Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/d61b54-ee9f-4e00-b1e3-f7d027560058/1/uSDEYQAyBLV-Dx8YeBoj1SH_T4Q.roa
File:                     uSDEYQAyBLV-Dx8YeBoj1SH_T4Q.roa (raw, json)
Hash identifier:          F3hGwgLsrBrgcK/3zHaE7dZ/i14+lFP9y4VngM5clVY=
Subject key identifier:   B9:20:C4:61:00:32:04:B5:7E:0F:1F:18:78:1A:23:D5:21:FF:4F:84
Certificate issuer:       /CN=77cc46ade957c8f066a5c6fe25310a4cf5a7e9d4
Certificate serial:       018CC6B8980304868EABAFD4573ACE495497
Authority key identifier: 77:CC:46:AD:E9:57:C8:F0:66:A5:C6:FE:25:31:0A:4C:F5:A7:E9:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d8xGrelXyPBmpcb-JTEKTPWn6dQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/d61b54-ee9f-4e00-b1e3-f7d027560058/1/uSDEYQAyBLV-Dx8YeBoj1SH_T4Q.roa
Signing time:             Mon 01 Jan 2024 20:30:35 +0000
ROA not before:           Mon 01 Jan 2024 20:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        193.138.90.0/24 maxlen: 24
                          193.110.146.0/24 maxlen: 24
                          194.165.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/d61b54-ee9f-4e00-b1e3-f7d027560058/1/d8xGrelXyPBmpcb-JTEKTPWn6dQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/d61b54-ee9f-4e00-b1e3-f7d027560058/1/d8xGrelXyPBmpcb-JTEKTPWn6dQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d8xGrelXyPBmpcb-JTEKTPWn6dQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 07:03:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:98:03:04:86:8e:ab:af:d4:57:3a:ce:49:54:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77cc46ade957c8f066a5c6fe25310a4cf5a7e9d4
        Validity
            Not Before: Jan  1 20:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b920c461003204b57e0f1f18781a23d521ff4f84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:85:b8:22:b8:3a:67:4e:de:81:07:bc:f8:5f:
                    42:e5:e7:d5:81:1d:0c:02:f0:c6:68:9c:e2:b2:09:
                    fb:ee:a2:5d:a9:2c:a0:bb:24:63:36:9a:8b:96:5b:
                    01:e0:90:9b:0f:b8:03:4e:19:12:77:30:89:b8:53:
                    ec:5b:49:ef:2d:fb:48:64:04:91:25:0c:ea:4b:d2:
                    a4:a6:17:f4:f1:b9:a1:43:3f:ee:41:8a:55:42:ed:
                    e0:2b:b7:fe:30:c5:51:72:8a:ae:e5:71:ba:d1:ba:
                    0f:09:30:7c:2e:02:25:69:62:f1:33:d4:15:fd:7e:
                    28:48:a7:02:03:f8:14:7f:3e:c3:82:55:63:3f:c2:
                    63:82:72:86:b6:20:8b:76:a3:45:de:bd:92:14:89:
                    3a:11:15:9d:d7:e9:a8:c3:07:24:ec:e8:94:f9:17:
                    eb:bc:a5:b3:b0:ce:c7:0b:0d:57:b7:79:9a:a0:ee:
                    6b:0c:cf:5a:8d:97:01:80:42:cc:37:c9:7b:b2:7b:
                    7b:09:73:24:05:72:23:c7:59:6f:5b:c1:37:f8:2f:
                    91:33:db:7a:4f:4f:ff:b0:ef:4d:56:70:7a:11:15:
                    e6:79:bc:9c:27:31:fc:ee:6c:32:71:be:48:84:a5:
                    28:fa:35:7f:b5:aa:4a:52:b3:43:38:96:70:8b:be:
                    8f:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:20:C4:61:00:32:04:B5:7E:0F:1F:18:78:1A:23:D5:21:FF:4F:84
            X509v3 Authority Key Identifier:
