Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/uzYZi4et8F6wUJEZRpiq3w6T2GI.roa
File:                     uzYZi4et8F6wUJEZRpiq3w6T2GI.roa (raw, json)
Hash identifier:          GtoVDeWzeRei2pqSgoT++KuiMWhc+z4bZ99WfBohgkc=
Subject key identifier:   BB:36:19:8B:87:AD:F0:5E:B0:50:91:19:46:98:AA:DF:0E:93:D8:62
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018F539B9829BF5F7EB4235EA4A22E206133
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/uzYZi4et8F6wUJEZRpiq3w6T2GI.roa
Signing time:             Tue 07 May 2024 15:10:56 +0000
ROA not before:           Tue 07 May 2024 15:10:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203394
IP address blocks:        212.193.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:53:9b:98:29:bf:5f:7e:b4:23:5e:a4:a2:2e:20:61:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: May  7 15:10:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb36198b87adf05eb05091194698aadf0e93d862
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:d3:f7:e8:e2:dd:04:60:0b:28:95:55:12:8f:
                    2c:a5:69:41:f2:2c:8a:14:e0:53:7a:d6:68:c8:f0:
                    f6:a5:e4:64:40:ca:5e:7c:fb:83:2b:0a:23:52:c2:
                    15:25:cf:f6:0f:60:1a:47:b0:55:05:4f:9c:b4:21:
                    7b:7a:99:45:6d:fc:73:8c:ff:19:d2:f3:48:9a:26:
                    f4:8b:01:b2:d9:59:ea:d6:05:45:2a:c4:71:29:06:
                    3c:90:f0:a2:9e:78:bf:74:1e:73:c7:a7:63:91:61:
                    fd:12:e1:71:b8:fe:bc:df:81:ea:c7:96:0b:d2:8c:
                    47:6b:2c:77:ef:14:b9:7a:9a:e2:aa:6d:ef:96:b3:
                    d6:bb:ff:82:ee:8b:47:15:03:dc:da:40:0f:2c:87:
                    e8:70:15:c0:0e:9a:0c:39:06:c0:1b:91:27:15:73:
                    02:ec:a7:52:d9:04:90:6d:a5:5d:8d:c7:68:ca:b0:
                    e2:b3:a0:4e:ba:44:18:0d:7b:76:00:a5:69:32:ad:
                    cf:fc:5a:99:6e:3d:9b:1c:2d:f5:5c:0c:53:23:f8:
                    1e:d0:ac:8a:86:41:b4:8b:0b:48:c9:47:ce:8b:8f:
                    16:87:42:5d:36:1a:52:b2:c3:60:c7:a7:13:c0:7d:
                    92:90:0f:45:79:6a:d0:93:2a:84:b0:24:69:fe:9d:
                    79:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:36:19:8B:87:AD:F0:5E:B0:50:91:19:46:98:AA:DF:0E:93:D8:62
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/uzYZi4et8F6wUJEZRpiq3w6T2GI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.193.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:00:ae:b5:4e:d6:32:da:81:99:6e:06:e2:54:20:30:01:ca:
         23:df:f8:a6:60:32:9c:c4:3f:5e:eb:fa:f3:0a:e3:a2:d4:cc:
         57:07:d3:62:e6:10:2a:09:62:04:ec:3f:71:aa:95:d4:1f:83:
         48:d8:ca:e2:c5:53:95:82:a7:dd:71:f2:48:cb:e0:7e:0a:2e:
         16:d7:35:ad:6b:f9:eb:5b:f9:71:a0:cd:86:9a:c5:04:21:60:
         bc:42:1c:df:e8:82:82:ed:8a:77:91:a8:8a:79:8c:b9:b6:44:
         3b:a5:57:51:83:88:5d:33:1d:94:aa:d5:22:f0:45:c5:07:16:
         a3:97:8c:6b:20:8e:8f:ef:84:4c:50:57:2d:3a:6b:75:6d:f5:
         80:f7:3e:c5:8c:b9:8d:4e:37:a6:d7:c5:40:30:8f:6f:2f:4a:
         64:cb:d3:16:a1:fd:8d:1f:0e:33:2e:9e:46:ba:4e:ad:17:0f:
         76:46:6a:f5:bb:99:76:e4:48:8b:01:9e:8b:26:83:ae:fd:6b:
         91:7a:66:95:78:32:e5:6b:d2:1a:2e:b0:be:31:ce:3c:2a:0c:
         09:07:05:de:70:79:bc:33:e7:44:b4:64:49:31:05:ad:37:47:
         68:b8:4b:84:79:aa:28:e6:41:2c:2c:60:2b:71:c8:c2:1e:dc:
         c6:62:98:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9Tm5gpv19+tCNepKIuIGEzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwNTA3MTUxMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjM2MTk4Yjg3YWRmMDVlYjA1MDkxMTk0Njk4YWFkZjBlOTNkODYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwdP36OLdBGALKJVVEo8spWlB8iyK
FOBTetZoyPD2peRkQMpefPuDKwojUsIVJc/2D2AaR7BVBU+ctCF7eplFbfxzjP8Z
0vNImib0iwGy2Vnq1gVFKsRxKQY8kPCinni/dB5zx6djkWH9EuFxuP6834Hqx5YL
0oxHayx37xS5epriqm3vlrPWu/+C7otHFQPc2kAPLIfocBXADpoMOQbAG5EnFXMC
7KdS2QSQbaVdjcdoyrDis6BOukQYDXt2AKVpMq3P/FqZbj2bHC31XAxTI/ge0KyK
hkG0iwtIyUfOi48Wh0JdNhpSssNgx6cTwH2SkA9FeWrQkyqEsCRp/p15mwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLs2GYuHrfBesFCRGUaYqt8Ok9hiMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvdXpZWmk0ZXQ4RjZ3VUpFWlJwaXEzdzZUMkdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1MELMA0G
CSqGSIb3DQEBCwUAA4IBAQASAK61TtYy2oGZbgbiVCAwAcoj3/imYDKcxD9e6/rz
CuOi1MxXB9Ni5hAqCWIE7D9xqpXUH4NI2MrixVOVgqfdcfJIy+B+Ci4W1zWta/nr
W/lxoM2GmsUEIWC8Qhzf6IKC7Yp3kaiKeYy5tkQ7pVdRg4hdMx2UqtUi8EXFBxaj
l4xrII6P74RMUFctOmt1bfWA9z7FjLmNTjem18VAMI9vL0pky9MWof2NHw4zLp5G
uk6tFw92Rmr1u5l25EiLAZ6LJoOu/WuRemaVeDLla9IaLrC+Mc48KgwJBwXecHm8
M+dEtGRJMQWtN0douEuEeaoo5kEsLGArccjCHtzGYpje
-----END CERTIFICATE-----