Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/797e65-3da0-4d6e-b695-346bd973c843/1/uBMgyeBq4eWizAaq4bdAP3_dH34.roa
File:                     uBMgyeBq4eWizAaq4bdAP3_dH34.roa (raw, json)
Hash identifier:          TRSRdL7+DbGkWukQCCTkA89tAT7UjPSUEeJTx2CcngU=
Subject key identifier:   B8:13:20:C9:E0:6A:E1:E5:A2:CC:06:AA:E1:B7:40:3F:7F:DD:1F:7E
Certificate issuer:       /CN=d89f16f5749243378f814c94b24034d74b3927df
Certificate serial:       01932119A8F29B6A3487BF742EA25845EFA2
Authority key identifier: D8:9F:16:F5:74:92:43:37:8F:81:4C:94:B2:40:34:D7:4B:39:27:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2J8W9XSSQzePgUyUskA010s5J98.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/797e65-3da0-4d6e-b695-346bd973c843/1/uBMgyeBq4eWizAaq4bdAP3_dH34.roa
Signing time:             Tue 12 Nov 2024 15:59:09 +0000
ROA not before:           Tue 12 Nov 2024 15:59:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215915
IP address blocks:        117.18.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/797e65-3da0-4d6e-b695-346bd973c843/1/2J8W9XSSQzePgUyUskA010s5J98.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/797e65-3da0-4d6e-b695-346bd973c843/1/2J8W9XSSQzePgUyUskA010s5J98.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2J8W9XSSQzePgUyUskA010s5J98.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:21:19:a8:f2:9b:6a:34:87:bf:74:2e:a2:58:45:ef:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d89f16f5749243378f814c94b24034d74b3927df
        Validity
            Not Before: Nov 12 15:59:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b81320c9e06ae1e5a2cc06aae1b7403f7fdd1f7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:35:8c:91:e1:91:60:12:d1:ba:fa:33:f3:d8:
                    e4:81:f5:02:88:f4:5e:31:39:e1:06:ff:79:2c:4a:
                    d7:af:11:97:22:d8:7a:73:1f:41:3b:eb:65:03:30:
                    d9:08:43:3b:07:5b:2e:d3:35:e8:1d:62:68:14:aa:
                    2a:24:f9:24:39:f5:14:5c:87:5d:d9:ac:6e:33:33:
                    12:d5:f9:7e:b5:8c:c7:4b:27:20:b4:42:9a:eb:e8:
                    25:62:97:e8:dd:00:06:fc:f7:c3:12:ef:c2:71:c4:
                    c7:59:02:60:21:2c:dd:d0:77:a6:26:34:8b:bd:b0:
                    ac:ce:55:9c:d8:15:a2:31:5d:96:dd:58:51:41:6e:
                    ef:12:3f:85:8c:20:5f:41:6e:05:df:75:db:5b:da:
                    81:bd:0e:a7:3e:ff:a5:a5:f9:3c:99:c1:7a:c4:2a:
                    57:29:76:8e:2e:5b:4e:1a:45:22:51:90:c7:1d:6f:
                    68:28:84:dd:30:ab:95:3f:fe:02:64:4d:b2:18:60:
                    49:3b:55:14:74:d3:8b:6c:96:ff:b6:bf:21:4b:0a:
                    8b:db:44:77:5a:6e:b8:f5:30:c1:ea:ab:bf:0f:16:
                    bc:73:75:bb:10:30:1c:42:b4:e4:ef:20:dd:c0:b4:
                    2e:63:64:5d:5b:66:6f:2c:48:8a:99:91:d0:59:19:
                    dc:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:13:20:C9:E0:6A:E1:E5:A2:CC:06:AA:E1:B7:40:3F:7F:DD:1F:7E
            X509v3 Authority Key Identifier:
