Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/uHfUEqkCodLF34LZDzQsFEiN8yI.roa
File:                     uHfUEqkCodLF34LZDzQsFEiN8yI.roa (raw, json)
Hash identifier:          ZoSTY9TBok9V/rrcD8VdhUGAqxK68oROuu4q2O6V1iw=
Subject key identifier:   B8:77:D4:12:A9:02:A1:D2:C5:DF:82:D9:0F:34:2C:14:48:8D:F3:22
Certificate issuer:       /CN=347b487848fff63533d87c324ecc51c2c3ea2adb
Certificate serial:       01922E0D2F2CBE4138E45D9B624090B69632
Authority key identifier: 34:7B:48:78:48:FF:F6:35:33:D8:7C:32:4E:CC:51:C2:C3:EA:2A:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/uHfUEqkCodLF34LZDzQsFEiN8yI.roa
Signing time:             Thu 26 Sep 2024 11:17:48 +0000
ROA not before:           Thu 26 Sep 2024 11:17:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8796
IP address blocks:        45.153.8.0/23 maxlen: 24
                          91.217.160.0/24 maxlen: 24
                          193.227.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:2e:0d:2f:2c:be:41:38:e4:5d:9b:62:40:90:b6:96:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=347b487848fff63533d87c324ecc51c2c3ea2adb
        Validity
            Not Before: Sep 26 11:17:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b877d412a902a1d2c5df82d90f342c14488df322
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:bd:29:9f:e7:a7:69:75:10:ef:22:d8:d0:f8:
                    5e:27:0f:7f:4b:5d:dc:1f:f3:69:2f:49:1f:0f:ac:
                    af:3c:c7:a7:fa:ea:f5:f1:8f:23:35:08:f8:21:43:
                    8f:b8:2c:09:cf:13:3e:e1:f2:b3:9d:03:c8:4d:21:
                    59:67:e3:0a:b4:b9:46:dd:ec:ad:3c:90:82:3c:cc:
                    ef:90:b5:a3:f2:38:ef:ef:37:66:7a:6e:57:44:19:
                    2d:ac:73:1f:48:ef:97:59:be:2d:49:eb:5c:3e:0e:
                    98:46:c2:4b:77:d7:5a:cd:a5:ea:5b:98:bd:6e:c6:
                    4d:0d:35:85:04:f6:ee:63:d3:84:9b:61:0f:bd:6f:
                    e5:d4:2f:b6:17:ad:eb:29:15:8c:80:a1:dc:19:2d:
                    12:b4:18:23:71:d1:34:c6:ba:e2:80:ca:1e:77:8e:
                    f6:8e:d9:b6:6b:9b:e0:04:31:4e:77:d9:39:51:f9:
                    77:3a:80:10:1b:42:a7:87:24:81:68:a1:f6:6f:27:
                    7f:bc:b4:bc:ca:2d:0e:95:df:d3:96:02:c7:32:58:
                    2f:0e:f8:4d:18:d5:f9:45:b6:d6:a4:a8:2e:5b:29:
                    86:0f:51:24:59:2c:af:16:b2:51:92:d6:ed:bd:4f:
                    0d:bc:63:6d:81:bc:ed:5c:c9:b5:12:98:9c:86:45:
                    55:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:77:D4:12:A9:02:A1:D2:C5:DF:82:D9:0F:34:2C:14:48:8D:F3:22
            X509v3 Authority Key Identifier:
                keyid:34:7B:48:78:48:FF:F6:35:33:D8:7C:32:4E:CC:51:C2:C3:EA:2A:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/uHfUEqkCodLF34LZDzQsFEiN8yI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.8.0/23
