Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/2fcbb2-c3c0-4b1e-8ad5-7f5f78346d6f/1/UXkaTHP_xJFTL9koLApJw6jU_RM.roa
File:                     UXkaTHP_xJFTL9koLApJw6jU_RM.roa (raw, json)
Hash identifier:          gPgDjKFqybNYP9Mxn1GDXwgCe7HpxgC/qtYRMCXUR4M=
Subject key identifier:   51:79:1A:4C:73:FF:C4:91:53:2F:D9:28:2C:0A:49:C3:A8:D4:FD:13
Certificate issuer:       /CN=b1ffee7dbf7f4566ea9e30546b2c2a2e7336f2f4
Certificate serial:       018CCA9A03600333A9AD46EE66EA5B881AA3
Authority key identifier: B1:FF:EE:7D:BF:7F:45:66:EA:9E:30:54:6B:2C:2A:2E:73:36:F2:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sf_ufb9_RWbqnjBUaywqLnM28vQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/2fcbb2-c3c0-4b1e-8ad5-7f5f78346d6f/1/UXkaTHP_xJFTL9koLApJw6jU_RM.roa
Signing time:             Tue 02 Jan 2024 14:35:40 +0000
ROA not before:           Tue 02 Jan 2024 14:35:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61157
IP address blocks:        95.174.80.0/21 maxlen: 21
                          2a04:2f80::/42 maxlen: 42
                          2a04:2f80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/2fcbb2-c3c0-4b1e-8ad5-7f5f78346d6f/1/sf_ufb9_RWbqnjBUaywqLnM28vQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/2fcbb2-c3c0-4b1e-8ad5-7f5f78346d6f/1/sf_ufb9_RWbqnjBUaywqLnM28vQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sf_ufb9_RWbqnjBUaywqLnM28vQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:9a:03:60:03:33:a9:ad:46:ee:66:ea:5b:88:1a:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1ffee7dbf7f4566ea9e30546b2c2a2e7336f2f4
        Validity
            Not Before: Jan  2 14:35:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51791a4c73ffc491532fd9282c0a49c3a8d4fd13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:fc:92:93:27:97:57:23:3d:8f:66:ae:19:19:
                    af:96:50:57:7f:ec:68:4f:f7:93:45:34:ca:93:d1:
                    90:e5:2e:0f:95:e1:10:6e:13:70:30:fc:06:62:c8:
                    43:23:ad:9d:40:3a:a7:39:99:5a:92:69:27:4b:22:
                    c4:53:d6:cd:65:e8:c9:d7:7f:70:24:36:63:13:73:
                    34:c0:d5:a7:00:d6:8e:6e:ee:e7:77:79:34:9a:8c:
                    2e:34:6f:d6:fc:e7:67:23:f6:14:e4:d9:8a:bc:4a:
                    f9:cb:eb:cd:9f:e2:77:e7:df:06:7d:15:79:8e:6e:
                    86:56:ca:67:e6:7a:c9:a5:c1:d0:b6:18:36:48:db:
                    6d:e1:fc:bc:ad:0e:1a:e6:b5:0f:fe:08:7c:86:55:
                    42:47:eb:05:3d:1b:bf:e1:79:4e:fc:67:8a:e4:87:
                    d0:f1:f6:60:b1:08:9e:f0:a3:ec:e1:48:72:8a:1d:
                    b8:f6:e8:3a:ce:47:76:55:bd:08:ea:88:ca:b9:60:
                    0d:92:78:00:ef:cf:da:62:5c:72:6e:cf:1e:77:46:
                    55:9a:c2:92:01:0d:be:37:e0:51:ec:49:63:00:f9:
                    41:b0:71:22:40:35:9b:7c:74:bc:d7:be:07:f4:2e:
                    07:9d:e2:78:ff:67:00:42:3c:d4:18:59:ae:75:3c:
                    7d:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:79:1A:4C:73:FF:C4:91:53:2F:D9:28:2C:0A:49:C3:A8:D4:FD:13
            X509v3 Authority Key Identifier:
                keyid:B1:FF:EE:7D:BF:7F:45:66:EA:9E:30:54:6B:2C:2A:2E:73:36:F2:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sf_ufb9_RWbqnjBUaywqLnM28vQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/2fcbb2-c3c0-4b1e-8ad5-7f5f78346d6f/1/UXkaTHP_xJFTL9koLApJw6jU_RM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/2fcbb2-c3c0-4b1e-8ad5-7f5f78346d6f/1/sf_ufb9_RWbqnjBUaywqLnM28vQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.174.80.0/21
                IPv6:
                  2a04:2f80::/29

    Signature Algorithm: sha256WithRSAEncryption
         49:6a:f1:25:bb:99:29:1e:21:76:8a:0a:b7:1a:47:f0:60:2e:
         54:92:5d:63:c8:a4:ee:e3:c3:89:74:b3:20:cb:b6:8a:05:1d:
         af:84:bd:2a:d3:6d:8c:8c:96:e6:cd:2c:83:5c:1e:f0:6c:ab:
         8c:39:65:ad:a4:15:2c:e4:c5:a6:7d:9d:c5:c0:63:20:8f:8c:
         e0:0e:ad:6e:ce:8d:56:40:0f:13:ec:2d:64:f4:12:44:59:ba:
         55:ad:36:9d:74:26:e6:49:b0:27:91:4a:b3:96:2e:6a:57:c9:
         f7:1c:9d:01:72:3b:af:0f:e4:c5:c9:ab:dc:77:e1:ae:82:e6:
         09:fe:60:6d:ec:39:83:ec:7f:14:5e:13:53:e2:c3:07:e8:aa:
         07:50:b2:4d:d5:bc:13:aa:3d:07:55:d5:a5:37:30:45:68:29:
         f5:02:f8:84:d6:f6:08:f5:31:05:69:c3:47:81:20:b6:0e:9b:
         10:32:ef:6c:22:cb:bb:c2:23:21:54:39:4f:43:90:87:90:ae:
         01:2b:1c:db:d2:78:24:6d:0b:9d:ea:fe:ea:fe:15:d1:d7:51:
         70:97:5c:6c:a8:8a:10:65:45:95:5b:29:48:5b:40:2d:c1:27:
         bf:90:e6:47:10:c7:85:48:87:2f:c8:0f:33:fb:6d:17:3e:f5:
         06:4c:60:d7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKmgNgAzOprUbuZupbiBqjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxZmZlZTdkYmY3ZjQ1NjZlYTllMzA1NDZiMmMyYTJlNzMz
NmYyZjQwHhcNMjQwMTAyMTQzNTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTc5MWE0YzczZmZjNDkxNTMyZmQ5MjgyYzBhNDljM2E4ZDRmZDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhPySkyeXVyM9j2auGRmvllBXf+xo
T/eTRTTKk9GQ5S4PleEQbhNwMPwGYshDI62dQDqnOZlakmknSyLEU9bNZejJ139w
JDZjE3M0wNWnANaObu7nd3k0mowuNG/W/OdnI/YU5NmKvEr5y+vNn+J3598GfRV5
jm6GVspn5nrJpcHQthg2SNtt4fy8rQ4a5rUP/gh8hlVCR+sFPRu/4XlO/GeK5IfQ
8fZgsQie8KPs4Uhyih249ug6zkd2Vb0I6ojKuWANkngA78/aYlxybs8ed0ZVmsKS
AQ2+N+BR7EljAPlBsHEiQDWbfHS8174H9C4HneJ4/2cAQjzUGFmudTx9cQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFF5Gkxz/8SRUy/ZKCwKScOo1P0TMB8GA1UdIwQY
MBaAFLH/7n2/f0Vm6p4wVGssKi5zNvL0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2ZfdWZiOV9SV2JxbmpCVWF5d3FMbk0yOHZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC8yZmNiYjItYzNjMC00YjFlLThhZDUt
N2Y1Zjc4MzQ2ZDZmLzEvVVhrYVRIUF94SkZUTDlrb0xBcEp3NmpVX1JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC8yZmNiYjItYzNjMC00YjFlLThhZDUtN2Y1Zjc4MzQ2ZDZm
LzEvc2ZfdWZiOV9SV2JxbmpCVWF5d3FMbk0yOHZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDX65QMA0E
AgACMAcDBQMqBC+AMA0GCSqGSIb3DQEBCwUAA4IBAQBJavElu5kpHiF2igq3Gkfw
YC5Ukl1jyKTu48OJdLMgy7aKBR2vhL0q022MjJbmzSyDXB7wbKuMOWWtpBUs5MWm
fZ3FwGMgj4zgDq1uzo1WQA8T7C1k9BJEWbpVrTaddCbmSbAnkUqzli5qV8n3HJ0B
cjuvD+TFyavcd+GuguYJ/mBt7DmD7H8UXhNT4sMH6KoHULJN1bwTqj0HVdWlNzBF
aCn1AviE1vYI9TEFacNHgSC2DpsQMu9sIsu7wiMhVDlPQ5CHkK4BKxzb0ngkbQud
6v7q/hXR11Fwl1xsqIoQZUWVWylIW0AtwSe/kOZHEMeFSIcvyA8z+20XPvUGTGDX
-----END CERTIFICATE-----