Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/3ebb46-b9dd-4695-815c-46ee578a0bfe/1/uWtbtAUJ9CaOp8C8KYVuVmfLZjA.roa
File:                     uWtbtAUJ9CaOp8C8KYVuVmfLZjA.roa (raw, json)
Hash identifier:          /xAWhx/eLwEYslA6S1B/IdGelAz1qBPDknZdbtUBJuQ=
Subject key identifier:   B9:6B:5B:B4:05:09:F4:26:8E:A7:C0:BC:29:85:6E:56:67:CB:66:30
Certificate issuer:       /CN=c2c12b527a5d1f8b8bcf230eb611f52f11d52bbf
Certificate serial:       018CC26D4B8B85060F8502BC2A8627A4E7BF
Authority key identifier: C2:C1:2B:52:7A:5D:1F:8B:8B:CF:23:0E:B6:11:F5:2F:11:D5:2B:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wsErUnpdH4uLzyMOthH1LxHVK78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/3ebb46-b9dd-4695-815c-46ee578a0bfe/1/uWtbtAUJ9CaOp8C8KYVuVmfLZjA.roa
Signing time:             Mon 01 Jan 2024 00:29:51 +0000
ROA not before:           Mon 01 Jan 2024 00:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42397
IP address blocks:        185.232.65.0/24 maxlen: 24
                          193.29.13.0/24 maxlen: 24
                          193.29.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/3ebb46-b9dd-4695-815c-46ee578a0bfe/1/wsErUnpdH4uLzyMOthH1LxHVK78.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/3ebb46-b9dd-4695-815c-46ee578a0bfe/1/wsErUnpdH4uLzyMOthH1LxHVK78.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wsErUnpdH4uLzyMOthH1LxHVK78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 03:05:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:4b:8b:85:06:0f:85:02:bc:2a:86:27:a4:e7:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2c12b527a5d1f8b8bcf230eb611f52f11d52bbf
        Validity
            Not Before: Jan  1 00:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b96b5bb40509f4268ea7c0bc29856e5667cb6630
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:06:c9:f0:3f:f1:3c:87:bc:24:11:31:65:69:
                    28:c0:99:fe:cc:2c:9a:ea:5c:b3:da:90:a3:9c:e7:
                    02:25:4c:b3:74:97:ed:b0:9d:5a:28:c6:ed:cb:c5:
                    d4:f0:35:7f:fe:3a:90:7c:09:1e:00:36:97:d2:42:
                    0b:58:af:13:ab:63:78:96:a4:9f:3e:ba:72:0e:74:
                    c6:9f:0b:eb:82:0d:14:df:45:be:14:25:72:b7:04:
                    4d:5a:a8:f6:84:30:dc:63:b5:65:4f:65:7a:39:4f:
                    60:a1:b7:8c:3b:67:8b:c4:32:e5:6e:89:a0:d5:ab:
                    a7:f5:27:cd:bb:58:77:00:fc:db:07:7b:b4:d2:97:
                    43:bc:3a:6e:54:5c:42:8d:b4:b3:1c:5d:a5:f0:5e:
                    16:5a:e2:7f:26:a2:fe:d5:2a:a1:21:7f:69:69:0b:
                    76:f3:cc:67:a9:f4:4f:9a:99:6f:65:a8:53:d4:0b:
                    82:89:55:d4:b9:6b:a2:90:b4:96:ca:a0:13:f4:ba:
                    f9:a4:d8:42:2b:49:23:dc:4b:c5:45:a7:e5:e4:a2:
                    2c:e8:73:1d:50:61:39:bd:e0:97:b5:6f:05:46:88:
                    37:8f:6e:ec:4c:5b:c8:a6:7b:5f:78:44:cc:4e:50:
                    e0:c7:2d:5e:f5:44:83:78:4e:1a:56:75:ab:be:c9:
                    dc:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:6B:5B:B4:05:09:F4:26:8E:A7:C0:BC:29:85:6E:56:67:CB:66:30
            X509v3 Authority Key Identifier:
