Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/af8b29-b1af-4cf6-bf16-b05832bc6962/1/uaGqAzc_tBlkPvBy0oFfp-2YLqY.roa
File:                     uaGqAzc_tBlkPvBy0oFfp-2YLqY.roa (raw, json)
Hash identifier:          jdNWstjOH0nHedHxByTPgAXjtoCXSC9+MQhlZDV/Z2g=
Subject key identifier:   B9:A1:AA:03:37:3F:B4:19:64:3E:F0:72:D2:81:5F:A7:ED:98:2E:A6
Certificate issuer:       /CN=85802fc1d0f3e3a4462562d2f06f2b3deff8f4e7
Certificate serial:       018CC2DB622CF717A0E926E9F839CA84CB60
Authority key identifier: 85:80:2F:C1:D0:F3:E3:A4:46:25:62:D2:F0:6F:2B:3D:EF:F8:F4:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hYAvwdDz46RGJWLS8G8rPe_49Oc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/af8b29-b1af-4cf6-bf16-b05832bc6962/1/uaGqAzc_tBlkPvBy0oFfp-2YLqY.roa
Signing time:             Mon 01 Jan 2024 02:30:06 +0000
ROA not before:           Mon 01 Jan 2024 02:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57789
IP address blocks:        185.23.7.0/24 maxlen: 24
                          31.135.192.0/20 maxlen: 20
                          2a0e:64c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/af8b29-b1af-4cf6-bf16-b05832bc6962/1/hYAvwdDz46RGJWLS8G8rPe_49Oc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/af8b29-b1af-4cf6-bf16-b05832bc6962/1/hYAvwdDz46RGJWLS8G8rPe_49Oc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hYAvwdDz46RGJWLS8G8rPe_49Oc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:62:2c:f7:17:a0:e9:26:e9:f8:39:ca:84:cb:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85802fc1d0f3e3a4462562d2f06f2b3deff8f4e7
        Validity
            Not Before: Jan  1 02:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9a1aa03373fb419643ef072d2815fa7ed982ea6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:d6:74:7d:07:b4:b4:87:a1:4d:9a:88:43:00:
                    61:bf:77:eb:5f:3c:e7:14:9a:0b:24:f6:d3:f4:c9:
                    02:6b:6e:de:08:89:45:10:fa:25:e2:26:31:b2:5b:
                    d8:df:97:28:78:b1:f3:bb:c5:5e:ac:8c:e8:12:78:
                    11:f5:21:d2:3f:70:96:89:1a:c2:90:db:26:60:6c:
                    f6:88:b4:78:bf:6a:1a:0a:ea:ae:f0:05:68:0d:70:
                    8d:01:36:b2:e8:ea:ac:90:20:cc:4f:c7:b6:1b:5d:
                    f4:68:9c:22:f2:93:59:88:4a:d3:f4:46:4d:bc:e0:
                    a1:81:0b:22:09:5e:19:db:a9:b0:33:7f:e1:0d:18:
                    25:a0:90:90:f4:ab:04:c0:db:3f:b7:2c:77:fa:21:
                    ed:0f:bb:7e:c7:3e:15:f6:e3:23:7c:ff:11:c7:c2:
                    e3:64:90:35:0a:f3:4f:5b:ce:4d:09:c4:82:52:99:
                    8d:83:1f:14:b1:48:6b:02:6d:fd:1e:7d:5d:fb:49:
                    e6:36:59:cd:05:5e:ce:fb:b7:8d:d8:a2:b1:22:74:
                    69:3c:31:a7:ae:21:74:a5:0c:1a:fd:71:b3:5e:6f:
                    9c:9a:e5:90:8d:c4:2d:38:4c:fa:4c:76:a8:ba:75:
                    da:94:82:e5:e0:33:02:32:ef:05:d6:05:2f:9a:54:
                    f9:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:A1:AA:03:37:3F:B4:19:64:3E:F0:72:D2:81:5F:A7:ED:98:2E:A6
            X509v3 Authority Key Identifier:
                keyid:85:80:2F:C1:D0:F3:E3:A4:46:25:62:D2:F0:6F:2B:3D:EF:F8:F4:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hYAvwdDz46RGJWLS8G8rPe_49Oc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/af8b29-b1af-4cf6-bf16-b05832bc6962/1/uaGqAzc_tBlkPvBy0oFfp-2YLqY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/af8b29-b1af-4cf6-bf16-b05832bc6962/1/hYAvwdDz46RGJWLS8G8rPe_49Oc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.135.192.0/20
                  185.23.7.0/24
                IPv6:
                  2a0e:64c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         16:98:f8:52:4c:ba:2e:ed:14:04:54:df:2d:01:c0:a3:a6:2f:
         8a:fb:da:40:60:76:d0:d8:65:9e:54:e5:d7:1b:3e:2a:f8:8a:
         f1:70:45:19:05:94:4d:ff:b9:d4:73:47:ef:a7:7c:81:b2:b9:
         86:1b:33:29:b3:46:ce:b0:d0:ea:eb:40:50:4a:6a:a7:72:9d:
         74:35:bb:e5:92:12:1e:43:c4:8f:73:cc:88:cc:eb:65:75:e2:
         10:9a:0c:9a:af:e8:db:af:87:3f:6e:13:63:7e:46:4b:38:d6:
         61:a4:19:b9:f6:48:45:bf:f2:35:5b:2c:c3:c3:95:37:06:4e:
         15:43:b8:4a:36:72:28:1e:15:7d:b9:2f:0a:db:a9:d3:59:6a:
         5c:71:c0:9f:bb:1b:d3:93:2f:ee:0c:5d:8b:86:d2:9c:a9:db:
         cd:50:c6:45:f4:83:3c:cc:0a:9e:53:dc:f9:1f:88:20:1f:3a:
         36:e5:48:58:09:8a:12:5a:80:ee:8d:c8:f9:07:46:5c:0a:e5:
         a7:39:fb:c0:3c:a2:c6:8f:cb:0b:61:3d:cd:dc:d0:2c:2a:0a:
         f6:b5:60:71:aa:3f:3f:7d:bf:df:48:62:db:cc:68:ae:d4:83:
         94:59:03:90:b6:34:a2:39:9b:ff:df:6e:da:c8:65:02:0b:4c:
         d2:e7:9f:64
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzC22Is9xeg6Sbp+DnKhMtgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ODAyZmMxZDBmM2UzYTQ0NjI1NjJkMmYwNmYyYjNkZWZm
OGY0ZTcwHhcNMjQwMTAxMDIzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWExYWEwMzM3M2ZiNDE5NjQzZWYwNzJkMjgxNWZhN2VkOTgyZWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAytZ0fQe0tIehTZqIQwBhv3frXzzn
FJoLJPbT9MkCa27eCIlFEPol4iYxslvY35coeLHzu8VerIzoEngR9SHSP3CWiRrC
kNsmYGz2iLR4v2oaCuqu8AVoDXCNATay6OqskCDMT8e2G130aJwi8pNZiErT9EZN
vOChgQsiCV4Z26mwM3/hDRgloJCQ9KsEwNs/tyx3+iHtD7t+xz4V9uMjfP8Rx8Lj
ZJA1CvNPW85NCcSCUpmNgx8UsUhrAm39Hn1d+0nmNlnNBV7O+7eN2KKxInRpPDGn
riF0pQwa/XGzXm+cmuWQjcQtOEz6THaounXalILl4DMCMu8F1gUvmlT5ewIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLmhqgM3P7QZZD7wctKBX6ftmC6mMB8GA1UdIwQY
MBaAFIWAL8HQ8+OkRiVi0vBvKz3v+PTnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFlBdndkRHo0NlJHSldMUzhHOHJQZV80OU9jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9hZjhiMjktYjFhZi00Y2Y2LWJmMTYt
YjA1ODMyYmM2OTYyLzEvdWFHcUF6Y190QmxrUHZCeTBvRmZwLTJZTHFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9hZjhiMjktYjFhZi00Y2Y2LWJmMTYtYjA1ODMyYmM2OTYy
LzEvaFlBdndkRHo0NlJHSldMUzhHOHJQZV80OU9jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEH4fAAwQA
uRcHMA0EAgACMAcDBQMqDmTAMA0GCSqGSIb3DQEBCwUAA4IBAQAWmPhSTLou7RQE
VN8tAcCjpi+K+9pAYHbQ2GWeVOXXGz4q+IrxcEUZBZRN/7nUc0fvp3yBsrmGGzMp
s0bOsNDq60BQSmqncp10NbvlkhIeQ8SPc8yIzOtldeIQmgyar+jbr4c/bhNjfkZL
ONZhpBm59khFv/I1WyzDw5U3Bk4VQ7hKNnIoHhV9uS8K26nTWWpcccCfuxvTky/u
DF2LhtKcqdvNUMZF9IM8zAqeU9z5H4ggHzo25UhYCYoSWoDujcj5B0ZcCuWnOfvA
PKLGj8sLYT3N3NAsKgr2tWBxqj8/fb/fSGLbzGiu1IOUWQOQtjSiOZv/327ayGUC
C0zS559k
-----END CERTIFICATE-----