Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/0a2e01-9aa6-48c9-b79a-a4d359d91251/1/uWQHZdbU8kcrekC6UE1Qa86q-A8.roa
File:                     uWQHZdbU8kcrekC6UE1Qa86q-A8.roa (raw, json)
Hash identifier:          X6oXCp+Qid2hDAsbBTRiEnZgZmX5wSgzPwGR6jN7bWM=
Subject key identifier:   B9:64:07:65:D6:D4:F2:47:2B:7A:40:BA:50:4D:50:6B:CE:AA:F8:0F
Certificate issuer:       /CN=cecd391c660c3e57c53b87c0b52ec0d2f2f42775
Certificate serial:       018D3FFF9790A799E728CB0847C0A22F8AA3
Authority key identifier: CE:CD:39:1C:66:0C:3E:57:C5:3B:87:C0:B5:2E:C0:D2:F2:F4:27:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zs05HGYMPlfFO4fAtS7A0vL0J3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/0a2e01-9aa6-48c9-b79a-a4d359d91251/1/uWQHZdbU8kcrekC6UE1Qa86q-A8.roa
Signing time:             Thu 25 Jan 2024 09:42:11 +0000
ROA not before:           Thu 25 Jan 2024 09:42:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31400
IP address blocks:        193.107.120.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/0a2e01-9aa6-48c9-b79a-a4d359d91251/1/zs05HGYMPlfFO4fAtS7A0vL0J3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/0a2e01-9aa6-48c9-b79a-a4d359d91251/1/zs05HGYMPlfFO4fAtS7A0vL0J3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zs05HGYMPlfFO4fAtS7A0vL0J3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 04:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3f:ff:97:90:a7:99:e7:28:cb:08:47:c0:a2:2f:8a:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cecd391c660c3e57c53b87c0b52ec0d2f2f42775
        Validity
            Not Before: Jan 25 09:42:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9640765d6d4f2472b7a40ba504d506bceaaf80f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:ad:c2:67:40:46:f5:dd:3d:99:b0:fd:af:db:
                    71:1b:8c:cb:ea:80:9b:56:5c:73:9c:b3:4d:78:f0:
                    25:f2:89:47:0a:30:55:ae:36:0a:3a:e1:35:9c:cb:
                    6e:96:b4:82:e3:be:77:80:8d:7d:71:e9:27:b5:e2:
                    4c:ba:8c:4f:56:e4:84:56:a8:a7:a5:36:8c:76:25:
                    ca:38:61:65:79:6e:a8:94:2d:6e:c3:e5:f1:59:18:
                    a1:6c:2b:a9:93:0e:e7:7a:05:16:d0:ed:06:c2:c3:
                    b7:f4:d5:99:78:fa:fe:72:b3:c5:d3:82:c9:27:8c:
                    dd:4a:69:8b:6c:c6:85:23:64:fb:7a:2d:cd:fb:4d:
                    11:e2:1a:96:e2:bd:58:a7:14:55:14:5c:fa:73:40:
                    a4:a6:40:a4:92:53:86:a2:75:de:14:f4:a9:ed:36:
                    73:0e:94:56:04:18:0e:5e:be:05:ec:f0:8e:e8:52:
                    8d:d4:7c:89:be:0a:b6:c2:46:f0:08:8a:81:83:69:
                    a7:ba:40:2a:1c:13:53:7b:e5:ed:6b:4e:19:2d:aa:
                    d5:1b:32:ba:97:0a:32:60:44:67:40:5e:e4:1a:49:
                    4e:d4:94:e2:15:82:9c:de:b0:50:d8:df:ab:d9:4f:
                    16:59:1d:84:09:75:49:aa:ad:6c:a6:f5:f5:44:e5:
                    f5:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:64:07:65:D6:D4:F2:47:2B:7A:40:BA:50:4D:50:6B:CE:AA:F8:0F
            X509v3 Authority Key Identifier:
