Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/fbd911-8d37-4e3e-9599-fc29caa5db7a/1/UkV5tvi6yx4MZEGDoI2pLtrcdRc.roa
File:                     UkV5tvi6yx4MZEGDoI2pLtrcdRc.roa (raw, json)
Hash identifier:          pU7lw3GZ2x2sssvMdUHQfcPQ7Ur2cj41RyXYLSuWP7g=
Subject key identifier:   52:45:79:B6:F8:BA:CB:1E:0C:64:41:83:A0:8D:A9:2E:DA:DC:75:17
Certificate issuer:       /CN=bdb143996dfeff5f49cd2b09b941d0d5e578b3ff
Certificate serial:       018CC5005B815B269106328D94C7D46BF234
Authority key identifier: BD:B1:43:99:6D:FE:FF:5F:49:CD:2B:09:B9:41:D0:D5:E5:78:B3:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vbFDmW3-_19JzSsJuUHQ1eV4s_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/fbd911-8d37-4e3e-9599-fc29caa5db7a/1/UkV5tvi6yx4MZEGDoI2pLtrcdRc.roa
Signing time:             Mon 01 Jan 2024 12:29:44 +0000
ROA not before:           Mon 01 Jan 2024 12:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.135.128.0/24 maxlen: 24
                          195.191.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/fbd911-8d37-4e3e-9599-fc29caa5db7a/1/vbFDmW3-_19JzSsJuUHQ1eV4s_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/fbd911-8d37-4e3e-9599-fc29caa5db7a/1/vbFDmW3-_19JzSsJuUHQ1eV4s_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vbFDmW3-_19JzSsJuUHQ1eV4s_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:5b:81:5b:26:91:06:32:8d:94:c7:d4:6b:f2:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdb143996dfeff5f49cd2b09b941d0d5e578b3ff
        Validity
            Not Before: Jan  1 12:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=524579b6f8bacb1e0c644183a08da92edadc7517
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:5c:89:0a:70:dc:7a:3a:ae:c8:9f:9f:db:06:
                    e6:f6:2c:bc:ba:14:39:41:5f:3f:4b:cc:de:f4:99:
                    42:7c:2f:67:62:32:5b:46:5f:f1:d2:03:1a:3f:fa:
                    74:7d:e2:45:bd:e7:4e:92:4a:f7:82:20:fe:92:d8:
                    7e:71:09:ce:08:65:0d:0f:44:46:b2:1f:9a:83:c6:
                    b2:a4:85:ca:61:3d:7a:54:27:3e:bb:aa:77:dd:65:
                    af:69:6b:8e:20:83:25:a8:29:1b:f7:78:2a:24:bc:
                    82:25:4b:10:d3:7b:a2:72:55:38:50:4c:74:76:31:
                    ae:71:82:9d:0a:b7:09:a8:1b:c2:ee:c4:56:09:b0:
                    9d:cb:37:66:54:00:ef:6e:55:ca:6f:70:83:07:72:
                    0e:9d:b2:57:34:ad:43:a8:21:37:eb:52:ad:74:08:
                    a7:ac:9f:2a:7c:c8:62:d2:b2:5b:cf:b6:cd:e8:3d:
                    b5:00:6f:1d:eb:75:ec:1e:9e:53:76:bb:1c:a1:72:
                    29:84:9b:bc:fc:60:0e:4c:28:5a:ef:46:24:0a:e8:
                    1f:d0:10:d9:53:ad:ca:50:a5:44:b1:4e:f1:50:5a:
                    79:96:ce:c5:ff:36:32:a5:b8:d8:fe:ea:b2:80:97:
                    ec:26:a6:57:6e:a9:50:f9:dc:15:3c:e6:d9:be:0f:
                    d9:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:45:79:B6:F8:BA:CB:1E:0C:64:41:83:A0:8D:A9:2E:DA:DC:75:17
            X509v3 Authority Key Identifier:
                keyid:BD:B1:43:99:6D:FE:FF:5F:49:CD:2B:09:B9:41:D0:D5:E5:78:B3:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vbFDmW3-_19JzSsJuUHQ1eV4s_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/fbd911-8d37-4e3e-9599-fc29caa5db7a/1/UkV5tvi6yx4MZEGDoI2pLtrcdRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/fbd911-8d37-4e3e-9599-fc29caa5db7a/1/vbFDmW3-_19JzSsJuUHQ1eV4s_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.135.128.0/24
                  195.191.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:eb:e0:32:be:0f:42:a0:55:a4:88:7e:54:5c:f2:d3:9f:81:
         29:d7:9c:b2:86:98:e3:bc:38:a5:45:8e:0f:bd:a7:a6:78:11:
         34:b1:8c:81:10:90:6a:4e:0a:79:d3:cb:da:11:42:42:a9:1f:
         21:5e:75:c7:2b:df:53:46:51:e9:11:0e:10:8a:b2:aa:8b:d6:
         55:0e:68:02:36:ce:db:c2:07:b1:3c:22:e3:ed:bd:b3:fc:29:
         3a:97:f4:72:6a:47:56:cc:99:e9:d2:81:8b:e5:20:3b:c2:bc:
         4a:e3:8c:b7:39:3b:12:e9:7b:b0:84:ce:38:61:4d:fa:5d:60:
         bc:04:1e:a1:b0:81:6e:31:8b:f0:66:12:5b:01:65:33:ee:47:
         c7:69:a5:f5:93:98:ac:c1:33:c5:81:f2:a7:7b:37:39:da:d3:
         3d:ee:51:f6:ca:63:a2:5a:fd:90:bc:0d:f8:0a:3f:76:65:92:
         2c:e0:6e:44:6d:23:46:c8:f8:9f:a1:e5:2e:4f:c8:c2:da:44:
         03:8a:c3:b8:bc:f5:a6:91:88:fd:64:03:74:82:a2:70:0f:51:
         d2:09:86:cc:2d:41:be:77:d2:4e:65:42:b6:21:b9:01:7c:77:
         8b:91:e6:10:71:3a:6c:5b:24:49:96:77:54:80:54:b6:eb:24:
         66:fe:88:06
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAFuBWyaRBjKNlMfUa/I0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkYjE0Mzk5NmRmZWZmNWY0OWNkMmIwOWI5NDFkMGQ1ZTU3
OGIzZmYwHhcNMjQwMTAxMTIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjQ1NzliNmY4YmFjYjFlMGM2NDQxODNhMDhkYTkyZWRhZGM3NTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm1yJCnDcejquyJ+f2wbm9iy8uhQ5
QV8/S8ze9JlCfC9nYjJbRl/x0gMaP/p0feJFvedOkkr3giD+kth+cQnOCGUND0RG
sh+ag8aypIXKYT16VCc+u6p33WWvaWuOIIMlqCkb93gqJLyCJUsQ03uiclU4UEx0
djGucYKdCrcJqBvC7sRWCbCdyzdmVADvblXKb3CDB3IOnbJXNK1DqCE361KtdAin
rJ8qfMhi0rJbz7bN6D21AG8d63XsHp5TdrscoXIphJu8/GAOTCha70YkCugf0BDZ
U63KUKVEsU7xUFp5ls7F/zYypbjY/uqygJfsJqZXbqlQ+dwVPObZvg/ZiQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFJFebb4usseDGRBg6CNqS7a3HUXMB8GA1UdIwQY
MBaAFL2xQ5lt/v9fSc0rCblB0NXleLP/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmJGRG1XMy1fMTlKelNzSnVVSFExZVY0c184LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC9mYmQ5MTEtOGQzNy00ZTNlLTk1OTkt
ZmMyOWNhYTVkYjdhLzEvVWtWNXR2aTZ5eDRNWkVHRG9JMnBMdHJjZFJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC9mYmQ5MTEtOGQzNy00ZTNlLTk1OTktZmMyOWNhYTVkYjdh
LzEvdmJGRG1XMy1fMTlKelNzSnVVSFExZVY0c184LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuYeAAwQA
w7+lMA0GCSqGSIb3DQEBCwUAA4IBAQCF6+Ayvg9CoFWkiH5UXPLTn4Ep15yyhpjj
vDilRY4PvaemeBE0sYyBEJBqTgp508vaEUJCqR8hXnXHK99TRlHpEQ4QirKqi9ZV
DmgCNs7bwgexPCLj7b2z/Ck6l/RyakdWzJnp0oGL5SA7wrxK44y3OTsS6XuwhM44
YU36XWC8BB6hsIFuMYvwZhJbAWUz7kfHaaX1k5iswTPFgfKnezc52tM97lH2ymOi
Wv2QvA34Cj92ZZIs4G5EbSNGyPifoeUuT8jC2kQDisO4vPWmkYj9ZAN0gqJwD1HS
CYbMLUG+d9JOZUK2IbkBfHeLkeYQcTpsWyRJlndUgFS26yRm/ogG
-----END CERTIFICATE-----