Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/7e51b4-0ab4-4719-b330-bdc5ae8abdb1/1/uXSKsKR2Y7rbUkP8jYZkGfymgSE.roa
File:                     uXSKsKR2Y7rbUkP8jYZkGfymgSE.roa (raw, json)
Hash identifier:          2631rAU2LYELX6HlpWNkmlWCQcvIcnMMPZYpLeMqKXo=
Subject key identifier:   B9:74:8A:B0:A4:76:63:BA:DB:52:43:FC:8D:86:64:19:FC:A6:81:21
Certificate issuer:       /CN=0cbe91eb63a44f1e9f1a83edd218a1ec75c25e91
Certificate serial:       018CC7944115D8A1A095CAEF88AC679734DF
Authority key identifier: 0C:BE:91:EB:63:A4:4F:1E:9F:1A:83:ED:D2:18:A1:EC:75:C2:5E:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DL6R62OkTx6fGoPt0hih7HXCXpE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/7e51b4-0ab4-4719-b330-bdc5ae8abdb1/1/uXSKsKR2Y7rbUkP8jYZkGfymgSE.roa
Signing time:             Tue 02 Jan 2024 00:30:31 +0000
ROA not before:           Tue 02 Jan 2024 00:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.235.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/7e51b4-0ab4-4719-b330-bdc5ae8abdb1/1/DL6R62OkTx6fGoPt0hih7HXCXpE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/7e51b4-0ab4-4719-b330-bdc5ae8abdb1/1/DL6R62OkTx6fGoPt0hih7HXCXpE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DL6R62OkTx6fGoPt0hih7HXCXpE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:41:15:d8:a1:a0:95:ca:ef:88:ac:67:97:34:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0cbe91eb63a44f1e9f1a83edd218a1ec75c25e91
        Validity
            Not Before: Jan  2 00:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9748ab0a47663badb5243fc8d866419fca68121
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b3:d9:ec:4e:02:03:3e:6f:87:e7:9a:51:41:
                    74:89:9b:4b:82:56:30:74:f5:83:e2:3d:33:ee:20:
                    6b:22:0b:66:c3:fc:c8:6e:45:89:f6:a5:3e:72:87:
                    cd:d1:54:a6:2e:45:ff:a3:51:78:f9:b9:d1:b4:f7:
                    bf:4f:5e:04:05:24:f7:a3:d3:82:29:3b:2c:15:10:
                    93:63:d3:ce:36:65:6d:6d:57:ee:44:59:3e:77:fb:
                    e9:f6:29:4f:d0:99:8a:29:bd:3c:df:71:8e:63:c9:
                    5a:5b:69:48:3b:07:05:e2:b3:ab:c7:33:3b:65:b7:
                    35:c2:b7:7d:a9:10:cb:e8:b5:12:00:58:f2:52:99:
                    cd:84:d8:cf:ed:f2:af:fd:a1:85:f0:ac:0e:84:8d:
                    95:bd:51:7b:7d:b8:85:dc:a2:43:e5:3a:86:4e:2d:
                    79:87:ba:f3:a5:c8:85:c7:a7:53:b1:28:51:86:7e:
                    67:5c:ba:7d:c7:a3:8f:6d:5b:79:27:80:2e:d9:be:
                    b8:18:31:43:41:03:10:c7:8b:f6:b5:c1:30:db:aa:
                    64:9a:68:ff:70:5d:64:0e:37:9f:85:fc:fb:43:26:
                    b5:cd:2d:bb:df:ed:fa:fd:a7:f7:c5:60:7d:d2:ca:
                    6d:27:f6:86:75:a6:f7:b1:5b:83:1b:98:98:ab:91:
                    02:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:74:8A:B0:A4:76:63:BA:DB:52:43:FC:8D:86:64:19:FC:A6:81:21
            X509v3 Authority Key Identifier:
