Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/481269-dbdb-425e-9642-e1ea41c9a2e6/1/uu6nu25ktOuWrq_y7Lf3cnbTSkU.roa
File:                     uu6nu25ktOuWrq_y7Lf3cnbTSkU.roa (raw, json)
Hash identifier:          NwzaGNFoBan0scf5/zZeH/FnfOhLQQDlZZKyn+67mAw=
Subject key identifier:   BA:EE:A7:BB:6E:64:B4:EB:96:AE:AF:F2:EC:B7:F7:72:76:D3:4A:45
Certificate issuer:       /CN=9ce94757ac3f70b40f369307d365ebc9657bab69
Certificate serial:       018CC3B7123216744DAA11C188A373ED7EF5
Authority key identifier: 9C:E9:47:57:AC:3F:70:B4:0F:36:93:07:D3:65:EB:C9:65:7B:AB:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nOlHV6w_cLQPNpMH02XryWV7q2k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/481269-dbdb-425e-9642-e1ea41c9a2e6/1/uu6nu25ktOuWrq_y7Lf3cnbTSkU.roa
Signing time:             Mon 01 Jan 2024 06:30:04 +0000
ROA not before:           Mon 01 Jan 2024 06:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2200
IP address blocks:        156.28.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/481269-dbdb-425e-9642-e1ea41c9a2e6/1/nOlHV6w_cLQPNpMH02XryWV7q2k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/481269-dbdb-425e-9642-e1ea41c9a2e6/1/nOlHV6w_cLQPNpMH02XryWV7q2k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nOlHV6w_cLQPNpMH02XryWV7q2k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 11:16:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:12:32:16:74:4d:aa:11:c1:88:a3:73:ed:7e:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ce94757ac3f70b40f369307d365ebc9657bab69
        Validity
            Not Before: Jan  1 06:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=baeea7bb6e64b4eb96aeaff2ecb7f77276d34a45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:c8:a3:35:9a:cb:1e:da:c5:ed:5f:7c:55:68:
                    34:f3:a4:6b:16:ee:e3:e1:7e:c0:6c:cd:f5:ed:39:
                    64:0a:39:be:ed:25:03:58:2d:76:bf:d4:e3:9e:52:
                    e0:08:2b:8a:c3:85:12:fe:f5:57:a9:82:47:c8:d8:
                    ea:58:85:b4:3f:41:e2:cd:85:59:24:d7:f0:a7:15:
                    60:5d:14:fa:ab:e5:ea:ee:25:77:b7:11:99:83:1d:
                    b1:84:1c:19:cc:ca:0c:12:6e:4e:32:2d:a5:57:aa:
                    2d:18:42:da:97:c0:19:81:a3:ef:dd:7e:41:ed:ad:
                    7e:75:0b:94:e3:b8:55:55:bb:3d:24:cb:7a:26:c5:
                    10:54:fc:d9:25:e2:62:e6:cd:fa:63:ea:b8:ba:ca:
                    dd:93:a8:8d:b2:94:38:91:a5:aa:e1:f6:af:fa:a7:
                    7b:ac:23:fd:22:5d:ac:60:05:5b:3c:3d:2a:f5:96:
                    00:66:84:ed:aa:57:9e:5e:99:72:37:74:8c:3e:52:
                    14:85:31:8f:3d:75:b9:1a:19:45:e5:fb:bb:b4:b2:
                    e6:13:4a:53:c7:46:4f:8e:e9:8a:ae:73:c2:fa:da:
                    fa:1b:1d:2d:0c:2b:89:07:17:3e:30:ca:58:dd:cf:
                    20:43:cc:af:4f:34:ca:40:90:5b:3c:93:4f:88:73:
                    41:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:EE:A7:BB:6E:64:B4:EB:96:AE:AF:F2:EC:B7:F7:72:76:D3:4A:45
            X509v3 Authority Key Identifier:
                keyid:9C:E9:47:57:AC:3F:70:B4:0F:36:93:07:D3:65:EB:C9:65:7B:AB:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nOlHV6w_cLQPNpMH02XryWV7q2k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/481269-dbdb-425e-9642-e1ea41c9a2e6/1/uu6nu25ktOuWrq_y7Lf3cnbTSkU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/481269-dbdb-425e-9642-e1ea41c9a2e6/1/nOlHV6w_cLQPNpMH02XryWV7q2k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.28.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         6a:b4:e5:23:2b:36:f7:63:27:e1:8a:8f:22:c7:81:82:86:2b:
         51:8f:70:81:b8:b5:02:fc:fc:4e:fc:2f:83:85:45:c1:61:cc:
         85:df:e5:ed:4b:20:82:d9:6c:0c:23:7f:7d:a3:e5:d8:9e:dd:
         38:41:18:47:69:87:15:a2:76:b2:69:d9:f7:03:e1:4d:e4:41:
         83:89:9d:b0:54:87:29:a1:3e:78:98:ad:8a:2d:28:81:84:a0:
         80:1d:b5:b9:14:21:04:f6:25:9e:d6:58:33:55:33:db:ed:98:
         80:4d:d7:3b:03:20:fc:2c:cc:e8:55:5d:f1:77:50:af:1d:b6:
         ee:97:5c:77:b9:50:a8:5f:da:66:48:c8:9d:bf:8b:a4:08:45:
         bb:59:4f:49:de:ba:10:09:8e:7a:b7:4a:df:3d:ff:6b:ca:07:
         5f:9b:2c:8b:73:b8:fc:78:0c:f6:e5:42:49:75:8d:b7:71:bd:
         b6:55:c5:51:7c:5b:df:ce:6a:a6:4c:8e:82:8b:88:69:21:26:
         da:c3:25:7a:29:60:02:4d:a1:34:85:14:fa:a2:dc:04:d9:6f:
         e8:32:88:af:11:b4:d6:57:b2:38:a6:64:1d:9d:af:9a:b2:16:
         25:60:00:e9:a0:8d:a0:ba:c3:e0:ca:2c:74:83:e5:18:ae:e0:
         ac:77:fc:cb
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzDtxIyFnRNqhHBiKNz7X71MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljZTk0NzU3YWMzZjcwYjQwZjM2OTMwN2QzNjVlYmM5NjU3
YmFiNjkwHhcNMjQwMTAxMDYzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWVlYTdiYjZlNjRiNGViOTZhZWFmZjJlY2I3Zjc3Mjc2ZDM0YTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwcijNZrLHtrF7V98VWg086RrFu7j
4X7AbM317TlkCjm+7SUDWC12v9TjnlLgCCuKw4US/vVXqYJHyNjqWIW0P0HizYVZ
JNfwpxVgXRT6q+Xq7iV3txGZgx2xhBwZzMoMEm5OMi2lV6otGELal8AZgaPv3X5B
7a1+dQuU47hVVbs9JMt6JsUQVPzZJeJi5s36Y+q4usrdk6iNspQ4kaWq4fav+qd7
rCP9Il2sYAVbPD0q9ZYAZoTtqleeXplyN3SMPlIUhTGPPXW5GhlF5fu7tLLmE0pT
x0ZPjumKrnPC+tr6Gx0tDCuJBxc+MMpY3c8gQ8yvTzTKQJBbPJNPiHNBewIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFLrup7tuZLTrlq6v8uy393J200pFMB8GA1UdIwQY
MBaAFJzpR1esP3C0DzaTB9Nl68lle6tpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbk9sSFY2d19jTFFQTnBNSDAyWHJ5V1Y3cTJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS80ODEyNjktZGJkYi00MjVlLTk2NDIt
ZTFlYTQxYzlhMmU2LzEvdXU2bnUyNWt0T3VXcnFfeTdMZjNjbmJUU2tVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS80ODEyNjktZGJkYi00MjVlLTk2NDItZTFlYTQxYzlhMmU2
LzEvbk9sSFY2d19jTFFQTnBNSDAyWHJ5V1Y3cTJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAnBwwDQYJ
KoZIhvcNAQELBQADggEBAGq05SMrNvdjJ+GKjyLHgYKGK1GPcIG4tQL8/E78L4OF
RcFhzIXf5e1LIILZbAwjf32j5die3ThBGEdphxWidrJp2fcD4U3kQYOJnbBUhymh
PniYrYotKIGEoIAdtbkUIQT2JZ7WWDNVM9vtmIBN1zsDIPwszOhVXfF3UK8dtu6X
XHe5UKhf2mZIyJ2/i6QIRbtZT0neuhAJjnq3St89/2vKB1+bLItzuPx4DPblQkl1
jbdxvbZVxVF8W9/OaqZMjoKLiGkhJtrDJXopYAJNoTSFFPqi3ATZb+gyiK8RtNZX
sjimZB2dr5qyFiVgAOmgjaC6w+DKLHSD5Riu4Kx3/Ms=
-----END CERTIFICATE-----