Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/77f532-398f-4ad8-b348-bdad7ef776c4/1/uZcaoZ-7jcr-WMK-sX4Nes1RRJY.roa
File:                     uZcaoZ-7jcr-WMK-sX4Nes1RRJY.roa (raw, json)
Hash identifier:          p3r+JnGRLKg1al8hajx838G9GSRUdN/rnbcAJaIWNXM=
Subject key identifier:   B9:97:1A:A1:9F:BB:8D:CA:FE:58:C2:BE:B1:7E:0D:7A:CD:51:44:96
Certificate issuer:       /CN=e847e88749704294552fef54886111ed0586ec24
Certificate serial:       01931C5AC0C8168FEC763E28231C76708C2D
Authority key identifier: E8:47:E8:87:49:70:42:94:55:2F:EF:54:88:61:11:ED:05:86:EC:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6Efoh0lwQpRVL-9UiGER7QWG7CQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/77f532-398f-4ad8-b348-bdad7ef776c4/1/uZcaoZ-7jcr-WMK-sX4Nes1RRJY.roa
Signing time:             Mon 11 Nov 2024 17:52:09 +0000
ROA not before:           Mon 11 Nov 2024 17:52:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214379
IP address blocks:        91.231.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/77f532-398f-4ad8-b348-bdad7ef776c4/1/6Efoh0lwQpRVL-9UiGER7QWG7CQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/77f532-398f-4ad8-b348-bdad7ef776c4/1/6Efoh0lwQpRVL-9UiGER7QWG7CQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6Efoh0lwQpRVL-9UiGER7QWG7CQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:1c:5a:c0:c8:16:8f:ec:76:3e:28:23:1c:76:70:8c:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e847e88749704294552fef54886111ed0586ec24
        Validity
            Not Before: Nov 11 17:52:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9971aa19fbb8dcafe58c2beb17e0d7acd514496
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:45:49:70:d3:b7:28:23:f9:6e:78:72:21:90:
                    86:b7:d5:33:3f:fc:16:69:fc:af:bf:e8:ed:d3:ad:
                    87:51:0c:08:39:2c:19:3c:5a:b1:ac:fe:dd:e6:13:
                    31:13:24:cf:d5:8d:a1:60:5a:e0:95:01:ec:67:0e:
                    3d:67:7a:b5:23:54:a7:99:85:44:6d:c2:d4:8d:d3:
                    e2:77:ce:e0:24:f7:0d:47:82:87:b6:d7:e0:05:d6:
                    49:01:1f:75:3f:c0:a9:36:77:3d:0a:e6:7f:a1:60:
                    81:b8:ef:1c:f5:a8:3c:bd:b9:36:eb:81:2e:2d:07:
                    2d:91:25:b9:7d:6f:f5:c9:58:9a:a5:21:43:a2:e4:
                    55:75:0d:22:38:29:b8:f0:f7:5a:d6:e1:c5:81:59:
                    34:9e:8c:9f:93:77:34:dc:bc:fb:36:b1:d8:65:8a:
                    76:5f:bb:92:24:41:ed:35:a5:a7:15:be:5a:cb:b1:
                    4d:23:02:aa:7a:f5:e2:e5:e1:86:cd:8f:26:71:d0:
                    88:29:8f:e7:6b:ee:62:12:5c:4d:96:7f:83:cd:a1:
                    e3:c7:8e:1c:5c:53:2c:1f:47:b5:9a:04:e1:fc:5d:
                    69:3a:a5:53:9e:dc:c7:a3:ce:23:b1:a5:74:e9:8d:
                    71:5f:40:97:59:f8:c5:1e:34:7c:6c:4d:99:10:dd:
                    a3:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:97:1A:A1:9F:BB:8D:CA:FE:58:C2:BE:B1:7E:0D:7A:CD:51:44:96
            X509v3 Authority Key Identifier:
                keyid:E8:47:E8:87:49:70:42:94:55:2F:EF:54:88:61:11:ED:05:86:EC:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6Efoh0lwQpRVL-9UiGER7QWG7CQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/77f532-398f-4ad8-b348-bdad7ef776c4/1/uZcaoZ-7jcr-WMK-sX4Nes1RRJY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/77f532-398f-4ad8-b348-bdad7ef776c4/1/6Efoh0lwQpRVL-9UiGER7QWG7CQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:d0:f9:ef:66:d0:72:c4:ab:cb:2d:84:54:53:c1:e2:ca:1a:
         60:5a:5b:b2:7a:1b:89:6a:7a:bd:30:ec:f1:38:74:56:47:a4:
         32:fd:c9:ff:a6:44:e3:77:d1:96:de:ee:e4:53:4e:f4:64:28:
         f1:47:24:1b:11:d9:fc:2f:9f:b6:a1:bf:f3:83:df:ce:f7:fc:
         6e:97:99:0e:80:8f:7c:6b:12:4b:f8:87:55:5b:48:0b:f2:5a:
         23:75:0b:9a:86:e5:c8:55:4c:35:e0:85:ae:38:0a:9f:b4:02:
         7e:83:33:70:f0:f2:d2:77:2e:a4:b7:25:21:74:29:99:cd:e5:
         d4:91:b7:dc:3b:02:a9:32:7c:de:6f:81:1f:91:e7:c1:23:e4:
         60:cb:a3:de:c6:51:aa:76:f8:1e:32:3c:ab:cf:8b:2d:be:9a:
         78:5f:2c:cf:ba:fd:16:e1:df:72:b7:9b:31:e0:90:bf:d5:91:
         f5:00:19:67:64:1e:d3:d5:75:27:a0:25:ed:74:cd:78:9d:f1:
         42:61:fb:13:40:e9:34:8c:75:ec:cb:93:53:2a:61:3d:7b:69:
         cd:8c:26:ad:e5:80:ba:55:06:fa:98:8f:9e:f7:69:0d:4a:e6:
         dc:56:e4:e9:20:f4:49:dd:1f:6a:30:d1:dc:16:fe:c0:f8:dd:
         58:6a:77:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMcWsDIFo/sdj4oIxx2cIwtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4NDdlODg3NDk3MDQyOTQ1NTJmZWY1NDg4NjExMWVkMDU4
NmVjMjQwHhcNMjQxMTExMTc1MjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTk3MWFhMTlmYmI4ZGNhZmU1OGMyYmViMTdlMGQ3YWNkNTE0NDk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEVJcNO3KCP5bnhyIZCGt9UzP/wW
afyvv+jt062HUQwIOSwZPFqxrP7d5hMxEyTP1Y2hYFrglQHsZw49Z3q1I1SnmYVE
bcLUjdPid87gJPcNR4KHttfgBdZJAR91P8CpNnc9CuZ/oWCBuO8c9ag8vbk264Eu
LQctkSW5fW/1yViapSFDouRVdQ0iOCm48Pda1uHFgVk0noyfk3c03Lz7NrHYZYp2
X7uSJEHtNaWnFb5ay7FNIwKqevXi5eGGzY8mcdCIKY/na+5iElxNln+DzaHjx44c
XFMsH0e1mgTh/F1pOqVTntzHo84jsaV06Y1xX0CXWfjFHjR8bE2ZEN2jUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLmXGqGfu43K/ljCvrF+DXrNUUSWMB8GA1UdIwQY
MBaAFOhH6IdJcEKUVS/vVIhhEe0FhuwkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkVmb2gwbHdRcFJWTC05VWlHRVI3UVdHN0NRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS83N2Y1MzItMzk4Zi00YWQ4LWIzNDgt
YmRhZDdlZjc3NmM0LzEvdVpjYW9aLTdqY3ItV01LLXNYNE5lczFSUkpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS83N2Y1MzItMzk4Zi00YWQ4LWIzNDgtYmRhZDdlZjc3NmM0
LzEvNkVmb2gwbHdRcFJWTC05VWlHRVI3UVdHN0NRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+e2MA0G
CSqGSIb3DQEBCwUAA4IBAQAi0PnvZtByxKvLLYRUU8HiyhpgWluyehuJanq9MOzx
OHRWR6Qy/cn/pkTjd9GW3u7kU070ZCjxRyQbEdn8L5+2ob/zg9/O9/xul5kOgI98
axJL+IdVW0gL8lojdQuahuXIVUw14IWuOAqftAJ+gzNw8PLSdy6ktyUhdCmZzeXU
kbfcOwKpMnzeb4EfkefBI+Rgy6PexlGqdvgeMjyrz4stvpp4XyzPuv0W4d9yt5sx
4JC/1ZH1ABlnZB7T1XUnoCXtdM14nfFCYfsTQOk0jHXsy5NTKmE9e2nNjCat5YC6
VQb6mI+e92kNSubcVuTpIPRJ3R9qMNHcFv7A+N1YandD
-----END CERTIFICATE-----