Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/c07a7d-24e6-4610-b656-c47172d5d882/1/uNOrHQGUF2mTCKTzJa-Ru1YS9AE.roa
File:                     uNOrHQGUF2mTCKTzJa-Ru1YS9AE.roa (raw, json)
Hash identifier:          2jdo/JYx0JN7/a5LrQMQgFZ9Ij5LIcWEM/iDqRimaG8=
Subject key identifier:   B8:D3:AB:1D:01:94:17:69:93:08:A4:F3:25:AF:91:BB:56:12:F4:01
Certificate issuer:       /CN=59b3e0956a9d4817cd92852c27a27b7d2f1113db
Certificate serial:       018CC801E1EE79AFEA06539DDB3CCBB40E97
Authority key identifier: 59:B3:E0:95:6A:9D:48:17:CD:92:85:2C:27:A2:7B:7D:2F:11:13:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WbPglWqdSBfNkoUsJ6J7fS8RE9s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/c07a7d-24e6-4610-b656-c47172d5d882/1/uNOrHQGUF2mTCKTzJa-Ru1YS9AE.roa
Signing time:             Tue 02 Jan 2024 02:30:15 +0000
ROA not before:           Tue 02 Jan 2024 02:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202606
IP address blocks:        185.54.216.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/c07a7d-24e6-4610-b656-c47172d5d882/1/WbPglWqdSBfNkoUsJ6J7fS8RE9s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/c07a7d-24e6-4610-b656-c47172d5d882/1/WbPglWqdSBfNkoUsJ6J7fS8RE9s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WbPglWqdSBfNkoUsJ6J7fS8RE9s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:e1:ee:79:af:ea:06:53:9d:db:3c:cb:b4:0e:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=59b3e0956a9d4817cd92852c27a27b7d2f1113db
        Validity
            Not Before: Jan  2 02:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b8d3ab1d019417699308a4f325af91bb5612f401
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:99:8f:13:83:dd:96:eb:34:34:e0:03:3e:4d:
                    ae:fe:b9:fc:65:f0:e2:db:43:f8:a4:a7:cd:75:ec:
                    89:30:11:db:c1:6e:2d:25:7b:f8:9c:19:e9:7f:55:
                    4b:b8:7b:7d:62:60:e9:a5:ff:b9:cb:d6:e0:1b:e4:
                    15:b9:2e:19:e4:af:79:ff:ca:ca:68:6e:8a:18:1c:
                    aa:05:8c:00:99:67:98:e8:9b:07:c9:7d:28:6e:2b:
                    36:8d:d0:23:ef:c5:8a:65:c5:0c:4e:12:37:93:97:
                    07:0e:0d:f6:fb:b0:02:a1:81:fb:5e:40:0d:ce:43:
                    67:84:5a:84:0f:c6:36:15:04:0b:01:72:8d:aa:0c:
                    29:e9:a8:9e:84:fc:e4:4f:79:f6:5e:fb:ac:54:08:
                    9b:6a:e2:39:3d:dc:18:57:b2:40:cc:7a:42:ed:d9:
                    0a:55:e1:37:fa:5f:f1:0d:d9:fa:7f:fd:1f:df:47:
                    42:13:f8:4e:b7:5a:71:e5:56:5d:71:fb:51:e4:82:
                    d9:02:f9:5d:ab:07:61:2c:6f:24:33:77:20:2e:15:
                    50:82:19:e3:fd:85:5a:01:06:5b:8d:52:37:15:94:
                    c2:61:bf:b5:f1:a3:b4:eb:bd:a9:6f:43:d9:15:73:
                    2a:aa:4c:85:fb:26:7b:15:27:ff:5b:54:e4:c8:7d:
                    d4:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:D3:AB:1D:01:94:17:69:93:08:A4:F3:25:AF:91:BB:56:12:F4:01
            X509v3 Authority Key Identifier:
                keyid:59:B3:E0:95:6A:9D:48:17:CD:92:85:2C:27:A2:7B:7D:2F:11:13:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WbPglWqdSBfNkoUsJ6J7fS8RE9s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/c07a7d-24e6-4610-b656-c47172d5d882/1/uNOrHQGUF2mTCKTzJa-Ru1YS9AE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/c07a7d-24e6-4610-b656-c47172d5d882/1/WbPglWqdSBfNkoUsJ6J7fS8RE9s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.54.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         55:5e:cb:81:e6:15:fc:dc:e2:d7:de:7e:15:4f:26:f8:ce:05:
         b7:4d:4e:a3:10:0c:5d:65:12:5f:4e:c4:68:c4:9e:9d:e6:43:
         8f:a8:01:11:62:31:c0:12:a8:57:98:e8:5b:0a:02:ab:4b:ae:
         2c:1b:c6:79:87:87:c3:bf:8b:d5:f1:65:c4:e9:f6:27:25:82:
         b9:f6:6b:f1:17:27:a3:95:15:1d:26:f3:09:79:f4:c9:e1:d7:
         3e:f5:4b:e9:7b:8b:28:6c:b4:5c:a8:1e:5a:86:6d:86:20:ed:
         6a:75:3e:31:29:2f:45:9d:a0:69:69:28:26:2c:90:c3:1b:1c:
         fe:a6:9b:02:25:48:00:63:db:5f:8f:12:73:fa:49:4f:88:7d:
         ee:23:11:8f:03:08:95:d5:23:f2:1a:76:a7:b0:b0:bb:9e:39:
         1c:27:5f:44:76:30:e6:d5:58:df:2e:bd:4f:b9:67:b7:14:70:
         b3:5b:63:41:b7:bb:14:98:2e:24:0e:05:b8:c6:3a:6e:61:7b:
         64:81:ca:39:3b:99:e1:a7:17:5b:32:64:98:ae:8f:3f:61:73:
         fc:13:a1:06:68:95:bb:3a:24:46:38:37:df:88:5d:79:42:80:
         87:39:a8:6c:0a:25:5f:99:0a:8a:cc:77:5b:c5:3c:07:a3:17:
         fc:11:e7:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAeHuea/qBlOd2zzLtA6XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5YjNlMDk1NmE5ZDQ4MTdjZDkyODUyYzI3YTI3YjdkMmYx
MTEzZGIwHhcNMjQwMTAyMDIzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGQzYWIxZDAxOTQxNzY5OTMwOGE0ZjMyNWFmOTFiYjU2MTJmNDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjpmPE4Pdlus0NOADPk2u/rn8ZfDi
20P4pKfNdeyJMBHbwW4tJXv4nBnpf1VLuHt9YmDppf+5y9bgG+QVuS4Z5K95/8rK
aG6KGByqBYwAmWeY6JsHyX0obis2jdAj78WKZcUMThI3k5cHDg32+7ACoYH7XkAN
zkNnhFqED8Y2FQQLAXKNqgwp6aiehPzkT3n2XvusVAibauI5PdwYV7JAzHpC7dkK
VeE3+l/xDdn6f/0f30dCE/hOt1px5VZdcftR5ILZAvldqwdhLG8kM3cgLhVQghnj
/YVaAQZbjVI3FZTCYb+18aO0672pb0PZFXMqqkyF+yZ7FSf/W1TkyH3UWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLjTqx0BlBdpkwik8yWvkbtWEvQBMB8GA1UdIwQY
MBaAFFmz4JVqnUgXzZKFLCeie30vERPbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2JQZ2xXcWRTQmZOa29Vc0o2SjdmUzhSRTlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9jMDdhN2QtMjRlNi00NjEwLWI2NTYt
YzQ3MTcyZDVkODgyLzEvdU5PckhRR1VGMm1UQ0tUekphLVJ1MVlTOUFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9jMDdhN2QtMjRlNi00NjEwLWI2NTYtYzQ3MTcyZDVkODgy
LzEvV2JQZ2xXcWRTQmZOa29Vc0o2SjdmUzhSRTlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuTbYMA0G
CSqGSIb3DQEBCwUAA4IBAQBVXsuB5hX83OLX3n4VTyb4zgW3TU6jEAxdZRJfTsRo
xJ6d5kOPqAERYjHAEqhXmOhbCgKrS64sG8Z5h4fDv4vV8WXE6fYnJYK59mvxFyej
lRUdJvMJefTJ4dc+9Uvpe4sobLRcqB5ahm2GIO1qdT4xKS9FnaBpaSgmLJDDGxz+
ppsCJUgAY9tfjxJz+klPiH3uIxGPAwiV1SPyGnansLC7njkcJ19EdjDm1VjfLr1P
uWe3FHCzW2NBt7sUmC4kDgW4xjpuYXtkgco5O5nhpxdbMmSYro8/YXP8E6EGaJW7
OiRGODffiF15QoCHOahsCiVfmQqKzHdbxTwHoxf8Eef1
-----END CERTIFICATE-----