Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/0uYAa8IVuEZTlBXf8Jmx-WiWL1k.roa
File:                     0uYAa8IVuEZTlBXf8Jmx-WiWL1k.roa (raw, json)
Hash identifier:          rauqwVsdNrcCdbb9bcX6zP1YDjK6kNxqxMBFHDpNr58=
Subject key identifier:   D2:E6:00:6B:C2:15:B8:46:53:94:15:DF:F0:99:B1:F9:68:96:2F:59
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       018DECA3694826D54E1F741315807DD0EC5B
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/0uYAa8IVuEZTlBXf8Jmx-WiWL1k.roa
Signing time:             Tue 27 Feb 2024 22:15:48 +0000
ROA not before:           Tue 27 Feb 2024 22:15:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207686
IP address blocks:        212.14.92.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ec:a3:69:48:26:d5:4e:1f:74:13:15:80:7d:d0:ec:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Feb 27 22:15:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d2e6006bc215b846539415dff099b1f968962f59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:74:60:54:29:74:21:5e:a9:48:9d:9e:cd:35:
                    6d:73:57:1c:cf:cf:1b:21:3d:3b:cd:58:f5:7d:a8:
                    2d:cd:66:46:c0:af:9a:29:a9:7f:a6:47:a1:03:b1:
                    68:47:6b:0f:a1:0e:63:01:7a:bb:76:ee:92:87:55:
                    6f:69:79:72:37:16:3c:71:d1:39:de:92:4f:ce:c2:
                    e3:8d:07:4e:9f:e2:2c:b3:1d:c4:e6:b0:6e:4d:8f:
                    af:7d:a4:46:4a:39:ce:0d:1f:7a:51:ee:1e:2f:e0:
                    1d:88:03:bd:70:01:66:5c:41:a8:4c:bc:46:ea:1a:
                    e8:ce:95:29:8b:68:63:6a:34:3d:06:8c:60:ef:13:
                    74:58:00:bb:81:6f:a0:35:ed:3b:1f:65:66:71:59:
                    6b:be:4f:f1:0b:b9:b5:5b:35:7e:b6:3e:a3:76:48:
                    83:7b:10:6d:29:5d:6d:84:51:d1:a2:d6:a7:07:90:
                    5f:85:86:80:71:5d:32:65:80:d8:5a:45:db:b0:0a:
                    78:3c:89:d1:63:5c:f3:44:af:5d:df:ab:01:3b:02:
                    f6:31:15:23:30:7b:b6:7b:66:41:e3:70:08:6b:47:
                    20:32:65:59:35:de:93:8f:14:54:65:fb:f1:6d:d9:
                    31:f2:f8:11:63:a0:77:a2:79:73:d7:12:fe:81:eb:
                    de:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:E6:00:6B:C2:15:B8:46:53:94:15:DF:F0:99:B1:F9:68:96:2F:59
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/0uYAa8IVuEZTlBXf8Jmx-WiWL1k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.14.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:2e:03:3b:bb:bc:2c:88:49:3b:8f:8a:73:b3:85:4b:a8:ad:
         a5:6c:ff:b7:32:72:8c:10:9b:c1:7f:22:9e:68:e5:af:a2:f6:
         29:86:f8:11:ca:42:4d:59:cc:e7:31:53:8d:b0:9d:73:46:fd:
         5b:e4:6d:6d:f5:0f:9e:eb:2f:7c:44:06:5c:c5:db:e2:fe:b1:
         0f:f3:95:07:c8:fd:40:8a:ed:c3:04:41:9d:a8:92:71:fe:89:
         48:10:f6:f9:fc:f7:47:4c:55:a0:7e:c0:8a:08:a3:73:c2:ab:
         6a:c8:a3:98:6b:54:00:8b:74:9b:a2:5f:18:d0:7b:a8:4f:f4:
         3a:f7:63:22:ec:d8:01:31:ee:91:ab:9f:c0:a2:5c:39:8c:94:
         ee:92:6c:5d:79:e1:52:07:60:61:2c:4c:84:bc:72:8e:21:69:
         63:67:64:11:be:be:7d:96:e6:1b:1f:cd:d1:1d:7b:76:a4:59:
         02:fe:ca:83:f6:eb:62:68:bb:9f:6f:66:e5:93:68:23:b8:00:
         73:a8:f2:e6:04:dc:47:87:64:26:69:17:ea:29:6b:78:c4:a5:
         39:01:e1:7c:73:3e:6e:17:81:8e:4a:74:c3:15:9b:47:c1:ff:
         c6:5f:53:41:6b:97:f1:9d:17:27:5f:bd:05:9b:cb:0e:cb:c7:
         9b:f9:35:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3so2lIJtVOH3QTFYB90OxbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjQwMjI3MjIxNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmU2MDA2YmMyMTViODQ2NTM5NDE1ZGZmMDk5YjFmOTY4OTYyZjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjnRgVCl0IV6pSJ2ezTVtc1ccz88b
IT07zVj1fagtzWZGwK+aKal/pkehA7FoR2sPoQ5jAXq7du6Sh1VvaXlyNxY8cdE5
3pJPzsLjjQdOn+Issx3E5rBuTY+vfaRGSjnODR96Ue4eL+AdiAO9cAFmXEGoTLxG
6hrozpUpi2hjajQ9Boxg7xN0WAC7gW+gNe07H2VmcVlrvk/xC7m1WzV+tj6jdkiD
exBtKV1thFHRotanB5BfhYaAcV0yZYDYWkXbsAp4PInRY1zzRK9d36sBOwL2MRUj
MHu2e2ZB43AIa0cgMmVZNd6TjxRUZfvxbdkx8vgRY6B3onlz1xL+geve1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNLmAGvCFbhGU5QV3/CZsfloli9ZMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvMHVZQWE4SVZ1RVpUbEJYZjhKbXgtV2lXTDFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1A5cMA0G
CSqGSIb3DQEBCwUAA4IBAQCsLgM7u7wsiEk7j4pzs4VLqK2lbP+3MnKMEJvBfyKe
aOWvovYphvgRykJNWcznMVONsJ1zRv1b5G1t9Q+e6y98RAZcxdvi/rEP85UHyP1A
iu3DBEGdqJJx/olIEPb5/PdHTFWgfsCKCKNzwqtqyKOYa1QAi3Sbol8Y0HuoT/Q6
92Mi7NgBMe6Rq5/Aolw5jJTukmxdeeFSB2BhLEyEvHKOIWljZ2QRvr59luYbH83R
HXt2pFkC/sqD9utiaLufb2blk2gjuABzqPLmBNxHh2QmaRfqKWt4xKU5AeF8cz5u
F4GOSnTDFZtHwf/GX1NBa5fxnRcnX70Fm8sOy8eb+TWr
-----END CERTIFICATE-----