Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/52b634-6148-4e2e-b8f3-0c98c570a6e0/1/uS9brILIHY_wf9sd8h6DqrA0WHE.roa
File:                     uS9brILIHY_wf9sd8h6DqrA0WHE.roa (raw, json)
Hash identifier:          uWyp7XcdBs5AFQFXKponzFJFkRGlwZa66WpgyQ+KaCo=
Subject key identifier:   B9:2F:5B:AC:82:C8:1D:8F:F0:7F:DB:1D:F2:1E:83:AA:B0:34:58:71
Certificate issuer:       /CN=607548c37abebc58b928ed285433d69e95df9c3b
Certificate serial:       018CC2DAE51C1FFB6A6ED42DD614072C5F5A
Authority key identifier: 60:75:48:C3:7A:BE:BC:58:B9:28:ED:28:54:33:D6:9E:95:DF:9C:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YHVIw3q-vFi5KO0oVDPWnpXfnDs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/52b634-6148-4e2e-b8f3-0c98c570a6e0/1/uS9brILIHY_wf9sd8h6DqrA0WHE.roa
Signing time:             Mon 01 Jan 2024 02:29:34 +0000
ROA not before:           Mon 01 Jan 2024 02:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50608
IP address blocks:        83.220.167.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/52b634-6148-4e2e-b8f3-0c98c570a6e0/1/YHVIw3q-vFi5KO0oVDPWnpXfnDs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/52b634-6148-4e2e-b8f3-0c98c570a6e0/1/YHVIw3q-vFi5KO0oVDPWnpXfnDs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YHVIw3q-vFi5KO0oVDPWnpXfnDs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e5:1c:1f:fb:6a:6e:d4:2d:d6:14:07:2c:5f:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=607548c37abebc58b928ed285433d69e95df9c3b
        Validity
            Not Before: Jan  1 02:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b92f5bac82c81d8ff07fdb1df21e83aab0345871
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:a7:81:d3:da:e2:e3:13:8c:20:c2:6a:9d:0f:
                    4e:1c:cb:c7:2d:87:d0:80:e5:8c:03:46:0e:62:60:
                    f6:6c:d8:af:db:1c:98:fe:9b:e8:8e:a9:af:af:7c:
                    24:c3:34:1d:52:42:7f:a1:c6:b1:4a:99:20:73:d8:
                    87:40:81:27:60:95:eb:61:58:05:66:2f:26:f8:b8:
                    d8:55:86:f6:f4:d8:50:44:d6:6b:f6:4a:cd:c2:b4:
                    cc:6c:db:b8:76:e6:65:51:e7:17:ea:3c:ff:89:cb:
                    e8:4f:3f:91:cc:83:41:d0:1f:1e:7a:18:6f:97:81:
                    1b:5c:ca:45:9e:0f:b4:5a:c0:b6:f0:fe:9a:5c:8d:
                    b8:e2:13:72:76:4b:26:a9:9b:ed:67:6a:db:03:96:
                    da:ad:f6:e0:e8:e9:f3:7a:48:cf:52:23:61:e8:95:
                    ee:4a:4d:7e:30:55:a0:4a:1f:1f:c2:7b:c6:23:03:
                    f4:09:83:c9:1e:e2:07:9a:f3:6c:f5:6f:99:ac:45:
                    b8:6d:7e:fb:64:a5:a3:c0:e4:ce:e4:8c:19:6f:e6:
                    6b:8e:6a:1a:69:7e:c3:e4:dd:38:44:11:41:88:7e:
                    0d:78:33:cd:53:bf:16:85:9c:7a:60:6b:25:a6:e9:
                    d1:fd:d2:bb:35:2c:b5:30:3a:71:1b:89:45:46:77:
                    11:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:2F:5B:AC:82:C8:1D:8F:F0:7F:DB:1D:F2:1E:83:AA:B0:34:58:71
            X509v3 Authority Key Identifier:
