Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/uH9YCi3E1qGdyuQHk6BJ1T1SIHI.roa
File:                     uH9YCi3E1qGdyuQHk6BJ1T1SIHI.roa (raw, json)
Hash identifier:          bZayB46+gOeDrr9dF8fkoLZu8NDJ3a2uIHPPj01DbW8=
Subject key identifier:   B8:7F:58:0A:2D:C4:D6:A1:9D:CA:E4:07:93:A0:49:D5:3D:52:20:72
Certificate issuer:       /CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
Certificate serial:       018CC8DF33CD7E567E686F7DC030707A0641
Authority key identifier: 21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/uH9YCi3E1qGdyuQHk6BJ1T1SIHI.roa
Signing time:             Tue 02 Jan 2024 06:32:00 +0000
ROA not before:           Tue 02 Jan 2024 06:32:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207591
IP address blocks:        147.234.79.0/24 maxlen: 24
                          147.234.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:33:cd:7e:56:7e:68:6f:7d:c0:30:70:7a:06:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
        Validity
            Not Before: Jan  2 06:32:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b87f580a2dc4d6a19dcae40793a049d53d522072
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:e4:ef:f9:26:e1:d9:47:2b:02:2b:7e:34:42:
                    b5:49:74:33:64:2b:af:b2:5c:34:e5:fe:22:f8:88:
                    ca:11:16:83:e3:fa:f2:0d:9b:8f:9e:10:51:c4:65:
                    e2:ca:6c:fb:21:6c:e9:33:bc:e5:25:7d:15:48:d4:
                    f4:52:57:4c:f3:28:e3:db:bf:d3:78:b7:a6:e0:a7:
                    24:0d:b7:3d:cf:50:08:b0:af:bc:e7:cd:16:48:e6:
                    03:a7:63:07:f2:2c:a3:b0:62:d2:6e:f4:15:6d:7c:
                    e3:4c:5a:4c:6e:b0:af:3d:a6:37:06:50:29:47:20:
                    b7:67:12:c1:d5:d7:0d:3a:e4:a3:33:4b:e8:ac:64:
                    38:db:06:e1:4e:9d:4d:22:28:4c:95:69:98:d8:40:
                    a6:d6:de:6d:2a:9f:78:6c:8b:2e:fd:47:7d:87:9f:
                    fb:13:6a:fc:c6:ff:a9:f0:cc:a0:c2:f5:aa:bb:50:
                    dd:99:06:e3:9b:58:0c:41:43:a9:a7:9a:6e:de:c0:
                    d2:89:d6:f2:8c:18:0f:93:88:79:53:71:c7:00:2e:
                    ab:8e:7c:cc:a3:e4:3a:17:c0:8b:14:9c:70:5f:85:
                    17:67:3c:14:ff:29:88:4a:38:29:5d:97:a0:7a:8f:
                    a8:c0:5c:11:04:2a:8e:f5:d0:59:35:8f:57:e6:e4:
                    0b:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:7F:58:0A:2D:C4:D6:A1:9D:CA:E4:07:93:A0:49:D5:3D:52:20:72
            X509v3 Authority Key Identifier:
                keyid:21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/uH9YCi3E1qGdyuQHk6BJ1T1SIHI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.234.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b8:28:ab:12:c3:cc:58:cd:0d:cb:86:4e:99:c0:9d:16:62:52:
         62:6f:d6:0d:2c:92:e2:ad:36:df:0f:f5:e4:1d:cc:5c:e6:5e:
         a8:04:68:7f:5e:66:ff:1e:2d:8a:ea:5b:c3:94:22:88:00:33:
         7e:7e:c4:82:16:9d:ed:82:30:9d:93:55:4f:9a:f6:37:d0:c6:
         16:dc:df:79:e0:34:93:cf:4e:a0:53:91:b0:7d:36:6c:af:8f:
         99:30:ed:8c:28:e7:0e:6b:f5:a3:58:40:75:45:d9:6d:02:95:
         ac:d4:42:53:b9:f6:ef:01:38:4c:4f:04:2b:ca:ff:41:e2:61:
         a6:15:fa:81:da:d9:c7:7b:32:86:fe:b7:8b:7d:74:46:9c:5d:
         60:03:de:a2:86:d1:8f:b8:78:09:6b:35:73:9d:6a:27:a5:21:
         e9:d6:b3:18:13:d8:fb:18:d4:60:64:2f:32:78:d9:87:ed:e0:
         4b:e0:1d:7e:42:c1:6d:c5:96:43:e5:d1:34:6a:f0:c4:7f:a9:
         57:63:9e:93:47:3e:4b:54:75:8f:2e:86:62:f0:ac:93:c9:86:
         46:aa:96:4c:ce:8c:c3:35:8b:41:9c:f2:e7:7a:4a:57:02:5e:
         72:c7:76:cf:35:c1:ec:10:b7:a0:03:6c:bf:af:af:a3:31:22:
         93:71:19:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3zPNflZ+aG99wDBwegZBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYmFkNzRlN2Y2YzA5NDlhMjczNmE1NzQ3ODQ5NmQ3ZDhi
NDUwZTYwHhcNMjQwMTAyMDYzMjAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODdmNTgwYTJkYzRkNmExOWRjYWU0MDc5M2EwNDlkNTNkNTIyMDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkOTv+Sbh2UcrAit+NEK1SXQzZCuv
slw05f4i+IjKERaD4/ryDZuPnhBRxGXiymz7IWzpM7zlJX0VSNT0UldM8yjj27/T
eLem4KckDbc9z1AIsK+8580WSOYDp2MH8iyjsGLSbvQVbXzjTFpMbrCvPaY3BlAp
RyC3ZxLB1dcNOuSjM0vorGQ42wbhTp1NIihMlWmY2ECm1t5tKp94bIsu/Ud9h5/7
E2r8xv+p8MygwvWqu1DdmQbjm1gMQUOpp5pu3sDSidbyjBgPk4h5U3HHAC6rjnzM
o+Q6F8CLFJxwX4UXZzwU/ymISjgpXZegeo+owFwRBCqO9dBZNY9X5uQLUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLh/WAotxNahncrkB5OgSdU9UiByMB8GA1UdIwQY
MBaAFCG6105/bAlJonNqV0eEltfYtFDmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQt
NDQzMzIyOWE4NDczLzEvdUg5WUNpM0UxcUdkeXVRSGs2QkoxVDFTSUhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQtNDQzMzIyOWE4NDcz
LzEvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBk+pOMA0G
CSqGSIb3DQEBCwUAA4IBAQC4KKsSw8xYzQ3Lhk6ZwJ0WYlJib9YNLJLirTbfD/Xk
Hcxc5l6oBGh/Xmb/Hi2K6lvDlCKIADN+fsSCFp3tgjCdk1VPmvY30MYW3N954DST
z06gU5GwfTZsr4+ZMO2MKOcOa/WjWEB1RdltApWs1EJTufbvAThMTwQryv9B4mGm
FfqB2tnHezKG/reLfXRGnF1gA96ihtGPuHgJazVznWonpSHp1rMYE9j7GNRgZC8y
eNmH7eBL4B1+QsFtxZZD5dE0avDEf6lXY56TRz5LVHWPLoZi8KyTyYZGqpZMzozD
NYtBnPLnekpXAl5yx3bPNcHsELegA2y/r6+jMSKTcRkY
-----END CERTIFICATE-----