Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/BR-UTKW_2jU0kBLwx3XuI91RxPY.roa
File:                     BR-UTKW_2jU0kBLwx3XuI91RxPY.roa (raw, json)
Hash identifier:          XviXr+WrftTK0Ygc0AoKj8cM0+el1tFVvlH8LEE/m2o=
Subject key identifier:   05:1F:94:4C:A5:BF:DA:35:34:90:12:F0:C7:75:EE:23:DD:51:C4:F6
Certificate issuer:       /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial:       01933EB0BCB5A06F5E7C9DA627D3D332F1FC
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/BR-UTKW_2jU0kBLwx3XuI91RxPY.roa
Signing time:             Mon 18 Nov 2024 09:53:10 +0000
ROA not before:           Mon 18 Nov 2024 09:53:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214080
IP address blocks:        84.232.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:3e:b0:bc:b5:a0:6f:5e:7c:9d:a6:27:d3:d3:32:f1:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
        Validity
            Not Before: Nov 18 09:53:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=051f944ca5bfda35349012f0c775ee23dd51c4f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:5e:14:20:59:11:28:07:9f:6a:2e:8d:8d:ce:
                    6a:0c:e6:c5:f9:75:c1:fe:d9:c0:3a:01:23:fc:94:
                    de:85:bd:9f:ee:e4:6f:05:33:aa:27:4c:7f:20:53:
                    1d:8e:e8:ee:99:d8:dc:27:5f:0d:71:43:88:73:08:
                    41:c9:46:23:95:8b:5f:5c:d6:8a:89:80:c4:4b:9e:
                    ab:f0:7f:da:14:70:00:ed:35:cc:fb:18:31:69:e8:
                    b1:c7:97:15:02:03:8d:04:37:07:ce:43:20:ba:f9:
                    ee:6c:13:05:86:de:b4:90:a1:93:04:f1:fa:48:d0:
                    16:c8:14:00:10:ff:84:e4:94:ca:ee:b5:d6:40:65:
                    38:58:b5:cd:35:fa:9b:4a:3f:33:ec:35:55:3e:31:
                    c9:f3:e8:e4:ff:90:85:4f:c7:9f:f3:c4:9f:40:5e:
                    aa:08:50:12:61:d3:26:96:50:fc:57:c1:8b:7f:c0:
                    aa:d8:dc:50:95:64:d9:a7:7a:8b:74:33:6f:76:0d:
                    b1:27:1f:2e:a7:4f:51:ea:b3:0c:93:7f:19:e8:5a:
                    ca:5a:2d:c6:de:e2:0a:d9:52:04:ef:8a:1a:b3:98:
                    9b:15:15:02:20:0f:67:8b:73:00:16:31:22:e8:a7:
                    60:b7:f4:01:db:8d:a7:17:cc:6d:3a:44:97:71:d2:
                    71:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:1F:94:4C:A5:BF:DA:35:34:90:12:F0:C7:75:EE:23:DD:51:C4:F6
            X509v3 Authority Key Identifier:
                keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/BR-UTKW_2jU0kBLwx3XuI91RxPY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.232.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:23:59:0f:90:e1:fe:59:4b:8e:7e:59:72:45:5c:4f:f0:a9:
         08:68:11:e2:ff:3e:93:58:ad:08:0b:ad:e9:dd:79:05:75:6c:
         b3:5f:06:35:b1:26:82:4d:5b:68:f7:a9:c7:f9:4d:4f:d2:5e:
         38:e2:d8:30:3c:d6:a7:89:f8:20:66:7f:d1:99:42:2d:9e:e9:
         fe:3e:aa:0d:c5:9e:e3:76:0d:b5:d5:bc:8d:d2:50:f8:09:79:
         9b:26:fe:d7:87:b0:af:b8:80:30:5e:04:1e:d4:73:7f:29:32:
         d1:74:86:2d:d1:3b:92:76:52:09:bd:a8:6e:75:15:c6:94:64:
         d8:21:f4:7b:a6:7c:51:96:38:5a:41:f1:ab:1a:7b:8b:85:2f:
         b5:b0:46:2d:b5:5a:42:63:0c:b1:07:a7:6c:7e:21:2b:43:68:
         04:b1:ac:d4:2a:f4:ca:3b:0d:2c:0a:bc:d3:1f:f7:f5:12:f8:
         dc:5d:43:65:d3:40:00:ea:04:56:4c:a8:0e:96:f3:75:e2:fb:
         a9:88:31:1b:42:13:e3:bd:43:70:29:21:2a:41:ac:b4:26:c9:
         7d:21:1a:0f:80:a0:17:dd:5e:2a:74:bd:20:b3:39:d7:61:f9:
         6e:83:8b:25:b3:fe:88:4f:c6:cc:66:1d:f1:0f:b2:de:53:73:
         9b:77:0d:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZM+sLy1oG9efJ2mJ9PTMvH8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjQxMTE4MDk1MzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTFmOTQ0Y2E1YmZkYTM1MzQ5MDEyZjBjNzc1ZWUyM2RkNTFjNGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2l4UIFkRKAefai6Njc5qDObF+XXB
/tnAOgEj/JTehb2f7uRvBTOqJ0x/IFMdjujumdjcJ18NcUOIcwhByUYjlYtfXNaK
iYDES56r8H/aFHAA7TXM+xgxaeixx5cVAgONBDcHzkMguvnubBMFht60kKGTBPH6
SNAWyBQAEP+E5JTK7rXWQGU4WLXNNfqbSj8z7DVVPjHJ8+jk/5CFT8ef88SfQF6q
CFASYdMmllD8V8GLf8Cq2NxQlWTZp3qLdDNvdg2xJx8up09R6rMMk38Z6FrKWi3G
3uIK2VIE74oas5ibFRUCIA9ni3MAFjEi6Kdgt/QB242nF8xtOkSXcdJxDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAUflEylv9o1NJAS8Md17iPdUcT2MB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEvQlItVVRLV18yalUwa0JMd3gzWHVJOTFSeFBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAtY2YwNmQxOTgzYmEx
LzEvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVOhHMA0G
CSqGSIb3DQEBCwUAA4IBAQATI1kPkOH+WUuOfllyRVxP8KkIaBHi/z6TWK0IC63p
3XkFdWyzXwY1sSaCTVto96nH+U1P0l444tgwPNanifggZn/RmUItnun+PqoNxZ7j
dg211byN0lD4CXmbJv7Xh7CvuIAwXgQe1HN/KTLRdIYt0TuSdlIJvahudRXGlGTY
IfR7pnxRljhaQfGrGnuLhS+1sEYttVpCYwyxB6dsfiErQ2gEsazUKvTKOw0sCrzT
H/f1EvjcXUNl00AA6gRWTKgOlvN14vupiDEbQhPjvUNwKSEqQay0Jsl9IRoPgKAX
3V4qdL0gsznXYflug4sls/6IT8bMZh3xD7LeU3Obdw0W
-----END CERTIFICATE-----