Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/uSxA4MnRu5CH-6bPjQ4-hPtLqgw.roa
File:                     uSxA4MnRu5CH-6bPjQ4-hPtLqgw.roa (raw, json)
Hash identifier:          Ci0vH3QGmshZuhSCWmxoSMxqM1Nv3sd2VVE9mBSoTUY=
Subject key identifier:   B9:2C:40:E0:C9:D1:BB:90:87:FB:A6:CF:8D:0E:3E:84:FB:4B:AA:0C
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018CCA2A9004588752E34C19EEED8802C874
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/uSxA4MnRu5CH-6bPjQ4-hPtLqgw.roa
Signing time:             Tue 02 Jan 2024 12:33:56 +0000
ROA not before:           Tue 02 Jan 2024 12:33:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211415
IP address blocks:        192.124.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:90:04:58:87:52:e3:4c:19:ee:ed:88:02:c8:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 12:33:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b92c40e0c9d1bb9087fba6cf8d0e3e84fb4baa0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ef:a7:06:ef:54:2d:05:64:c7:ec:e9:80:56:
                    43:00:17:0a:b4:57:d0:45:44:41:3e:c1:e9:8f:ea:
                    c7:b7:16:40:1b:9d:89:85:ec:36:48:cb:81:67:33:
                    a9:be:e5:5a:0d:90:64:a1:2f:fd:f4:7e:85:81:10:
                    62:3c:78:e3:2d:42:a4:5e:5e:91:e5:a8:31:80:01:
                    e6:3c:a4:07:bf:72:d6:45:db:e6:cd:11:0b:02:93:
                    d6:bf:88:04:56:7b:5a:bf:9f:a4:ab:86:d5:ed:c3:
                    39:e2:9e:1e:94:a1:f8:ae:68:05:69:48:92:a1:8f:
                    35:bd:83:d6:9b:68:33:d3:61:05:28:0c:7a:9b:b3:
                    94:4d:7d:cb:e6:7a:5d:b2:b7:d0:08:88:36:8e:51:
                    37:63:1d:88:77:84:9d:24:ff:be:61:4c:00:fe:ca:
                    99:64:09:0b:9d:df:f3:ab:53:0d:c1:9a:e5:4a:ec:
                    d9:a4:42:d0:45:0a:dc:45:b5:44:83:4a:99:a2:6d:
                    89:7b:40:f7:72:d6:af:b4:1f:af:59:b5:18:ae:16:
                    f9:44:4a:d2:6c:fd:17:47:38:4c:91:ce:dc:4a:7d:
                    18:98:e5:20:cd:6f:76:36:5e:97:32:59:25:a2:93:
                    71:42:93:44:cc:71:44:31:fb:26:5d:7f:ed:63:b7:
                    9e:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:2C:40:E0:C9:D1:BB:90:87:FB:A6:CF:8D:0E:3E:84:FB:4B:AA:0C
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/uSxA4MnRu5CH-6bPjQ4-hPtLqgw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:3a:f9:2b:d8:ff:e6:b5:bd:64:50:27:d1:5f:ba:4f:09:db:
         d4:d5:65:7f:31:2e:24:ae:2c:89:8e:0d:58:8b:89:c4:96:23:
         49:5f:00:52:22:54:63:88:ab:b0:9b:47:65:22:1a:d9:e2:31:
         ef:80:4a:bf:06:ce:96:4a:83:c9:dc:92:69:13:c4:48:60:8b:
         7a:fc:5a:a1:85:3a:e1:6f:5e:99:8f:a9:90:97:fd:74:4f:12:
         77:00:67:67:20:34:49:1d:a8:2d:23:6e:e8:05:06:1a:94:a5:
         fb:70:77:ad:3a:5a:a6:0a:02:b9:b5:50:c5:94:de:b1:13:0a:
         a6:ea:79:fb:4b:6f:dc:2d:80:b9:4c:55:95:aa:f5:dd:32:99:
         d8:f2:87:ae:7e:ac:96:1f:25:93:e7:42:cf:ce:e6:dd:d0:c2:
         32:6e:01:48:88:c7:d7:33:2c:e3:ea:84:4b:b2:29:f3:38:74:
         b0:46:71:07:f5:ab:3c:b4:d3:a8:58:37:f3:4b:00:1e:c3:85:
         26:92:6f:58:b8:c7:12:7e:1e:1d:a8:4e:80:13:9a:2f:00:21:
         19:74:21:0e:3d:a1:a9:dc:cf:ec:d1:c0:12:cc:e3:8a:cc:33:
         ad:3d:4f:9d:51:40:8a:07:05:5b:47:f4:da:bf:35:d0:86:b7:
         09:a1:ed:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKpAEWIdS40wZ7u2IAsh0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMTAyMTIzMzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTJjNDBlMGM5ZDFiYjkwODdmYmE2Y2Y4ZDBlM2U4NGZiNGJhYTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuO+nBu9ULQVkx+zpgFZDABcKtFfQ
RURBPsHpj+rHtxZAG52Jhew2SMuBZzOpvuVaDZBkoS/99H6FgRBiPHjjLUKkXl6R
5agxgAHmPKQHv3LWRdvmzRELApPWv4gEVntav5+kq4bV7cM54p4elKH4rmgFaUiS
oY81vYPWm2gz02EFKAx6m7OUTX3L5npdsrfQCIg2jlE3Yx2Id4SdJP++YUwA/sqZ
ZAkLnd/zq1MNwZrlSuzZpELQRQrcRbVEg0qZom2Je0D3ctavtB+vWbUYrhb5RErS
bP0XRzhMkc7cSn0YmOUgzW92Nl6XMlklopNxQpNEzHFEMfsmXX/tY7ee4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLksQODJ0buQh/umz40OPoT7S6oMMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvdVN4QTRNblJ1NUNILTZiUGpRNC1oUHRMcWd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwHytMA0G
CSqGSIb3DQEBCwUAA4IBAQBtOvkr2P/mtb1kUCfRX7pPCdvU1WV/MS4kriyJjg1Y
i4nEliNJXwBSIlRjiKuwm0dlIhrZ4jHvgEq/Bs6WSoPJ3JJpE8RIYIt6/FqhhTrh
b16Zj6mQl/10TxJ3AGdnIDRJHagtI27oBQYalKX7cHetOlqmCgK5tVDFlN6xEwqm
6nn7S2/cLYC5TFWVqvXdMpnY8oeufqyWHyWT50LPzubd0MIybgFIiMfXMyzj6oRL
sinzOHSwRnEH9as8tNOoWDfzSwAew4Umkm9YuMcSfh4dqE6AE5ovACEZdCEOPaGp
3M/s0cASzOOKzDOtPU+dUUCKBwVbR/TavzXQhrcJoe3z
-----END CERTIFICATE-----