Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/8f5119-6dcc-43a2-8daf-f3211d91520d/1/uDo5n2RwS0klb3ZLEZ41TEJzNGA.roa
File:                     uDo5n2RwS0klb3ZLEZ41TEJzNGA.roa (raw, json)
Hash identifier:          o2bNZ4MSlUZETU+gJeKCbAKNeRZtUufATH6nASm+e8s=
Subject key identifier:   B8:3A:39:9F:64:70:4B:49:25:6F:76:4B:11:9E:35:4C:42:73:34:60
Certificate issuer:       /CN=6baa05c6f8f9bfd70e3d41fe05bafc50d1253bf5
Certificate serial:       018CC56EA9D62321F689FDCAC85A966CA947
Authority key identifier: 6B:AA:05:C6:F8:F9:BF:D7:0E:3D:41:FE:05:BA:FC:50:D1:25:3B:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a6oFxvj5v9cOPUH-Bbr8UNElO_U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/8f5119-6dcc-43a2-8daf-f3211d91520d/1/uDo5n2RwS0klb3ZLEZ41TEJzNGA.roa
Signing time:             Mon 01 Jan 2024 14:30:13 +0000
ROA not before:           Mon 01 Jan 2024 14:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        212.23.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/8f5119-6dcc-43a2-8daf-f3211d91520d/1/a6oFxvj5v9cOPUH-Bbr8UNElO_U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/8f5119-6dcc-43a2-8daf-f3211d91520d/1/a6oFxvj5v9cOPUH-Bbr8UNElO_U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a6oFxvj5v9cOPUH-Bbr8UNElO_U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:a9:d6:23:21:f6:89:fd:ca:c8:5a:96:6c:a9:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6baa05c6f8f9bfd70e3d41fe05bafc50d1253bf5
        Validity
            Not Before: Jan  1 14:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b83a399f64704b49256f764b119e354c42733460
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:2a:4d:82:c3:bd:57:1c:9d:f3:c6:6d:c8:81:
                    22:e4:76:ef:f3:1d:8c:7e:87:64:a8:80:d5:d3:89:
                    6d:e3:50:4e:73:d5:dd:d6:40:51:2b:88:98:f3:99:
                    14:44:de:2d:b5:33:65:60:57:15:30:3e:73:f9:9a:
                    96:07:89:64:4d:c9:ad:53:cc:93:5b:96:1d:93:37:
                    49:21:d5:ff:fd:ab:7d:ad:9e:ea:17:cd:67:68:34:
                    ca:82:25:e9:23:40:3b:00:d8:60:b9:b7:2d:6e:56:
                    f1:da:e9:01:7c:f5:63:29:91:a4:c7:57:25:05:e4:
                    ef:19:5b:dd:73:74:b0:11:c3:1b:3c:44:41:00:39:
                    91:c8:de:52:7b:30:cb:d0:46:f5:4a:fa:7a:68:6e:
                    9c:0a:2d:7d:ad:c7:1d:01:58:8d:93:6f:aa:48:ad:
                    d9:8d:74:50:44:9c:92:70:b5:9a:83:19:1a:60:2b:
                    3c:51:35:c8:5b:7c:dd:e8:06:57:14:85:22:8c:bd:
                    11:f3:1c:4a:70:c9:88:90:88:a2:4f:87:72:3c:49:
                    54:bc:dc:67:1c:75:8a:cf:c5:83:d6:67:4e:37:9d:
                    7b:81:13:22:13:88:28:f9:7c:b6:5c:fb:00:26:19:
                    76:b2:45:03:13:5d:d9:66:c2:9e:66:b8:ff:e8:b6:
                    28:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:3A:39:9F:64:70:4B:49:25:6F:76:4B:11:9E:35:4C:42:73:34:60
            X509v3 Authority Key Identifier:
                keyid:6B:AA:05:C6:F8:F9:BF:D7:0E:3D:41:FE:05:BA:FC:50:D1:25:3B:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6oFxvj5v9cOPUH-Bbr8UNElO_U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8f5119-6dcc-43a2-8daf-f3211d91520d/1/uDo5n2RwS0klb3ZLEZ41TEJzNGA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8f5119-6dcc-43a2-8daf-f3211d91520d/1/a6oFxvj5v9cOPUH-Bbr8UNElO_U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.23.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c5:8c:db:d2:e8:a8:bd:fa:eb:cf:9c:5a:d3:f6:c2:99:f9:8c:
         4e:13:f5:d1:c2:8a:45:d4:d6:79:2c:9e:38:ac:6b:52:fa:48:
         c8:ae:6c:98:54:bf:80:ca:76:5d:90:65:d8:1f:0c:76:07:6c:
         c4:12:3d:37:bd:4b:3e:e9:60:57:10:3b:8f:4d:99:11:7b:ca:
         55:35:7e:d9:01:76:0b:31:c3:15:eb:5d:be:b9:17:0d:df:4a:
         90:5f:f5:9d:46:77:1a:41:2b:94:4e:c2:70:6f:1d:96:9f:16:
         9b:05:c8:b5:93:be:c0:71:d6:bf:d5:81:b1:4f:aa:14:da:92:
         77:33:96:5f:b0:68:b7:ae:0d:01:16:5b:45:ac:d0:ba:7d:6b:
         1f:16:5e:cf:1e:c6:4c:a2:8a:df:bc:fe:c7:e3:3d:c7:db:db:
         5c:55:01:33:2a:b6:04:cd:32:07:a3:74:0b:34:6d:c7:c5:4c:
         7a:93:b2:75:74:10:b5:5f:bd:91:69:5c:09:74:48:25:a0:30:
         92:d3:73:0a:c8:ed:c3:8f:13:6d:aa:6c:bb:e3:78:dc:d1:5d:
         5e:8d:18:23:be:65:9c:0b:cc:7b:04:ac:0b:90:a5:e2:81:dc:
         6d:75:84:ca:43:f5:73:6a:7c:df:c8:e0:55:5d:0e:90:24:39:
         81:73:b8:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbqnWIyH2if3KyFqWbKlHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiYWEwNWM2ZjhmOWJmZDcwZTNkNDFmZTA1YmFmYzUwZDEy
NTNiZjUwHhcNMjQwMTAxMTQzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODNhMzk5ZjY0NzA0YjQ5MjU2Zjc2NGIxMTllMzU0YzQyNzMzNDYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoipNgsO9Vxyd88ZtyIEi5Hbv8x2M
fodkqIDV04lt41BOc9Xd1kBRK4iY85kURN4ttTNlYFcVMD5z+ZqWB4lkTcmtU8yT
W5YdkzdJIdX//at9rZ7qF81naDTKgiXpI0A7ANhgubctblbx2ukBfPVjKZGkx1cl
BeTvGVvdc3SwEcMbPERBADmRyN5SezDL0Eb1Svp6aG6cCi19rccdAViNk2+qSK3Z
jXRQRJyScLWagxkaYCs8UTXIW3zd6AZXFIUijL0R8xxKcMmIkIiiT4dyPElUvNxn
HHWKz8WD1mdON517gRMiE4go+Xy2XPsAJhl2skUDE13ZZsKeZrj/6LYonQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLg6OZ9kcEtJJW92SxGeNUxCczRgMB8GA1UdIwQY
MBaAFGuqBcb4+b/XDj1B/gW6/FDRJTv1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTZvRnh2ajV2OWNPUFVILUJicjhVTkVsT19VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC84ZjUxMTktNmRjYy00M2EyLThkYWYt
ZjMyMTFkOTE1MjBkLzEvdURvNW4yUndTMGtsYjNaTEVaNDFURUp6TkdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC84ZjUxMTktNmRjYy00M2EyLThkYWYtZjMyMTFkOTE1MjBk
LzEvYTZvRnh2ajV2OWNPUFVILUJicjhVTkVsT19VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BfLMA0G
CSqGSIb3DQEBCwUAA4IBAQDFjNvS6Ki9+uvPnFrT9sKZ+YxOE/XRwopF1NZ5LJ44
rGtS+kjIrmyYVL+AynZdkGXYHwx2B2zEEj03vUs+6WBXEDuPTZkRe8pVNX7ZAXYL
McMV612+uRcN30qQX/WdRncaQSuUTsJwbx2WnxabBci1k77Acda/1YGxT6oU2pJ3
M5ZfsGi3rg0BFltFrNC6fWsfFl7PHsZMoorfvP7H4z3H29tcVQEzKrYEzTIHo3QL
NG3HxUx6k7J1dBC1X72RaVwJdEgloDCS03MKyO3DjxNtqmy743jc0V1ejRgjvmWc
C8x7BKwLkKXigdxtdYTKQ/VzanzfyOBVXQ6QJDmBc7iE
-----END CERTIFICATE-----