Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/Ui-Rat2MUK3NnEwNsRpH6RDEZio.roa
File:                     Ui-Rat2MUK3NnEwNsRpH6RDEZio.roa (raw, json)
Hash identifier:          uhvWQIQXKRycViH6j7reHHm0rqGCNBmBot9A5e3R3GI=
Subject key identifier:   52:2F:91:6A:DD:8C:50:AD:CD:9C:4C:0D:B1:1A:47:E9:10:C4:66:2A
Certificate issuer:       /CN=bfb097a36c2325d1031ff4091ba00a86459d4288
Certificate serial:       018CDAB4C18941BD9238CD2980BF17B9E819
Authority key identifier: BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/Ui-Rat2MUK3NnEwNsRpH6RDEZio.roa
Signing time:             Fri 05 Jan 2024 17:38:48 +0000
ROA not before:           Fri 05 Jan 2024 17:38:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     138190
IP address blocks:        82.144.171.0/24 maxlen: 24
                          2001:1aa1:22::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Sep 2024 01:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:da:b4:c1:89:41:bd:92:38:cd:29:80:bf:17:b9:e8:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfb097a36c2325d1031ff4091ba00a86459d4288
        Validity
            Not Before: Jan  5 17:38:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=522f916add8c50adcd9c4c0db11a47e910c4662a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:5b:69:1c:7c:6e:62:52:f8:fd:1d:f1:d7:23:
                    a4:9f:26:52:0d:2f:4c:c8:9b:80:29:60:dc:f4:31:
                    dd:9a:0d:d9:b0:96:e0:9d:7c:08:0a:c8:d2:85:46:
                    54:4e:6a:cc:6e:0e:58:01:e2:70:e4:d5:57:9e:a9:
                    f0:68:80:c4:f5:c7:56:f0:5a:3d:cb:7f:43:7d:c1:
                    c4:2d:f5:73:86:71:e9:93:ca:1c:d6:7a:c5:20:64:
                    2f:76:7b:77:13:5a:03:7c:9a:11:7b:40:62:77:fc:
                    83:4f:f3:09:46:e0:65:63:e6:89:98:1c:e9:d2:bd:
                    4c:8f:28:6b:f0:38:6b:c8:68:d2:36:e7:87:8f:e5:
                    a5:6c:bc:64:7e:f8:8f:49:47:a7:34:37:37:d5:d7:
                    45:74:a5:76:4e:fc:91:71:06:c8:9d:e4:0f:72:88:
                    b9:59:01:4a:b0:ce:d2:0b:9d:af:d8:5a:c9:7b:5c:
                    44:6e:58:b6:8a:8b:7f:84:d7:46:f2:de:f8:1f:79:
                    df:34:85:b5:89:12:b6:50:7f:63:ac:a0:20:c2:a2:
                    23:e6:33:5f:23:8f:db:4a:b3:b7:90:2b:cb:fa:65:
                    ad:38:40:e3:66:4b:e1:61:1b:9e:64:36:0e:02:20:
                    7b:5d:03:04:0f:71:df:88:0d:ea:59:6d:1b:09:0d:
                    c5:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:2F:91:6A:DD:8C:50:AD:CD:9C:4C:0D:B1:1A:47:E9:10:C4:66:2A
            X509v3 Authority Key Identifier:
                keyid:BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/Ui-Rat2MUK3NnEwNsRpH6RDEZio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.144.171.0/24