                keyid:C2:C1:2B:52:7A:5D:1F:8B:8B:CF:23:0E:B6:11:F5:2F:11:D5:2B:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wsErUnpdH4uLzyMOthH1LxHVK78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/3ebb46-b9dd-4695-815c-46ee578a0bfe/1/uWtbtAUJ9CaOp8C8KYVuVmfLZjA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/3ebb46-b9dd-4695-815c-46ee578a0bfe/1/wsErUnpdH4uLzyMOthH1LxHVK78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.232.65.0/24
                  193.29.13.0/24
                  193.29.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:c0:71:c6:8d:08:f5:d7:be:a2:96:31:51:66:76:92:30:b8:
         7a:58:05:67:ad:06:be:51:75:10:7b:76:a9:8c:18:22:9b:eb:
         99:fb:e7:65:79:5d:df:a6:1b:12:1b:6b:13:b4:f2:d1:1e:1a:
         52:d6:5f:1e:d2:79:40:c9:fa:fa:cb:0a:49:de:c3:1b:ce:fd:
         49:d9:55:9c:05:0d:31:d4:a4:ad:41:79:01:f4:67:4a:32:14:
         1e:cc:d5:7c:17:66:8c:aa:8f:bf:2c:b3:b4:6d:28:7f:33:a9:
         88:bb:2c:71:cd:29:ed:ab:87:0c:b0:cd:f4:f9:4c:8b:b3:a6:
         bb:36:81:a3:45:55:1f:bf:72:ed:00:39:80:d2:6b:ff:d1:4e:
         b3:ca:03:4f:20:87:d9:a2:36:21:dd:4f:0d:89:3c:ce:51:ac:
         9f:45:38:97:63:44:5b:ce:55:19:5c:69:a6:7f:cb:2e:50:83:
         b0:ce:23:1f:12:8c:dc:51:96:68:03:33:a8:df:96:bc:72:46:
         4f:35:c2:d4:f9:f2:eb:dd:f0:e0:b1:fe:04:a8:0f:54:39:e6:
         74:d3:cf:87:55:bb:dc:f1:42:ba:d0:68:5f:e8:dc:45:56:7e:
         22:ec:97:c4:9a:dc:bc:01:42:c8:c5:19:d8:c9:53:97:b3:c3:
         1a:e1:61:15
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzCbUuLhQYPhQK8KoYnpOe/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyYzEyYjUyN2E1ZDFmOGI4YmNmMjMwZWI2MTFmNTJmMTFk
NTJiYmYwHhcNMjQwMTAxMDAyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTZiNWJiNDA1MDlmNDI2OGVhN2MwYmMyOTg1NmU1NjY3Y2I2NjMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgQbJ8D/xPIe8JBExZWkowJn+zCya
6lyz2pCjnOcCJUyzdJftsJ1aKMbty8XU8DV//jqQfAkeADaX0kILWK8Tq2N4lqSf
PrpyDnTGnwvrgg0U30W+FCVytwRNWqj2hDDcY7VlT2V6OU9gobeMO2eLxDLlbomg
1aun9SfNu1h3APzbB3u00pdDvDpuVFxCjbSzHF2l8F4WWuJ/JqL+1SqhIX9paQt2
88xnqfRPmplvZahT1AuCiVXUuWuikLSWyqAT9Lr5pNhCK0kj3EvFRafl5KIs6HMd
UGE5veCXtW8FRog3j27sTFvIpntfeETMTlDgxy1e9USDeE4aVnWrvsnctwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLlrW7QFCfQmjqfAvCmFblZny2YwMB8GA1UdIwQY
MBaAFMLBK1J6XR+Li88jDrYR9S8R1Su/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3NFclVucGRINHVMenlNT3RoSDFMeEhWSzc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zZWJiNDYtYjlkZC00Njk1LTgxNWMt
NDZlZTU3OGEwYmZlLzEvdVd0YnRBVUo5Q2FPcDhDOEtZVnVWbWZMWmpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zZWJiNDYtYjlkZC00Njk1LTgxNWMtNDZlZTU3OGEwYmZl
LzEvd3NFclVucGRINHVMenlNT3RoSDFMeEhWSzc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAuehBAwQA
wR0NAwQAwR0PMA0GCSqGSIb3DQEBCwUAA4IBAQCfwHHGjQj1176iljFRZnaSMLh6
WAVnrQa+UXUQe3apjBgim+uZ++dleV3fphsSG2sTtPLRHhpS1l8e0nlAyfr6ywpJ
3sMbzv1J2VWcBQ0x1KStQXkB9GdKMhQezNV8F2aMqo+/LLO0bSh/M6mIuyxxzSnt
q4cMsM30+UyLs6a7NoGjRVUfv3LtADmA0mv/0U6zygNPIIfZojYh3U8NiTzOUayf
RTiXY0RbzlUZXGmmf8suUIOwziMfEozcUZZoAzOo35a8ckZPNcLU+fLr3fDgsf4E
qA9UOeZ008+HVbvc8UK60Ghf6NxFVn4i7JfEmty8AULIxRnYyVOXs8Ma4WEV
-----END CERTIFICATE-----