                keyid:D8:9F:16:F5:74:92:43:37:8F:81:4C:94:B2:40:34:D7:4B:39:27:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2J8W9XSSQzePgUyUskA010s5J98.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/797e65-3da0-4d6e-b695-346bd973c843/1/uBMgyeBq4eWizAaq4bdAP3_dH34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/797e65-3da0-4d6e-b695-346bd973c843/1/2J8W9XSSQzePgUyUskA010s5J98.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  117.18.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:3e:61:58:d2:f6:8a:f5:4e:83:38:a6:94:ce:72:54:46:b0:
         78:f6:61:bc:6c:59:1c:2d:39:62:21:bf:51:92:08:24:44:de:
         09:d9:e3:07:08:c7:4f:76:d5:13:a5:ba:3a:4c:7d:35:19:31:
         03:78:56:df:2e:d7:f4:8e:98:20:cc:5c:d1:b9:1c:4d:02:4a:
         17:9e:e3:9b:d5:36:9d:bf:dc:9c:48:40:28:45:9b:d9:78:11:
         f6:df:53:06:3e:36:dc:be:21:c8:ca:9e:60:3f:5f:55:30:56:
         69:cc:3c:29:2a:e8:47:8a:3c:92:e4:7a:34:35:84:06:01:2b:
         e3:95:d0:03:3b:e2:86:71:e7:8c:14:5c:c1:a8:b5:70:dd:92:
         37:e2:27:12:c3:37:93:59:0b:47:79:22:06:bd:4b:8c:d6:86:
         06:61:55:c2:2b:fb:c6:ee:ed:29:7b:95:8c:57:2b:c0:2d:a7:
         fb:50:94:18:53:f4:f3:12:b5:a4:3b:f2:e8:71:9f:e6:f4:f7:
         28:0c:f3:5b:7a:ae:d5:60:e5:55:30:9d:ba:31:ab:d9:95:6d:
         4f:70:6a:d6:0f:7e:46:e5:10:ee:af:31:56:5f:d4:e1:85:d7:
         39:14:fa:27:f5:bb:28:e8:9f:99:f9:ef:da:40:b8:a7:b9:6c:
         46:8a:e8:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMhGajym2o0h790LqJYRe+iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4OWYxNmY1NzQ5MjQzMzc4ZjgxNGM5NGIyNDAzNGQ3NGIz
OTI3ZGYwHhcNMjQxMTEyMTU1OTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODEzMjBjOWUwNmFlMWU1YTJjYzA2YWFlMWI3NDAzZjdmZGQxZjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzWMkeGRYBLRuvoz89jkgfUCiPRe
MTnhBv95LErXrxGXIth6cx9BO+tlAzDZCEM7B1su0zXoHWJoFKoqJPkkOfUUXIdd
2axuMzMS1fl+tYzHSycgtEKa6+glYpfo3QAG/PfDEu/CccTHWQJgISzd0HemJjSL
vbCszlWc2BWiMV2W3VhRQW7vEj+FjCBfQW4F33XbW9qBvQ6nPv+lpfk8mcF6xCpX
KXaOLltOGkUiUZDHHW9oKITdMKuVP/4CZE2yGGBJO1UUdNOLbJb/tr8hSwqL20R3
Wm649TDB6qu/Dxa8c3W7EDAcQrTk7yDdwLQuY2RdW2ZvLEiKmZHQWRncnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLgTIMngauHloswGquG3QD9/3R9+MB8GA1UdIwQY
MBaAFNifFvV0kkM3j4FMlLJANNdLOSffMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMko4VzlYU1NRemVQZ1V5VXNrQTAxMHM1Sjk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi83OTdlNjUtM2RhMC00ZDZlLWI2OTUt
MzQ2YmQ5NzNjODQzLzEvdUJNZ3llQnE0ZVdpekFhcTRiZEFQM19kSDM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi83OTdlNjUtM2RhMC00ZDZlLWI2OTUtMzQ2YmQ5NzNjODQz
LzEvMko4VzlYU1NRemVQZ1V5VXNrQTAxMHM1Sjk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAdRJmMA0G
CSqGSIb3DQEBCwUAA4IBAQCePmFY0vaK9U6DOKaUznJURrB49mG8bFkcLTliIb9R
kggkRN4J2eMHCMdPdtUTpbo6TH01GTEDeFbfLtf0jpggzFzRuRxNAkoXnuOb1Tad
v9ycSEAoRZvZeBH231MGPjbcviHIyp5gP19VMFZpzDwpKuhHijyS5Ho0NYQGASvj
ldADO+KGceeMFFzBqLVw3ZI34icSwzeTWQtHeSIGvUuM1oYGYVXCK/vG7u0pe5WM
VyvALaf7UJQYU/TzErWkO/LocZ/m9PcoDPNbeq7VYOVVMJ26MavZlW1PcGrWD35G
5RDurzFWX9Thhdc5FPon9bso6J+Z+e/aQLinuWxGiugx
-----END CERTIFICATE-----