                IPv6:
                  2001:1aa1:22::/48

    Signature Algorithm: sha256WithRSAEncryption
         9f:f3:9b:0c:c0:f5:3d:3a:56:c7:6c:d5:73:fb:06:ee:4d:fc:
         11:ab:0b:13:6d:11:10:cd:ba:49:1b:3a:19:a8:2d:d3:f5:35:
         6f:26:48:95:ad:9a:1a:6b:59:9d:5e:5d:38:95:4d:0e:31:bd:
         cf:48:f2:21:04:1f:a6:d5:56:9a:b5:1e:5e:40:0c:a7:a2:ae:
         a4:76:ed:79:e5:c5:ac:af:0d:aa:6d:56:5a:ca:85:5c:72:57:
         02:90:eb:b7:ad:99:df:a9:c3:73:10:18:31:e7:b7:8a:c7:8f:
         b8:54:be:2c:95:fb:9f:38:23:dc:2f:d9:f4:5f:80:97:04:ce:
         73:4e:80:45:3e:4a:73:51:cb:f6:48:98:79:e6:18:ee:e0:8f:
         cc:f5:cc:c6:1f:15:87:0b:52:62:49:10:f3:ae:80:dd:6e:e8:
         69:ac:d1:53:bb:eb:1b:50:96:9a:94:fc:1b:b1:67:8f:68:01:
         97:2f:60:3b:e0:5f:c6:47:68:47:31:1c:ed:db:f8:ad:52:80:
         74:bf:8a:70:06:54:fd:e2:c6:86:7a:45:66:2c:d2:4c:dc:58:
         75:47:cd:fa:eb:10:4b:ec:52:8b:08:6c:cb:ba:59:01:cd:34:
         be:cb:b7:dc:6f:a7:cd:b7:c8:e3:cf:e8:a0:39:ee:36:b5:26:
         00:d0:cd:66
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzatMGJQb2SOM0pgL8XuegZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYjA5N2EzNmMyMzI1ZDEwMzFmZjQwOTFiYTAwYTg2NDU5
ZDQyODgwHhcNMjQwMTA1MTczODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjJmOTE2YWRkOGM1MGFkY2Q5YzRjMGRiMTFhNDdlOTEwYzQ2NjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiVtpHHxuYlL4/R3x1yOknyZSDS9M
yJuAKWDc9DHdmg3ZsJbgnXwICsjShUZUTmrMbg5YAeJw5NVXnqnwaIDE9cdW8Fo9
y39DfcHELfVzhnHpk8oc1nrFIGQvdnt3E1oDfJoRe0Bid/yDT/MJRuBlY+aJmBzp
0r1Mjyhr8DhryGjSNueHj+WlbLxkfviPSUenNDc31ddFdKV2TvyRcQbIneQPcoi5
WQFKsM7SC52v2FrJe1xEbli2iot/hNdG8t74H3nfNIW1iRK2UH9jrKAgwqIj5jNf
I4/bSrO3kCvL+mWtOEDjZkvhYRueZDYOAiB7XQMED3HfiA3qWW0bCQ3FMQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFIvkWrdjFCtzZxMDbEaR+kQxGYqMB8GA1UdIwQY
MBaAFL+wl6NsIyXRAx/0CRugCoZFnUKIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjdDWG8yd2pKZEVESF9RSkc2QUtoa1dkUW9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9mMmM1ZTgtOGQzNy00ODM4LWEzM2It
ZWNjNDliZGMyYWQ4LzEvVWktUmF0Mk1VSzNObkV3TnNScEg2UkRFWmlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9mMmM1ZTgtOGQzNy00ODM4LWEzM2ItZWNjNDliZGMyYWQ4
LzEvdjdDWG8yd2pKZEVESF9RSkc2QUtoa1dkUW9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAUpCrMA8E
AgACMAkDBwAgARqhACIwDQYJKoZIhvcNAQELBQADggEBAJ/zmwzA9T06Vsds1XP7
Bu5N/BGrCxNtERDNukkbOhmoLdP1NW8mSJWtmhprWZ1eXTiVTQ4xvc9I8iEEH6bV
Vpq1Hl5ADKeirqR27XnlxayvDaptVlrKhVxyVwKQ67etmd+pw3MQGDHnt4rHj7hU
viyV+584I9wv2fRfgJcEznNOgEU+SnNRy/ZImHnmGO7gj8z1zMYfFYcLUmJJEPOu
gN1u6Gms0VO76xtQlpqU/BuxZ49oAZcvYDvgX8ZHaEcxHO3b+K1SgHS/inAGVP3i
xoZ6RWYs0kzcWHVHzfrrEEvsUosIbMu6WQHNNL7Lt9xvp823yOPP6KA57ja1JgDQ
zWY=
-----END CERTIFICATE-----