Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/daf960-d060-49fc-af42-dee292ea87a3/1/UJxef-S8Fpg-5D8GtpQQSoTRT6E.roa
File:                     UJxef-S8Fpg-5D8GtpQQSoTRT6E.roa (raw, json)
Hash identifier:          0hlDIZdvA5SBjHVNDLkcH9lG34afs0m2j3fQux/p4AE=
Subject key identifier:   50:9C:5E:7F:E4:BC:16:98:3E:E4:3F:06:B6:94:10:4A:84:D1:4F:A1
Certificate issuer:       /CN=8a1ce1d135bf2cf8e8c13f33ec11c8523703dc75
Certificate serial:       018CC3B700AAA8EF37802EBDF2F42C46649A
Authority key identifier: 8A:1C:E1:D1:35:BF:2C:F8:E8:C1:3F:33:EC:11:C8:52:37:03:DC:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ihzh0TW_LPjowT8z7BHIUjcD3HU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/daf960-d060-49fc-af42-dee292ea87a3/1/UJxef-S8Fpg-5D8GtpQQSoTRT6E.roa
Signing time:             Mon 01 Jan 2024 06:29:59 +0000
ROA not before:           Mon 01 Jan 2024 06:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205138
IP address blocks:        2a0c:7cc5:3::/48 maxlen: 48
                          2a0c:7cc5::/48 maxlen: 48
                          2a0c:7cc5:1::/48 maxlen: 48
                          2a0c:7cc5:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/daf960-d060-49fc-af42-dee292ea87a3/1/ihzh0TW_LPjowT8z7BHIUjcD3HU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/daf960-d060-49fc-af42-dee292ea87a3/1/ihzh0TW_LPjowT8z7BHIUjcD3HU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ihzh0TW_LPjowT8z7BHIUjcD3HU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:00:aa:a8:ef:37:80:2e:bd:f2:f4:2c:46:64:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a1ce1d135bf2cf8e8c13f33ec11c8523703dc75
        Validity
            Not Before: Jan  1 06:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=509c5e7fe4bc16983ee43f06b694104a84d14fa1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:a5:31:97:8f:bf:3c:5d:dc:09:73:fc:3e:c5:
                    d4:bd:9c:5a:e0:0c:b0:66:76:83:8f:69:68:1a:53:
                    c3:4c:2c:2a:6e:25:3c:b2:05:49:84:e9:91:71:2f:
                    43:ea:bb:0f:72:b0:78:22:08:dd:ae:9f:70:49:ca:
                    72:be:d8:73:49:d2:12:9d:8a:72:bc:62:ab:40:f3:
                    eb:92:40:cf:ca:d4:19:51:d8:e8:a4:fa:af:b6:35:
                    d5:03:43:e2:11:3e:29:88:ae:3b:51:4d:79:36:55:
                    9f:89:0a:70:21:86:29:91:85:d4:70:5b:fa:f2:d9:
                    d7:e7:7b:98:69:ac:57:91:70:98:53:1d:6e:5f:b1:
                    cc:14:96:70:fd:fd:f5:ed:16:a3:f0:51:71:88:c5:
                    5d:fe:7a:90:5e:6c:71:74:e0:ac:84:a5:81:9e:2a:
                    50:2a:be:c9:86:8c:46:1d:90:f4:70:9e:cf:6e:9b:
                    3d:ae:53:26:96:8a:4d:2b:8e:27:94:20:04:ef:ba:
                    1b:8a:9f:e2:29:a5:6d:43:81:e9:40:91:0b:19:4a:
                    05:7b:b2:4f:4e:17:7a:b4:51:b3:3f:25:14:f8:e0:
                    88:55:3c:12:45:67:71:a1:f4:5d:26:24:ad:7d:3b:
                    f8:5e:4b:e4:08:2d:eb:22:92:e9:78:c4:d8:19:e5:
                    c0:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:9C:5E:7F:E4:BC:16:98:3E:E4:3F:06:B6:94:10:4A:84:D1:4F:A1
            X509v3 Authority Key Identifier:
