Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/726d15-5c19-4e85-bc59-da739856cfb8/1/uUtqk58pckwDYJlfuDmI104CzLk.roa
File:                     uUtqk58pckwDYJlfuDmI104CzLk.roa (raw, json)
Hash identifier:          lHOgruEhELU2OG/WMiIwFoSy9wf8pF1t2TML3iugjR8=
Subject key identifier:   B9:4B:6A:93:9F:29:72:4C:03:60:99:5F:B8:39:88:D7:4E:02:CC:B9
Certificate issuer:       /CN=09b8fb92280ab05b4432e43b95450e73b2773d5b
Certificate serial:       019296D284BD49D05FC9FC571B2D5BF3D9AA
Authority key identifier: 09:B8:FB:92:28:0A:B0:5B:44:32:E4:3B:95:45:0E:73:B2:77:3D:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Cbj7kigKsFtEMuQ7lUUOc7J3PVs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/726d15-5c19-4e85-bc59-da739856cfb8/1/uUtqk58pckwDYJlfuDmI104CzLk.roa
Signing time:             Wed 16 Oct 2024 19:33:51 +0000
ROA not before:           Wed 16 Oct 2024 19:33:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51043
IP address blocks:        193.161.8.0/24 maxlen: 24
                          193.161.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/726d15-5c19-4e85-bc59-da739856cfb8/1/Cbj7kigKsFtEMuQ7lUUOc7J3PVs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/726d15-5c19-4e85-bc59-da739856cfb8/1/Cbj7kigKsFtEMuQ7lUUOc7J3PVs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Cbj7kigKsFtEMuQ7lUUOc7J3PVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:96:d2:84:bd:49:d0:5f:c9:fc:57:1b:2d:5b:f3:d9:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09b8fb92280ab05b4432e43b95450e73b2773d5b
        Validity
            Not Before: Oct 16 19:33:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b94b6a939f29724c0360995fb83988d74e02ccb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:6b:e7:c0:0b:d5:cf:ad:8e:a2:53:2d:07:55:
                    5a:db:79:33:de:a0:b8:18:af:00:74:6b:2a:08:b0:
                    d9:00:0e:0c:81:d9:4c:73:20:8c:eb:a1:fe:07:7e:
                    40:26:ac:e8:24:07:0c:22:5b:c5:58:d2:71:16:43:
                    66:f6:d0:d2:d7:1c:aa:f1:23:71:af:6c:19:88:88:
                    aa:af:5c:6d:47:86:1c:02:6f:f7:bd:2b:fb:ea:f7:
                    5c:fd:8b:f6:21:11:ac:9e:73:e7:43:2b:12:94:91:
                    34:e1:3e:11:c3:19:f8:3b:e4:ee:5c:1e:5d:4b:6d:
                    32:b5:65:66:44:32:bf:03:82:75:3e:0c:bd:97:c5:
                    20:dd:36:06:90:fd:1f:34:6e:73:d9:7c:a2:4f:ce:
                    4d:93:ef:7d:8f:cb:c0:4f:92:ed:00:b3:6b:4f:62:
                    b7:0b:1b:4b:73:4e:67:af:e9:13:6f:46:a0:4b:59:
                    56:1e:15:bf:a7:d3:f0:67:ac:fb:e4:07:2f:0f:b3:
                    de:fa:0a:41:23:d9:2c:9c:46:8c:e2:c7:d9:60:a0:
                    a4:37:13:60:64:29:10:b2:85:b0:c5:7d:32:2d:e4:
                    50:c6:7d:20:ad:9f:7d:86:f6:9d:00:6d:f0:c0:08:
                    2c:c3:31:6c:54:34:1a:08:2e:2a:70:c2:f3:ab:fc:
                    da:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:4B:6A:93:9F:29:72:4C:03:60:99:5F:B8:39:88:D7:4E:02:CC:B9
            X509v3 Authority Key Identifier:
