Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/c80896-c36e-4627-8353-341c3fa45b43/1/uZok7D_QdrsSU-e02B-oSZtFoto.roa
File:                     uZok7D_QdrsSU-e02B-oSZtFoto.roa (raw, json)
Hash identifier:          ColYrkkd0iyFyEmNIa75L/F7iTI5MNe6LpM59hlSpL0=
Subject key identifier:   B9:9A:24:EC:3F:D0:76:BB:12:53:E7:B4:D8:1F:A8:49:9B:45:A2:DA
Certificate issuer:       /CN=2aaf24e9111a889db4dae087e4809e1086e33f82
Certificate serial:       018CC50134A4087E7EF678835744F4E4B175
Authority key identifier: 2A:AF:24:E9:11:1A:88:9D:B4:DA:E0:87:E4:80:9E:10:86:E3:3F:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kq8k6REaiJ202uCH5ICeEIbjP4I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/c80896-c36e-4627-8353-341c3fa45b43/1/uZok7D_QdrsSU-e02B-oSZtFoto.roa
Signing time:             Mon 01 Jan 2024 12:30:39 +0000
ROA not before:           Mon 01 Jan 2024 12:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203255
IP address blocks:        185.137.48.0/22 maxlen: 24
                          2a0f:cb40::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/c80896-c36e-4627-8353-341c3fa45b43/1/Kq8k6REaiJ202uCH5ICeEIbjP4I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/c80896-c36e-4627-8353-341c3fa45b43/1/Kq8k6REaiJ202uCH5ICeEIbjP4I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kq8k6REaiJ202uCH5ICeEIbjP4I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 18:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:34:a4:08:7e:7e:f6:78:83:57:44:f4:e4:b1:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2aaf24e9111a889db4dae087e4809e1086e33f82
        Validity
            Not Before: Jan  1 12:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b99a24ec3fd076bb1253e7b4d81fa8499b45a2da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:c4:e1:ca:41:c8:2a:9e:9d:71:0a:06:0b:80:
                    3e:27:46:dc:15:9d:93:e8:e8:a0:10:59:25:d7:9e:
                    af:5f:5d:e6:1b:0e:ca:8b:63:99:dd:b1:49:f5:cd:
                    bc:02:c4:dc:8f:6f:b2:79:66:1e:ec:3e:0e:85:9f:
                    aa:5e:69:41:25:a3:37:f4:60:d1:e6:31:e8:1b:de:
                    9d:6f:4b:32:7e:bb:a4:84:2d:d7:56:f2:83:b0:97:
                    e9:6f:12:a5:cd:24:77:e2:e2:87:4b:59:e9:f2:08:
                    49:d9:a5:25:18:a6:6b:3c:2f:59:e5:6b:f9:c9:64:
                    2f:e3:82:a8:81:8b:ef:25:82:eb:d5:3f:3f:e4:45:
                    9d:2f:d5:29:7b:8e:01:8a:1c:3f:e5:c4:b2:72:7a:
                    c6:34:75:11:5a:25:d6:aa:6f:44:76:4e:8a:fc:72:
                    c9:09:b5:82:c9:41:f3:36:b9:45:2c:6c:a9:d3:da:
                    62:71:21:22:fd:6e:29:ab:6d:94:d7:c7:71:a5:84:
                    68:54:5b:79:05:9d:16:ca:d9:f6:e2:9b:06:9e:90:
                    46:c9:3f:6e:d4:22:20:50:17:db:54:53:f8:df:51:
                    ee:f0:51:52:83:69:65:90:f8:f2:74:10:9b:e5:b4:
                    57:4b:4b:f9:ce:ce:a0:7b:19:b5:7b:2a:db:08:a6:
                    ee:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:9A:24:EC:3F:D0:76:BB:12:53:E7:B4:D8:1F:A8:49:9B:45:A2:DA
            X509v3 Authority Key Identifier:
