Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/c192a4-76b2-465d-8818-a30e33a70b1e/1/Uj5G57vKO6N6yF2Oz83BvmBGkLw.roa
File:                     Uj5G57vKO6N6yF2Oz83BvmBGkLw.roa (raw, json)
Hash identifier:          vb7JxndgY3APEzSGwhgsWUtexgULK43aGll1kWdiZeA=
Subject key identifier:   52:3E:46:E7:BB:CA:3B:A3:7A:C8:5D:8E:CF:CD:C1:BE:60:46:90:BC
Certificate issuer:       /CN=5b90551e3c17e0a02d28d6dca279db3e4147f991
Certificate serial:       018CC64A4ADBF60F34C194FCB65879914DBE
Authority key identifier: 5B:90:55:1E:3C:17:E0:A0:2D:28:D6:DC:A2:79:DB:3E:41:47:F9:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W5BVHjwX4KAtKNbconnbPkFH-ZE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/c192a4-76b2-465d-8818-a30e33a70b1e/1/Uj5G57vKO6N6yF2Oz83BvmBGkLw.roa
Signing time:             Mon 01 Jan 2024 18:30:06 +0000
ROA not before:           Mon 01 Jan 2024 18:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43322
IP address blocks:        193.186.208.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/c192a4-76b2-465d-8818-a30e33a70b1e/1/W5BVHjwX4KAtKNbconnbPkFH-ZE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/c192a4-76b2-465d-8818-a30e33a70b1e/1/W5BVHjwX4KAtKNbconnbPkFH-ZE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W5BVHjwX4KAtKNbconnbPkFH-ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:4a:db:f6:0f:34:c1:94:fc:b6:58:79:91:4d:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b90551e3c17e0a02d28d6dca279db3e4147f991
        Validity
            Not Before: Jan  1 18:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=523e46e7bbca3ba37ac85d8ecfcdc1be604690bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:3c:8b:3c:6d:2b:a9:df:0e:6b:87:69:91:80:
                    2e:88:6c:b5:76:a0:d2:d9:ed:2e:62:77:aa:03:51:
                    97:47:eb:ab:21:0f:6a:8e:62:dc:80:02:5e:59:fd:
                    ea:00:df:1f:64:4e:4c:83:1d:3f:1e:d3:2a:af:17:
                    21:0f:bb:58:f2:ba:ac:86:46:50:69:b8:2a:bd:96:
                    e1:43:91:62:d9:a1:3e:d8:d7:1b:d2:24:52:a8:d1:
                    13:b2:84:2d:16:20:a3:b5:18:69:fe:ae:30:62:79:
                    7a:ef:df:55:87:fa:98:81:99:f4:88:9c:b9:fb:84:
                    99:9b:eb:9a:07:36:88:64:f9:4c:b3:08:0a:4b:d0:
                    56:22:8a:e0:12:56:08:01:76:3b:00:36:7e:e8:96:
                    a4:ae:dd:ba:b9:9a:c9:96:98:75:94:14:f8:64:e3:
                    c5:af:c6:ea:94:73:ce:90:2a:1d:36:37:4d:86:b5:
                    46:02:74:83:f6:bd:40:67:92:38:c4:ba:44:9a:cf:
                    48:36:fb:35:24:53:09:97:0a:87:2c:15:c1:43:d4:
                    9d:ab:15:7e:78:0a:92:99:43:65:c7:6c:9e:69:b8:
                    7b:24:20:11:bc:9c:63:4f:fc:b7:f1:3a:63:b2:8d:
                    2d:19:9f:32:de:55:79:0d:c8:1a:91:c9:3b:7d:7a:
                    27:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:3E:46:E7:BB:CA:3B:A3:7A:C8:5D:8E:CF:CD:C1:BE:60:46:90:BC
            X509v3 Authority Key Identifier:
                keyid:5B:90:55:1E:3C:17:E0:A0:2D:28:D6:DC:A2:79:DB:3E:41:47:F9:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W5BVHjwX4KAtKNbconnbPkFH-ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/c192a4-76b2-465d-8818-a30e33a70b1e/1/Uj5G57vKO6N6yF2Oz83BvmBGkLw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/c192a4-76b2-465d-8818-a30e33a70b1e/1/W5BVHjwX4KAtKNbconnbPkFH-ZE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.186.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:05:ea:63:c7:1c:0c:97:84:3a:24:9d:00:59:30:ef:04:71:
         45:f6:b5:bd:99:6a:3e:10:d1:a4:c8:77:26:d1:6f:fe:21:a5:
         dd:bc:a3:01:7a:8c:c1:52:6c:c1:01:31:91:3d:f6:11:61:f4:
         5f:eb:98:0f:21:fd:1d:3c:76:ef:a2:5c:04:f2:f0:5e:99:0d:
         96:22:63:17:1e:f7:af:ab:35:b5:8b:50:42:07:6c:fe:92:a1:
         41:fd:94:1e:5e:42:e9:57:04:85:fc:f2:71:1f:db:24:20:f2:
         76:7f:81:d8:61:cb:b1:63:cc:9f:d3:f3:4b:c1:69:33:cb:26:
         d3:ff:50:ab:c6:f0:6a:7a:c2:78:73:d5:81:35:16:33:0e:6b:
         9b:53:3b:f9:18:db:40:3b:d2:3e:f5:78:74:9f:24:78:da:c3:
         96:bc:0b:dd:6b:f5:62:6c:a1:a9:e1:3b:e8:38:3f:53:8e:1d:
         26:6f:c0:c1:47:7b:33:00:3a:38:05:71:5c:e0:7a:37:d2:98:
         17:f2:d6:ad:b3:b1:35:1a:fc:4c:30:27:90:5e:04:0f:5d:a9:
         2b:39:b9:e1:d1:1b:9a:59:de:1f:1c:82:77:7b:33:a7:4a:c2:
         31:87:00:eb:fd:30:d1:69:93:35:1e:1f:7c:50:c5:da:c2:a3:
         b0:07:28:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSkrb9g80wZT8tlh5kU2+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViOTA1NTFlM2MxN2UwYTAyZDI4ZDZkY2EyNzlkYjNlNDE0
N2Y5OTEwHhcNMjQwMTAxMTgzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjNlNDZlN2JiY2EzYmEzN2FjODVkOGVjZmNkYzFiZTYwNDY5MGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTyLPG0rqd8Oa4dpkYAuiGy1dqDS
2e0uYneqA1GXR+urIQ9qjmLcgAJeWf3qAN8fZE5Mgx0/HtMqrxchD7tY8rqshkZQ
abgqvZbhQ5Fi2aE+2Ncb0iRSqNETsoQtFiCjtRhp/q4wYnl6799Vh/qYgZn0iJy5
+4SZm+uaBzaIZPlMswgKS9BWIorgElYIAXY7ADZ+6Jakrt26uZrJlph1lBT4ZOPF
r8bqlHPOkCodNjdNhrVGAnSD9r1AZ5I4xLpEms9INvs1JFMJlwqHLBXBQ9SdqxV+
eAqSmUNlx2yeabh7JCARvJxjT/y38Tpjso0tGZ8y3lV5Dcgakck7fXonbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFI+Rue7yjujeshdjs/Nwb5gRpC8MB8GA1UdIwQY
MBaAFFuQVR48F+CgLSjW3KJ52z5BR/mRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzVCVkhqd1g0S0F0S05iY29ubmJQa0ZILVpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9jMTkyYTQtNzZiMi00NjVkLTg4MTgt
YTMwZTMzYTcwYjFlLzEvVWo1RzU3dktPNk42eUYyT3o4M0J2bUJHa0x3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9jMTkyYTQtNzZiMi00NjVkLTg4MTgtYTMwZTMzYTcwYjFl
LzEvVzVCVkhqd1g0S0F0S05iY29ubmJQa0ZILVpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbrQMA0G
CSqGSIb3DQEBCwUAA4IBAQCMBepjxxwMl4Q6JJ0AWTDvBHFF9rW9mWo+ENGkyHcm
0W/+IaXdvKMBeozBUmzBATGRPfYRYfRf65gPIf0dPHbvolwE8vBemQ2WImMXHvev
qzW1i1BCB2z+kqFB/ZQeXkLpVwSF/PJxH9skIPJ2f4HYYcuxY8yf0/NLwWkzyybT
/1CrxvBqesJ4c9WBNRYzDmubUzv5GNtAO9I+9Xh0nyR42sOWvAvda/VibKGp4Tvo
OD9Tjh0mb8DBR3szADo4BXFc4Ho30pgX8tats7E1GvxMMCeQXgQPXakrObnh0Rua
Wd4fHIJ3ezOnSsIxhwDr/TDRaZM1Hh98UMXawqOwByhP
-----END CERTIFICATE-----