                keyid:0C:BE:91:EB:63:A4:4F:1E:9F:1A:83:ED:D2:18:A1:EC:75:C2:5E:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DL6R62OkTx6fGoPt0hih7HXCXpE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/7e51b4-0ab4-4719-b330-bdc5ae8abdb1/1/uXSKsKR2Y7rbUkP8jYZkGfymgSE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/7e51b4-0ab4-4719-b330-bdc5ae8abdb1/1/DL6R62OkTx6fGoPt0hih7HXCXpE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:6c:a1:59:4e:6b:10:2a:0d:95:e2:2e:ce:bf:50:66:b0:1d:
         e2:d9:ac:6b:eb:fe:5c:0d:25:41:60:67:b2:83:cf:6c:2a:27:
         70:7d:b6:38:bb:e9:59:78:50:78:6d:ac:ca:e6:e3:61:8c:bc:
         17:88:47:1a:1a:03:04:03:0c:6d:35:ec:e3:1d:1e:03:fa:fc:
         e2:05:77:6b:0a:c0:61:63:91:23:4b:d2:a9:db:a5:4f:72:84:
         9d:ed:d7:75:ed:06:6c:2c:f4:f7:73:d3:9c:f3:7a:13:b2:2e:
         a0:92:45:f2:40:9b:93:08:e0:8f:f5:e4:b4:5b:5b:4d:34:8b:
         00:c4:cc:7d:66:c8:d3:aa:9f:91:c8:06:ba:3f:92:d1:0f:38:
         76:14:b3:f9:a4:b1:21:1e:0d:94:0c:37:2a:59:35:81:bc:9f:
         cf:f2:db:e0:3c:82:50:c7:83:d4:6e:73:ef:fc:67:cc:f9:1c:
         b2:44:97:b1:7f:ef:64:50:6a:01:33:d2:df:04:54:7a:85:34:
         f8:b0:d1:50:1b:3c:c2:91:38:dd:8c:6a:b2:a4:c2:64:8c:fd:
         91:f8:da:2e:7b:3f:6e:9d:c9:d7:5a:7d:aa:f8:4d:4c:b0:42:
         22:2e:86:85:11:b5:f6:d4:77:6a:af:13:d6:46:00:aa:78:f9:
         14:e1:80:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlEEV2KGglcrviKxnlzTfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjYmU5MWViNjNhNDRmMWU5ZjFhODNlZGQyMThhMWVjNzVj
MjVlOTEwHhcNMjQwMTAyMDAzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTc0OGFiMGE0NzY2M2JhZGI1MjQzZmM4ZDg2NjQxOWZjYTY4MTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLPZ7E4CAz5vh+eaUUF0iZtLglYw
dPWD4j0z7iBrIgtmw/zIbkWJ9qU+cofN0VSmLkX/o1F4+bnRtPe/T14EBST3o9OC
KTssFRCTY9PONmVtbVfuRFk+d/vp9ilP0JmKKb0833GOY8laW2lIOwcF4rOrxzM7
Zbc1wrd9qRDL6LUSAFjyUpnNhNjP7fKv/aGF8KwOhI2VvVF7fbiF3KJD5TqGTi15
h7rzpciFx6dTsShRhn5nXLp9x6OPbVt5J4Au2b64GDFDQQMQx4v2tcEw26pkmmj/
cF1kDjefhfz7Qya1zS273+36/af3xWB90sptJ/aGdab3sVuDG5iYq5ECuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLl0irCkdmO621JD/I2GZBn8poEhMB8GA1UdIwQY
MBaAFAy+ketjpE8enxqD7dIYoex1wl6RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREw2UjYyT2tUeDZmR29QdDBoaWg3SFhDWHBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi83ZTUxYjQtMGFiNC00NzE5LWIzMzAt
YmRjNWFlOGFiZGIxLzEvdVhTS3NLUjJZN3JiVWtQOGpZWmtHZnltZ1NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi83ZTUxYjQtMGFiNC00NzE5LWIzMzAtYmRjNWFlOGFiZGIx
LzEvREw2UjYyT2tUeDZmR29QdDBoaWg3SFhDWHBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuevHMA0G
CSqGSIb3DQEBCwUAA4IBAQAKbKFZTmsQKg2V4i7Ov1BmsB3i2axr6/5cDSVBYGey
g89sKidwfbY4u+lZeFB4bazK5uNhjLwXiEcaGgMEAwxtNezjHR4D+vziBXdrCsBh
Y5EjS9Kp26VPcoSd7dd17QZsLPT3c9Oc83oTsi6gkkXyQJuTCOCP9eS0W1tNNIsA
xMx9ZsjTqp+RyAa6P5LRDzh2FLP5pLEhHg2UDDcqWTWBvJ/P8tvgPIJQx4PUbnPv
/GfM+RyyRJexf+9kUGoBM9LfBFR6hTT4sNFQGzzCkTjdjGqypMJkjP2R+Nouez9u
ncnXWn2q+E1MsEIiLoaFEbX21HdqrxPWRgCqePkU4YDM
-----END CERTIFICATE-----