                  91.217.160.0/24
                  193.227.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:42:35:a8:1f:85:c4:5a:54:8e:b4:ff:85:04:c0:ec:d5:9d:
         4f:25:5a:16:df:5a:cf:b2:c9:e8:21:a8:46:1b:83:43:c8:91:
         b7:fb:9d:2f:65:35:0c:82:73:6b:b0:2e:b4:4a:7e:80:19:f9:
         1b:2e:bd:1a:02:c8:a7:94:2b:4b:c7:0e:96:1c:92:8c:a5:ed:
         46:03:15:66:16:8f:f5:77:f1:fa:80:9f:f8:ac:b4:e7:43:f5:
         ad:af:67:d4:60:41:34:0f:d2:03:13:74:22:f5:34:e9:fc:dd:
         e6:0e:95:c3:fe:dd:d2:b8:f6:05:66:2a:ec:43:bf:bf:c5:8c:
         fa:bd:be:cd:9c:79:31:88:7d:6b:7e:ee:2f:c7:90:32:54:df:
         88:c4:86:95:de:c5:6d:69:9e:6c:a2:4c:76:e0:c1:f5:3c:7f:
         c3:99:7d:ec:49:f9:64:26:f1:c3:8b:32:65:c8:c2:1e:e1:1b:
         42:89:9e:3c:13:de:9f:11:d4:2d:36:b8:3e:9e:63:9d:a7:01:
         a5:73:a6:d7:31:05:2e:81:eb:e5:a6:15:71:2a:56:27:83:10:
         a9:52:55:09:06:3a:1a:1d:90:68:d2:32:71:95:fa:f2:52:ff:
         ef:b3:9c:19:17:f7:7c:55:e4:42:5a:19:84:b3:b5:9b:61:e0:
         89:ef:f4:7b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZIuDS8svkE45F2bYkCQtpYyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0N2I0ODc4NDhmZmY2MzUzM2Q4N2MzMjRlY2M1MWMyYzNl
YTJhZGIwHhcNMjQwOTI2MTExNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODc3ZDQxMmE5MDJhMWQyYzVkZjgyZDkwZjM0MmMxNDQ4OGRmMzIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArb0pn+enaXUQ7yLY0PheJw9/S13c
H/NpL0kfD6yvPMen+ur18Y8jNQj4IUOPuCwJzxM+4fKznQPITSFZZ+MKtLlG3eyt
PJCCPMzvkLWj8jjv7zdmem5XRBktrHMfSO+XWb4tSetcPg6YRsJLd9dazaXqW5i9
bsZNDTWFBPbuY9OEm2EPvW/l1C+2F63rKRWMgKHcGS0StBgjcdE0xrrigMoed472
jtm2a5vgBDFOd9k5Ufl3OoAQG0KnhySBaKH2byd/vLS8yi0Old/TlgLHMlgvDvhN
GNX5RbbWpKguWymGD1EkWSyvFrJRktbtvU8NvGNtgbztXMm1EpichkVVNQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLh31BKpAqHSxd+C2Q80LBRIjfMiMB8GA1UdIwQY
MBaAFDR7SHhI//Y1M9h8Mk7MUcLD6irbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkh0SWVFal85alV6Mkh3eVRzeFJ3c1BxS3RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9iYzcxMjItNGQxYi00NmE3LWFlY2It
MjMwYjNiNzJhMTc1LzEvdUhmVUVxa0NvZExGMzRMWkR6UXNGRWlOOHlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9iYzcxMjItNGQxYi00NmE3LWFlY2ItMjMwYjNiNzJhMTc1
LzEvTkh0SWVFal85alV6Mkh3eVRzeFJ3c1BxS3RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBLZkIAwQA
W9mgAwQAweN5MA0GCSqGSIb3DQEBCwUAA4IBAQAYQjWoH4XEWlSOtP+FBMDs1Z1P
JVoW31rPssnoIahGG4NDyJG3+50vZTUMgnNrsC60Sn6AGfkbLr0aAsinlCtLxw6W
HJKMpe1GAxVmFo/1d/H6gJ/4rLTnQ/Wtr2fUYEE0D9IDE3Qi9TTp/N3mDpXD/t3S
uPYFZirsQ7+/xYz6vb7NnHkxiH1rfu4vx5AyVN+IxIaV3sVtaZ5sokx24MH1PH/D
mX3sSflkJvHDizJlyMIe4RtCiZ48E96fEdQtNrg+nmOdpwGlc6bXMQUugevlphVx
KlYngxCpUlUJBjoaHZBo0jJxlfryUv/vs5wZF/d8VeRCWhmEs7WbYeCJ7/R7
-----END CERTIFICATE-----