Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/uFtXa-gjqXlvDPKb11pRBUnSI-Q.roa
File:                     uFtXa-gjqXlvDPKb11pRBUnSI-Q.roa (raw, json)
Hash identifier:          bjVr099QTLcIiYLthKCNdl9sw2ftjM8pmdWYIAPpyE4=
Subject key identifier:   B8:5B:57:6B:E8:23:A9:79:6F:0C:F2:9B:D7:5A:51:05:49:D2:23:E4
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018CC56DFE49C6BF8B9A75C9245E16DEDEAA
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/uFtXa-gjqXlvDPKb11pRBUnSI-Q.roa
Signing time:             Mon 01 Jan 2024 14:29:28 +0000
ROA not before:           Mon 01 Jan 2024 14:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31133
IP address blocks:        91.243.88.0/24 maxlen: 24
                          91.243.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:fe:49:c6:bf:8b:9a:75:c9:24:5e:16:de:de:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  1 14:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b85b576be823a9796f0cf29bd75a510549d223e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:5c:eb:d3:62:34:61:18:2e:18:90:86:09:9f:
                    62:99:fe:9d:86:b9:c4:4d:e8:2b:9c:f1:a0:07:40:
                    94:33:08:81:61:ac:e4:6a:90:41:de:92:89:c0:a2:
                    8a:4c:f8:e3:a2:5b:f8:2c:f9:02:02:ec:e5:06:d6:
                    0a:9d:4f:14:1b:37:b2:3d:9f:ae:8c:45:ee:86:f4:
                    47:20:f3:f7:be:5a:63:08:52:6e:78:1f:98:53:4a:
                    1d:7f:3b:98:f0:91:ec:27:b5:3b:89:ff:53:9d:ba:
                    41:35:35:6f:ac:40:b8:14:1b:4d:2d:48:48:45:e6:
                    70:11:cc:2c:d3:23:cc:85:7f:03:b1:9a:a7:64:e0:
                    c4:4f:62:cb:19:95:d0:59:7f:7d:33:26:9b:80:3c:
                    68:95:61:a6:eb:ea:8f:aa:4b:d8:20:05:31:80:f8:
                    2c:f9:01:ec:5f:98:12:3c:dd:59:e3:87:55:a9:d5:
                    26:40:0f:03:34:9a:a2:ce:23:f1:26:e8:1a:48:39:
                    51:79:c7:5d:52:ac:7b:8c:b2:f3:4d:db:09:0d:c5:
                    8b:12:2d:dd:bd:ec:98:c3:1b:df:8a:8b:6c:f8:39:
                    44:20:53:21:67:2c:b0:58:b6:c8:88:35:92:91:7c:
                    2d:d4:fb:f6:c6:a2:c9:6b:dd:41:6f:e5:e4:a2:71:
                    ea:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:5B:57:6B:E8:23:A9:79:6F:0C:F2:9B:D7:5A:51:05:49:D2:23:E4
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/uFtXa-gjqXlvDPKb11pRBUnSI-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.243.88.0/24
                  91.243.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:21:92:14:b4:11:87:ec:f8:ee:13:87:f7:43:9d:f2:ee:39:
         e2:05:24:d2:d4:93:d2:3e:88:10:a9:17:63:a9:4c:ae:67:38:
         eb:28:ad:42:66:93:f3:cd:7d:59:d7:e9:93:75:7e:b6:82:8c:
         56:78:5c:94:f6:e1:ec:3d:72:43:c7:3c:3a:08:fd:ce:2a:ff:
         f5:cf:11:bc:73:7e:0f:fb:0e:4b:2e:32:33:14:ba:bd:71:53:
         83:fb:af:14:fe:87:86:18:a6:65:19:44:c2:58:8f:4b:8c:43:
         c7:3d:93:a9:c9:14:d6:aa:17:ac:93:9c:cd:04:37:fe:7a:aa:
         a4:5d:ab:ec:03:7a:42:23:47:37:88:ba:e9:e0:eb:33:fd:6e:
         54:af:37:8d:f5:12:d5:56:a9:20:22:90:56:50:8c:e3:87:c2:
         78:e8:70:15:96:9c:dd:99:b0:67:44:11:28:52:2d:c2:d9:6e:
         5a:fe:20:4c:79:28:af:da:51:b3:a8:3a:f1:36:b5:e4:c8:6b:
         e6:bc:6f:6f:fa:b2:9e:6e:3d:4a:71:9e:f1:4c:db:ab:d4:91:
         40:e6:25:6d:70:30:0b:1c:4e:94:b2:22:b0:c3:15:bf:93:8c:
         74:38:a0:3a:cc:86:d4:55:74:54:30:75:d7:6b:3a:66:db:cf:
         ec:9e:ad:e2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbf5Jxr+LmnXJJF4W3t6qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwMTAxMTQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODViNTc2YmU4MjNhOTc5NmYwY2YyOWJkNzVhNTEwNTQ5ZDIyM2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArVzr02I0YRguGJCGCZ9imf6dhrnE
TegrnPGgB0CUMwiBYazkapBB3pKJwKKKTPjjolv4LPkCAuzlBtYKnU8UGzeyPZ+u
jEXuhvRHIPP3vlpjCFJueB+YU0odfzuY8JHsJ7U7if9TnbpBNTVvrEC4FBtNLUhI
ReZwEcws0yPMhX8DsZqnZODET2LLGZXQWX99MyabgDxolWGm6+qPqkvYIAUxgPgs
+QHsX5gSPN1Z44dVqdUmQA8DNJqiziPxJugaSDlRecddUqx7jLLzTdsJDcWLEi3d
veyYwxvfiots+DlEIFMhZyywWLbIiDWSkXwt1Pv2xqLJa91Bb+XkonHqhQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLhbV2voI6l5bwzym9daUQVJ0iPkMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvdUZ0WGEtZ2pxWGx2RFBLYjExcFJCVW5TSS1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW/NYAwQA
W/NfMA0GCSqGSIb3DQEBCwUAA4IBAQCyIZIUtBGH7PjuE4f3Q53y7jniBSTS1JPS
PogQqRdjqUyuZzjrKK1CZpPzzX1Z1+mTdX62goxWeFyU9uHsPXJDxzw6CP3OKv/1
zxG8c34P+w5LLjIzFLq9cVOD+68U/oeGGKZlGUTCWI9LjEPHPZOpyRTWqhesk5zN
BDf+eqqkXavsA3pCI0c3iLrp4Osz/W5UrzeN9RLVVqkgIpBWUIzjh8J46HAVlpzd
mbBnRBEoUi3C2W5a/iBMeSiv2lGzqDrxNrXkyGvmvG9v+rKebj1KcZ7xTNur1JFA
5iVtcDALHE6UsiKwwxW/k4x0OKA6zIbUVXRUMHXXazpm28/snq3i
-----END CERTIFICATE-----