8c:
         49:2c:2a:e8:a3:89:8f:26:a3:ee:82:3b:66:af:1c:a5:b1:9b:
         5a:62:6f:02:49:3f:32:47:fc:84:13:3f:33:b7:b5:f3:e9:0f:
         f0:6e:79:c2:49:09:1a:df:8c:6e:03:b2:ee:b8:3e:2c:e7:fe:
         12:d0:91:f3:e6:3a:b5:cb:36:2d:ca:3c:3f:74:ba:f3:1b:fc:
         c4:de:46:19:f1:d7:f1:6e:3f:1d:9d:c6:7c:ee:fd:f7:74:63:
         08:1d:db:6b:82:f8:ed:e5:83:b7:20:36:4c:0f:1e:12:f6:6a:
         70:54:91:ee:7e:c0:c6:df:7c:4b:f9:43:9c:71:d4:00:68:fa:
         fb:62:f6:6e:cd:46:f6:35:b2:f7:d3:02:54:1a:72:e0:59:c5:
         de:ec:dd:fb:d8:ce:01:5c:bd:75:61:2b:e0:16:34:a5:2e:eb:
         79:ff:9a:b5:de:1f:f0:21:20:1e:5e:84:a8:6b:1c:fa:97:fa:
         c6:32:fc:8e:93:28:58:4e:ea:8e:98:1e:a0:38:99:82:e0:e1:
         6c:2a:22:77:7b:5f:d8:b6:0b:a2:3d:a3:bf:b5:8f:bd:3d:0e:
         73:4b:ba:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkrnORQkEPQrwge3ul+IMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4NWI0OTBkNzY2ZjRiMWMyMTFkN2RhZGQ2ZWZhNzcwZjZl
YjllMjUwHhcNMjQwMTAxMTAyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWQzNWI2ZWE0MTQzNjllMWE3MmIxM2RkZjcwZGRmZWU5YWRhNWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZS4pmFFnXrOyUG8CHPlbdzVdNNl
+JjmvkIiEIyVziVDQldA8amax1Bwg1T2wYGtA63YpoxCaWO0SAuiS3LBLcpdQnam
keaI13RUcJZGF1aTqDyvjtRJI9yVIK/fRN17TbYNkWaVtTQG8c7SRyja4gNQC2ip
3jo32N6ch6h2ofdkSBSK6uEoypPLD2Qqq1CARknRS1NDF6/o2KmKSIPHQS052gsN
eGGbOwMT2mqzwlCzXvCji3TcXiVmm0RZJH8tTmpTNrSwhH3k0bYXLVKNZZrFga5/
bW7Ivt4QpABjNCQwFeGuW0XoRQHSSc2XfPg0NxOQM65H1A+Em6trtYBo3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOnTW26kFDaeGnKxPd9w3f7praXpMB8GA1UdIwQY
MBaAFHhbSQ12b0scIR19rdbvp3D2654lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUZ0SkRYWnZTeHdoSFgydDF1LW5jUGJybmlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi81ZjM0M2QtOWI0Mi00NGI0LTkwNjct
N2NhZTA0MGU0OWU4LzEvNmROYmJxUVVOcDRhY3JFOTMzRGRfdW10cGVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi81ZjM0M2QtOWI0Mi00NGI0LTkwNjctN2NhZTA0MGU0OWU4
LzEvZUZ0SkRYWnZTeHdoSFgydDF1LW5jUGJybmlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZsQMA0G
CSqGSIb3DQEBCwUAA4IBAQA2Ymjs0dKRZBtBtc5bOaRtzLv6YUitfAkQ+qOUBkK/
OKPwioxJLCroo4mPJqPugjtmrxylsZtaYm8CST8yR/yEEz8zt7Xz6Q/wbnnCSQka
34xuA7LuuD4s5/4S0JHz5jq1yzYtyjw/dLrzG/zE3kYZ8dfxbj8dncZ87v33dGMI
Hdtrgvjt5YO3IDZMDx4S9mpwVJHufsDG33xL+UOccdQAaPr7YvZuzUb2NbL30wJU
GnLgWcXe7N372M4BXL11YSvgFjSlLut5/5q13h/wISAeXoSoaxz6l/rGMvyOkyhY
TuqOmB6gOJmC4OFsKiJ3e1/YtguiPaO/tY+9PQ5zS7qh
-----END CERTIFICATE-----