Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/5914af-3ab8-4182-a8ab-c2c98d2b6a65/1/UCryidCnHxBFaIC5h-TICb65T-0.roa
File:                     UCryidCnHxBFaIC5h-TICb65T-0.roa (raw, json)
Hash identifier:          jfqfvSsw6q2OKgu6za8PIViD6qlN0jgPvaDkDdlzXEU=
Subject key identifier:   50:2A:F2:89:D0:A7:1F:10:45:68:80:B9:87:E4:C8:09:BE:B9:4F:ED
Certificate issuer:       /CN=1d43453955846773b5256e4279a03d5a3b2b5963
Certificate serial:       018E3C47714A69FE0BAA168C5728A4C6957E
Authority key identifier: 1D:43:45:39:55:84:67:73:B5:25:6E:42:79:A0:3D:5A:3B:2B:59:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HUNFOVWEZ3O1JW5CeaA9WjsrWWM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/5914af-3ab8-4182-a8ab-c2c98d2b6a65/1/UCryidCnHxBFaIC5h-TICb65T-0.roa
Signing time:             Thu 14 Mar 2024 09:24:58 +0000
ROA not before:           Thu 14 Mar 2024 09:24:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12731
IP address blocks:        193.41.8.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/5914af-3ab8-4182-a8ab-c2c98d2b6a65/1/HUNFOVWEZ3O1JW5CeaA9WjsrWWM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/5914af-3ab8-4182-a8ab-c2c98d2b6a65/1/HUNFOVWEZ3O1JW5CeaA9WjsrWWM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HUNFOVWEZ3O1JW5CeaA9WjsrWWM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:3c:47:71:4a:69:fe:0b:aa:16:8c:57:28:a4:c6:95:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d43453955846773b5256e4279a03d5a3b2b5963
        Validity
            Not Before: Mar 14 09:24:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=502af289d0a71f10456880b987e4c809beb94fed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:79:c8:8c:4c:97:c3:54:90:e3:bc:3c:b7:45:
                    5e:61:92:18:c7:93:62:9c:2a:f9:43:53:e0:45:61:
                    93:7a:d0:b3:55:b3:60:2a:95:e4:6f:2f:e1:3a:df:
                    e0:d4:81:d1:f0:bb:1f:92:15:53:cf:17:07:0b:ed:
                    aa:f9:c6:cc:3d:e1:78:62:4e:79:69:5f:f2:bd:3b:
                    d3:fa:06:ad:a1:a9:9e:8a:b6:83:44:5f:1f:50:40:
                    65:ae:25:9e:c5:f1:0b:63:ea:49:26:88:39:f8:b2:
                    93:a9:f4:59:07:75:46:c6:d0:ee:6d:31:9f:80:e0:
                    6b:34:8d:98:a3:0f:9c:7a:54:37:b2:e1:ec:1c:d7:
                    34:24:97:19:cb:08:aa:49:67:6f:ff:2c:14:1d:23:
                    64:19:30:c0:d6:35:0b:c2:2a:ab:af:b3:c5:9a:01:
                    8d:44:f4:a0:3d:90:4f:05:64:5e:53:d8:86:d5:7f:
                    6c:8a:94:f1:17:42:9c:28:3f:50:87:a1:fa:5f:42:
                    b2:74:6c:2e:dd:20:95:4e:74:2f:85:5e:7f:db:22:
                    fc:33:8d:2c:3e:4b:a6:3f:e5:29:b0:bc:b9:0e:cf:
                    19:e8:bb:c5:89:46:d0:e3:ff:c3:b6:82:25:98:41:
                    ab:08:c9:92:91:08:75:c1:1e:9a:8e:10:28:11:f8:
                    12:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:2A:F2:89:D0:A7:1F:10:45:68:80:B9:87:E4:C8:09:BE:B9:4F:ED
            X509v3 Authority Key Identifier:
