Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/8f59ec-f92c-423d-8fb7-6e9addc8162b/1/U-Lt4cmYgWLB-ZOLpT6xNxfEShM.roa
File:                     U-Lt4cmYgWLB-ZOLpT6xNxfEShM.roa (raw, json)
Hash identifier:          7ZBJAW46qmtrIir4ct7hphzS4N+DBKTG20oriKLCqu4=
Subject key identifier:   53:E2:ED:E1:C9:98:81:62:C1:F9:93:8B:A5:3E:B1:37:17:C4:4A:13
Certificate issuer:       /CN=4eeb6b2c3e09ca1c45fd7547e458946cc8a468b4
Certificate serial:       018CC8DE24F7671A2E0D6E9316170F69CF19
Authority key identifier: 4E:EB:6B:2C:3E:09:CA:1C:45:FD:75:47:E4:58:94:6C:C8:A4:68:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TutrLD4JyhxF_XVH5FiUbMikaLQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/8f59ec-f92c-423d-8fb7-6e9addc8162b/1/U-Lt4cmYgWLB-ZOLpT6xNxfEShM.roa
Signing time:             Tue 02 Jan 2024 06:30:50 +0000
ROA not before:           Tue 02 Jan 2024 06:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     4755
IP address blocks:        185.109.120.0/22 maxlen: 24
                          193.188.64.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/8f59ec-f92c-423d-8fb7-6e9addc8162b/1/TutrLD4JyhxF_XVH5FiUbMikaLQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/8f59ec-f92c-423d-8fb7-6e9addc8162b/1/TutrLD4JyhxF_XVH5FiUbMikaLQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TutrLD4JyhxF_XVH5FiUbMikaLQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:24:f7:67:1a:2e:0d:6e:93:16:17:0f:69:cf:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4eeb6b2c3e09ca1c45fd7547e458946cc8a468b4
        Validity
            Not Before: Jan  2 06:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53e2ede1c9988162c1f9938ba53eb13717c44a13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:21:a1:ea:91:59:0c:c0:bf:2f:fc:b0:f0:73:
                    d9:08:04:94:23:55:72:4c:bf:57:66:53:8a:9b:b3:
                    56:2e:6a:b1:13:18:81:f2:54:94:aa:e8:ae:55:b0:
                    3e:34:a8:11:c1:7f:b1:cb:c4:b4:85:26:03:db:8b:
                    49:7b:be:5b:3f:8c:ff:73:a6:93:3e:43:4e:50:54:
                    8a:7e:17:2e:47:b0:17:8d:58:3b:8f:18:08:61:ba:
                    3a:4e:d8:a1:0a:da:33:65:77:0c:3d:fe:4b:38:5a:
                    43:0b:1a:1f:99:1a:03:b2:f3:72:45:3e:b0:46:97:
                    82:cb:9a:04:61:0c:2d:67:fd:0b:d6:b9:27:fc:cb:
                    df:eb:fa:8e:3f:2f:90:71:84:71:b0:65:55:86:bd:
                    b7:f3:3f:69:09:be:9d:53:8c:49:0c:42:49:d1:a4:
                    be:12:9c:ce:a6:59:c6:95:4e:3b:90:8c:2f:d6:98:
                    2c:93:cb:96:f8:e4:c7:1d:ae:03:4d:5d:e6:0d:31:
                    fa:9c:ff:6e:7a:bc:9f:0b:17:b6:fb:31:6d:ff:b3:
                    7d:53:cc:2d:e4:51:b6:dd:ff:b0:07:07:3d:3c:dc:
                    da:2f:a4:1e:5c:48:99:d1:5a:d7:7e:e1:50:bc:7b:
                    ab:5f:5f:0d:51:e5:a8:6c:6d:13:54:e2:b6:b2:9e:
                    73:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:E2:ED:E1:C9:98:81:62:C1:F9:93:8B:A5:3E:B1:37:17:C4:4A:13
            X509v3 Authority Key Identifier:
                keyid:4E:EB:6B:2C:3E:09:CA:1C:45:FD:75:47:E4:58:94:6C:C8:A4:68:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TutrLD4JyhxF_XVH5FiUbMikaLQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/8f59ec-f92c-423d-8fb7-6e9addc8162b/1/U-Lt4cmYgWLB-ZOLpT6xNxfEShM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/8f59ec-f92c-423d-8fb7-6e9addc8162b/1/TutrLD4JyhxF_XVH5FiUbMikaLQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.109.120.0/22
                  193.188.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         32:d9:c0:2d:b5:7a:5d:92:25:84:64:af:7b:65:84:35:bb:ab:
         8a:b7:9a:b2:7a:18:20:e4:2e:ad:7d:bf:33:de:fc:b7:86:80:
         8c:a8:22:4d:67:7d:a6:9d:c1:a9:ea:70:d6:7d:78:df:e5:35:
         e4:97:03:d4:2a:12:7e:51:f0:fb:c4:ba:8d:73:e5:c6:b9:0a:
         70:73:a8:46:99:a3:c0:06:0c:92:23:19:9b:a2:1a:41:5c:79:
         fe:37:63:70:79:92:01:18:73:ec:4d:be:bd:7e:c6:91:f0:53:
         ab:52:13:77:ae:ba:0c:97:24:bc:0e:ca:a1:83:56:fa:84:d2:
         5e:2c:29:61:8a:66:e3:26:50:c1:20:cc:03:c9:4b:95:48:29:
         50:7c:20:c7:3d:d9:bf:fd:66:f5:c3:bb:92:6a:f0:b3:3e:c9:
         77:b7:fc:73:70:7a:2d:3f:37:16:ad:a7:c2:91:c6:8a:39:1d:
         15:56:48:5c:b7:a7:91:c0:a6:3b:a9:c3:46:73:93:2d:42:98:
         09:84:1b:8d:8b:7b:a5:94:51:72:44:84:64:f7:10:4b:0b:da:
         83:13:7c:35:13:89:f2:72:c6:36:23:ee:7a:a3:d1:de:e3:99:
         ec:76:9c:fa:9a:ac:2c:20:32:d5:a1:5a:4c:16:a1:90:94:2c:
         e7:06:1e:59
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3iT3ZxouDW6TFhcPac8ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlZWI2YjJjM2UwOWNhMWM0NWZkNzU0N2U0NTg5NDZjYzhh
NDY4YjQwHhcNMjQwMTAyMDYzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2UyZWRlMWM5OTg4MTYyYzFmOTkzOGJhNTNlYjEzNzE3YzQ0YTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkCGh6pFZDMC/L/yw8HPZCASUI1Vy
TL9XZlOKm7NWLmqxExiB8lSUquiuVbA+NKgRwX+xy8S0hSYD24tJe75bP4z/c6aT
PkNOUFSKfhcuR7AXjVg7jxgIYbo6TtihCtozZXcMPf5LOFpDCxofmRoDsvNyRT6w
RpeCy5oEYQwtZ/0L1rkn/Mvf6/qOPy+QcYRxsGVVhr238z9pCb6dU4xJDEJJ0aS+
EpzOplnGlU47kIwv1pgsk8uW+OTHHa4DTV3mDTH6nP9ueryfCxe2+zFt/7N9U8wt
5FG23f+wBwc9PNzaL6QeXEiZ0VrXfuFQvHurX18NUeWobG0TVOK2sp5z2wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFPi7eHJmIFiwfmTi6U+sTcXxEoTMB8GA1UdIwQY
MBaAFE7rayw+CcocRf11R+RYlGzIpGi0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHV0ckxENEp5aHhGX1hWSDVGaVViTWlrYUxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi84ZjU5ZWMtZjkyYy00MjNkLThmYjct
NmU5YWRkYzgxNjJiLzEvVS1MdDRjbVlnV0xCLVpPTHBUNnhOeGZFU2hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi84ZjU5ZWMtZjkyYy00MjNkLThmYjctNmU5YWRkYzgxNjJi
LzEvVHV0ckxENEp5aHhGX1hWSDVGaVViTWlrYUxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuW14AwQF
wbxAMA0GCSqGSIb3DQEBCwUAA4IBAQAy2cAttXpdkiWEZK97ZYQ1u6uKt5qyehgg
5C6tfb8z3vy3hoCMqCJNZ32mncGp6nDWfXjf5TXklwPUKhJ+UfD7xLqNc+XGuQpw
c6hGmaPABgySIxmbohpBXHn+N2NweZIBGHPsTb69fsaR8FOrUhN3rroMlyS8Dsqh
g1b6hNJeLClhimbjJlDBIMwDyUuVSClQfCDHPdm//Wb1w7uSavCzPsl3t/xzcHot
PzcWrafCkcaKOR0VVkhct6eRwKY7qcNGc5MtQpgJhBuNi3ullFFyRIRk9xBLC9qD
E3w1E4nycsY2I+56o9He45nsdpz6mqwsIDLVoVpMFqGQlCznBh5Z
-----END CERTIFICATE-----