                keyid:2A:AF:24:E9:11:1A:88:9D:B4:DA:E0:87:E4:80:9E:10:86:E3:3F:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kq8k6REaiJ202uCH5ICeEIbjP4I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/c80896-c36e-4627-8353-341c3fa45b43/1/uZok7D_QdrsSU-e02B-oSZtFoto.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/c80896-c36e-4627-8353-341c3fa45b43/1/Kq8k6REaiJ202uCH5ICeEIbjP4I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.137.48.0/22
                IPv6:
                  2a0f:cb40::/32

    Signature Algorithm: sha256WithRSAEncryption
         53:fb:c2:a2:a4:fd:0f:a1:b7:14:37:21:11:91:89:83:e2:46:
         01:5b:da:04:ad:c8:58:12:8c:93:db:87:44:7d:8c:79:04:0e:
         a7:52:50:31:fe:73:6a:27:ff:c2:f2:a1:cd:71:96:78:46:2c:
         f2:78:aa:fc:d7:26:8c:19:13:f3:8b:a1:c9:1a:a6:da:79:6a:
         13:c4:f2:db:3d:9c:a2:67:19:92:e4:d1:3a:a7:30:e6:ea:6e:
         a9:fa:24:fb:4c:fd:fd:8a:19:37:25:9c:28:86:40:2d:3e:42:
         f0:ee:7f:9d:15:7c:78:75:24:1a:e7:96:8a:a2:cd:a0:60:a6:
         b1:03:62:87:dc:bd:13:27:97:0b:8e:be:89:78:5e:c6:45:f9:
         ed:c3:58:87:14:92:78:bf:10:c2:09:9c:c7:94:39:01:7c:62:
         b7:e4:a9:c9:08:c4:f9:00:b3:1b:f0:1b:4b:56:c4:50:cd:1e:
         85:c9:e5:0b:15:77:09:c9:bb:cc:23:73:55:1c:04:d3:fd:64:
         96:85:b6:9a:7c:b7:bb:38:8e:b9:ce:aa:01:91:a3:90:6e:17:
         58:89:6d:e6:c5:8f:92:53:08:5b:8c:e8:47:9f:65:27:69:b9:
         fb:34:75:f6:69:fd:6d:13:17:3a:8d:2e:74:a5:d4:2f:db:62:
         f4:59:25:ae
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFATSkCH5+9niDV0T05LF1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYWYyNGU5MTExYTg4OWRiNGRhZTA4N2U0ODA5ZTEwODZl
MzNmODIwHhcNMjQwMTAxMTIzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTlhMjRlYzNmZDA3NmJiMTI1M2U3YjRkODFmYTg0OTliNDVhMmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmsThykHIKp6dcQoGC4A+J0bcFZ2T
6OigEFkl156vX13mGw7Ki2OZ3bFJ9c28AsTcj2+yeWYe7D4OhZ+qXmlBJaM39GDR
5jHoG96db0syfrukhC3XVvKDsJfpbxKlzSR34uKHS1np8ghJ2aUlGKZrPC9Z5Wv5
yWQv44KogYvvJYLr1T8/5EWdL9Upe44Bihw/5cSycnrGNHURWiXWqm9Edk6K/HLJ
CbWCyUHzNrlFLGyp09picSEi/W4pq22U18dxpYRoVFt5BZ0Wytn24psGnpBGyT9u
1CIgUBfbVFP431Hu8FFSg2llkPjydBCb5bRXS0v5zs6gexm1eyrbCKbuvwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLmaJOw/0Ha7ElPntNgfqEmbRaLaMB8GA1UdIwQY
MBaAFCqvJOkRGoidtNrgh+SAnhCG4z+CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3E4azZSRWFpSjIwMnVDSDVJQ2VFSWJqUDRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9jODA4OTYtYzM2ZS00NjI3LTgzNTMt
MzQxYzNmYTQ1YjQzLzEvdVpvazdEX1FkcnNTVS1lMDJCLW9TWnRGb3RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9jODA4OTYtYzM2ZS00NjI3LTgzNTMtMzQxYzNmYTQ1YjQz
LzEvS3E4azZSRWFpSjIwMnVDSDVJQ2VFSWJqUDRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYkwMA0E
AgACMAcDBQAqD8tAMA0GCSqGSIb3DQEBCwUAA4IBAQBT+8KipP0PobcUNyERkYmD
4kYBW9oErchYEoyT24dEfYx5BA6nUlAx/nNqJ//C8qHNcZZ4RizyeKr81yaMGRPz
i6HJGqbaeWoTxPLbPZyiZxmS5NE6pzDm6m6p+iT7TP39ihk3JZwohkAtPkLw7n+d
FXx4dSQa55aKos2gYKaxA2KH3L0TJ5cLjr6JeF7GRfntw1iHFJJ4vxDCCZzHlDkB
fGK35KnJCMT5ALMb8BtLVsRQzR6FyeULFXcJybvMI3NVHATT/WSWhbaafLe7OI65
zqoBkaOQbhdYiW3mxY+SUwhbjOhHn2Unabn7NHX2af1tExc6jS50pdQv22L0WSWu
-----END CERTIFICATE-----