                keyid:8A:1C:E1:D1:35:BF:2C:F8:E8:C1:3F:33:EC:11:C8:52:37:03:DC:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ihzh0TW_LPjowT8z7BHIUjcD3HU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/daf960-d060-49fc-af42-dee292ea87a3/1/UJxef-S8Fpg-5D8GtpQQSoTRT6E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/daf960-d060-49fc-af42-dee292ea87a3/1/ihzh0TW_LPjowT8z7BHIUjcD3HU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:7cc5::/46

    Signature Algorithm: sha256WithRSAEncryption
         60:0a:60:3e:31:c7:89:39:71:2a:8b:5d:d6:e1:f5:3b:f8:9c:
         0b:0c:cb:8c:d2:20:00:61:c6:42:5c:18:d6:c2:f3:31:72:9e:
         cb:b8:46:88:73:02:84:5a:2e:f2:c1:e6:c3:47:44:b4:b8:b0:
         d9:b1:cd:49:4f:d3:2d:88:25:b9:51:08:0a:0b:85:db:e4:b4:
         08:28:16:d2:19:15:b6:ad:e8:a8:d2:ce:bd:04:73:a3:e6:6f:
         fb:2c:d4:c7:aa:6b:79:c8:1a:55:63:da:88:7c:e2:c2:1f:22:
         6d:ad:0c:a8:ad:3d:7d:fe:46:aa:8d:8e:b1:f5:91:21:e7:33:
         93:66:93:f1:dd:34:c5:23:70:d4:d9:33:db:fe:37:ea:58:64:
         b0:69:04:c4:dd:96:67:ce:a2:d1:61:36:c5:c8:a3:86:86:3c:
         fb:2a:0f:63:9d:b5:0e:19:3e:bd:2a:69:07:7c:b2:5f:e6:78:
         6d:e4:c1:05:c6:4d:e0:2f:19:22:45:f9:c5:6a:bb:91:75:24:
         60:01:17:01:a7:ad:40:06:6f:24:53:41:a7:e0:2d:86:23:71:
         0e:62:ee:8c:29:5d:c2:dc:a1:38:c7:91:24:3e:2b:ed:37:09:
         6e:61:49:7e:86:bd:35:58:29:3b:15:1c:0f:f2:dc:5d:f2:e2:
         85:04:9a:05
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDtwCqqO83gC698vQsRmSaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhMWNlMWQxMzViZjJjZjhlOGMxM2YzM2VjMTFjODUyMzcw
M2RjNzUwHhcNMjQwMTAxMDYyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDljNWU3ZmU0YmMxNjk4M2VlNDNmMDZiNjk0MTA0YTg0ZDE0ZmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaUxl4+/PF3cCXP8PsXUvZxa4Ayw
ZnaDj2loGlPDTCwqbiU8sgVJhOmRcS9D6rsPcrB4Igjdrp9wScpyvthzSdISnYpy
vGKrQPPrkkDPytQZUdjopPqvtjXVA0PiET4piK47UU15NlWfiQpwIYYpkYXUcFv6
8tnX53uYaaxXkXCYUx1uX7HMFJZw/f317Raj8FFxiMVd/nqQXmxxdOCshKWBnipQ
Kr7JhoxGHZD0cJ7Pbps9rlMmlopNK44nlCAE77obip/iKaVtQ4HpQJELGUoFe7JP
Thd6tFGzPyUU+OCIVTwSRWdxofRdJiStfTv4XkvkCC3rIpLpeMTYGeXA3wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFCcXn/kvBaYPuQ/BraUEEqE0U+hMB8GA1UdIwQY
MBaAFIoc4dE1vyz46ME/M+wRyFI3A9x1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWh6aDBUV19MUGpvd1Q4ejdCSElVamNEM0hVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9kYWY5NjAtZDA2MC00OWZjLWFmNDIt
ZGVlMjkyZWE4N2EzLzEvVUp4ZWYtUzhGcGctNUQ4R3RwUVFTb1RSVDZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9kYWY5NjAtZDA2MC00OWZjLWFmNDItZGVlMjkyZWE4N2Ez
LzEvaWh6aDBUV19MUGpvd1Q4ejdCSElVamNEM0hVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKgx8xQAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBgCmA+MceJOXEqi13W4fU7+JwLDMuM0iAAYcZC
XBjWwvMxcp7LuEaIcwKEWi7ywebDR0S0uLDZsc1JT9MtiCW5UQgKC4Xb5LQIKBbS
GRW2reio0s69BHOj5m/7LNTHqmt5yBpVY9qIfOLCHyJtrQyorT19/kaqjY6x9ZEh
5zOTZpPx3TTFI3DU2TPb/jfqWGSwaQTE3ZZnzqLRYTbFyKOGhjz7Kg9jnbUOGT69
KmkHfLJf5nht5MEFxk3gLxkiRfnFaruRdSRgARcBp61ABm8kU0Gn4C2GI3EOYu6M
KV3C3KE4x5EkPivtNwluYUl+hr01WCk7FRwP8txd8uKFBJoF
-----END CERTIFICATE-----