Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/c192a4-76b2-465d-8818-a30e33a70b1e/1/UkQ6Q-mgshPK_QVekWlGB12L3Ew.roa
File:                     UkQ6Q-mgshPK_QVekWlGB12L3Ew.roa (raw, json)
Hash identifier:          9jgTyEH8SiPCKiVE6krLvz1okaVBCfY6h+Y+1GUuIG0=
Subject key identifier:   52:44:3A:43:E9:A0:B2:13:CA:FD:05:5E:91:69:46:07:5D:8B:DC:4C
Certificate issuer:       /CN=5b90551e3c17e0a02d28d6dca279db3e4147f991
Certificate serial:       018CC64A4A4035E479B25D99C8DDEB17AF43
Authority key identifier: 5B:90:55:1E:3C:17:E0:A0:2D:28:D6:DC:A2:79:DB:3E:41:47:F9:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W5BVHjwX4KAtKNbconnbPkFH-ZE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/c192a4-76b2-465d-8818-a30e33a70b1e/1/UkQ6Q-mgshPK_QVekWlGB12L3Ew.roa
Signing time:             Mon 01 Jan 2024 18:30:06 +0000
ROA not before:           Mon 01 Jan 2024 18:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9121
IP address blocks:        193.186.208.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/c192a4-76b2-465d-8818-a30e33a70b1e/1/W5BVHjwX4KAtKNbconnbPkFH-ZE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/c192a4-76b2-465d-8818-a30e33a70b1e/1/W5BVHjwX4KAtKNbconnbPkFH-ZE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W5BVHjwX4KAtKNbconnbPkFH-ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 16:02:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:4a:40:35:e4:79:b2:5d:99:c8:dd:eb:17:af:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b90551e3c17e0a02d28d6dca279db3e4147f991
        Validity
            Not Before: Jan  1 18:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=52443a43e9a0b213cafd055e916946075d8bdc4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:15:fb:11:c8:39:91:ba:95:c4:ac:d8:2c:5b:
                    06:08:c1:e7:59:9c:30:9a:a2:29:d2:43:17:07:e2:
                    5d:82:e0:b0:2a:a1:a2:e0:64:af:3e:69:57:d4:39:
                    92:97:3a:42:5e:e1:38:52:ee:b2:dc:ef:e7:8a:02:
                    33:aa:0c:99:ce:67:67:e5:5e:55:45:80:b1:fd:0a:
                    a9:96:28:9f:6e:5d:15:4a:f0:89:18:41:ee:d3:e5:
                    02:0e:b6:88:e0:4a:39:d7:10:81:b3:39:09:db:45:
                    ff:be:66:83:9c:a1:b0:95:76:06:cf:27:f3:a2:1c:
                    33:77:c8:54:eb:20:0e:19:b9:58:05:98:f7:07:a5:
                    88:8f:91:1f:8a:c7:be:bd:4a:93:a1:4b:ef:b5:f8:
                    ca:8f:7d:53:1c:41:0c:b1:ce:7c:c5:77:84:66:84:
                    9b:1f:a6:e1:6d:9e:9a:25:56:2d:30:86:e8:9a:a5:
                    ad:15:78:a8:4e:17:f6:ae:73:d5:63:29:7f:29:1f:
                    74:b8:66:dd:8d:52:d4:3f:21:70:64:60:97:19:cd:
                    0b:9c:62:a8:ae:7f:a4:d8:3c:6c:4c:3b:df:b9:7f:
                    f2:8e:c2:98:cf:75:3d:11:97:de:15:50:a7:f4:8b:
                    57:dc:fb:32:87:9f:33:ca:54:1d:a9:20:a4:b4:f8:
                    bd:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:44:3A:43:E9:A0:B2:13:CA:FD:05:5E:91:69:46:07:5D:8B:DC:4C
            X509v3 Authority Key Identifier:
                keyid:5B:90:55:1E:3C:17:E0:A0:2D:28:D6:DC:A2:79:DB:3E:41:47:F9:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W5BVHjwX4KAtKNbconnbPkFH-ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/c192a4-76b2-465d-8818-a30e33a70b1e/1/UkQ6Q-mgshPK_QVekWlGB12L3Ew.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/c192a4-76b2-465d-8818-a30e33a70b1e/1/W5BVHjwX4KAtKNbconnbPkFH-ZE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.186.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:f1:4f:08:2a:72:99:24:b3:14:58:2e:5c:54:49:17:35:55:
         04:a6:c7:bf:d1:01:79:73:7c:24:1c:b3:8c:9d:61:7b:25:c7:
         2e:20:db:25:d9:6c:97:67:ae:70:2f:13:83:f2:78:1e:2c:92:
         15:05:f8:45:76:89:76:73:c6:6f:38:80:af:6b:08:26:cf:54:
         64:23:e1:f9:f6:cd:b3:41:6a:d2:70:81:bf:42:15:11:da:62:
         37:b5:d3:2a:7b:1e:02:5b:48:22:32:4b:0f:5b:da:db:69:c8:
         e6:89:05:91:9f:61:9b:e7:aa:b6:cc:dc:b8:da:e7:fa:ff:45:
         af:0c:77:9c:53:9a:ad:d9:0f:89:0b:18:bd:e9:73:36:c4:91:
         89:18:d2:a1:5f:93:4f:1b:5e:e1:54:dc:71:ae:40:8d:07:bf:
         c0:5c:8b:ef:08:31:28:19:41:17:76:b4:c1:fb:95:f9:a3:42:
         0e:8d:e9:03:b5:86:d1:e8:06:6e:f0:bc:b5:88:97:68:8c:67:
         10:a9:1a:6c:b6:6e:1d:86:5d:4a:8d:4c:04:eb:71:73:b3:1c:
         89:d9:ba:65:43:9f:f1:06:19:e6:eb:e2:d5:c1:64:35:4b:df:
         f7:63:58:c5:8a:1d:12:ce:2c:6c:fb:2f:15:00:46:f3:48:dd:
         a6:ac:20:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSkpANeR5sl2ZyN3rF69DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViOTA1NTFlM2MxN2UwYTAyZDI4ZDZkY2EyNzlkYjNlNDE0
N2Y5OTEwHhcNMjQwMTAxMTgzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjQ0M2E0M2U5YTBiMjEzY2FmZDA1NWU5MTY5NDYwNzVkOGJkYzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjBX7Ecg5kbqVxKzYLFsGCMHnWZww
mqIp0kMXB+JdguCwKqGi4GSvPmlX1DmSlzpCXuE4Uu6y3O/nigIzqgyZzmdn5V5V
RYCx/Qqpliifbl0VSvCJGEHu0+UCDraI4Eo51xCBszkJ20X/vmaDnKGwlXYGzyfz
ohwzd8hU6yAOGblYBZj3B6WIj5Efise+vUqToUvvtfjKj31THEEMsc58xXeEZoSb
H6bhbZ6aJVYtMIbomqWtFXioThf2rnPVYyl/KR90uGbdjVLUPyFwZGCXGc0LnGKo
rn+k2DxsTDvfuX/yjsKYz3U9EZfeFVCn9ItX3Psyh58zylQdqSCktPi99wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFJEOkPpoLITyv0FXpFpRgddi9xMMB8GA1UdIwQY
MBaAFFuQVR48F+CgLSjW3KJ52z5BR/mRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzVCVkhqd1g0S0F0S05iY29ubmJQa0ZILVpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9jMTkyYTQtNzZiMi00NjVkLTg4MTgt
YTMwZTMzYTcwYjFlLzEvVWtRNlEtbWdzaFBLX1FWZWtXbEdCMTJMM0V3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9jMTkyYTQtNzZiMi00NjVkLTg4MTgtYTMwZTMzYTcwYjFl
LzEvVzVCVkhqd1g0S0F0S05iY29ubmJQa0ZILVpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbrQMA0G
CSqGSIb3DQEBCwUAA4IBAQB88U8IKnKZJLMUWC5cVEkXNVUEpse/0QF5c3wkHLOM
nWF7JccuINsl2WyXZ65wLxOD8ngeLJIVBfhFdol2c8ZvOICvawgmz1RkI+H59s2z
QWrScIG/QhUR2mI3tdMqex4CW0giMksPW9rbacjmiQWRn2Gb56q2zNy42uf6/0Wv
DHecU5qt2Q+JCxi96XM2xJGJGNKhX5NPG17hVNxxrkCNB7/AXIvvCDEoGUEXdrTB
+5X5o0IOjekDtYbR6AZu8Ly1iJdojGcQqRpstm4dhl1KjUwE63FzsxyJ2bplQ5/x
Bhnm6+LVwWQ1S9/3Y1jFih0Szixs+y8VAEbzSN2mrCCq
-----END CERTIFICATE-----