                keyid:1D:43:45:39:55:84:67:73:B5:25:6E:42:79:A0:3D:5A:3B:2B:59:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HUNFOVWEZ3O1JW5CeaA9WjsrWWM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/5914af-3ab8-4182-a8ab-c2c98d2b6a65/1/UCryidCnHxBFaIC5h-TICb65T-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/5914af-3ab8-4182-a8ab-c2c98d2b6a65/1/HUNFOVWEZ3O1JW5CeaA9WjsrWWM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.41.8.0/23

    Signature Algorithm: sha256WithRSAEncryption
         89:cf:fc:ea:dd:da:3a:0d:a0:ed:1f:28:44:f1:d4:fa:dc:05:
         a2:9f:37:0f:44:1e:77:d5:43:79:da:2f:7b:8e:22:5a:91:a4:
         2b:66:5f:77:0e:bc:67:4a:f5:ac:92:a8:6e:33:5e:72:7c:4e:
         d1:a4:36:0b:ab:8b:07:3d:95:49:13:5b:16:0d:72:b6:d5:96:
         38:de:d9:c5:4a:0d:e1:d7:88:81:8f:28:a0:d0:1a:12:28:d4:
         4d:23:ff:79:e8:96:e6:f2:58:a7:af:00:5e:f4:c9:2b:3a:c5:
         a5:c4:2a:e3:43:39:1e:6b:33:8e:51:44:ff:fe:71:29:5f:94:
         e3:b9:d4:6b:61:aa:d1:12:da:5d:05:7e:df:41:6b:30:3c:6b:
         5d:d9:e5:89:9c:2c:a9:d7:b5:18:08:f7:fc:a8:c7:3a:40:e4:
         4b:06:fb:eb:49:28:3f:c8:f2:57:70:58:03:01:28:40:34:40:
         b7:fe:3f:86:24:a9:4a:b9:f6:92:5b:2e:69:55:62:ac:f7:8e:
         27:f0:b2:b0:d7:01:8f:de:09:ba:60:66:9a:12:6a:a7:e9:4d:
         2d:f4:55:1b:a9:5a:48:c5:e4:c9:4e:7a:8c:d8:ab:93:21:d0:
         11:76:63:14:d2:db:32:bb:5a:e6:14:ae:36:e1:8b:e4:13:31:
         b3:7d:87:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY48R3FKaf4LqhaMVyikxpV+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNDM0NTM5NTU4NDY3NzNiNTI1NmU0Mjc5YTAzZDVhM2Iy
YjU5NjMwHhcNMjQwMzE0MDkyNDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDJhZjI4OWQwYTcxZjEwNDU2ODgwYjk4N2U0YzgwOWJlYjk0ZmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiXnIjEyXw1SQ47w8t0VeYZIYx5Ni
nCr5Q1PgRWGTetCzVbNgKpXkby/hOt/g1IHR8LsfkhVTzxcHC+2q+cbMPeF4Yk55
aV/yvTvT+gatoameiraDRF8fUEBlriWexfELY+pJJog5+LKTqfRZB3VGxtDubTGf
gOBrNI2Yow+celQ3suHsHNc0JJcZywiqSWdv/ywUHSNkGTDA1jULwiqrr7PFmgGN
RPSgPZBPBWReU9iG1X9sipTxF0KcKD9Qh6H6X0KydGwu3SCVTnQvhV5/2yL8M40s
PkumP+UpsLy5Ds8Z6LvFiUbQ4//DtoIlmEGrCMmSkQh1wR6ajhAoEfgS8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFAq8onQpx8QRWiAuYfkyAm+uU/tMB8GA1UdIwQY
MBaAFB1DRTlVhGdztSVuQnmgPVo7K1ljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFVORk9WV0VaM08xSlc1Q2VhQTlXanNyV1dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS81OTE0YWYtM2FiOC00MTgyLWE4YWIt
YzJjOThkMmI2YTY1LzEvVUNyeWlkQ25IeEJGYUlDNWgtVElDYjY1VC0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS81OTE0YWYtM2FiOC00MTgyLWE4YWItYzJjOThkMmI2YTY1
LzEvSFVORk9WV0VaM08xSlc1Q2VhQTlXanNyV1dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwSkIMA0G
CSqGSIb3DQEBCwUAA4IBAQCJz/zq3do6DaDtHyhE8dT63AWinzcPRB531UN52i97
jiJakaQrZl93DrxnSvWskqhuM15yfE7RpDYLq4sHPZVJE1sWDXK21ZY43tnFSg3h
14iBjyig0BoSKNRNI/956Jbm8linrwBe9MkrOsWlxCrjQzkeazOOUUT//nEpX5Tj
udRrYarREtpdBX7fQWswPGtd2eWJnCyp17UYCPf8qMc6QORLBvvrSSg/yPJXcFgD
AShANEC3/j+GJKlKufaSWy5pVWKs944n8LKw1wGP3gm6YGaaEmqn6U0t9FUbqVpI
xeTJTnqM2KuTIdARdmMU0tsyu1rmFK424YvkEzGzfYe9
-----END CERTIFICATE-----