Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/525707-1a12-4138-ae46-9f7e8a6122a3/1/UOV9ZNUz-NB35VOzVQ1Ndb2zVZk.roa
File:                     UOV9ZNUz-NB35VOzVQ1Ndb2zVZk.roa (raw, json)
Hash identifier:          qCbzwF7KqJyCVwvOEBWBM8x8iF3tdHsmbkDp2Slmqe8=
Subject key identifier:   50:E5:7D:64:D5:33:F8:D0:77:E5:53:B3:55:0D:4D:75:BD:B3:55:99
Certificate issuer:       /CN=c78b52ddfd0be561d410ca8846fc797e2298b3cc
Certificate serial:       018CC8DEE0730A482844DA3F1E6DA24802FD
Authority key identifier: C7:8B:52:DD:FD:0B:E5:61:D4:10:CA:88:46:FC:79:7E:22:98:B3:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x4tS3f0L5WHUEMqIRvx5fiKYs8w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/525707-1a12-4138-ae46-9f7e8a6122a3/1/UOV9ZNUz-NB35VOzVQ1Ndb2zVZk.roa
Signing time:             Tue 02 Jan 2024 06:31:38 +0000
ROA not before:           Tue 02 Jan 2024 06:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8788
IP address blocks:        91.205.16.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/525707-1a12-4138-ae46-9f7e8a6122a3/1/x4tS3f0L5WHUEMqIRvx5fiKYs8w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/525707-1a12-4138-ae46-9f7e8a6122a3/1/x4tS3f0L5WHUEMqIRvx5fiKYs8w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x4tS3f0L5WHUEMqIRvx5fiKYs8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:e0:73:0a:48:28:44:da:3f:1e:6d:a2:48:02:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c78b52ddfd0be561d410ca8846fc797e2298b3cc
        Validity
            Not Before: Jan  2 06:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=50e57d64d533f8d077e553b3550d4d75bdb35599
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:b7:ea:29:b6:26:84:82:2b:2e:33:61:77:a2:
                    db:54:97:64:74:43:48:46:0c:5d:25:6b:32:b4:b5:
                    df:62:6d:7c:8d:e8:c6:fa:7d:7e:a8:bd:b8:05:67:
                    50:4a:09:e8:e3:1e:ef:1a:be:5b:25:fb:41:9b:e0:
                    88:00:7e:df:36:6d:71:4c:23:c5:cc:20:13:d9:8b:
                    d2:70:42:14:17:33:e6:5e:d3:c0:66:8c:0e:fa:8b:
                    94:f1:77:55:99:84:9f:0c:2b:1b:76:8d:14:f8:28:
                    68:2b:93:3c:0d:9c:d9:fc:33:8e:46:cc:b6:a0:c4:
                    7e:25:af:55:eb:67:40:95:0f:4a:d4:6c:f3:87:b4:
                    88:30:12:2c:74:40:a3:e7:11:70:6b:2a:73:dc:3b:
                    81:12:5d:a9:82:a1:dc:8d:3d:d7:55:e1:68:04:8e:
                    84:ff:4f:97:81:7f:49:ca:b3:e5:f4:5a:5c:53:03:
                    0f:79:23:e1:fd:b5:6e:25:84:86:0d:14:29:d7:b8:
                    a6:44:26:a5:8a:b9:5e:8e:80:7a:8f:96:96:77:e2:
                    d1:9e:76:52:c4:fe:9e:9c:c8:18:24:fc:73:4a:11:
                    41:77:2f:7b:cd:8d:f0:28:2f:56:21:34:5e:0b:9a:
                    d1:05:37:aa:7d:43:67:eb:47:55:c0:1c:17:42:50:
                    86:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:E5:7D:64:D5:33:F8:D0:77:E5:53:B3:55:0D:4D:75:BD:B3:55:99
            X509v3 Authority Key Identifier:
                keyid:C7:8B:52:DD:FD:0B:E5:61:D4:10:CA:88:46:FC:79:7E:22:98:B3:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x4tS3f0L5WHUEMqIRvx5fiKYs8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/525707-1a12-4138-ae46-9f7e8a6122a3/1/UOV9ZNUz-NB35VOzVQ1Ndb2zVZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/525707-1a12-4138-ae46-9f7e8a6122a3/1/x4tS3f0L5WHUEMqIRvx5fiKYs8w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.205.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8f:89:a1:49:3a:fd:f4:5e:44:7f:a0:5e:d6:76:70:50:16:00:
         53:e8:c8:d2:c8:e4:7b:12:13:6f:05:e8:fa:fb:a0:64:18:0a:
         6f:ec:ad:15:41:3a:8f:83:ec:44:ac:d2:bb:b5:0f:39:93:f3:
         d3:4c:12:1b:05:7c:b8:c8:ed:3e:f2:fa:b3:cd:c3:49:38:65:
         56:f8:21:8c:6c:0e:69:9a:98:1c:72:57:2d:ea:9f:4e:fc:57:
         c8:9f:22:33:89:1a:15:29:89:e1:b3:0c:03:d6:01:c3:aa:c5:
         b3:60:c5:67:1c:63:de:52:22:8d:3b:1e:1f:73:fc:99:0b:0f:
         fc:f8:27:a1:6d:b5:df:7c:93:b6:15:28:b6:56:8e:fb:27:1d:
         5a:5b:97:e7:35:c6:b3:b4:3c:5d:84:7f:29:5a:a0:c3:68:15:
         e1:5d:22:3b:de:aa:ee:3d:e7:dc:b7:59:e6:90:4a:c5:ac:55:
         10:9f:93:23:6d:00:97:28:cf:97:ee:ae:34:6e:26:8b:b5:83:
         b8:cd:44:6d:eb:2d:64:29:41:82:2b:23:5a:70:72:32:64:00:
         9c:3b:40:59:65:46:18:0b:d4:46:de:bc:c7:4c:96:e2:0b:25:
         ea:a9:bd:96:ce:c3:41:60:87:14:d2:11:57:08:b1:42:76:94:
         d5:13:ba:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3uBzCkgoRNo/Hm2iSAL9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3OGI1MmRkZmQwYmU1NjFkNDEwY2E4ODQ2ZmM3OTdlMjI5
OGIzY2MwHhcNMjQwMTAyMDYzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGU1N2Q2NGQ1MzNmOGQwNzdlNTUzYjM1NTBkNGQ3NWJkYjM1NTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrfqKbYmhIIrLjNhd6LbVJdkdENI
RgxdJWsytLXfYm18jejG+n1+qL24BWdQSgno4x7vGr5bJftBm+CIAH7fNm1xTCPF
zCAT2YvScEIUFzPmXtPAZowO+ouU8XdVmYSfDCsbdo0U+ChoK5M8DZzZ/DOORsy2
oMR+Ja9V62dAlQ9K1Gzzh7SIMBIsdECj5xFwaypz3DuBEl2pgqHcjT3XVeFoBI6E
/0+XgX9JyrPl9FpcUwMPeSPh/bVuJYSGDRQp17imRCalirlejoB6j5aWd+LRnnZS
xP6enMgYJPxzShFBdy97zY3wKC9WITReC5rRBTeqfUNn60dVwBwXQlCG0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFDlfWTVM/jQd+VTs1UNTXW9s1WZMB8GA1UdIwQY
MBaAFMeLUt39C+Vh1BDKiEb8eX4imLPMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDR0UzNmMEw1V0hVRU1xSVJ2eDVmaUtZczh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy81MjU3MDctMWExMi00MTM4LWFlNDYt
OWY3ZThhNjEyMmEzLzEvVU9WOVpOVXotTkIzNVZPelZRMU5kYjJ6VlprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy81MjU3MDctMWExMi00MTM4LWFlNDYtOWY3ZThhNjEyMmEz
LzEveDR0UzNmMEw1V0hVRU1xSVJ2eDVmaUtZczh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW80QMA0G
CSqGSIb3DQEBCwUAA4IBAQCPiaFJOv30XkR/oF7WdnBQFgBT6MjSyOR7EhNvBej6
+6BkGApv7K0VQTqPg+xErNK7tQ85k/PTTBIbBXy4yO0+8vqzzcNJOGVW+CGMbA5p
mpgcclct6p9O/FfInyIziRoVKYnhswwD1gHDqsWzYMVnHGPeUiKNOx4fc/yZCw/8
+CehbbXffJO2FSi2Vo77Jx1aW5fnNcaztDxdhH8pWqDDaBXhXSI73qruPefct1nm
kErFrFUQn5MjbQCXKM+X7q40biaLtYO4zURt6y1kKUGCKyNacHIyZACcO0BZZUYY
C9RG3rzHTJbiCyXqqb2WzsNBYIcU0hFXCLFCdpTVE7oy
-----END CERTIFICATE-----