Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/6105ad-8304-49f4-a0de-1c5bde2c14f4/1/uFuGAStrAdPn7-bMDNjp1KekKgg.roa
File:                     uFuGAStrAdPn7-bMDNjp1KekKgg.roa (raw, json)
Hash identifier:          bk79jwVz6HYp8m5B4+kwxJtCxhzHlbHFM8JJL8IraZE=
Subject key identifier:   B8:5B:86:01:2B:6B:01:D3:E7:EF:E6:CC:0C:D8:E9:D4:A7:A4:2A:08
Certificate issuer:       /CN=10d7038b83eb247fc65bdad0195b86246f8f3006
Certificate serial:       018CC5DBFEFB79A003A84E05603FC8665EB2
Authority key identifier: 10:D7:03:8B:83:EB:24:7F:C6:5B:DA:D0:19:5B:86:24:6F:8F:30:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ENcDi4PrJH_GW9rQGVuGJG-PMAY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/6105ad-8304-49f4-a0de-1c5bde2c14f4/1/uFuGAStrAdPn7-bMDNjp1KekKgg.roa
Signing time:             Mon 01 Jan 2024 16:29:38 +0000
ROA not before:           Mon 01 Jan 2024 16:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61424
IP address blocks:        185.115.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/6105ad-8304-49f4-a0de-1c5bde2c14f4/1/ENcDi4PrJH_GW9rQGVuGJG-PMAY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/6105ad-8304-49f4-a0de-1c5bde2c14f4/1/ENcDi4PrJH_GW9rQGVuGJG-PMAY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ENcDi4PrJH_GW9rQGVuGJG-PMAY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:fe:fb:79:a0:03:a8:4e:05:60:3f:c8:66:5e:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10d7038b83eb247fc65bdad0195b86246f8f3006
        Validity
            Not Before: Jan  1 16:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b85b86012b6b01d3e7efe6cc0cd8e9d4a7a42a08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:70:3e:81:4f:f2:3f:18:22:ca:cc:f4:e2:95:
                    c3:6a:03:87:20:d1:d4:19:f4:f0:1f:f2:94:6c:6c:
                    3e:a2:79:7e:d6:c5:00:e8:0c:20:81:da:86:d3:16:
                    58:d6:5d:3a:2d:d6:d3:96:36:e0:b4:c0:de:95:1f:
                    9e:bb:51:e3:4f:d3:c9:18:0c:61:85:fc:c6:d8:f6:
                    bb:0c:77:46:72:e4:80:15:65:17:5b:24:4c:68:f4:
                    97:a8:99:58:45:ec:51:a0:44:16:6d:d5:db:d5:45:
                    7e:20:04:5e:30:db:d7:79:40:75:80:f8:e3:2b:31:
                    5b:fa:ee:1c:20:ff:c3:d2:5e:d1:cf:b0:5b:ab:32:
                    48:83:f3:0d:67:f8:9b:5c:2d:50:af:37:36:d5:ef:
                    8b:0b:1c:65:28:30:36:b3:5c:c1:46:bb:7a:b4:ba:
                    2a:03:a5:7a:dc:9c:06:42:47:82:b7:85:b4:c3:fa:
                    dc:47:bd:39:8b:94:57:b5:b4:53:07:36:cb:40:c4:
                    22:26:ee:5d:7c:13:99:08:e7:a4:d2:91:d1:39:51:
                    5b:3c:45:4f:27:d5:2b:10:9f:52:d2:cf:48:36:87:
                    5c:5c:fb:bb:c5:d1:1a:c7:60:23:c3:20:75:a5:d4:
                    a6:37:f5:3c:a8:4f:1b:ab:77:5c:93:c8:49:32:ff:
                    07:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:5B:86:01:2B:6B:01:D3:E7:EF:E6:CC:0C:D8:E9:D4:A7:A4:2A:08
            X509v3 Authority Key Identifier:
