Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/0de899-22e1-463c-a4dd-c34e90d7f8ea/1/u_H138XZgajwjQ4LzarK3myMYbM.roa
File:                     u_H138XZgajwjQ4LzarK3myMYbM.roa (raw, json)
Hash identifier:          dZazOeuCiMdpLaG4J2+DsgExhCZ22gtanNoBqwkyGAg=
Subject key identifier:   BB:F1:F5:DF:C5:D9:81:A8:F0:8D:0E:0B:CD:AA:CA:DE:6C:8C:61:B3
Certificate issuer:       /CN=24a55bd68397566895b15ecb97fc1d65c0c879ce
Certificate serial:       018CC8DD03E0B8D4B25A7722DF94B14D0227
Authority key identifier: 24:A5:5B:D6:83:97:56:68:95:B1:5E:CB:97:FC:1D:65:C0:C8:79:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JKVb1oOXVmiVsV7Ll_wdZcDIec4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/0de899-22e1-463c-a4dd-c34e90d7f8ea/1/u_H138XZgajwjQ4LzarK3myMYbM.roa
Signing time:             Tue 02 Jan 2024 06:29:36 +0000
ROA not before:           Tue 02 Jan 2024 06:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31543
IP address blocks:        185.110.136.0/22 maxlen: 24
                          2a06:5680::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/0de899-22e1-463c-a4dd-c34e90d7f8ea/1/JKVb1oOXVmiVsV7Ll_wdZcDIec4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/0de899-22e1-463c-a4dd-c34e90d7f8ea/1/JKVb1oOXVmiVsV7Ll_wdZcDIec4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JKVb1oOXVmiVsV7Ll_wdZcDIec4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 18:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dd:03:e0:b8:d4:b2:5a:77:22:df:94:b1:4d:02:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24a55bd68397566895b15ecb97fc1d65c0c879ce
        Validity
            Not Before: Jan  2 06:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bbf1f5dfc5d981a8f08d0e0bcdaacade6c8c61b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:dc:67:a3:37:16:d0:56:34:2f:f1:24:08:b2:
                    6a:bd:12:41:01:73:ff:7d:1e:df:12:de:6f:10:a9:
                    37:20:c5:d5:84:bf:07:e0:a8:34:24:0b:ab:0a:ba:
                    ca:7a:d8:0d:99:7d:b6:e2:e1:db:b5:a2:23:b1:f6:
                    a4:c9:ac:87:0d:0e:fd:1f:e8:2f:62:bc:a3:9e:b6:
                    4a:68:a0:73:13:29:bd:96:91:a2:eb:88:5b:67:ce:
                    c4:63:de:7e:95:4d:a8:06:a8:da:9c:75:03:f9:f9:
                    c6:3f:74:f5:2a:ad:db:82:15:47:c6:a2:ff:84:ca:
                    55:5e:74:de:07:3b:a0:9a:ef:28:ab:9b:bd:dd:16:
                    7d:c4:31:50:2d:29:62:b8:a3:98:de:62:fd:a7:d5:
                    8d:3f:63:09:e4:10:a3:9a:df:35:55:d2:48:01:51:
                    65:5b:d9:fb:b9:f7:7e:1c:12:04:43:97:20:e1:2f:
                    e6:dd:10:cf:b6:1f:f7:62:bc:19:8b:cf:ed:67:fc:
                    eb:eb:d2:c0:8f:6e:97:cb:d5:ed:cc:e7:49:77:7a:
                    f3:97:47:7d:98:24:af:b1:02:0d:7a:0d:49:91:f1:
                    1a:ee:c9:a9:59:f6:89:7c:ae:1c:be:e8:a8:19:a9:
                    a6:5d:8a:48:11:4e:f8:01:22:6b:70:48:3a:17:9a:
                    de:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:F1:F5:DF:C5:D9:81:A8:F0:8D:0E:0B:CD:AA:CA:DE:6C:8C:61:B3
            X509v3 Authority Key Identifier:
                keyid:24:A5:5B:D6:83:97:56:68:95:B1:5E:CB:97:FC:1D:65:C0:C8:79:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JKVb1oOXVmiVsV7Ll_wdZcDIec4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/0de899-22e1-463c-a4dd-c34e90d7f8ea/1/u_H138XZgajwjQ4LzarK3myMYbM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/0de899-22e1-463c-a4dd-c34e90d7f8ea/1/JKVb1oOXVmiVsV7Ll_wdZcDIec4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.110.136.0/22
                IPv6:
                  2a06:5680::/29

    Signature Algorithm: sha256WithRSAEncryption
         15:c7:a3:c5:88:80:fe:03:e9:28:21:83:8d:c4:2d:bc:fd:89:
         47:d5:b0:03:f6:3e:92:3f:67:11:9c:89:b7:d2:89:93:04:2f:
         c6:0d:b3:fd:94:ea:67:44:bb:4c:c7:af:61:d6:02:c9:7f:cb:
         00:3d:b6:47:aa:9a:94:e3:d6:6c:a0:a1:35:6c:87:37:91:3a:
         18:0d:f1:92:17:fc:0a:5c:f8:e3:37:74:de:10:aa:ee:5a:bd:
         2f:ee:d6:af:9d:e3:4a:f3:23:76:f1:2f:8e:7a:33:36:1b:e8:
         29:47:62:7b:3e:a0:6c:7c:e1:20:a8:df:31:a1:cd:9f:6c:7f:
         e1:99:f9:fe:50:1b:82:a3:ab:e7:bb:0f:99:e4:80:91:44:9d:
         3c:c2:91:85:1b:75:cb:2d:0e:6a:e1:41:86:0d:6e:8b:2a:c5:
         51:d4:74:1a:50:ec:5f:01:14:21:b9:68:8f:69:b9:19:8b:9d:
         f8:5c:8d:a0:25:76:dc:e6:4f:69:3b:8f:1a:38:a7:06:8d:99:
         88:54:77:49:22:d7:d8:39:1a:88:00:74:e7:63:d5:22:4e:2a:
         b4:36:a2:72:af:c0:3d:ad:3b:31:4b:02:16:4a:de:b7:83:28:
         a9:25:a5:4b:7a:63:59:d0:35:65:79:ed:76:87:e1:0b:2b:4a:
         49:aa:8f:e6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3QPguNSyWnci35SxTQInMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0YTU1YmQ2ODM5NzU2Njg5NWIxNWVjYjk3ZmMxZDY1YzBj
ODc5Y2UwHhcNMjQwMTAyMDYyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmYxZjVkZmM1ZDk4MWE4ZjA4ZDBlMGJjZGFhY2FkZTZjOGM2MWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh9xnozcW0FY0L/EkCLJqvRJBAXP/
fR7fEt5vEKk3IMXVhL8H4Kg0JAurCrrKetgNmX224uHbtaIjsfakyayHDQ79H+gv
YryjnrZKaKBzEym9lpGi64hbZ87EY95+lU2oBqjanHUD+fnGP3T1Kq3bghVHxqL/
hMpVXnTeBzugmu8oq5u93RZ9xDFQLSliuKOY3mL9p9WNP2MJ5BCjmt81VdJIAVFl
W9n7ufd+HBIEQ5cg4S/m3RDPth/3YrwZi8/tZ/zr69LAj26Xy9XtzOdJd3rzl0d9
mCSvsQINeg1JkfEa7smpWfaJfK4cvuioGammXYpIEU74ASJrcEg6F5reEQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLvx9d/F2YGo8I0OC82qyt5sjGGzMB8GA1UdIwQY
MBaAFCSlW9aDl1ZolbFey5f8HWXAyHnOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSktWYjFvT1hWbWlWc1Y3TGxfd2RaY0RJZWM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8wZGU4OTktMjJlMS00NjNjLWE0ZGQt
YzM0ZTkwZDdmOGVhLzEvdV9IMTM4WFpnYWp3alE0THphckszbXlNWWJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8wZGU4OTktMjJlMS00NjNjLWE0ZGQtYzM0ZTkwZDdmOGVh
LzEvSktWYjFvT1hWbWlWc1Y3TGxfd2RaY0RJZWM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuW6IMA0E
AgACMAcDBQMqBlaAMA0GCSqGSIb3DQEBCwUAA4IBAQAVx6PFiID+A+koIYONxC28
/YlH1bAD9j6SP2cRnIm30omTBC/GDbP9lOpnRLtMx69h1gLJf8sAPbZHqpqU49Zs
oKE1bIc3kToYDfGSF/wKXPjjN3TeEKruWr0v7tavneNK8yN28S+OejM2G+gpR2J7
PqBsfOEgqN8xoc2fbH/hmfn+UBuCo6vnuw+Z5ICRRJ08wpGFG3XLLQ5q4UGGDW6L
KsVR1HQaUOxfARQhuWiPabkZi534XI2gJXbc5k9pO48aOKcGjZmIVHdJItfYORqI
AHTnY9UiTiq0NqJyr8A9rTsxSwIWSt63gyipJaVLemNZ0DVlee12h+ELK0pJqo/m
-----END CERTIFICATE-----