                keyid:60:75:48:C3:7A:BE:BC:58:B9:28:ED:28:54:33:D6:9E:95:DF:9C:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YHVIw3q-vFi5KO0oVDPWnpXfnDs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/52b634-6148-4e2e-b8f3-0c98c570a6e0/1/uS9brILIHY_wf9sd8h6DqrA0WHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/52b634-6148-4e2e-b8f3-0c98c570a6e0/1/YHVIw3q-vFi5KO0oVDPWnpXfnDs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.220.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:60:7f:b2:2a:80:13:c3:9c:17:59:4f:f3:71:8f:76:0c:37:
         5f:bc:ba:7d:0a:82:1c:94:04:7c:11:e2:08:9f:ac:7d:fa:3f:
         e8:d9:e7:9d:02:8a:a2:23:a1:1c:25:84:d3:5f:cf:63:77:11:
         9d:7c:6a:3d:2e:7d:fd:6a:72:b8:aa:1c:06:9b:4c:f6:4e:b7:
         c3:27:e6:46:a1:66:cc:05:d8:5b:c7:64:87:15:aa:4d:1c:98:
         d8:98:8b:0d:69:88:85:ea:5e:88:40:a9:92:a1:3f:51:75:7b:
         80:99:a7:f0:1f:15:1a:a2:20:e1:ad:d4:cd:c4:ec:c7:07:32:
         c4:50:84:cb:9e:90:49:60:57:b2:76:77:e2:18:7c:bd:d9:dc:
         e6:b8:37:59:d9:5b:bf:8e:e8:fc:22:f3:bd:0f:fb:ce:7c:6a:
         93:de:21:3e:89:ed:62:ef:a6:49:a9:1d:f3:89:3c:6b:7f:7c:
         6f:f6:55:d4:09:e8:2c:c1:ff:50:3e:00:df:f6:5f:39:e9:52:
         2c:10:3f:69:18:47:8d:09:bf:5e:60:75:2e:ba:6f:9c:6a:7a:
         57:a5:c3:3e:da:ad:29:2e:58:5f:62:64:50:58:44:60:3a:55:
         33:c5:98:1e:5b:9c:5c:73:06:5f:5b:d5:c3:a6:80:29:34:d0:
         27:b1:57:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2uUcH/tqbtQt1hQHLF9aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNzU0OGMzN2FiZWJjNThiOTI4ZWQyODU0MzNkNjllOTVk
ZjljM2IwHhcNMjQwMTAxMDIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTJmNWJhYzgyYzgxZDhmZjA3ZmRiMWRmMjFlODNhYWIwMzQ1ODcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKeB09ri4xOMIMJqnQ9OHMvHLYfQ
gOWMA0YOYmD2bNiv2xyY/pvojqmvr3wkwzQdUkJ/ocaxSpkgc9iHQIEnYJXrYVgF
Zi8m+LjYVYb29NhQRNZr9krNwrTMbNu4duZlUecX6jz/icvoTz+RzINB0B8eehhv
l4EbXMpFng+0WsC28P6aXI244hNydksmqZvtZ2rbA5barfbg6OnzekjPUiNh6JXu
Sk1+MFWgSh8fwnvGIwP0CYPJHuIHmvNs9W+ZrEW4bX77ZKWjwOTO5IwZb+Zrjmoa
aX7D5N04RBFBiH4NeDPNU78WhZx6YGslpunR/dK7NSy1MDpxG4lFRncRtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLkvW6yCyB2P8H/bHfIeg6qwNFhxMB8GA1UdIwQY
MBaAFGB1SMN6vrxYuSjtKFQz1p6V35w7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUhWSXczcS12Rmk1S08wb1ZEUFducFhmbkRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi81MmI2MzQtNjE0OC00ZTJlLWI4ZjMt
MGM5OGM1NzBhNmUwLzEvdVM5YnJJTElIWV93ZjlzZDhoNkRxckEwV0hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi81MmI2MzQtNjE0OC00ZTJlLWI4ZjMtMGM5OGM1NzBhNmUw
LzEvWUhWSXczcS12Rmk1S08wb1ZEUFducFhmbkRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU9ynMA0G
CSqGSIb3DQEBCwUAA4IBAQCZYH+yKoATw5wXWU/zcY92DDdfvLp9CoIclAR8EeII
n6x9+j/o2eedAoqiI6EcJYTTX89jdxGdfGo9Ln39anK4qhwGm0z2TrfDJ+ZGoWbM
Bdhbx2SHFapNHJjYmIsNaYiF6l6IQKmSoT9RdXuAmafwHxUaoiDhrdTNxOzHBzLE
UITLnpBJYFeydnfiGHy92dzmuDdZ2Vu/juj8IvO9D/vOfGqT3iE+ie1i76ZJqR3z
iTxrf3xv9lXUCegswf9QPgDf9l856VIsED9pGEeNCb9eYHUuum+canpXpcM+2q0p
LlhfYmRQWERgOlUzxZgeW5xccwZfW9XDpoApNNAnsVcr
-----END CERTIFICATE-----