                keyid:10:D7:03:8B:83:EB:24:7F:C6:5B:DA:D0:19:5B:86:24:6F:8F:30:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ENcDi4PrJH_GW9rQGVuGJG-PMAY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/6105ad-8304-49f4-a0de-1c5bde2c14f4/1/uFuGAStrAdPn7-bMDNjp1KekKgg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/6105ad-8304-49f4-a0de-1c5bde2c14f4/1/ENcDi4PrJH_GW9rQGVuGJG-PMAY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.115.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:01:9a:bc:65:96:fc:68:8a:1b:6a:9e:fc:0f:02:c2:d4:ed:
         66:96:fb:65:06:77:fc:21:34:a1:2f:76:58:1b:6c:82:c6:8e:
         a1:85:05:d1:d3:b7:c0:9f:4c:dd:7e:85:3e:58:a6:9d:cd:cd:
         23:70:78:d0:13:6d:18:3f:44:a7:c4:1a:df:84:95:9c:48:b2:
         15:44:16:7a:95:f2:af:0c:7c:f2:a9:18:5c:f1:06:a9:42:bb:
         9f:ed:a4:5b:30:9f:86:ec:bd:a8:e9:0e:29:48:23:88:6c:db:
         00:da:23:a1:74:9f:29:63:22:84:d2:bb:c5:36:a0:dc:d6:ec:
         0b:ff:bb:c4:cb:bf:91:f2:ac:5c:f8:7a:ad:98:7a:73:ec:a5:
         ad:06:eb:48:c4:4a:9d:94:d4:d3:de:eb:47:1e:b4:e2:3f:e8:
         57:b6:a9:03:64:7a:5b:5b:5e:30:7e:6c:ab:c1:0b:e2:1d:eb:
         21:bd:c6:a9:90:4d:43:65:0d:87:82:36:11:fc:0a:e6:34:24:
         5e:45:6a:be:f0:fc:98:46:28:ef:a4:cb:5f:3c:bf:98:cc:9c:
         bd:d0:e9:67:eb:e3:81:f5:66:9b:d7:30:00:90:37:0c:91:40:
         52:83:fc:1e:b9:2c:c6:a4:32:df:b0:f0:91:35:7d:55:1b:cb:
         8c:69:38:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2/77eaADqE4FYD/IZl6yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwZDcwMzhiODNlYjI0N2ZjNjViZGFkMDE5NWI4NjI0NmY4
ZjMwMDYwHhcNMjQwMTAxMTYyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODViODYwMTJiNmIwMWQzZTdlZmU2Y2MwY2Q4ZTlkNGE3YTQyYTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnHA+gU/yPxgiysz04pXDagOHINHU
GfTwH/KUbGw+onl+1sUA6AwggdqG0xZY1l06LdbTljbgtMDelR+eu1HjT9PJGAxh
hfzG2Pa7DHdGcuSAFWUXWyRMaPSXqJlYRexRoEQWbdXb1UV+IAReMNvXeUB1gPjj
KzFb+u4cIP/D0l7Rz7BbqzJIg/MNZ/ibXC1Qrzc21e+LCxxlKDA2s1zBRrt6tLoq
A6V63JwGQkeCt4W0w/rcR705i5RXtbRTBzbLQMQiJu5dfBOZCOek0pHROVFbPEVP
J9UrEJ9S0s9INodcXPu7xdEax2AjwyB1pdSmN/U8qE8bq3dck8hJMv8HUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLhbhgErawHT5+/mzAzY6dSnpCoIMB8GA1UdIwQY
MBaAFBDXA4uD6yR/xlva0BlbhiRvjzAGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRU5jRGk0UHJKSF9HVzlyUUdWdUdKRy1QTUFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny82MTA1YWQtODMwNC00OWY0LWEwZGUt
MWM1YmRlMmMxNGY0LzEvdUZ1R0FTdHJBZFBuNy1iTUROanAxS2VrS2dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny82MTA1YWQtODMwNC00OWY0LWEwZGUtMWM1YmRlMmMxNGY0
LzEvRU5jRGk0UHJKSF9HVzlyUUdWdUdKRy1QTUFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXONMA0G
CSqGSIb3DQEBCwUAA4IBAQB6AZq8ZZb8aIobap78DwLC1O1mlvtlBnf8ITShL3ZY
G2yCxo6hhQXR07fAn0zdfoU+WKadzc0jcHjQE20YP0SnxBrfhJWcSLIVRBZ6lfKv
DHzyqRhc8QapQruf7aRbMJ+G7L2o6Q4pSCOIbNsA2iOhdJ8pYyKE0rvFNqDc1uwL
/7vEy7+R8qxc+HqtmHpz7KWtButIxEqdlNTT3utHHrTiP+hXtqkDZHpbW14wfmyr
wQviHeshvcapkE1DZQ2HgjYR/ArmNCReRWq+8PyYRijvpMtfPL+YzJy90Oln6+OB
9Wab1zAAkDcMkUBSg/weuSzGpDLfsPCRNX1VG8uMaTgU
-----END CERTIFICATE-----