                keyid:09:B8:FB:92:28:0A:B0:5B:44:32:E4:3B:95:45:0E:73:B2:77:3D:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cbj7kigKsFtEMuQ7lUUOc7J3PVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/726d15-5c19-4e85-bc59-da739856cfb8/1/uUtqk58pckwDYJlfuDmI104CzLk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/726d15-5c19-4e85-bc59-da739856cfb8/1/Cbj7kigKsFtEMuQ7lUUOc7J3PVs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.161.8.0/24
                  193.161.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:7c:09:52:18:dc:18:55:fb:e8:78:43:1b:38:d0:2e:0d:8c:
         5c:af:df:a6:b0:38:e8:49:56:8b:49:3b:66:2a:fc:ad:72:8a:
         e1:7f:11:c1:10:fe:6c:01:92:5b:d4:4a:f2:4e:98:dd:84:0b:
         01:b1:b0:b8:9d:a2:67:04:e1:13:4d:94:27:f3:cd:17:d6:66:
         3d:e4:04:ad:25:26:f3:e8:ba:9c:80:a6:1e:af:74:ca:65:2c:
         14:14:dd:ab:e2:a5:a9:3b:02:98:4d:9c:30:2f:f2:9c:61:29:
         d2:ea:3c:be:bb:d8:35:de:6f:70:8f:5e:26:ba:b6:ca:30:c9:
         61:f7:45:02:51:96:ba:86:d7:1e:64:95:44:b5:03:d2:6f:d4:
         77:12:b8:cf:cd:b3:11:c8:bf:d8:9e:aa:ee:70:9f:a3:1f:de:
         4e:f1:e9:ce:d9:79:5d:47:fb:c7:f6:c2:fe:26:77:08:c9:a5:
         d7:e2:2d:c5:2c:ef:da:ff:6f:7c:2b:66:d7:00:83:9b:05:39:
         97:11:83:18:37:7f:3d:88:c0:ba:fc:af:98:bb:57:38:73:b4:
         62:8f:99:63:ef:b1:d0:a0:15:53:7a:bf:77:0a:62:9e:86:60:
         81:67:d3:3e:66:74:51:7c:77:5e:fa:1d:00:03:da:28:aa:3a:
         5f:eb:68:a3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZKW0oS9SdBfyfxXGy1b89mqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5YjhmYjkyMjgwYWIwNWI0NDMyZTQzYjk1NDUwZTczYjI3
NzNkNWIwHhcNMjQxMDE2MTkzMzUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTRiNmE5MzlmMjk3MjRjMDM2MDk5NWZiODM5ODhkNzRlMDJjY2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9WvnwAvVz62OolMtB1Va23kz3qC4
GK8AdGsqCLDZAA4MgdlMcyCM66H+B35AJqzoJAcMIlvFWNJxFkNm9tDS1xyq8SNx
r2wZiIiqr1xtR4YcAm/3vSv76vdc/Yv2IRGsnnPnQysSlJE04T4Rwxn4O+TuXB5d
S20ytWVmRDK/A4J1Pgy9l8Ug3TYGkP0fNG5z2XyiT85Nk+99j8vAT5LtALNrT2K3
CxtLc05nr+kTb0agS1lWHhW/p9PwZ6z75AcvD7Pe+gpBI9ksnEaM4sfZYKCkNxNg
ZCkQsoWwxX0yLeRQxn0grZ99hvadAG3wwAgswzFsVDQaCC4qcMLzq/zamwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLlLapOfKXJMA2CZX7g5iNdOAsy5MB8GA1UdIwQY
MBaAFAm4+5IoCrBbRDLkO5VFDnOydz1bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2JqN2tpZ0tzRnRFTXVRN2xVVU9jN0ozUFZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS83MjZkMTUtNWMxOS00ZTg1LWJjNTkt
ZGE3Mzk4NTZjZmI4LzEvdVV0cWs1OHBja3dEWUpsZnVEbUkxMDRDekxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS83MjZkMTUtNWMxOS00ZTg1LWJjNTktZGE3Mzk4NTZjZmI4
LzEvQ2JqN2tpZ0tzRnRFTXVRN2xVVU9jN0ozUFZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwaEIAwQA
waELMA0GCSqGSIb3DQEBCwUAA4IBAQAgfAlSGNwYVfvoeEMbONAuDYxcr9+msDjo
SVaLSTtmKvytcorhfxHBEP5sAZJb1EryTpjdhAsBsbC4naJnBOETTZQn880X1mY9
5AStJSbz6LqcgKYer3TKZSwUFN2r4qWpOwKYTZwwL/KcYSnS6jy+u9g13m9wj14m
urbKMMlh90UCUZa6htceZJVEtQPSb9R3ErjPzbMRyL/YnqrucJ+jH95O8enO2Xld
R/vH9sL+JncIyaXX4i3FLO/a/298K2bXAIObBTmXEYMYN389iMC6/K+Yu1c4c7Ri
j5lj77HQoBVTer93CmKehmCBZ9M+ZnRRfHde+h0AA9ooqjpf62ij
-----END CERTIFICATE-----