Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/9ede92-a838-40bc-a266-162b02bb15bd/1/UVODqGXU1i2V6wxruPPu6NZqD8c.roa
File:                     UVODqGXU1i2V6wxruPPu6NZqD8c.roa (raw, json)
Hash identifier:          qaMkqKyufJdfChbwh58tDb+74/c3RDGK12uoFQ3xxwU=
Subject key identifier:   51:53:83:A8:65:D4:D6:2D:95:EB:0C:6B:B8:F3:EE:E8:D6:6A:0F:C7
Certificate issuer:       /CN=501459c027a86e1a55709f860937fe2f81b312f0
Certificate serial:       018CC5DC004D91D483D2450915DFADB539D2
Authority key identifier: 50:14:59:C0:27:A8:6E:1A:55:70:9F:86:09:37:FE:2F:81:B3:12:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UBRZwCeobhpVcJ-GCTf-L4GzEvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/9ede92-a838-40bc-a266-162b02bb15bd/1/UVODqGXU1i2V6wxruPPu6NZqD8c.roa
Signing time:             Mon 01 Jan 2024 16:29:38 +0000
ROA not before:           Mon 01 Jan 2024 16:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198949
IP address blocks:        147.233.128.0/17 maxlen: 17
                          147.233.0.0/17 maxlen: 17

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/9ede92-a838-40bc-a266-162b02bb15bd/1/UBRZwCeobhpVcJ-GCTf-L4GzEvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/9ede92-a838-40bc-a266-162b02bb15bd/1/UBRZwCeobhpVcJ-GCTf-L4GzEvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UBRZwCeobhpVcJ-GCTf-L4GzEvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:00:4d:91:d4:83:d2:45:09:15:df:ad:b5:39:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=501459c027a86e1a55709f860937fe2f81b312f0
        Validity
            Not Before: Jan  1 16:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=515383a865d4d62d95eb0c6bb8f3eee8d66a0fc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:60:1c:9e:0a:be:da:1f:ba:35:91:9a:7c:8a:
                    e3:53:c5:19:95:fb:49:49:e0:83:89:0a:22:ef:78:
                    87:48:c7:5d:ce:52:30:b4:a3:fa:17:76:7f:11:2e:
                    cc:9c:af:bd:2e:12:01:ab:55:6d:1d:5c:78:d1:bd:
                    73:da:5d:8a:c2:2f:fc:db:8f:30:a4:1c:a5:9a:2c:
                    a8:20:93:a8:58:a3:39:d0:ac:f6:c4:10:e6:c8:42:
                    1a:a8:fb:2e:45:bd:00:51:d6:1c:08:6e:9e:db:51:
                    e7:18:ac:fb:1f:f0:fa:5b:2e:46:0c:a2:d2:82:8d:
                    a2:ef:a0:97:c2:89:ef:c3:cd:7b:dd:d5:9a:a2:54:
                    21:32:00:d9:33:f6:20:31:bc:60:38:ca:52:6d:01:
                    eb:1b:b4:34:34:60:a0:87:3d:d8:71:80:79:e0:43:
                    c0:2b:42:67:e0:a9:b5:57:60:13:a4:0d:1d:fa:55:
                    ff:73:e7:5c:d2:c0:e9:d8:99:4f:fd:17:d3:77:c0:
                    3f:5d:16:45:b7:b0:58:25:bb:74:85:58:02:cc:59:
                    e3:6d:d8:fa:fd:4b:52:d0:0c:cd:1c:45:60:a9:79:
                    ba:16:6d:30:3d:18:f4:a2:e6:4d:f0:4d:f2:d1:da:
                    91:99:e0:50:9f:54:26:0e:10:06:60:c2:69:42:dd:
                    bd:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:53:83:A8:65:D4:D6:2D:95:EB:0C:6B:B8:F3:EE:E8:D6:6A:0F:C7
            X509v3 Authority Key Identifier:
                keyid:50:14:59:C0:27:A8:6E:1A:55:70:9F:86:09:37:FE:2F:81:B3:12:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UBRZwCeobhpVcJ-GCTf-L4GzEvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/9ede92-a838-40bc-a266-162b02bb15bd/1/UVODqGXU1i2V6wxruPPu6NZqD8c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/9ede92-a838-40bc-a266-162b02bb15bd/1/UBRZwCeobhpVcJ-GCTf-L4GzEvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.233.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         5c:6b:77:78:20:a4:16:06:e8:bb:3c:80:c1:fa:81:50:8a:e0:
         c3:df:84:22:34:6f:77:40:6d:90:9b:b4:2b:81:e7:79:3f:61:
         81:95:a6:3c:09:74:0c:00:25:4e:6e:b4:9c:0d:7b:7b:bb:69:
         95:6f:b5:38:98:74:7a:c5:9d:56:d7:81:a0:4a:b1:2b:37:81:
         77:fe:6e:22:62:3c:73:f9:eb:27:97:ea:6c:0c:73:25:54:4c:
         2d:d6:35:d5:54:57:3d:d9:46:5d:90:bb:97:af:80:ae:84:ca:
         68:d2:ca:71:b3:69:58:67:24:9e:8f:d4:28:3f:fe:d8:1a:7c:
         24:35:f7:82:1e:72:f1:2e:35:2d:2c:8c:19:5e:1c:57:02:16:
         03:d6:4c:b0:47:aa:32:1f:4b:e2:55:d4:78:32:26:77:7e:85:
         28:d6:2c:bf:cb:1c:1d:80:78:02:1a:b7:29:76:d5:dc:4f:b1:
         5e:af:80:2e:a6:59:2d:c4:52:0f:b9:6c:4c:b6:e9:37:0f:46:
         e0:ea:dc:2c:74:ce:a0:f6:7b:ef:73:cc:cf:c8:b4:82:da:fc:
         65:72:f7:bf:b4:d4:75:d8:30:c1:cb:31:b4:72:46:6f:db:fe:
         66:54:30:59:c6:25:01:94:31:fc:a1:5a:ca:cb:7a:c0:11:78:
         38:aa:35:d9
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzF3ABNkdSD0kUJFd+ttTnSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwMTQ1OWMwMjdhODZlMWE1NTcwOWY4NjA5MzdmZTJmODFi
MzEyZjAwHhcNMjQwMTAxMTYyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTUzODNhODY1ZDRkNjJkOTVlYjBjNmJiOGYzZWVlOGQ2NmEwZmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomAcngq+2h+6NZGafIrjU8UZlftJ
SeCDiQoi73iHSMddzlIwtKP6F3Z/ES7MnK+9LhIBq1VtHVx40b1z2l2Kwi/8248w
pBylmiyoIJOoWKM50Kz2xBDmyEIaqPsuRb0AUdYcCG6e21HnGKz7H/D6Wy5GDKLS
go2i76CXwonvw8173dWaolQhMgDZM/YgMbxgOMpSbQHrG7Q0NGCghz3YcYB54EPA
K0Jn4Km1V2ATpA0d+lX/c+dc0sDp2JlP/RfTd8A/XRZFt7BYJbt0hVgCzFnjbdj6
/UtS0AzNHEVgqXm6Fm0wPRj0ouZN8E3y0dqRmeBQn1QmDhAGYMJpQt29TwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFFFTg6hl1NYtlesMa7jz7ujWag/HMB8GA1UdIwQY
MBaAFFAUWcAnqG4aVXCfhgk3/i+BsxLwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUJSWndDZW9iaHBWY0otR0NUZi1MNEd6RXZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi85ZWRlOTItYTgzOC00MGJjLWEyNjYt
MTYyYjAyYmIxNWJkLzEvVVZPRHFHWFUxaTJWNnd4cnVQUHU2TlpxRDhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi85ZWRlOTItYTgzOC00MGJjLWEyNjYtMTYyYjAyYmIxNWJk
LzEvVUJSWndDZW9iaHBWY0otR0NUZi1MNEd6RXZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAk+kwDQYJ
KoZIhvcNAQELBQADggEBAFxrd3ggpBYG6Ls8gMH6gVCK4MPfhCI0b3dAbZCbtCuB
53k/YYGVpjwJdAwAJU5utJwNe3u7aZVvtTiYdHrFnVbXgaBKsSs3gXf+biJiPHP5
6yeX6mwMcyVUTC3WNdVUVz3ZRl2Qu5evgK6EymjSynGzaVhnJJ6P1Cg//tgafCQ1
94IecvEuNS0sjBleHFcCFgPWTLBHqjIfS+JV1HgyJnd+hSjWLL/LHB2AeAIatyl2
1dxPsV6vgC6mWS3EUg+5bEy26TcPRuDq3Cx0zqD2e+9zzM/ItILa/GVy97+01HXY
MMHLMbRyRm/b/mZUMFnGJQGUMfyhWsrLesAReDiqNdk=
-----END CERTIFICATE-----