Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/d53c78-0d5b-4237-9999-0e2d697b27e3/1/upMcYTvIa-OEIpITb_FmhVimkK8.roa
File:                     upMcYTvIa-OEIpITb_FmhVimkK8.roa (raw, json)
Hash identifier:          L2esYz5HX0SuEgdHE4j2hyRvBxUtwxJjYbGncMeH3p0=
Subject key identifier:   BA:93:1C:61:3B:C8:6B:E3:84:22:92:13:6F:F1:66:85:58:A6:90:AF
Certificate issuer:       /CN=005ff9cc89c66a8a3a5d734a0d65c61fdc8518be
Certificate serial:       018D21473685422C2A32E403A6148A86185D
Authority key identifier: 00:5F:F9:CC:89:C6:6A:8A:3A:5D:73:4A:0D:65:C6:1F:DC:85:18:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AF_5zInGaoo6XXNKDWXGH9yFGL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/d53c78-0d5b-4237-9999-0e2d697b27e3/1/upMcYTvIa-OEIpITb_FmhVimkK8.roa
Signing time:             Fri 19 Jan 2024 10:32:11 +0000
ROA not before:           Fri 19 Jan 2024 10:32:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31400
IP address blocks:        194.126.196.0/24 maxlen: 24
                          2a03:2902::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/d53c78-0d5b-4237-9999-0e2d697b27e3/1/AF_5zInGaoo6XXNKDWXGH9yFGL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/d53c78-0d5b-4237-9999-0e2d697b27e3/1/AF_5zInGaoo6XXNKDWXGH9yFGL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AF_5zInGaoo6XXNKDWXGH9yFGL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 13:02:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:21:47:36:85:42:2c:2a:32:e4:03:a6:14:8a:86:18:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=005ff9cc89c66a8a3a5d734a0d65c61fdc8518be
        Validity
            Not Before: Jan 19 10:32:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba931c613bc86be3842292136ff1668558a690af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:95:93:55:d7:73:f6:52:b4:a0:c6:48:2a:8f:
                    28:c0:cf:3e:6e:b6:23:de:6b:35:0b:8c:2a:17:15:
                    5a:3a:f9:a0:be:82:43:a5:32:bc:f6:51:99:f9:28:
                    96:c3:c1:1b:3c:45:9d:30:4c:84:95:49:51:08:d3:
                    bb:ad:7a:57:f6:b4:8a:6c:23:53:f4:d6:e8:27:82:
                    c8:fa:78:e8:90:4d:86:71:dc:10:8e:db:d3:30:34:
                    98:49:02:ce:d6:9c:62:92:f8:3c:95:89:ca:75:75:
                    54:6d:b3:a9:f1:11:66:a8:c0:a5:6f:5e:b5:14:61:
                    1c:33:72:99:db:bb:e6:27:c5:f7:42:5c:1a:e6:39:
                    74:9b:3d:f9:49:86:b6:a4:e4:88:d6:19:66:86:44:
                    6f:53:41:94:3c:99:8d:65:33:cd:85:e9:11:3f:be:
                    8c:8e:bc:b8:e1:6b:86:10:c6:d1:b0:a3:37:fc:5f:
                    5b:83:a5:f4:c5:9e:53:08:a1:79:fb:dd:f3:23:93:
                    e1:e7:0a:89:51:57:33:e6:d0:3c:e6:14:1b:9b:11:
                    9d:03:f3:fa:2b:2c:6f:a8:ad:9c:cb:76:1e:ae:f7:
                    b6:b8:1d:7f:de:e1:b4:45:31:69:78:bc:fd:65:01:
                    78:13:42:d7:ac:24:a2:a8:e3:b6:4b:60:a9:55:6a:
                    68:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:93:1C:61:3B:C8:6B:E3:84:22:92:13:6F:F1:66:85:58:A6:90:AF
            X509v3 Authority Key Identifier:
                keyid:00:5F:F9:CC:89:C6:6A:8A:3A:5D:73:4A:0D:65:C6:1F:DC:85:18:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AF_5zInGaoo6XXNKDWXGH9yFGL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/d53c78-0d5b-4237-9999-0e2d697b27e3/1/upMcYTvIa-OEIpITb_FmhVimkK8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/d53c78-0d5b-4237-9999-0e2d697b27e3/1/AF_5zInGaoo6XXNKDWXGH9yFGL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.126.196.0/24
                IPv6:
                  2a03:2902::/32

    Signature Algorithm: sha256WithRSAEncryption
         a0:a8:ee:b6:60:b4:94:18:07:66:ae:38:f8:75:d4:07:16:6a:
         e4:e7:48:e2:65:0b:67:6f:b2:50:c3:c7:fa:8b:6e:aa:ff:eb:
         f5:4a:6f:c4:0c:b3:0e:2b:65:ac:65:0c:95:c7:c6:39:3f:d3:
         2f:24:6f:ca:61:b4:c4:c1:fc:27:f4:98:98:7d:27:8f:e9:f5:
         ad:99:e3:d4:1c:d7:3f:d2:c2:1c:b2:80:b1:54:a2:34:26:cc:
         c1:57:36:8b:61:a8:3c:fc:fe:5d:91:46:73:46:bc:a5:a3:b6:
         6a:5f:b8:50:8f:01:8a:9c:92:7f:b5:13:36:94:a8:cf:bb:33:
         41:67:a5:18:13:56:0f:23:a2:0d:66:d6:35:a1:3d:86:28:79:
         42:a6:9e:22:22:8d:dd:7d:1c:80:48:81:b0:1f:85:04:f8:54:
         bf:b5:1a:73:2c:5f:de:88:ca:87:1d:dc:77:0a:0e:00:68:93:
         7c:9c:67:ea:6c:37:5f:b1:f6:9c:bf:3a:46:80:55:98:64:4e:
         09:6e:c6:e5:30:76:ce:fb:62:b7:e2:98:8a:1f:da:bc:81:62:
         c9:e7:ff:42:06:4a:2b:64:e9:34:da:ef:54:fe:e4:b6:06:bf:
         1f:03:29:fa:d7:f0:41:f9:cc:20:a3:19:f8:e6:03:fa:81:16:
         3c:cb:7e:12
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY0hRzaFQiwqMuQDphSKhhhdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNWZmOWNjODljNjZhOGEzYTVkNzM0YTBkNjVjNjFmZGM4
NTE4YmUwHhcNMjQwMTE5MTAzMjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTkzMWM2MTNiYzg2YmUzODQyMjkyMTM2ZmYxNjY4NTU4YTY5MGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoJWTVddz9lK0oMZIKo8owM8+brYj
3ms1C4wqFxVaOvmgvoJDpTK89lGZ+SiWw8EbPEWdMEyElUlRCNO7rXpX9rSKbCNT
9NboJ4LI+njokE2GcdwQjtvTMDSYSQLO1pxikvg8lYnKdXVUbbOp8RFmqMClb161
FGEcM3KZ27vmJ8X3Qlwa5jl0mz35SYa2pOSI1hlmhkRvU0GUPJmNZTPNhekRP76M
jry44WuGEMbRsKM3/F9bg6X0xZ5TCKF5+93zI5Ph5wqJUVcz5tA85hQbmxGdA/P6
KyxvqK2cy3Yerve2uB1/3uG0RTFpeLz9ZQF4E0LXrCSiqOO2S2CpVWpo1QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLqTHGE7yGvjhCKSE2/xZoVYppCvMB8GA1UdIwQY
MBaAFABf+cyJxmqKOl1zSg1lxh/chRi+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUZfNXpJbkdhb282WFhOS0RXWEdIOXlGR0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9kNTNjNzgtMGQ1Yi00MjM3LTk5OTkt
MGUyZDY5N2IyN2UzLzEvdXBNY1lUdklhLU9FSXBJVGJfRm1oVmlta0s4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9kNTNjNzgtMGQ1Yi00MjM3LTk5OTktMGUyZDY5N2IyN2Uz
LzEvQUZfNXpJbkdhb282WFhOS0RXWEdIOXlGR0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwn7EMA0E
AgACMAcDBQAqAykCMA0GCSqGSIb3DQEBCwUAA4IBAQCgqO62YLSUGAdmrjj4ddQH
Fmrk50jiZQtnb7JQw8f6i26q/+v1Sm/EDLMOK2WsZQyVx8Y5P9MvJG/KYbTEwfwn
9JiYfSeP6fWtmePUHNc/0sIcsoCxVKI0JszBVzaLYag8/P5dkUZzRrylo7ZqX7hQ
jwGKnJJ/tRM2lKjPuzNBZ6UYE1YPI6INZtY1oT2GKHlCpp4iIo3dfRyASIGwH4UE
+FS/tRpzLF/eiMqHHdx3Cg4AaJN8nGfqbDdfsfacvzpGgFWYZE4JbsblMHbO+2K3
4piKH9q8gWLJ5/9CBkorZOk02u9U/uS2Br8fAyn61/BB+cwgoxn45gP6gRY8y34S
-----END CERTIFICATE-----