Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/8595c8-4834-4d54-a391-312e5b491146/1/uAI21lfy0TJ04fPDISMaFmK_76s.roa
File:                     uAI21lfy0TJ04fPDISMaFmK_76s.roa (raw, json)
Hash identifier:          NDFFr4hYBIz30UB56T0MWcOqvIfZWaAwfSA03XuAouc=
Subject key identifier:   B8:02:36:D6:57:F2:D1:32:74:E1:F3:C3:21:23:1A:16:62:BF:EF:AB
Certificate issuer:       /CN=a186a76a1899dbf9029e1aefd905177bb09d368d
Certificate serial:       018CC56E57D53CB0FB30902D8551EBEDD2A9
Authority key identifier: A1:86:A7:6A:18:99:DB:F9:02:9E:1A:EF:D9:05:17:7B:B0:9D:36:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oYanahiZ2_kCnhrv2QUXe7CdNo0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/8595c8-4834-4d54-a391-312e5b491146/1/uAI21lfy0TJ04fPDISMaFmK_76s.roa
Signing time:             Mon 01 Jan 2024 14:29:52 +0000
ROA not before:           Mon 01 Jan 2024 14:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6730
IP address blocks:        193.5.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/8595c8-4834-4d54-a391-312e5b491146/1/oYanahiZ2_kCnhrv2QUXe7CdNo0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/8595c8-4834-4d54-a391-312e5b491146/1/oYanahiZ2_kCnhrv2QUXe7CdNo0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oYanahiZ2_kCnhrv2QUXe7CdNo0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:57:d5:3c:b0:fb:30:90:2d:85:51:eb:ed:d2:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a186a76a1899dbf9029e1aefd905177bb09d368d
        Validity
            Not Before: Jan  1 14:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b80236d657f2d13274e1f3c321231a1662bfefab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:77:cd:6d:e2:cd:04:63:71:51:72:e2:40:ec:
                    1a:02:e4:66:d5:12:42:47:01:c8:40:a3:3a:e4:16:
                    b9:90:bc:86:af:63:9e:5d:8d:8e:d5:4d:59:11:f8:
                    61:a4:4f:d6:9e:ad:14:4d:a1:0b:90:76:7a:71:92:
                    98:85:bf:eb:70:d6:df:8b:48:87:a8:79:97:5f:c7:
                    68:df:68:fa:36:29:19:ac:9d:fb:3f:53:61:04:a5:
                    e0:eb:f6:b1:c4:0a:9c:81:45:fc:f0:29:ae:9b:44:
                    56:4e:85:aa:8a:fd:ef:ad:34:b8:cc:de:02:6d:2e:
                    7e:65:d2:79:cf:02:77:e8:6d:e4:3d:52:ea:28:b1:
                    54:19:20:0f:c1:06:da:5f:92:66:26:95:54:c6:27:
                    6e:c6:10:bd:71:92:79:e4:b6:a0:d4:a9:b5:5c:1b:
                    21:8e:75:9a:a4:be:41:78:89:42:73:48:7e:cb:66:
                    a0:53:38:c3:1a:af:5f:93:ca:46:0d:a9:34:8b:e0:
                    19:0c:ec:65:f6:aa:d0:38:ed:23:01:4f:15:51:1a:
                    45:b9:b4:1c:dd:89:92:f2:fa:1c:c6:3e:ae:d7:4b:
                    c4:c1:b2:4f:e0:1d:04:e1:7d:77:de:ab:0b:71:c7:
                    e9:54:aa:31:29:02:79:1c:8e:c1:3b:8e:ef:84:be:
                    21:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:02:36:D6:57:F2:D1:32:74:E1:F3:C3:21:23:1A:16:62:BF:EF:AB
            X509v3 Authority Key Identifier:
                keyid:A1:86:A7:6A:18:99:DB:F9:02:9E:1A:EF:D9:05:17:7B:B0:9D:36:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oYanahiZ2_kCnhrv2QUXe7CdNo0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/8595c8-4834-4d54-a391-312e5b491146/1/uAI21lfy0TJ04fPDISMaFmK_76s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/8595c8-4834-4d54-a391-312e5b491146/1/oYanahiZ2_kCnhrv2QUXe7CdNo0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.5.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:3a:7f:0a:25:12:b6:2f:b6:0d:05:a7:63:07:5a:f5:15:6b:
         35:83:da:a8:fc:51:16:c4:7e:a2:43:62:18:63:5d:2f:ad:36:
         2e:0a:8d:05:20:57:58:58:0e:ba:ff:2a:95:11:9e:03:a0:72:
         b5:a4:ac:5f:d6:60:12:f3:c2:84:45:1d:b1:c6:3a:16:2b:8a:
         88:ad:3a:aa:40:6c:ce:20:cc:32:42:3b:71:11:dc:df:be:44:
         e0:36:56:6f:8d:82:56:a6:b7:25:93:09:6d:eb:98:44:e3:af:
         8b:88:d3:b7:68:e1:a1:e4:3b:e0:be:cb:21:0e:29:4e:51:6b:
         0d:cc:7d:67:2b:54:27:a7:a0:20:ce:12:8f:e1:08:f0:ef:57:
         03:5c:06:5e:ac:0b:91:5e:19:c3:f1:47:7b:7b:5f:94:46:c6:
         60:95:9e:d5:12:cc:23:a1:2e:4f:cf:50:32:aa:e6:d7:6e:a3:
         cf:00:44:91:6d:f7:e7:9a:d3:88:d5:8c:91:40:4b:15:c2:12:
         c7:a5:3f:e1:37:50:3c:48:31:9b:c8:55:9c:d3:fa:65:6c:ce:
         8b:35:0e:b1:dd:97:31:f7:a6:ec:38:e4:37:6c:5f:7e:c8:a0:
         72:e5:04:fa:6a:c6:10:70:e5:89:8d:b9:50:9a:bf:b2:01:65:
         5f:e1:69:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFblfVPLD7MJAthVHr7dKpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExODZhNzZhMTg5OWRiZjkwMjllMWFlZmQ5MDUxNzdiYjA5
ZDM2OGQwHhcNMjQwMTAxMTQyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODAyMzZkNjU3ZjJkMTMyNzRlMWYzYzMyMTIzMWExNjYyYmZlZmFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3fNbeLNBGNxUXLiQOwaAuRm1RJC
RwHIQKM65Ba5kLyGr2OeXY2O1U1ZEfhhpE/Wnq0UTaELkHZ6cZKYhb/rcNbfi0iH
qHmXX8do32j6NikZrJ37P1NhBKXg6/axxAqcgUX88Cmum0RWToWqiv3vrTS4zN4C
bS5+ZdJ5zwJ36G3kPVLqKLFUGSAPwQbaX5JmJpVUxiduxhC9cZJ55Lag1Km1XBsh
jnWapL5BeIlCc0h+y2agUzjDGq9fk8pGDak0i+AZDOxl9qrQOO0jAU8VURpFubQc
3YmS8vocxj6u10vEwbJP4B0E4X133qsLccfpVKoxKQJ5HI7BO47vhL4hgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLgCNtZX8tEydOHzwyEjGhZiv++rMB8GA1UdIwQY
MBaAFKGGp2oYmdv5Ap4a79kFF3uwnTaNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1lhbmFoaVoyX2tDbmhydjJRVVhlN0NkTm8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS84NTk1YzgtNDgzNC00ZDU0LWEzOTEt
MzEyZTViNDkxMTQ2LzEvdUFJMjFsZnkwVEowNGZQRElTTWFGbUtfNzZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS84NTk1YzgtNDgzNC00ZDU0LWEzOTEtMzEyZTViNDkxMTQ2
LzEvb1lhbmFoaVoyX2tDbmhydjJRVVhlN0NkTm8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQV5MA0G
CSqGSIb3DQEBCwUAA4IBAQAGOn8KJRK2L7YNBadjB1r1FWs1g9qo/FEWxH6iQ2IY
Y10vrTYuCo0FIFdYWA66/yqVEZ4DoHK1pKxf1mAS88KERR2xxjoWK4qIrTqqQGzO
IMwyQjtxEdzfvkTgNlZvjYJWprclkwlt65hE46+LiNO3aOGh5DvgvsshDilOUWsN
zH1nK1Qnp6AgzhKP4Qjw71cDXAZerAuRXhnD8Ud7e1+URsZglZ7VEswjoS5Pz1Ay
qubXbqPPAESRbffnmtOI1YyRQEsVwhLHpT/hN1A8SDGbyFWc0/plbM6LNQ6x3Zcx
96bsOOQ3bF9+yKBy5QT6asYQcOWJjblQmr+yAWVf4Wnw
-----END CERTIFICATE-----