Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/U1fUr2EyxVTU50U1hrSZo8nGFmE.roa
File:                     U1fUr2EyxVTU50U1hrSZo8nGFmE.roa (raw, json)
Hash identifier:          5Y5WY7bIErp5QxDnlVkn4ydYbD2vk8m+PA3d/v86+Ak=
Subject key identifier:   53:57:D4:AF:61:32:C5:54:D4:E7:45:35:86:B4:99:A3:C9:C6:16:61
Certificate issuer:       /CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
Certificate serial:       018CC8DEDE9698A58D9A3338FC57CA884349
Authority key identifier: CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/U1fUr2EyxVTU50U1hrSZo8nGFmE.roa
Signing time:             Tue 02 Jan 2024 06:31:38 +0000
ROA not before:           Tue 02 Jan 2024 06:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200441
IP address blocks:        185.76.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:de:96:98:a5:8d:9a:33:38:fc:57:ca:88:43:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
        Validity
            Not Before: Jan  2 06:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5357d4af6132c554d4e7453586b499a3c9c61661
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:85:d9:cd:46:d1:ca:b4:f9:5d:26:67:1a:36:
                    64:13:77:c7:3d:a4:5d:39:5e:cf:db:ab:5c:15:99:
                    ab:35:28:51:7a:50:81:01:e8:e2:61:0a:b0:41:be:
                    78:d4:76:19:77:98:cc:cd:f6:c9:c4:57:8b:5b:4c:
                    03:de:5a:7c:51:e6:2c:6e:73:78:a5:b7:89:1f:41:
                    f2:0a:5d:df:fb:18:08:38:aa:ad:0a:c6:72:65:03:
                    71:f0:9a:6d:22:94:e9:d6:84:dc:f8:10:69:0b:1c:
                    06:3b:9b:d9:6f:ec:44:0d:7c:b1:c5:a4:cc:66:b0:
                    a3:d6:57:6e:f4:37:3b:8b:c7:f5:e5:32:e1:d5:79:
                    ff:7b:b5:03:38:3a:9f:c2:ef:d7:6f:73:a4:49:f7:
                    7f:e6:2a:1a:13:bc:4b:59:02:c9:65:33:d7:1d:17:
                    e5:b4:d8:8e:27:37:16:9b:c7:70:e5:b9:bf:c1:34:
                    c5:bf:31:a6:5f:65:3a:28:d8:e7:60:19:44:2e:d6:
                    39:94:f3:fa:80:f3:e7:0e:50:19:03:dd:60:41:12:
                    f7:92:92:d1:5f:44:f0:b2:87:62:2c:a5:a2:f2:b0:
                    3b:ba:14:19:46:58:0b:4d:d3:18:00:ef:03:b8:22:
                    ca:ee:d8:95:2d:11:02:9a:d0:4a:45:b7:07:37:a8:
                    0b:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:57:D4:AF:61:32:C5:54:D4:E7:45:35:86:B4:99:A3:C9:C6:16:61
            X509v3 Authority Key Identifier:
                keyid:CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/U1fUr2EyxVTU50U1hrSZo8nGFmE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.76.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:15:69:9a:83:bf:1e:b7:68:3a:3b:76:c0:89:59:fd:e4:02:
         45:32:3f:18:ee:7d:00:ab:9f:c3:6d:da:91:8f:5b:61:a1:88:
         35:ea:5b:f4:f1:32:65:85:d7:00:47:51:38:71:0e:cb:30:e9:
         5a:97:24:04:b1:b3:1b:56:76:ad:88:a0:db:ed:7c:9b:15:ce:
         70:37:dd:18:c2:11:17:4c:38:1d:30:ac:70:53:bb:63:14:cf:
         15:64:eb:d0:6d:1f:75:f7:79:15:08:1e:4d:b7:c4:59:ac:88:
         2f:d8:98:a2:29:a9:cd:09:96:4c:61:21:ed:5d:e9:10:58:2f:
         d0:20:5a:cf:24:27:44:d0:db:97:c9:0f:51:33:9d:91:dc:32:
         0b:e7:b3:b5:be:88:7a:dd:97:1b:05:bd:9a:0e:e2:fb:51:e5:
         f4:4b:bd:b3:46:e3:2f:5f:2f:96:10:b7:18:5d:fe:9a:08:3a:
         81:c4:8b:3a:f4:7d:ff:26:aa:01:15:bd:c1:b4:b2:c9:99:e6:
         64:e3:32:17:17:72:ae:15:9c:81:42:d1:59:8d:a1:f3:85:e4:
         b9:60:6c:c4:30:11:95:1e:61:9c:7d:f1:61:e6:23:60:54:95:
         3d:54:06:56:f3:a6:7f:83:96:00:ab:b1:4a:3c:df:82:ce:14:
         c5:bb:09:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3t6WmKWNmjM4/FfKiENJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMWRmNjY2N2RhMzhlNTdhMjViMTk0NWZhNDBlNTkzZTVh
ZGZhMDAwHhcNMjQwMTAyMDYzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzU3ZDRhZjYxMzJjNTU0ZDRlNzQ1MzU4NmI0OTlhM2M5YzYxNjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYXZzUbRyrT5XSZnGjZkE3fHPaRd
OV7P26tcFZmrNShRelCBAejiYQqwQb541HYZd5jMzfbJxFeLW0wD3lp8UeYsbnN4
pbeJH0HyCl3f+xgIOKqtCsZyZQNx8JptIpTp1oTc+BBpCxwGO5vZb+xEDXyxxaTM
ZrCj1ldu9Dc7i8f15TLh1Xn/e7UDODqfwu/Xb3OkSfd/5ioaE7xLWQLJZTPXHRfl
tNiOJzcWm8dw5bm/wTTFvzGmX2U6KNjnYBlELtY5lPP6gPPnDlAZA91gQRL3kpLR
X0TwsodiLKWi8rA7uhQZRlgLTdMYAO8DuCLK7tiVLRECmtBKRbcHN6gLXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFNX1K9hMsVU1OdFNYa0maPJxhZhMB8GA1UdIwQY
MBaAFM8d9mZ9o45XolsZRfpA5ZPlrfoAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEt
OGRmMzYzMzdlNmJjLzEvVTFmVXIyRXl4VlRVNTBVMWhyU1pvOG5HRm1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEtOGRmMzYzMzdlNmJj
LzEvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUxRMA0G
CSqGSIb3DQEBCwUAA4IBAQAsFWmag78et2g6O3bAiVn95AJFMj8Y7n0Aq5/DbdqR
j1thoYg16lv08TJlhdcAR1E4cQ7LMOlalyQEsbMbVnatiKDb7XybFc5wN90YwhEX
TDgdMKxwU7tjFM8VZOvQbR9193kVCB5Nt8RZrIgv2JiiKanNCZZMYSHtXekQWC/Q
IFrPJCdE0NuXyQ9RM52R3DIL57O1voh63ZcbBb2aDuL7UeX0S72zRuMvXy+WELcY
Xf6aCDqBxIs69H3/JqoBFb3BtLLJmeZk4zIXF3KuFZyBQtFZjaHzheS5YGzEMBGV
HmGcffFh5iNgVJU9VAZW86Z/g5YAq7FKPN+CzhTFuwmo
-----END CERTIFICATE-----