Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Uze0H9awSqxFNLEhGNM_Kn0ofh0.roa
File:                     Uze0H9awSqxFNLEhGNM_Kn0ofh0.roa (raw, json)
Hash identifier:          iFZncEZUTgc6loLXtkqcCDgZYiM0h5jCMrjJWNj7aYM=
Subject key identifier:   53:37:B4:1F:D6:B0:4A:AC:45:34:B1:21:18:D3:3F:2A:7D:28:7E:1D
Certificate issuer:       /CN=570fb0f1d8b8c198b0dc86158afbcbc529cf16be
Certificate serial:       018F4DC0DFE01D81EAF2E8547A32D50E2D3F
Authority key identifier: 57:0F:B0:F1:D8:B8:C1:98:B0:DC:86:15:8A:FB:CB:C5:29:CF:16:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Uze0H9awSqxFNLEhGNM_Kn0ofh0.roa
Signing time:             Mon 06 May 2024 11:53:56 +0000
ROA not before:           Mon 06 May 2024 11:53:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41397
IP address blocks:        185.212.206.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 06:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:4d:c0:df:e0:1d:81:ea:f2:e8:54:7a:32:d5:0e:2d:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=570fb0f1d8b8c198b0dc86158afbcbc529cf16be
        Validity
            Not Before: May  6 11:53:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5337b41fd6b04aac4534b12118d33f2a7d287e1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:fe:e1:16:44:8a:fd:7f:70:ae:d7:a0:e4:24:
                    dc:81:4c:ad:91:75:9e:5a:d8:44:24:8f:72:c7:60:
                    af:aa:d5:a7:30:49:47:66:cb:d9:91:3e:9a:98:bf:
                    57:14:65:76:e0:ac:f6:fd:bd:73:95:9b:0f:6d:b7:
                    af:26:94:7e:e8:f0:62:14:c9:4a:e2:4a:06:d7:ed:
                    1c:db:49:45:90:e8:df:60:e4:8e:61:04:18:25:e4:
                    7a:2e:18:f0:7a:a1:72:4e:7f:ef:b3:e6:ad:73:6e:
                    52:4a:42:12:07:82:0a:31:f1:85:a6:51:3b:3a:de:
                    b1:98:29:e5:4e:c0:02:be:31:d4:c3:39:7e:84:05:
                    ce:00:44:d5:f4:1d:01:96:ac:c1:c3:e7:05:27:b8:
                    56:17:69:17:73:1a:c6:7d:b0:dd:df:f7:bb:95:4b:
                    38:9d:b3:80:1e:b7:f3:18:0e:44:0f:29:38:a1:84:
                    fd:e9:8c:f3:a6:88:04:d0:c2:c0:bb:e9:48:89:1d:
                    f8:bf:2d:db:32:26:62:30:7f:74:71:4a:a9:be:de:
                    9b:bf:ec:5a:cc:f4:03:59:44:65:2d:48:3e:fa:08:
                    49:79:f5:12:ae:2a:0c:7c:f1:ea:90:d4:a0:07:72:
                    27:72:ae:bc:fc:3c:d8:34:08:49:9b:d9:48:0b:9d:
                    a3:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:37:B4:1F:D6:B0:4A:AC:45:34:B1:21:18:D3:3F:2A:7D:28:7E:1D
            X509v3 Authority Key Identifier:
                keyid:57:0F:B0:F1:D8:B8:C1:98:B0:DC:86:15:8A:FB:CB:C5:29:CF:16:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Uze0H9awSqxFNLEhGNM_Kn0ofh0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         32:e5:85:a9:a9:68:cd:b2:85:d3:52:42:4b:ca:9c:58:d7:76:
         10:c1:8a:0f:d5:b0:cb:0b:6f:05:26:08:1b:9f:0a:88:dd:d7:
         36:82:7c:fe:19:95:f6:e3:26:79:09:48:9f:ed:0e:e6:63:df:
         f0:f5:42:1c:a1:bd:eb:df:48:07:93:59:a7:6a:aa:01:de:07:
         92:6a:d4:55:af:15:3b:21:2c:1c:6b:1c:60:10:89:d5:26:24:
         82:ea:9c:bd:f6:72:d4:14:1a:80:ca:39:d7:00:8b:3c:71:2c:
         23:00:13:59:8a:73:a7:02:ad:4f:a8:4d:cf:8a:b0:84:0c:c2:
         7c:3f:93:32:b3:59:c7:e9:4c:ad:22:d7:8b:01:3e:cb:63:53:
         3f:da:a1:9a:33:21:5a:a4:ea:d4:f4:b0:26:4a:d1:6f:74:17:
         b6:db:0e:af:82:23:22:4e:b9:c7:fd:31:9e:96:0d:23:12:07:
         11:ff:c4:82:28:bf:cc:a3:d6:a2:0f:48:7f:3c:64:89:88:6b:
         9a:b9:f3:d1:44:46:4b:e0:4c:b8:95:85:d5:8f:88:4d:23:b0:
         47:4c:63:2b:ac:56:40:06:cf:b4:7f:ab:ff:bf:88:9a:b9:af:
         8c:f8:cb:e3:68:bd:c0:9b:d8:96:ad:09:e3:65:c0:f3:62:55:
         b8:b4:3c:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9NwN/gHYHq8uhUejLVDi0/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MGZiMGYxZDhiOGMxOThiMGRjODYxNThhZmJjYmM1Mjlj
ZjE2YmUwHhcNMjQwNTA2MTE1MzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzM3YjQxZmQ2YjA0YWFjNDUzNGIxMjExOGQzM2YyYTdkMjg3ZTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2P7hFkSK/X9wrteg5CTcgUytkXWe
WthEJI9yx2CvqtWnMElHZsvZkT6amL9XFGV24Kz2/b1zlZsPbbevJpR+6PBiFMlK
4koG1+0c20lFkOjfYOSOYQQYJeR6LhjweqFyTn/vs+atc25SSkISB4IKMfGFplE7
Ot6xmCnlTsACvjHUwzl+hAXOAETV9B0BlqzBw+cFJ7hWF2kXcxrGfbDd3/e7lUs4
nbOAHrfzGA5EDyk4oYT96YzzpogE0MLAu+lIiR34vy3bMiZiMH90cUqpvt6bv+xa
zPQDWURlLUg++ghJefUSrioMfPHqkNSgB3Incq68/DzYNAhJm9lIC52j+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFM3tB/WsEqsRTSxIRjTPyp9KH4dMB8GA1UdIwQY
MBaAFFcPsPHYuMGYsNyGFYr7y8Upzxa+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnctdzhkaTR3Wml3M0lZVml2dkx4U25QRnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8wOTQ5ZmMtYWNjZC00NzFmLWE5Y2Qt
OTcyNDNlMzE2MjcyLzEvVXplMEg5YXdTcXhGTkxFaEdOTV9LbjBvZmgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8wOTQ5ZmMtYWNjZC00NzFmLWE5Y2QtOTcyNDNlMzE2Mjcy
LzEvVnctdzhkaTR3Wml3M0lZVml2dkx4U25QRnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBudTOMA0G
CSqGSIb3DQEBCwUAA4IBAQAy5YWpqWjNsoXTUkJLypxY13YQwYoP1bDLC28FJggb
nwqI3dc2gnz+GZX24yZ5CUif7Q7mY9/w9UIcob3r30gHk1mnaqoB3geSatRVrxU7
ISwcaxxgEInVJiSC6py99nLUFBqAyjnXAIs8cSwjABNZinOnAq1PqE3PirCEDMJ8
P5Mys1nH6UytIteLAT7LY1M/2qGaMyFapOrU9LAmStFvdBe22w6vgiMiTrnH/TGe
lg0jEgcR/8SCKL/Mo9aiD0h/PGSJiGuaufPRREZL4Ey4lYXVj4hNI7BHTGMrrFZA
Bs+0f6v/v4iaua+M+MvjaL3Am9iWrQnjZcDzYlW4tDx8
-----END CERTIFICATE-----