Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/U7TTU1pXYyj4uAdbeqb--SA7sUQ.roa
File:                     U7TTU1pXYyj4uAdbeqb--SA7sUQ.roa (raw, json)
Hash identifier:          Y5HyhYWG2ZxSeCaVQ9oa32CAQ+Ff7ivYQUgXSJInj7w=
Subject key identifier:   53:B4:D3:53:5A:57:63:28:F8:B8:07:5B:7A:A6:FE:F9:20:3B:B1:44
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       018CC348DF9DA3B457FBB86C4BAB24E7A3CB
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/U7TTU1pXYyj4uAdbeqb--SA7sUQ.roa
Signing time:             Mon 01 Jan 2024 04:29:42 +0000
ROA not before:           Mon 01 Jan 2024 04:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200815
IP address blocks:        212.243.60.0/24 maxlen: 24
                          212.243.66.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:df:9d:a3:b4:57:fb:b8:6c:4b:ab:24:e7:a3:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 04:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53b4d3535a576328f8b8075b7aa6fef9203bb144
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:4a:b4:8d:94:4b:b5:f2:42:3b:18:78:eb:6a:
                    fa:c5:21:a3:22:7c:ef:b6:39:92:15:61:ba:53:c5:
                    7b:e6:fc:a4:1d:c0:11:25:ac:03:48:59:b1:94:d0:
                    86:c6:25:42:b4:00:60:39:06:1d:81:81:29:04:b3:
                    66:ce:3b:25:08:cb:78:9e:08:3d:2f:42:ee:48:9b:
                    8a:ed:ba:95:1a:b7:37:59:9c:16:01:76:e3:f8:ce:
                    a9:f6:04:09:6c:d7:1a:a1:eb:36:43:39:3d:66:ab:
                    ea:99:7f:c1:5d:00:2c:9f:26:20:d0:94:07:68:75:
                    10:12:0d:98:08:44:df:5d:bc:6e:5c:79:b6:23:d6:
                    2b:3e:31:00:41:ca:cc:15:7d:fb:7b:72:25:66:07:
                    10:02:fe:68:98:76:0a:9e:0b:7e:0d:65:4f:a8:da:
                    7e:32:ac:6b:de:d5:97:d4:64:c2:c2:fd:8f:15:50:
                    f2:60:31:68:13:96:aa:a7:3c:47:fb:50:33:a1:dc:
                    ce:85:74:27:9e:d7:0d:b1:2b:d8:47:fe:59:d8:65:
                    d9:7e:33:28:df:b5:d6:3d:12:49:ea:98:f4:cd:48:
                    41:8d:99:85:a6:4e:c6:21:b0:04:c3:80:bf:a9:31:
                    87:05:3a:ac:73:b8:ac:02:b7:c5:ca:ee:fa:8b:de:
                    8c:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:B4:D3:53:5A:57:63:28:F8:B8:07:5B:7A:A6:FE:F9:20:3B:B1:44
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/U7TTU1pXYyj4uAdbeqb--SA7sUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.243.60.0/24
                  212.243.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:e9:28:7b:09:2c:4b:45:77:5c:64:18:2a:be:38:ad:65:f5:
         7a:47:72:a1:74:dc:39:3f:55:a2:12:9c:45:e2:55:cb:d7:5f:
         7a:fb:76:0b:75:e3:c2:2a:08:16:27:36:8f:e6:42:dd:48:25:
         4c:52:1b:05:73:38:45:fe:c6:e5:6e:fc:87:7a:43:33:33:97:
         f4:74:39:ac:bc:97:35:4b:26:a1:30:2c:eb:c8:c5:99:6e:0b:
         90:e5:33:8a:d0:dd:1c:1a:80:ca:92:a3:89:a9:84:fe:f4:64:
         26:54:f6:ff:53:09:ce:06:34:ee:55:4c:c0:b6:73:0d:6f:d2:
         5c:df:1a:a4:62:29:ea:7d:69:e3:3c:7a:1a:69:57:ed:cd:9d:
         ad:a8:5b:a2:7e:2f:8a:e3:59:3c:ba:c8:22:92:83:44:72:99:
         b0:19:ea:57:88:cc:91:d5:54:80:ec:ff:b5:19:33:0f:dc:2c:
         1b:d1:43:08:2f:01:33:84:17:11:ac:fc:ee:35:3d:fc:69:4a:
         a3:81:57:73:3d:29:f5:1b:76:87:db:15:20:fd:5b:b8:16:a3:
         f8:ae:9e:29:f2:21:94:57:02:57:21:d2:87:73:db:9b:5d:a5:
         04:03:e7:f0:bc:91:19:b9:db:51:30:b2:13:d6:ac:d9:ae:a6:
         48:43:79:0d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSN+do7RX+7hsS6sk56PLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjQwMTAxMDQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2I0ZDM1MzVhNTc2MzI4ZjhiODA3NWI3YWE2ZmVmOTIwM2JiMTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiUq0jZRLtfJCOxh462r6xSGjInzv
tjmSFWG6U8V75vykHcARJawDSFmxlNCGxiVCtABgOQYdgYEpBLNmzjslCMt4ngg9
L0LuSJuK7bqVGrc3WZwWAXbj+M6p9gQJbNcaoes2Qzk9ZqvqmX/BXQAsnyYg0JQH
aHUQEg2YCETfXbxuXHm2I9YrPjEAQcrMFX37e3IlZgcQAv5omHYKngt+DWVPqNp+
Mqxr3tWX1GTCwv2PFVDyYDFoE5aqpzxH+1AzodzOhXQnntcNsSvYR/5Z2GXZfjMo
37XWPRJJ6pj0zUhBjZmFpk7GIbAEw4C/qTGHBTqsc7isArfFyu76i96MZwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFO001NaV2Mo+LgHW3qm/vkgO7FEMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvVTdUVFUxcFhZeWo0dUFkYmVxYi0tU0E3c1VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1PM8AwQA
1PNCMA0GCSqGSIb3DQEBCwUAA4IBAQCE6Sh7CSxLRXdcZBgqvjitZfV6R3KhdNw5
P1WiEpxF4lXL1196+3YLdePCKggWJzaP5kLdSCVMUhsFczhF/sblbvyHekMzM5f0
dDmsvJc1SyahMCzryMWZbguQ5TOK0N0cGoDKkqOJqYT+9GQmVPb/UwnOBjTuVUzA
tnMNb9Jc3xqkYinqfWnjPHoaaVftzZ2tqFuifi+K41k8usgikoNEcpmwGepXiMyR
1VSA7P+1GTMP3Cwb0UMILwEzhBcRrPzuNT38aUqjgVdzPSn1G3aH2xUg/Vu4FqP4
rp4p8iGUVwJXIdKHc9ubXaUEA+fwvJEZudtRMLIT1qzZrqZIQ3kN
-----END CERTIFICATE-----