Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/UQq5VcBdCKrr2fNnFyqTckP93bQ.roa
File:                     UQq5VcBdCKrr2fNnFyqTckP93bQ.roa (raw, json)
Hash identifier:          MxNKBZmcXstuzyTu8ZxVzAEq7iObnp+PjmM5v0sk4SE=
Subject key identifier:   51:0A:B9:55:C0:5D:08:AA:EB:D9:F3:67:17:2A:93:72:43:FD:DD:B4
Certificate issuer:       /CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
Certificate serial:       018CC6B92DA330B431541DC62B70E61D9E03
Authority key identifier: 56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/UQq5VcBdCKrr2fNnFyqTckP93bQ.roa
Signing time:             Mon 01 Jan 2024 20:31:13 +0000
ROA not before:           Mon 01 Jan 2024 20:31:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12873
IP address blocks:        212.15.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 08:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:2d:a3:30:b4:31:54:1d:c6:2b:70:e6:1d:9e:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
        Validity
            Not Before: Jan  1 20:31:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=510ab955c05d08aaebd9f367172a937243fdddb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:53:34:38:2b:7d:04:5d:12:c6:fb:6f:0c:b3:
                    b4:ff:e0:4b:52:37:9e:b2:d8:cf:e3:bc:34:c9:2c:
                    76:08:5c:f7:7f:dc:e3:fe:91:1a:c6:fc:e7:b1:8b:
                    24:8b:7f:38:f6:ca:da:7c:bc:64:66:21:dc:22:3e:
                    3a:f5:85:62:52:2e:42:bd:49:bc:e5:56:38:cf:02:
                    33:fa:fd:89:bf:a0:15:32:04:05:34:e7:ea:fd:4c:
                    01:c9:02:e4:16:20:11:35:7b:1a:12:73:1a:1a:37:
                    cc:8a:dd:53:0b:8d:a5:80:f4:0a:a2:52:12:44:6c:
                    f4:a9:5b:be:1b:9e:b2:21:63:62:bc:c6:93:83:bf:
                    10:12:0a:39:0d:b6:21:13:48:b1:e5:b1:31:51:f0:
                    5e:1d:0b:d1:7e:c9:a7:6c:fd:31:28:65:07:eb:1a:
                    b3:59:9e:75:02:99:1b:57:fa:50:d9:cb:65:10:71:
                    76:c3:0f:d0:fb:62:1f:97:fc:0f:4d:37:83:61:56:
                    e5:ae:aa:f8:b0:06:2d:09:f8:53:bf:2f:21:f9:95:
                    f4:4f:a9:96:ee:8d:a8:4f:dd:de:22:2b:08:4f:dd:
                    0a:75:dc:6d:56:85:ad:9f:df:56:da:6a:d7:af:b2:
                    1d:df:da:57:aa:be:15:60:c8:14:8f:0c:8a:bb:27:
                    3c:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:0A:B9:55:C0:5D:08:AA:EB:D9:F3:67:17:2A:93:72:43:FD:DD:B4
            X509v3 Authority Key Identifier:
                keyid:56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/UQq5VcBdCKrr2fNnFyqTckP93bQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.15.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:aa:7c:5d:a9:c3:1d:1a:94:ab:77:c0:6d:d5:2d:f7:7a:12:
         e1:76:ee:ce:8e:bd:32:27:36:86:77:fb:40:41:57:11:21:19:
         a4:22:c6:e6:bb:f3:85:78:75:f3:cd:2b:50:15:cc:bd:55:93:
         0a:db:90:ec:6f:fc:d3:ed:17:04:b0:aa:e1:b6:87:07:e1:be:
         d6:28:a2:db:c8:9a:cf:ba:6f:4d:d4:4e:8c:1a:ef:f8:05:65:
         28:11:41:de:7d:44:22:ae:6b:83:31:98:1c:34:21:10:e5:a2:
         43:22:9c:ea:c2:f2:44:36:49:ed:29:6e:7c:a3:97:70:b8:50:
         75:b3:bd:06:4a:53:29:80:c0:d2:38:35:5b:40:8f:43:c6:4f:
         33:80:7c:ea:23:14:c8:1b:4f:f7:b4:5a:8f:39:ec:1d:0d:4f:
         8c:28:ec:d9:c7:0d:ac:0c:16:77:40:d4:96:e3:1d:01:cc:63:
         de:ec:52:71:43:2b:78:82:e1:09:3e:d7:97:70:68:a4:29:77:
         5a:93:64:1e:a8:7d:f7:7c:62:49:db:46:3a:c1:b5:5b:c6:00:
         c0:51:d0:3b:f9:ca:c3:a1:1c:5d:78:5e:78:86:7e:b1:c1:cc:
         09:b2:b6:80:4b:94:38:32:d5:af:05:67:1f:d5:3f:56:1b:aa:
         b7:65:fb:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuS2jMLQxVB3GK3DmHZ4DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2OGZlMzVjYzk2MjYzM2EyNzU3YWYxMGEwZTZlOGFiNmQw
MWY0YzkwHhcNMjQwMTAxMjAzMTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTBhYjk1NWMwNWQwOGFhZWJkOWYzNjcxNzJhOTM3MjQzZmRkZGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAilM0OCt9BF0SxvtvDLO0/+BLUjee
stjP47w0ySx2CFz3f9zj/pEaxvznsYski3849srafLxkZiHcIj469YViUi5CvUm8
5VY4zwIz+v2Jv6AVMgQFNOfq/UwByQLkFiARNXsaEnMaGjfMit1TC42lgPQKolIS
RGz0qVu+G56yIWNivMaTg78QEgo5DbYhE0ix5bExUfBeHQvRfsmnbP0xKGUH6xqz
WZ51ApkbV/pQ2ctlEHF2ww/Q+2Ifl/wPTTeDYVblrqr4sAYtCfhTvy8h+ZX0T6mW
7o2oT93eIisIT90KddxtVoWtn99W2mrXr7Id39pXqr4VYMgUjwyKuyc8YwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFEKuVXAXQiq69nzZxcqk3JD/d20MB8GA1UdIwQY
MBaAFFaP41zJYmM6J1evEKDm6KttAfTJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMt
ODNkNjQ4Zjc5NzQ2LzEvVVFxNVZjQmRDS3JyMmZObkZ5cVRja1A5M2JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMtODNkNjQ4Zjc5NzQ2
LzEvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1A8JMA0G
CSqGSIb3DQEBCwUAA4IBAQAyqnxdqcMdGpSrd8Bt1S33ehLhdu7Ojr0yJzaGd/tA
QVcRIRmkIsbmu/OFeHXzzStQFcy9VZMK25Dsb/zT7RcEsKrhtocH4b7WKKLbyJrP
um9N1E6MGu/4BWUoEUHefUQirmuDMZgcNCEQ5aJDIpzqwvJENkntKW58o5dwuFB1
s70GSlMpgMDSODVbQI9Dxk8zgHzqIxTIG0/3tFqPOewdDU+MKOzZxw2sDBZ3QNSW
4x0BzGPe7FJxQyt4guEJPteXcGikKXdak2QeqH33fGJJ20Y6wbVbxgDAUdA7+crD
oRxdeF54hn6xwcwJsraAS5Q4MtWvBWcf1T9WG6q3Zfv7
-----END CERTIFICATE-----