Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/uzjqgeIkSDIv2l0aY4cVREn3y_c.roa
File:                     uzjqgeIkSDIv2l0aY4cVREn3y_c.roa (raw, json)
Hash identifier:          2GlFHRGoqzueizD/BdGkrX2fb2LG6+CJdLbJIaFQ8js=
Subject key identifier:   BB:38:EA:81:E2:24:48:32:2F:DA:5D:1A:63:87:15:44:49:F7:CB:F7
Certificate issuer:       /CN=04cbe5b4623dab42f15a905002db7ce62e854f29
Certificate serial:       018CC6B8A30ADB5B1CF37F4C85059F6ED6F7
Authority key identifier: 04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/uzjqgeIkSDIv2l0aY4cVREn3y_c.roa
Signing time:             Mon 01 Jan 2024 20:30:38 +0000
ROA not before:           Mon 01 Jan 2024 20:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200935
IP address blocks:        212.113.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:a3:0a:db:5b:1c:f3:7f:4c:85:05:9f:6e:d6:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04cbe5b4623dab42f15a905002db7ce62e854f29
        Validity
            Not Before: Jan  1 20:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb38ea81e22448322fda5d1a6387154449f7cbf7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:0e:1a:f0:21:06:80:e6:81:b8:02:04:9b:44:
                    38:08:90:5f:93:14:31:63:29:1d:e7:f7:04:7f:51:
                    1c:1c:f7:8b:9b:5c:df:a3:65:cc:a0:fd:3e:05:5a:
                    d0:45:cd:17:dc:f7:aa:cf:51:32:5e:2f:98:34:87:
                    81:ee:b1:8a:41:29:d1:60:61:7f:69:5f:d6:c4:b2:
                    3e:d6:3e:da:92:7e:13:09:df:67:cf:ec:3f:2d:c1:
                    3a:0f:2c:7f:2a:01:8b:99:f2:03:61:d1:d3:6a:17:
                    af:0e:1b:76:4a:85:17:30:9e:0f:8c:3e:42:6f:43:
                    c6:c4:17:86:bc:db:16:4e:9b:e0:b4:03:0e:a3:da:
                    8c:73:2e:c1:84:af:69:e8:97:da:05:51:a3:0a:fe:
                    4d:f8:8c:b6:78:44:aa:77:34:cb:d4:7a:d4:18:aa:
                    51:d2:d0:39:55:eb:28:b9:dd:78:4b:5f:85:95:da:
                    33:f0:66:46:ac:3f:ae:8d:8f:9c:15:ba:53:ae:f4:
                    f2:95:6d:76:fb:4e:50:98:f7:34:e4:6a:4f:6a:f0:
                    27:66:db:db:34:07:98:4c:5e:41:72:e6:81:43:ba:
                    d2:9d:3f:24:13:01:39:6d:3b:9d:41:26:93:99:a5:
                    10:c3:20:68:8c:eb:c1:c8:3e:95:81:92:41:4d:35:
                    8a:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:38:EA:81:E2:24:48:32:2F:DA:5D:1A:63:87:15:44:49:F7:CB:F7
            X509v3 Authority Key Identifier:
                keyid:04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/uzjqgeIkSDIv2l0aY4cVREn3y_c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.113.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:97:f6:cb:e9:8b:d6:79:a8:d7:32:53:76:dc:b9:6d:d2:0f:
         09:20:d3:16:b6:d6:38:0d:8f:85:1a:c3:ec:77:28:18:f2:95:
         34:10:a7:36:7b:bc:2b:04:61:95:af:ca:b6:5c:f4:48:54:78:
         ca:41:89:eb:db:f3:f5:e0:d4:37:94:9e:02:05:42:48:76:30:
         da:97:ae:1e:93:9b:52:6f:f2:0f:f6:27:e7:65:81:0a:21:c4:
         4c:b1:23:66:15:39:57:bf:30:9d:9b:01:d3:7f:f2:ab:b8:72:
         53:4d:ad:8b:cd:9f:3d:0b:94:d7:cd:9c:78:14:83:a7:d5:90:
         e2:e7:00:86:de:ac:28:d9:83:ae:db:9b:e9:f4:3f:e7:3c:d9:
         c2:1e:90:1c:84:e5:6c:fb:0c:7e:2e:47:b4:60:07:7b:70:74:
         b8:07:4e:33:39:4c:14:75:dd:83:56:92:ca:76:29:91:92:42:
         5e:ca:94:29:55:04:00:6a:fc:bd:88:16:60:7d:04:d2:96:b3:
         d5:fe:5a:e4:0a:b6:62:89:06:cc:37:e3:1c:b0:42:bb:ed:94:
         a3:69:69:bc:43:54:ce:78:c5:17:ce:20:0c:67:8f:1c:d2:4b:
         9d:84:7e:2e:4a:5a:38:ff:96:0f:07:f8:2c:c5:c6:16:74:c8:
         d9:23:38:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuKMK21sc839MhQWfbtb3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0Y2JlNWI0NjIzZGFiNDJmMTVhOTA1MDAyZGI3Y2U2MmU4
NTRmMjkwHhcNMjQwMTAxMjAzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjM4ZWE4MWUyMjQ0ODMyMmZkYTVkMWE2Mzg3MTU0NDQ5ZjdjYmY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuQ4a8CEGgOaBuAIEm0Q4CJBfkxQx
Yykd5/cEf1EcHPeLm1zfo2XMoP0+BVrQRc0X3Peqz1EyXi+YNIeB7rGKQSnRYGF/
aV/WxLI+1j7akn4TCd9nz+w/LcE6Dyx/KgGLmfIDYdHTahevDht2SoUXMJ4PjD5C
b0PGxBeGvNsWTpvgtAMOo9qMcy7BhK9p6JfaBVGjCv5N+Iy2eESqdzTL1HrUGKpR
0tA5Vesoud14S1+Fldoz8GZGrD+ujY+cFbpTrvTylW12+05QmPc05GpPavAnZtvb
NAeYTF5BcuaBQ7rSnT8kEwE5bTudQSaTmaUQwyBojOvByD6VgZJBTTWKywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLs46oHiJEgyL9pdGmOHFURJ98v3MB8GA1UdIwQY
MBaAFATL5bRiPatC8VqQUALbfOYuhU8pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODct
MDU3ODE3YmE5ZmI3LzEvdXpqcWdlSWtTREl2MmwwYVk0Y1ZSRW4zeV9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODctMDU3ODE3YmE5ZmI3
LzEvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1HFuMA0G
CSqGSIb3DQEBCwUAA4IBAQA1l/bL6YvWeajXMlN23Llt0g8JINMWttY4DY+FGsPs
dygY8pU0EKc2e7wrBGGVr8q2XPRIVHjKQYnr2/P14NQ3lJ4CBUJIdjDal64ek5tS
b/IP9ifnZYEKIcRMsSNmFTlXvzCdmwHTf/KruHJTTa2LzZ89C5TXzZx4FIOn1ZDi
5wCG3qwo2YOu25vp9D/nPNnCHpAchOVs+wx+Lke0YAd7cHS4B04zOUwUdd2DVpLK
dimRkkJeypQpVQQAavy9iBZgfQTSlrPV/lrkCrZiiQbMN+McsEK77ZSjaWm8Q1TO
eMUXziAMZ48c0kudhH4uSlo4/5YPB/gsxcYWdMjZIzgq
-----END CERTIFICATE-----