Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/0b7271-0221-460e-831a-dc884f1be3e5/1/UaCItnYbx90QuSpCocMbct-s6G4.roa
File:                     UaCItnYbx90QuSpCocMbct-s6G4.roa (raw, json)
Hash identifier:          3V8BFn37E2wP9cPkV/kW9Tu4l2d86g0py/4TIiCzRMA=
Subject key identifier:   51:A0:88:B6:76:1B:C7:DD:10:B9:2A:42:A1:C3:1B:72:DF:AC:E8:6E
Certificate issuer:       /CN=c6cfd94237efd200dd0b116e1f6f9b7bca659ca7
Certificate serial:       018CC348EF27851F4702F02CA446A5FD571F
Authority key identifier: C6:CF:D9:42:37:EF:D2:00:DD:0B:11:6E:1F:6F:9B:7B:CA:65:9C:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xs_ZQjfv0gDdCxFuH2-be8plnKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/0b7271-0221-460e-831a-dc884f1be3e5/1/UaCItnYbx90QuSpCocMbct-s6G4.roa
Signing time:             Mon 01 Jan 2024 04:29:46 +0000
ROA not before:           Mon 01 Jan 2024 04:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8991
IP address blocks:        192.135.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/0b7271-0221-460e-831a-dc884f1be3e5/1/xs_ZQjfv0gDdCxFuH2-be8plnKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/0b7271-0221-460e-831a-dc884f1be3e5/1/xs_ZQjfv0gDdCxFuH2-be8plnKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xs_ZQjfv0gDdCxFuH2-be8plnKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ef:27:85:1f:47:02:f0:2c:a4:46:a5:fd:57:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6cfd94237efd200dd0b116e1f6f9b7bca659ca7
        Validity
            Not Before: Jan  1 04:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51a088b6761bc7dd10b92a42a1c31b72dface86e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:a8:74:a0:f3:03:73:f3:9e:de:fe:10:99:23:
                    09:f3:43:13:ed:6a:9c:f3:2d:f9:d6:c8:61:99:14:
                    71:aa:0f:f3:4c:bc:d7:82:c7:f0:d1:fe:fc:9c:f2:
                    93:23:3f:19:88:da:18:4f:e3:67:fc:fa:14:1a:2b:
                    e3:5d:e5:5a:5f:5b:b7:79:12:aa:0b:7f:4c:90:44:
                    95:a7:59:02:52:19:76:3b:b6:a4:4d:87:1e:86:f4:
                    2c:15:2d:f5:27:da:60:26:b2:84:b8:4f:c3:56:03:
                    55:d6:cf:38:c5:93:9b:15:3f:46:75:2c:90:d3:ae:
                    d3:72:fd:38:b1:ff:93:ec:17:74:3a:4d:17:a9:0f:
                    35:55:f8:aa:e2:b0:63:a5:3b:88:a4:76:31:da:b6:
                    6f:a8:2a:f3:62:84:7d:21:82:4f:e4:a5:a4:4c:6a:
                    19:2d:7f:c7:08:79:f2:f8:b1:04:04:4d:7a:e7:5f:
                    d4:6f:f9:30:ba:fb:1f:6e:ff:81:59:26:1b:e6:9a:
                    95:75:6f:9f:d4:bd:3e:20:9c:17:e5:16:30:bf:22:
                    41:15:a3:55:c9:3b:3f:47:b9:ab:81:a7:c5:41:b6:
                    62:b9:c8:fe:0a:56:3b:48:ee:82:45:b6:a2:67:06:
                    ed:50:34:ca:52:e4:e3:33:2f:c9:84:dc:be:f7:28:
                    f2:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:A0:88:B6:76:1B:C7:DD:10:B9:2A:42:A1:C3:1B:72:DF:AC:E8:6E
            X509v3 Authority Key Identifier:
                keyid:C6:CF:D9:42:37:EF:D2:00:DD:0B:11:6E:1F:6F:9B:7B:CA:65:9C:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xs_ZQjfv0gDdCxFuH2-be8plnKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/0b7271-0221-460e-831a-dc884f1be3e5/1/UaCItnYbx90QuSpCocMbct-s6G4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/0b7271-0221-460e-831a-dc884f1be3e5/1/xs_ZQjfv0gDdCxFuH2-be8plnKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.135.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:a3:12:63:5c:9e:29:9a:7a:54:39:c9:31:2c:cf:3e:8c:0f:
         8f:24:54:f4:f9:0f:96:84:87:64:8b:97:9e:c8:18:03:2a:90:
         f0:8d:2d:90:de:50:ae:64:88:77:5d:c4:30:21:63:0a:69:93:
         6a:c1:b7:a0:7a:6a:41:75:e7:cf:ce:71:63:a4:25:c2:fd:cf:
         9a:86:3b:ad:99:5a:31:e7:aa:e8:8e:d5:98:20:c6:87:8c:24:
         08:9b:87:b3:60:88:bb:62:fc:3c:52:39:60:37:d9:da:ca:29:
         1e:39:b3:d0:b2:a8:72:ba:9c:fc:c3:9b:17:f5:13:0c:f9:b7:
         00:03:b9:b6:a0:8b:07:f1:1d:3d:38:13:47:fe:3d:d0:24:90:
         d1:a8:85:4c:c5:28:c7:fb:f6:ee:b5:15:3b:be:6e:f4:61:84:
         fd:02:32:b5:dc:ee:d2:23:59:cb:b0:6a:c4:8d:92:0e:d3:14:
         8b:b3:ae:c1:18:d5:c6:92:ca:b7:19:6f:13:83:c5:b2:95:61:
         b8:33:19:a2:d6:5f:79:41:83:03:c0:74:4e:f1:e5:68:66:4a:
         cb:89:3e:f1:08:28:15:ef:c7:98:57:c1:a6:b0:06:c0:83:76:
         a1:91:c4:90:5e:8e:a8:30:7d:5b:ef:62:e3:d2:b3:a9:c6:9b:
         49:22:6a:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSO8nhR9HAvAspEal/VcfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2Y2ZkOTQyMzdlZmQyMDBkZDBiMTE2ZTFmNmY5YjdiY2E2
NTljYTcwHhcNMjQwMTAxMDQyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWEwODhiNjc2MWJjN2RkMTBiOTJhNDJhMWMzMWI3MmRmYWNlODZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6h0oPMDc/Oe3v4QmSMJ80MT7Wqc
8y351shhmRRxqg/zTLzXgsfw0f78nPKTIz8ZiNoYT+Nn/PoUGivjXeVaX1u3eRKq
C39MkESVp1kCUhl2O7akTYcehvQsFS31J9pgJrKEuE/DVgNV1s84xZObFT9GdSyQ
067Tcv04sf+T7Bd0Ok0XqQ81Vfiq4rBjpTuIpHYx2rZvqCrzYoR9IYJP5KWkTGoZ
LX/HCHny+LEEBE1651/Ub/kwuvsfbv+BWSYb5pqVdW+f1L0+IJwX5RYwvyJBFaNV
yTs/R7mrgafFQbZiucj+ClY7SO6CRbaiZwbtUDTKUuTjMy/JhNy+9yjyTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFGgiLZ2G8fdELkqQqHDG3LfrOhuMB8GA1UdIwQY
MBaAFMbP2UI379IA3QsRbh9vm3vKZZynMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHNfWlFqZnYwZ0RkQ3hGdUgyLWJlOHBsbktjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8wYjcyNzEtMDIyMS00NjBlLTgzMWEt
ZGM4ODRmMWJlM2U1LzEvVWFDSXRuWWJ4OTBRdVNwQ29jTWJjdC1zNkc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8wYjcyNzEtMDIyMS00NjBlLTgzMWEtZGM4ODRmMWJlM2U1
LzEveHNfWlFqZnYwZ0RkQ3hGdUgyLWJlOHBsbktjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwIemMA0G
CSqGSIb3DQEBCwUAA4IBAQCFoxJjXJ4pmnpUOckxLM8+jA+PJFT0+Q+WhIdki5ee
yBgDKpDwjS2Q3lCuZIh3XcQwIWMKaZNqwbegempBdefPznFjpCXC/c+ahjutmVox
56rojtWYIMaHjCQIm4ezYIi7Yvw8UjlgN9nayikeObPQsqhyupz8w5sX9RMM+bcA
A7m2oIsH8R09OBNH/j3QJJDRqIVMxSjH+/butRU7vm70YYT9AjK13O7SI1nLsGrE
jZIO0xSLs67BGNXGksq3GW8Tg8WylWG4Mxmi1l95QYMDwHRO8eVoZkrLiT7xCCgV
78eYV8GmsAbAg3ahkcSQXo6oMH1b72Lj0rOpxptJImp3
-----END CERTIFICATE-----