Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/1f2c8f-8ed9-4b7e-aa1e-d3c4f5dcbe4c/1/UpRx0DjmHzgKEw2hcWllOapMe9M.roa
File:                     UpRx0DjmHzgKEw2hcWllOapMe9M.roa (raw, json)
Hash identifier:          3nouHW09Gom/8ZjtO/+k8+C9l6TqlQoAkIJ6jhFUcVo=
Subject key identifier:   52:94:71:D0:38:E6:1F:38:0A:13:0D:A1:71:69:65:39:AA:4C:7B:D3
Certificate issuer:       /CN=8b8af6af57ddfc5c7aa828cf225f98dce95904a0
Certificate serial:       018CC42457C1A529CE92613085DB8AAE06E9
Authority key identifier: 8B:8A:F6:AF:57:DD:FC:5C:7A:A8:28:CF:22:5F:98:DC:E9:59:04:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i4r2r1fd_Fx6qCjPIl-Y3OlZBKA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/1f2c8f-8ed9-4b7e-aa1e-d3c4f5dcbe4c/1/UpRx0DjmHzgKEw2hcWllOapMe9M.roa
Signing time:             Mon 01 Jan 2024 08:29:25 +0000
ROA not before:           Mon 01 Jan 2024 08:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207282
IP address blocks:        193.135.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/1f2c8f-8ed9-4b7e-aa1e-d3c4f5dcbe4c/1/i4r2r1fd_Fx6qCjPIl-Y3OlZBKA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/1f2c8f-8ed9-4b7e-aa1e-d3c4f5dcbe4c/1/i4r2r1fd_Fx6qCjPIl-Y3OlZBKA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i4r2r1fd_Fx6qCjPIl-Y3OlZBKA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:57:c1:a5:29:ce:92:61:30:85:db:8a:ae:06:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b8af6af57ddfc5c7aa828cf225f98dce95904a0
        Validity
            Not Before: Jan  1 08:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=529471d038e61f380a130da171696539aa4c7bd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:cb:58:a5:9a:32:49:b9:5c:f2:7f:c8:30:1d:
                    6d:13:5f:e2:12:e2:d1:a3:53:cf:27:99:7f:5f:d7:
                    f0:e3:ca:2e:1d:aa:9d:d6:d4:22:47:7d:69:0c:63:
                    89:55:63:03:a2:36:7d:da:a1:49:87:e6:10:f7:db:
                    fb:e9:77:4e:0b:06:fd:50:fc:6b:39:1e:0b:4f:ff:
                    65:b3:9d:34:09:57:87:f9:8b:5b:42:a8:c2:d6:8e:
                    79:9e:f1:39:cc:0a:4d:e9:a5:f5:8f:5e:10:03:2b:
                    11:68:7b:f5:d9:71:0a:1b:4b:46:53:25:23:a4:30:
                    d0:e3:a5:9c:3d:48:5a:92:31:05:fa:a5:6d:81:c1:
                    10:65:a7:4e:8d:0d:f3:3b:b2:61:ed:ec:1f:aa:85:
                    ef:21:4c:6d:85:02:b8:d5:6a:3b:fd:29:96:8f:16:
                    07:75:d7:04:65:96:3d:3b:26:ab:7f:b8:ab:cb:86:
                    87:a8:77:ac:85:5f:a0:2c:9d:d9:ba:18:b8:67:84:
                    94:e2:6f:a6:b9:cf:f6:54:bd:2b:f8:1a:3c:3c:53:
                    b5:c8:38:58:76:91:62:8e:5c:d1:ba:da:2e:16:3e:
                    7b:5c:27:bb:4f:3c:b7:d3:fb:05:79:1d:54:84:72:
                    a0:dc:50:43:75:de:cf:ea:00:8d:c0:b0:bc:51:f3:
                    1f:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:94:71:D0:38:E6:1F:38:0A:13:0D:A1:71:69:65:39:AA:4C:7B:D3
            X509v3 Authority Key Identifier:
                keyid:8B:8A:F6:AF:57:DD:FC:5C:7A:A8:28:CF:22:5F:98:DC:E9:59:04:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i4r2r1fd_Fx6qCjPIl-Y3OlZBKA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/1f2c8f-8ed9-4b7e-aa1e-d3c4f5dcbe4c/1/UpRx0DjmHzgKEw2hcWllOapMe9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/1f2c8f-8ed9-4b7e-aa1e-d3c4f5dcbe4c/1/i4r2r1fd_Fx6qCjPIl-Y3OlZBKA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.135.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:08:48:1e:c2:fd:e1:14:d3:0c:8f:72:a7:53:ea:bc:41:b6:
         9e:f3:35:dc:9f:12:16:e4:6a:c6:20:c4:14:2d:3e:43:dc:13:
         be:a2:f2:ac:7b:39:0d:24:d0:84:e3:f6:83:61:65:e7:e4:b8:
         f9:1e:e8:d8:34:b8:f6:39:93:0e:f0:89:10:9c:a0:45:ad:e8:
         7b:fc:59:7e:4c:d4:ed:ec:ba:9c:fe:81:4c:3f:59:ce:72:1d:
         8f:65:3b:74:ce:15:f6:2c:61:02:b7:c1:c4:80:be:97:2d:11:
         af:74:8f:94:ea:3f:82:7a:fc:0c:71:3d:88:38:52:e9:af:8a:
         a0:42:54:71:12:3a:60:23:2d:eb:b0:78:51:41:72:35:dc:d5:
         48:92:66:0e:77:a0:06:be:63:b7:7f:5a:48:53:93:49:f2:dc:
         26:9d:d3:b2:42:67:a8:37:b9:b8:7a:c8:8e:f8:37:c6:71:62:
         da:95:44:33:d1:f4:79:b9:4c:41:3b:fc:86:ac:75:2b:30:e3:
         36:9c:81:f3:30:4a:b3:87:82:05:a5:d3:d8:59:f4:72:64:44:
         6c:44:83:f4:5f:9d:d8:15:c7:df:e3:ef:92:05:f4:38:cf:bc:
         42:26:fc:05:a3:45:b6:ac:a7:75:97:0e:23:81:ee:a8:74:8b:
         89:29:63:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJFfBpSnOkmEwhduKrgbpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiOGFmNmFmNTdkZGZjNWM3YWE4MjhjZjIyNWY5OGRjZTk1
OTA0YTAwHhcNMjQwMTAxMDgyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Mjk0NzFkMDM4ZTYxZjM4MGExMzBkYTE3MTY5NjUzOWFhNGM3YmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw8tYpZoySblc8n/IMB1tE1/iEuLR
o1PPJ5l/X9fw48ouHaqd1tQiR31pDGOJVWMDojZ92qFJh+YQ99v76XdOCwb9UPxr
OR4LT/9ls500CVeH+YtbQqjC1o55nvE5zApN6aX1j14QAysRaHv12XEKG0tGUyUj
pDDQ46WcPUhakjEF+qVtgcEQZadOjQ3zO7Jh7ewfqoXvIUxthQK41Wo7/SmWjxYH
ddcEZZY9Oyarf7iry4aHqHeshV+gLJ3Zuhi4Z4SU4m+muc/2VL0r+Bo8PFO1yDhY
dpFijlzRutouFj57XCe7Tzy30/sFeR1UhHKg3FBDdd7P6gCNwLC8UfMfSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFKUcdA45h84ChMNoXFpZTmqTHvTMB8GA1UdIwQY
MBaAFIuK9q9X3fxceqgozyJfmNzpWQSgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTRyMnIxZmRfRng2cUNqUElsLVkzT2xaQktBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC8xZjJjOGYtOGVkOS00YjdlLWFhMWUt
ZDNjNGY1ZGNiZTRjLzEvVXBSeDBEam1IemdLRXcyaGNXbGxPYXBNZTlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC8xZjJjOGYtOGVkOS00YjdlLWFhMWUtZDNjNGY1ZGNiZTRj
LzEvaTRyMnIxZmRfRng2cUNqUElsLVkzT2xaQktBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwYcUMA0G
CSqGSIb3DQEBCwUAA4IBAQA2CEgewv3hFNMMj3KnU+q8Qbae8zXcnxIW5GrGIMQU
LT5D3BO+ovKsezkNJNCE4/aDYWXn5Lj5HujYNLj2OZMO8IkQnKBFreh7/Fl+TNTt
7Lqc/oFMP1nOch2PZTt0zhX2LGECt8HEgL6XLRGvdI+U6j+CevwMcT2IOFLpr4qg
QlRxEjpgIy3rsHhRQXI13NVIkmYOd6AGvmO3f1pIU5NJ8twmndOyQmeoN7m4esiO
+DfGcWLalUQz0fR5uUxBO/yGrHUrMOM2nIHzMEqzh4IFpdPYWfRyZERsRIP0X53Y
Fcff4++SBfQ4z7xCJvwFo0W2rKd1lw4jge6odIuJKWOa
-----END CERTIFICATE-----