                keyid:77:CC:46:AD:E9:57:C8:F0:66:A5:C6:FE:25:31:0A:4C:F5:A7:E9:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8xGrelXyPBmpcb-JTEKTPWn6dQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/d61b54-ee9f-4e00-b1e3-f7d027560058/1/uSDEYQAyBLV-Dx8YeBoj1SH_T4Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/d61b54-ee9f-4e00-b1e3-f7d027560058/1/d8xGrelXyPBmpcb-JTEKTPWn6dQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.110.146.0/24
                  193.138.90.0/24
                  194.165.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:74:1f:25:b7:76:d7:f6:50:ce:48:55:30:e5:d6:13:cb:fc:
         a8:e6:c3:0a:fc:e8:75:9f:7f:96:3d:d4:80:0b:06:f4:6d:b8:
         ad:8d:86:49:2e:29:ea:72:36:41:da:e0:b2:d1:9f:0a:9a:79:
         09:16:c7:63:55:4b:09:79:42:58:df:65:8c:56:b7:05:d3:67:
         d7:b2:7f:69:e6:f1:2c:93:82:fc:27:56:e2:ce:ae:bc:67:fa:
         62:0e:ce:9f:70:29:ee:64:69:41:11:6f:16:46:ec:41:d2:b9:
         ee:84:12:30:31:1f:28:aa:e2:db:a3:7b:50:61:43:7e:0e:6b:
         6b:1f:04:87:74:a9:0e:8e:69:cf:40:5d:8c:8d:b8:28:c3:54:
         bc:9c:7e:0a:07:e1:24:3d:11:16:29:09:83:c4:cb:f1:86:55:
         9b:ff:8b:b0:20:4e:5e:5a:0f:2e:d5:a9:b0:8b:c4:dd:bb:16:
         de:e2:a2:54:c0:93:59:e6:95:ee:0a:05:9d:af:6b:7b:90:86:
         87:cc:ad:43:e4:f7:4b:20:00:9f:6c:cb:7d:58:7b:c9:8a:91:
         c2:81:fb:f8:f0:8d:36:3a:f5:3a:da:29:a2:00:8d:c2:8f:22:
         f3:ff:5e:7f:bc:01:25:d0:50:42:1c:60:20:0a:5a:e7:55:d6:
         46:9d:c5:05
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzGuJgDBIaOq6/UVzrOSVSXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3Y2M0NmFkZTk1N2M4ZjA2NmE1YzZmZTI1MzEwYTRjZjVh
N2U5ZDQwHhcNMjQwMTAxMjAzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTIwYzQ2MTAwMzIwNGI1N2UwZjFmMTg3ODFhMjNkNTIxZmY0Zjg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqIW4Irg6Z07egQe8+F9C5efVgR0M
AvDGaJzisgn77qJdqSyguyRjNpqLllsB4JCbD7gDThkSdzCJuFPsW0nvLftIZASR
JQzqS9Kkphf08bmhQz/uQYpVQu3gK7f+MMVRcoqu5XG60boPCTB8LgIlaWLxM9QV
/X4oSKcCA/gUfz7DglVjP8JjgnKGtiCLdqNF3r2SFIk6ERWd1+mowwck7OiU+Rfr
vKWzsM7HCw1Xt3maoO5rDM9ajZcBgELMN8l7snt7CXMkBXIjx1lvW8E3+C+RM9t6
T0//sO9NVnB6ERXmebycJzH87mwycb5IhKUo+jV/tapKUrNDOJZwi76PkwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLkgxGEAMgS1fg8fGHgaI9Uh/0+EMB8GA1UdIwQY
MBaAFHfMRq3pV8jwZqXG/iUxCkz1p+nUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDh4R3JlbFh5UEJtcGNiLUpURUtUUFduNmRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9kNjFiNTQtZWU5Zi00ZTAwLWIxZTMt
ZjdkMDI3NTYwMDU4LzEvdVNERVlRQXlCTFYtRHg4WWVCb2oxU0hfVDRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9kNjFiNTQtZWU5Zi00ZTAwLWIxZTMtZjdkMDI3NTYwMDU4
LzEvZDh4R3JlbFh5UEJtcGNiLUpURUtUUFduNmRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwW6SAwQA
wYpaAwQAwqUrMA0GCSqGSIb3DQEBCwUAA4IBAQBXdB8lt3bX9lDOSFUw5dYTy/yo
5sMK/Oh1n3+WPdSACwb0bbitjYZJLinqcjZB2uCy0Z8KmnkJFsdjVUsJeUJY32WM
VrcF02fXsn9p5vEsk4L8J1bizq68Z/piDs6fcCnuZGlBEW8WRuxB0rnuhBIwMR8o
quLbo3tQYUN+DmtrHwSHdKkOjmnPQF2Mjbgow1S8nH4KB+EkPREWKQmDxMvxhlWb
/4uwIE5eWg8u1amwi8Tduxbe4qJUwJNZ5pXuCgWdr2t7kIaHzK1D5PdLIACfbMt9
WHvJipHCgfv48I02OvU62imiAI3CjyLz/15/vAEl0FBCHGAgClrnVdZGncUF
-----END CERTIFICATE-----