Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/47df00-8468-4c39-be95-e10a60596c26/1/Uk1R-rtw08p5xLmEPvlebcp5bkA.roa
File:                     Uk1R-rtw08p5xLmEPvlebcp5bkA.roa (raw, json)
Hash identifier:          IrnRidpvKx1Xa46ym1q3rIhb1GsbkHYIP1WCBTtQPQI=
Subject key identifier:   52:4D:51:FA:BB:70:D3:CA:79:C4:B9:84:3E:F9:5E:6D:CA:79:6E:40
Certificate issuer:       /CN=9891c4488699e6d024e39cc4d61eeeabd38010fa
Certificate serial:       018CC7935CB0E774525A055584291549F47F
Authority key identifier: 98:91:C4:48:86:99:E6:D0:24:E3:9C:C4:D6:1E:EE:AB:D3:80:10:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mJHESIaZ5tAk45zE1h7uq9OAEPo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/47df00-8468-4c39-be95-e10a60596c26/1/Uk1R-rtw08p5xLmEPvlebcp5bkA.roa
Signing time:             Tue 02 Jan 2024 00:29:32 +0000
ROA not before:           Tue 02 Jan 2024 00:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29588
IP address blocks:        2a00:f440:a::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/47df00-8468-4c39-be95-e10a60596c26/1/mJHESIaZ5tAk45zE1h7uq9OAEPo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/47df00-8468-4c39-be95-e10a60596c26/1/mJHESIaZ5tAk45zE1h7uq9OAEPo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mJHESIaZ5tAk45zE1h7uq9OAEPo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:5c:b0:e7:74:52:5a:05:55:84:29:15:49:f4:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9891c4488699e6d024e39cc4d61eeeabd38010fa
        Validity
            Not Before: Jan  2 00:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=524d51fabb70d3ca79c4b9843ef95e6dca796e40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d7:2f:e4:de:5f:16:83:6a:5c:ad:49:36:29:
                    2c:3e:08:d7:98:38:96:0d:e3:8b:90:d1:b2:26:f1:
                    40:9e:99:9b:c2:0f:56:60:41:00:54:01:cd:58:5b:
                    f2:0a:7e:db:70:16:bd:f7:7e:cd:fa:b5:36:28:d2:
                    24:f3:35:99:28:f3:54:24:97:11:23:33:dd:fe:cd:
                    d6:ae:43:8d:0f:52:a1:58:42:9e:00:52:11:77:81:
                    5e:60:b9:34:15:2b:f0:4d:6c:62:8f:8c:6d:63:8e:
                    c7:ff:bf:fc:4c:7f:06:5c:c5:0a:e1:40:d9:30:3c:
                    06:d9:9e:af:12:1a:26:ac:6f:59:62:ad:e1:fc:af:
                    8e:02:d1:a5:c2:b6:e3:06:1e:7c:a6:e9:cf:c0:4d:
                    53:ba:14:42:cc:4b:2b:7f:19:71:19:b0:91:bd:bb:
                    38:96:74:44:31:4a:8d:cd:52:93:e1:24:2d:c9:00:
                    e9:2c:95:9c:90:32:dc:0a:c6:8a:34:62:d5:78:14:
                    b9:de:19:fb:90:1b:60:8d:15:39:cf:6c:4f:a4:17:
                    4d:dc:80:cc:eb:78:69:7f:5d:9c:f9:33:3a:12:2c:
                    39:a4:3e:13:e8:51:cb:44:4b:da:06:f0:0f:78:ee:
                    d4:e6:29:26:cb:21:c0:16:de:d3:93:30:e0:24:9f:
                    b8:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:4D:51:FA:BB:70:D3:CA:79:C4:B9:84:3E:F9:5E:6D:CA:79:6E:40
            X509v3 Authority Key Identifier:
                keyid:98:91:C4:48:86:99:E6:D0:24:E3:9C:C4:D6:1E:EE:AB:D3:80:10:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mJHESIaZ5tAk45zE1h7uq9OAEPo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/47df00-8468-4c39-be95-e10a60596c26/1/Uk1R-rtw08p5xLmEPvlebcp5bkA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/47df00-8468-4c39-be95-e10a60596c26/1/mJHESIaZ5tAk45zE1h7uq9OAEPo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:f440:a::/48

    Signature Algorithm: sha256WithRSAEncryption
         60:98:b0:da:94:7f:3a:a8:a9:c0:e0:69:18:b2:1c:fb:48:5f:
         3e:2d:79:cf:58:a7:92:91:f3:31:96:7a:9a:17:34:a7:25:d2:
         48:e7:35:b9:ce:5c:e8:9a:dd:f7:75:47:96:e5:f0:5d:02:f5:
         09:3f:6d:51:20:f2:c9:cc:70:1a:d7:64:31:5e:9d:10:1d:d5:
         d6:50:9c:c7:ea:8d:32:95:5e:f2:cc:46:f7:a3:70:f4:ca:0e:
         2e:37:a5:a5:7f:d2:78:cb:3e:81:8c:fe:18:43:8e:13:af:1b:
         8d:b2:8b:6a:0f:a5:c5:77:d7:77:0f:a8:a1:99:c1:f1:35:11:
         be:6a:b4:52:d2:ed:58:38:99:29:56:d3:fd:14:44:55:4f:11:
         aa:8f:56:27:94:23:bb:ef:bd:a2:d4:25:77:a3:32:ef:c5:db:
         d3:a0:7f:7e:e0:42:04:04:fd:55:35:02:46:a9:32:40:24:9c:
         eb:d7:53:81:50:fc:82:58:14:90:4a:82:6d:48:75:6b:56:b7:
         b3:6d:94:85:91:b6:de:b7:57:64:ce:47:93:66:fa:8e:a3:be:
         25:0a:c5:3e:76:1c:28:2c:23:ea:29:c0:58:4d:68:a8:12:14:
         36:63:44:72:e6:9f:9b:72:ca:87:ad:ef:c5:9e:95:fe:94:42:
         68:69:6b:cc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHk1yw53RSWgVVhCkVSfR/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4OTFjNDQ4ODY5OWU2ZDAyNGUzOWNjNGQ2MWVlZWFiZDM4
MDEwZmEwHhcNMjQwMTAyMDAyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjRkNTFmYWJiNzBkM2NhNzljNGI5ODQzZWY5NWU2ZGNhNzk2ZTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9cv5N5fFoNqXK1JNiksPgjXmDiW
DeOLkNGyJvFAnpmbwg9WYEEAVAHNWFvyCn7bcBa9937N+rU2KNIk8zWZKPNUJJcR
IzPd/s3WrkOND1KhWEKeAFIRd4FeYLk0FSvwTWxij4xtY47H/7/8TH8GXMUK4UDZ
MDwG2Z6vEhomrG9ZYq3h/K+OAtGlwrbjBh58punPwE1TuhRCzEsrfxlxGbCRvbs4
lnREMUqNzVKT4SQtyQDpLJWckDLcCsaKNGLVeBS53hn7kBtgjRU5z2xPpBdN3IDM
63hpf12c+TM6Eiw5pD4T6FHLREvaBvAPeO7U5ikmyyHAFt7TkzDgJJ+4owIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFJNUfq7cNPKecS5hD75Xm3KeW5AMB8GA1UdIwQY
MBaAFJiRxEiGmebQJOOcxNYe7qvTgBD6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUpIRVNJYVo1dEFrNDV6RTFoN3VxOU9BRVBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80N2RmMDAtODQ2OC00YzM5LWJlOTUt
ZTEwYTYwNTk2YzI2LzEvVWsxUi1ydHcwOHA1eExtRVB2bGViY3A1YmtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80N2RmMDAtODQ2OC00YzM5LWJlOTUtZTEwYTYwNTk2YzI2
LzEvbUpIRVNJYVo1dEFrNDV6RTFoN3VxOU9BRVBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgD0QAAK
MA0GCSqGSIb3DQEBCwUAA4IBAQBgmLDalH86qKnA4GkYshz7SF8+LXnPWKeSkfMx
lnqaFzSnJdJI5zW5zlzomt33dUeW5fBdAvUJP21RIPLJzHAa12QxXp0QHdXWUJzH
6o0ylV7yzEb3o3D0yg4uN6Wlf9J4yz6BjP4YQ44TrxuNsotqD6XFd9d3D6ihmcHx
NRG+arRS0u1YOJkpVtP9FERVTxGqj1YnlCO7772i1CV3ozLvxdvToH9+4EIEBP1V
NQJGqTJAJJzr11OBUPyCWBSQSoJtSHVrVrezbZSFkbbet1dkzkeTZvqOo74lCsU+
dhwoLCPqKcBYTWioEhQ2Y0Ry5p+bcsqHre/FnpX+lEJoaWvM
-----END CERTIFICATE-----