Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Uk2Xm597JgPUQywVeScCpuVg20k.roa
File:                     Uk2Xm597JgPUQywVeScCpuVg20k.roa (raw, json)
Hash identifier:          ZTxALgK0nHD1NgQI6I3gDu0PqRVLiKli9WlgqjmjDtQ=
Subject key identifier:   52:4D:97:9B:9F:7B:26:03:D4:43:2C:15:79:27:02:A6:E5:60:DB:49
Certificate issuer:       /CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
Certificate serial:       018CC6B93457D774EE96EE861A9E148B076A
Authority key identifier: 56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Uk2Xm597JgPUQywVeScCpuVg20k.roa
Signing time:             Mon 01 Jan 2024 20:31:15 +0000
ROA not before:           Mon 01 Jan 2024 20:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49563
IP address blocks:        212.15.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:34:57:d7:74:ee:96:ee:86:1a:9e:14:8b:07:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
        Validity
            Not Before: Jan  1 20:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=524d979b9f7b2603d4432c15792702a6e560db49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:07:54:69:5a:da:16:ec:ba:bf:b6:99:62:25:
                    d2:a4:ba:d1:50:49:4c:33:58:9e:f6:5c:52:9c:b4:
                    00:2d:83:0d:d6:2f:1f:ad:9f:22:f9:fe:31:02:e6:
                    73:de:9b:ba:cf:dd:46:89:b7:31:00:7e:50:af:7d:
                    1d:fe:5e:6d:f2:c7:4a:6a:8a:4a:a9:82:f1:fc:e1:
                    d6:5c:94:1c:02:2e:f6:c9:08:62:6d:0b:e3:ca:79:
                    34:51:da:2e:95:62:75:75:0b:dd:7b:ee:6b:4e:63:
                    f2:77:83:0e:6a:f2:3d:5e:ac:a4:7b:6f:42:2c:74:
                    53:c7:5c:a5:8c:61:f3:c9:98:e6:9a:90:9d:e5:4b:
                    f8:2c:31:ee:b4:ed:62:fe:7d:3e:a8:8e:49:e8:20:
                    41:bb:19:70:1c:9c:76:44:3c:e3:01:44:54:49:13:
                    ba:70:d6:80:05:f1:87:65:44:78:07:f4:95:8a:b6:
                    4c:72:e8:fb:22:41:c6:87:a7:7d:3f:d5:5a:ce:9f:
                    54:33:33:e1:2d:6e:ba:82:08:dc:72:3a:05:44:85:
                    dc:53:5f:c0:78:50:6e:fa:06:7f:02:c6:80:5b:a9:
                    74:48:53:0c:ab:f2:19:ca:cb:00:da:c4:69:d1:25:
                    ec:e1:e2:d3:69:e6:ca:b0:09:4b:a1:29:08:bb:aa:
                    a9:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:4D:97:9B:9F:7B:26:03:D4:43:2C:15:79:27:02:A6:E5:60:DB:49
            X509v3 Authority Key Identifier:
                keyid:56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Uk2Xm597JgPUQywVeScCpuVg20k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.15.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:b3:47:a1:47:40:b7:fb:ce:b9:da:84:61:77:f5:9c:21:92:
         2f:88:55:3b:92:a6:45:de:ce:de:29:a2:9c:10:6e:23:ae:d5:
         c0:08:fd:84:f4:e4:62:18:0d:e3:e4:4d:54:94:b8:9e:f2:02:
         e8:fa:50:01:c9:d1:19:cd:7c:92:10:99:a5:88:86:4a:bd:e2:
         e8:c6:33:3f:de:19:60:75:1c:7f:bd:c5:3d:a4:e3:b5:2c:c4:
         3f:11:37:8e:13:d5:c3:af:bf:1e:76:5e:9b:1c:ba:32:d0:b6:
         db:14:74:8a:a8:3f:6f:e2:2d:54:52:9c:24:74:35:6e:a0:e1:
         14:54:5f:87:09:01:4a:74:6b:fe:bd:81:17:39:67:7b:f0:c4:
         69:9f:18:6c:fd:3c:ab:00:2c:16:ac:4d:30:4f:00:d9:df:f1:
         1f:8c:58:d0:1d:bc:50:25:dd:60:cc:06:00:4f:ea:39:ce:40:
         21:af:a8:5b:70:83:06:b5:0c:c2:8d:e7:b0:82:1d:2b:d5:d6:
         7c:c4:41:00:21:4d:f6:33:87:ea:99:60:e5:0e:db:5b:01:96:
         b4:70:d3:cc:e8:5f:66:b5:70:55:d8:74:fe:7b:c5:ca:24:87:
         eb:74:58:3f:e7:0d:8a:bf:19:1f:1b:fd:bb:00:ca:e8:c9:28:
         f5:16:92:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuTRX13Tulu6GGp4UiwdqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2OGZlMzVjYzk2MjYzM2EyNzU3YWYxMGEwZTZlOGFiNmQw
MWY0YzkwHhcNMjQwMTAxMjAzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjRkOTc5YjlmN2IyNjAzZDQ0MzJjMTU3OTI3MDJhNmU1NjBkYjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhwdUaVraFuy6v7aZYiXSpLrRUElM
M1ie9lxSnLQALYMN1i8frZ8i+f4xAuZz3pu6z91GibcxAH5Qr30d/l5t8sdKaopK
qYLx/OHWXJQcAi72yQhibQvjynk0UdoulWJ1dQvde+5rTmPyd4MOavI9Xqyke29C
LHRTx1yljGHzyZjmmpCd5Uv4LDHutO1i/n0+qI5J6CBBuxlwHJx2RDzjAURUSRO6
cNaABfGHZUR4B/SVirZMcuj7IkHGh6d9P9Vazp9UMzPhLW66ggjccjoFRIXcU1/A
eFBu+gZ/AsaAW6l0SFMMq/IZyssA2sRp0SXs4eLTaebKsAlLoSkIu6qpFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFJNl5ufeyYD1EMsFXknAqblYNtJMB8GA1UdIwQY
MBaAFFaP41zJYmM6J1evEKDm6KttAfTJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMt
ODNkNjQ4Zjc5NzQ2LzEvVWsyWG01OTdKZ1BVUXl3VmVTY0NwdVZnMjBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMtODNkNjQ4Zjc5NzQ2
LzEvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1A8YMA0G
CSqGSIb3DQEBCwUAA4IBAQBIs0ehR0C3+8652oRhd/WcIZIviFU7kqZF3s7eKaKc
EG4jrtXACP2E9ORiGA3j5E1UlLie8gLo+lABydEZzXySEJmliIZKveLoxjM/3hlg
dRx/vcU9pOO1LMQ/ETeOE9XDr78edl6bHLoy0LbbFHSKqD9v4i1UUpwkdDVuoOEU
VF+HCQFKdGv+vYEXOWd78MRpnxhs/TyrACwWrE0wTwDZ3/EfjFjQHbxQJd1gzAYA
T+o5zkAhr6hbcIMGtQzCjeewgh0r1dZ8xEEAIU32M4fqmWDlDttbAZa0cNPM6F9m
tXBV2HT+e8XKJIfrdFg/5w2KvxkfG/27AMroySj1FpJ1
-----END CERTIFICATE-----