Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/a23fec-0474-4345-8073-85f8152916dc/1/UOGtisrDxf01hLDPlB3HjQQUI1E.roa
File:                     UOGtisrDxf01hLDPlB3HjQQUI1E.roa (raw, json)
Hash identifier:          ue9vhgTVuMOkP6s5c9qxjN9eOhvhzwHd+sVYxVMbyZo=
Subject key identifier:   50:E1:AD:8A:CA:C3:C5:FD:35:84:B0:CF:94:1D:C7:8D:04:14:23:51
Certificate issuer:       /CN=814abafbb08ff47201d9b1ed633393b6bd92581e
Certificate serial:       018CC3B6A697F5B8561435605B8F6D168419
Authority key identifier: 81:4A:BA:FB:B0:8F:F4:72:01:D9:B1:ED:63:33:93:B6:BD:92:58:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gUq6-7CP9HIB2bHtYzOTtr2SWB4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/a23fec-0474-4345-8073-85f8152916dc/1/UOGtisrDxf01hLDPlB3HjQQUI1E.roa
Signing time:             Mon 01 Jan 2024 06:29:36 +0000
ROA not before:           Mon 01 Jan 2024 06:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204957
IP address blocks:        80.68.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/a23fec-0474-4345-8073-85f8152916dc/1/gUq6-7CP9HIB2bHtYzOTtr2SWB4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/a23fec-0474-4345-8073-85f8152916dc/1/gUq6-7CP9HIB2bHtYzOTtr2SWB4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gUq6-7CP9HIB2bHtYzOTtr2SWB4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 12:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:a6:97:f5:b8:56:14:35:60:5b:8f:6d:16:84:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=814abafbb08ff47201d9b1ed633393b6bd92581e
        Validity
            Not Before: Jan  1 06:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=50e1ad8acac3c5fd3584b0cf941dc78d04142351
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:4f:ba:bf:b9:05:82:dc:75:29:5f:af:b4:c6:
                    c1:e2:7d:5b:f5:4d:a7:a1:48:9e:01:5e:7e:e2:50:
                    47:ff:3e:13:f8:a6:a9:0f:54:be:3f:8a:c7:da:7b:
                    ce:95:c0:da:39:0e:9d:c3:d9:d2:ec:08:f9:96:c6:
                    7a:fa:7f:8a:9e:7f:ac:cb:d9:90:3d:0b:59:f0:ea:
                    11:b3:4b:23:2e:a5:0c:e3:61:1b:b7:be:6c:4f:e1:
                    bb:c7:b7:86:c8:9c:59:3d:6b:56:07:57:f8:fd:b0:
                    70:2b:3f:0c:af:72:f0:db:88:92:1e:94:84:0c:4e:
                    30:19:71:2f:24:8a:4f:92:e2:df:ff:81:20:3e:a3:
                    64:4c:ee:b8:4d:db:96:d7:7b:42:2d:b3:66:eb:82:
                    c7:39:4f:60:85:45:23:66:fb:8d:ac:a8:3d:61:76:
                    37:85:45:1b:cf:ad:6c:45:24:8e:e0:58:ce:91:9c:
                    99:2f:3c:3b:6f:dd:9d:76:7a:e6:ee:0c:67:fa:d8:
                    d2:f7:c4:02:33:b3:7d:a6:39:78:ed:df:a2:1c:00:
                    cc:14:50:42:b5:33:8a:d5:7d:ff:ab:22:c1:29:39:
                    ca:47:fa:24:52:e0:cd:82:16:fc:2f:02:3d:85:f0:
                    2b:66:26:19:a0:71:e0:44:d9:2f:6e:91:42:d5:89:
                    3a:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:E1:AD:8A:CA:C3:C5:FD:35:84:B0:CF:94:1D:C7:8D:04:14:23:51
            X509v3 Authority Key Identifier:
                keyid:81:4A:BA:FB:B0:8F:F4:72:01:D9:B1:ED:63:33:93:B6:BD:92:58:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gUq6-7CP9HIB2bHtYzOTtr2SWB4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/a23fec-0474-4345-8073-85f8152916dc/1/UOGtisrDxf01hLDPlB3HjQQUI1E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/a23fec-0474-4345-8073-85f8152916dc/1/gUq6-7CP9HIB2bHtYzOTtr2SWB4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.68.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:fd:90:a9:f4:37:e2:4e:29:a5:43:f8:48:58:b0:8c:1f:dc:
         55:e6:dd:47:ea:16:1b:44:48:6e:a2:77:91:f9:42:dc:d3:51:
         ad:f0:43:8e:e6:43:3e:f1:4f:a2:92:d4:ee:f4:68:ad:5a:7f:
         85:63:ae:15:cd:1f:72:35:36:c8:05:00:89:3d:67:5c:1b:dd:
         5a:5e:c0:4f:98:e4:82:7f:10:44:f6:ac:71:7f:8c:17:05:71:
         72:a3:bf:40:2c:62:5f:e3:2e:83:06:3b:12:9d:7c:24:51:2a:
         ce:83:5f:b4:fe:87:5d:45:d6:d1:cc:d6:cd:7e:6e:22:79:94:
         e9:4c:bd:25:af:31:07:cf:f3:7b:54:65:7b:3a:57:cc:09:78:
         89:8b:f5:7e:22:7d:bd:4c:37:05:a8:1d:5f:ac:e5:09:ce:72:
         b1:ca:75:69:2f:52:9b:53:01:5d:76:6b:45:b7:fd:4a:22:8e:
         ff:f9:ed:fc:a4:db:6d:c8:65:6a:b0:a0:69:44:b0:53:3e:36:
         5b:ed:7a:99:fe:0d:ad:25:47:1d:c7:0c:97:20:e5:49:63:08:
         5a:39:47:4e:70:b7:b8:3d:68:12:0f:78:9f:4b:70:1a:75:db:
         22:55:ca:2d:84:5f:77:9b:e1:bf:71:fb:d2:d9:7e:9e:f8:88:
         f7:cc:91:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtqaX9bhWFDVgW49tFoQZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxNGFiYWZiYjA4ZmY0NzIwMWQ5YjFlZDYzMzM5M2I2YmQ5
MjU4MWUwHhcNMjQwMTAxMDYyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGUxYWQ4YWNhYzNjNWZkMzU4NGIwY2Y5NDFkYzc4ZDA0MTQyMzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqk+6v7kFgtx1KV+vtMbB4n1b9U2n
oUieAV5+4lBH/z4T+KapD1S+P4rH2nvOlcDaOQ6dw9nS7Aj5lsZ6+n+Knn+sy9mQ
PQtZ8OoRs0sjLqUM42Ebt75sT+G7x7eGyJxZPWtWB1f4/bBwKz8Mr3Lw24iSHpSE
DE4wGXEvJIpPkuLf/4EgPqNkTO64TduW13tCLbNm64LHOU9ghUUjZvuNrKg9YXY3
hUUbz61sRSSO4FjOkZyZLzw7b92ddnrm7gxn+tjS98QCM7N9pjl47d+iHADMFFBC
tTOK1X3/qyLBKTnKR/okUuDNghb8LwI9hfArZiYZoHHgRNkvbpFC1Yk6FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFDhrYrKw8X9NYSwz5Qdx40EFCNRMB8GA1UdIwQY
MBaAFIFKuvuwj/RyAdmx7WMzk7a9klgeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1VxNi03Q1A5SElCMmJIdFl6T1R0cjJTV0I0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny9hMjNmZWMtMDQ3NC00MzQ1LTgwNzMt
ODVmODE1MjkxNmRjLzEvVU9HdGlzckR4ZjAxaExEUGxCM0hqUVFVSTFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny9hMjNmZWMtMDQ3NC00MzQ1LTgwNzMtODVmODE1MjkxNmRj
LzEvZ1VxNi03Q1A5SElCMmJIdFl6T1R0cjJTV0I0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUESfMA0G
CSqGSIb3DQEBCwUAA4IBAQBr/ZCp9DfiTimlQ/hIWLCMH9xV5t1H6hYbREhuoneR
+ULc01Gt8EOO5kM+8U+iktTu9GitWn+FY64VzR9yNTbIBQCJPWdcG91aXsBPmOSC
fxBE9qxxf4wXBXFyo79ALGJf4y6DBjsSnXwkUSrOg1+0/oddRdbRzNbNfm4ieZTp
TL0lrzEHz/N7VGV7OlfMCXiJi/V+In29TDcFqB1frOUJznKxynVpL1KbUwFddmtF
t/1KIo7/+e38pNttyGVqsKBpRLBTPjZb7XqZ/g2tJUcdxwyXIOVJYwhaOUdOcLe4
PWgSD3ifS3AaddsiVcothF93m+G/cfvS2X6e+Ij3zJEr
-----END CERTIFICATE-----