                keyid:CE:CD:39:1C:66:0C:3E:57:C5:3B:87:C0:B5:2E:C0:D2:F2:F4:27:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zs05HGYMPlfFO4fAtS7A0vL0J3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/0a2e01-9aa6-48c9-b79a-a4d359d91251/1/uWQHZdbU8kcrekC6UE1Qa86q-A8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/0a2e01-9aa6-48c9-b79a-a4d359d91251/1/zs05HGYMPlfFO4fAtS7A0vL0J3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.107.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9d:7c:35:ba:ec:81:41:7f:9e:2d:17:75:91:fb:28:6e:8f:59:
         8b:19:81:69:f6:09:e2:30:d1:f7:4e:3c:9e:d3:01:b2:36:4f:
         f6:12:35:b7:f9:94:71:b2:1c:62:70:33:5d:b9:21:63:45:35:
         54:08:6c:d7:8a:0d:8c:e8:12:74:e9:c5:a1:67:e1:be:0e:6e:
         0d:e2:80:06:3b:c6:8e:a1:b3:c6:45:00:bf:2d:cb:0a:69:08:
         f0:45:f5:b2:b9:d8:44:03:b2:e7:81:bb:da:4e:c5:39:2e:c7:
         07:18:85:5a:14:5c:d0:5e:b2:35:5f:00:98:be:9f:b8:43:54:
         02:e5:8b:00:87:c2:7d:cf:96:3f:97:9d:8f:16:5d:5e:1f:f2:
         17:1a:f8:a8:4d:90:a4:46:4f:63:c6:ad:fd:41:ee:fa:a4:8a:
         28:f0:ee:9c:70:96:ad:34:c1:9c:3c:9b:40:82:cf:ad:83:e1:
         cd:8f:9a:a6:68:fe:3c:ca:c5:de:2c:84:30:e5:c3:54:12:de:
         01:a1:87:d6:97:42:6b:ef:ca:5a:a6:44:60:41:65:e1:d1:97:
         49:25:9b:f1:a9:22:d3:39:d9:08:30:4f:56:d3:6f:3b:ed:23:
         74:e4:e6:01:70:d7:ba:6f:1c:fd:d2:bc:aa:e0:e7:99:6b:3d:
         cc:e6:c2:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0//5eQp5nnKMsIR8CiL4qjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlY2QzOTFjNjYwYzNlNTdjNTNiODdjMGI1MmVjMGQyZjJm
NDI3NzUwHhcNMjQwMTI1MDk0MjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTY0MDc2NWQ2ZDRmMjQ3MmI3YTQwYmE1MDRkNTA2YmNlYWFmODBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAma3CZ0BG9d09mbD9r9txG4zL6oCb
VlxznLNNePAl8olHCjBVrjYKOuE1nMtulrSC4753gI19ceknteJMuoxPVuSEVqin
pTaMdiXKOGFleW6olC1uw+XxWRihbCupkw7negUW0O0GwsO39NWZePr+crPF04LJ
J4zdSmmLbMaFI2T7ei3N+00R4hqW4r1YpxRVFFz6c0CkpkCkklOGonXeFPSp7TZz
DpRWBBgOXr4F7PCO6FKN1HyJvgq2wkbwCIqBg2mnukAqHBNTe+Xta04ZLarVGzK6
lwoyYERnQF7kGklO1JTiFYKc3rBQ2N+r2U8WWR2ECXVJqq1spvX1ROX1ZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLlkB2XW1PJHK3pAulBNUGvOqvgPMB8GA1UdIwQY
MBaAFM7NORxmDD5XxTuHwLUuwNLy9Cd1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenMwNUhHWU1QbGZGTzRmQXRTN0EwdkwwSjNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC8wYTJlMDEtOWFhNi00OGM5LWI3OWEt
YTRkMzU5ZDkxMjUxLzEvdVdRSFpkYlU4a2NyZWtDNlVFMVFhODZxLUE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC8wYTJlMDEtOWFhNi00OGM5LWI3OWEtYTRkMzU5ZDkxMjUx
LzEvenMwNUhHWU1QbGZGTzRmQXRTN0EwdkwwSjNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwWt4MA0G
CSqGSIb3DQEBCwUAA4IBAQCdfDW67IFBf54tF3WR+yhuj1mLGYFp9gniMNH3Tjye
0wGyNk/2EjW3+ZRxshxicDNduSFjRTVUCGzXig2M6BJ06cWhZ+G+Dm4N4oAGO8aO
obPGRQC/LcsKaQjwRfWyudhEA7LngbvaTsU5LscHGIVaFFzQXrI1XwCYvp+4Q1QC
5YsAh8J9z5Y/l52PFl1eH/IXGvioTZCkRk9jxq39Qe76pIoo8O6ccJatNMGcPJtA
gs+tg+HNj5qmaP48ysXeLIQw5cNUEt4BoYfWl0Jr78papkRgQWXh0ZdJJZvxqSLT
OdkIME9W02877SN05OYBcNe6bxz90ryq4OeZaz3M5sK9
-----END CERTIFICATE-----