Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/8c48ac-d96a-441a-b186-8787d0bf1207/1/upz_sdsLltQKLLbiLDsoi6XgqoA.roa
File:                     upz_sdsLltQKLLbiLDsoi6XgqoA.roa (raw, json)
Hash identifier:          3cKbC0WR9QynfZTxVEuq2n+OrD9RfYtJUdOLSY2l9yw=
Subject key identifier:   BA:9C:FF:B1:DB:0B:96:D4:0A:2C:B6:E2:2C:3B:28:8B:A5:E0:AA:80
Certificate issuer:       /CN=ef803a490fd6203518bbe644bc7209afb77ec7b4
Certificate serial:       018D5FEABF9A4F90DC7C4FD30AF9CBC82D9F
Authority key identifier: EF:80:3A:49:0F:D6:20:35:18:BB:E6:44:BC:72:09:AF:B7:7E:C7:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/74A6SQ_WIDUYu-ZEvHIJr7d-x7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/8c48ac-d96a-441a-b186-8787d0bf1207/1/upz_sdsLltQKLLbiLDsoi6XgqoA.roa
Signing time:             Wed 31 Jan 2024 14:27:16 +0000
ROA not before:           Wed 31 Jan 2024 14:27:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203170
IP address blocks:        193.177.232.0/23 maxlen: 24
                          193.177.234.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/8c48ac-d96a-441a-b186-8787d0bf1207/1/74A6SQ_WIDUYu-ZEvHIJr7d-x7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/8c48ac-d96a-441a-b186-8787d0bf1207/1/74A6SQ_WIDUYu-ZEvHIJr7d-x7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/74A6SQ_WIDUYu-ZEvHIJr7d-x7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5f:ea:bf:9a:4f:90:dc:7c:4f:d3:0a:f9:cb:c8:2d:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef803a490fd6203518bbe644bc7209afb77ec7b4
        Validity
            Not Before: Jan 31 14:27:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba9cffb1db0b96d40a2cb6e22c3b288ba5e0aa80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:7f:e2:f8:4b:ee:15:90:02:53:1c:a3:f4:ca:
                    1b:8d:5c:53:e2:11:a6:ae:a7:6f:16:c0:41:19:57:
                    6c:67:35:e9:55:e9:b8:eb:7a:ce:73:7e:52:28:bb:
                    ca:f8:e3:a8:c3:ac:06:5c:d6:f4:e0:42:1a:6b:54:
                    08:7a:82:06:e2:7f:d5:4a:0a:5d:c6:88:8e:56:20:
                    2d:23:e3:5b:fe:e2:2b:7c:28:d9:6f:50:20:41:10:
                    30:81:be:a7:2f:30:85:ad:27:93:b6:2c:4f:31:64:
                    ac:72:62:a1:5e:56:e2:10:a1:8a:c1:17:90:e3:9a:
                    d3:f7:c4:ac:ab:fd:3b:b7:02:59:a8:f2:6b:60:bc:
                    0d:79:35:09:f3:a0:e9:a1:ce:47:c9:79:02:33:ca:
                    71:3d:e2:56:aa:e0:63:15:8e:09:ed:15:3c:a1:29:
                    04:f4:a0:70:4e:0d:89:61:0a:82:e5:37:41:e0:ba:
                    97:b8:a5:be:1f:ee:e5:c2:27:15:d0:9e:c7:15:2d:
                    ec:9f:c4:08:5a:cb:71:b6:78:ab:14:a8:0e:61:ed:
                    cd:84:aa:37:73:b6:5b:96:d4:8b:d6:d1:59:36:ad:
                    fc:9a:60:ca:38:cd:94:20:f7:dd:39:a1:96:6c:08:
                    a9:f6:6d:01:ea:fd:d5:cb:91:8a:c4:14:4e:10:79:
                    f6:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:9C:FF:B1:DB:0B:96:D4:0A:2C:B6:E2:2C:3B:28:8B:A5:E0:AA:80
            X509v3 Authority Key Identifier:
                keyid:EF:80:3A:49:0F:D6:20:35:18:BB:E6:44:BC:72:09:AF:B7:7E:C7:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/74A6SQ_WIDUYu-ZEvHIJr7d-x7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/8c48ac-d96a-441a-b186-8787d0bf1207/1/upz_sdsLltQKLLbiLDsoi6XgqoA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/8c48ac-d96a-441a-b186-8787d0bf1207/1/74A6SQ_WIDUYu-ZEvHIJr7d-x7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.177.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         51:db:ef:df:b7:09:6f:60:9e:0b:a9:3c:af:d9:0f:95:ab:e4:
         70:33:08:93:d8:53:1e:e0:28:6d:7e:5c:68:c5:73:e2:5d:d3:
         50:bc:b7:68:60:2e:60:9c:65:f5:b1:7b:3f:35:5b:09:0c:9e:
         97:f1:3c:90:6b:6f:f4:a3:ce:3e:d7:1c:f0:75:94:2f:d1:d8:
         1f:e8:10:8e:47:93:87:e0:94:a2:52:c0:6a:59:8f:89:0f:d2:
         17:10:99:0f:79:24:96:5b:00:c4:66:36:00:56:c1:08:c6:52:
         f9:d5:c1:82:b3:2e:69:45:ca:9b:38:67:c9:ba:22:1f:9e:99:
         68:fc:e2:d8:74:f7:a1:1e:39:00:a6:72:fc:6d:a3:ec:3a:83:
         59:74:d1:94:63:2d:79:6f:8b:91:b7:66:f9:f1:b5:45:7d:85:
         70:7e:72:c6:32:40:6c:ab:43:82:b1:c5:bf:f4:78:20:66:75:
         da:f4:7a:4a:fb:f2:71:d3:7b:35:43:30:95:96:80:5a:48:d4:
         69:80:88:c0:9b:0b:85:4c:a1:b6:84:4e:df:0e:df:09:e5:86:
         e9:3a:5d:71:53:67:6f:cc:7c:21:64:a5:17:15:cc:07:fc:9f:
         7b:76:90:47:31:b1:8d:bc:39:07:e6:58:62:cf:b1:6e:38:56:
         dd:28:e3:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1f6r+aT5DcfE/TCvnLyC2fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmODAzYTQ5MGZkNjIwMzUxOGJiZTY0NGJjNzIwOWFmYjc3
ZWM3YjQwHhcNMjQwMTMxMTQyNzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTljZmZiMWRiMGI5NmQ0MGEyY2I2ZTIyYzNiMjg4YmE1ZTBhYTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmX/i+EvuFZACUxyj9MobjVxT4hGm
rqdvFsBBGVdsZzXpVem463rOc35SKLvK+OOow6wGXNb04EIaa1QIeoIG4n/VSgpd
xoiOViAtI+Nb/uIrfCjZb1AgQRAwgb6nLzCFrSeTtixPMWSscmKhXlbiEKGKwReQ
45rT98Ssq/07twJZqPJrYLwNeTUJ86Dpoc5HyXkCM8pxPeJWquBjFY4J7RU8oSkE
9KBwTg2JYQqC5TdB4LqXuKW+H+7lwicV0J7HFS3sn8QIWstxtnirFKgOYe3NhKo3
c7ZbltSL1tFZNq38mmDKOM2UIPfdOaGWbAip9m0B6v3Vy5GKxBROEHn2vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLqc/7HbC5bUCiy24iw7KIul4KqAMB8GA1UdIwQY
MBaAFO+AOkkP1iA1GLvmRLxyCa+3fse0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzRBNlNRX1dJRFVZdS1aRXZISUpyN2QteDdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC84YzQ4YWMtZDk2YS00NDFhLWIxODYt
ODc4N2QwYmYxMjA3LzEvdXB6X3Nkc0xsdFFLTExiaUxEc29pNlhncW9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC84YzQ4YWMtZDk2YS00NDFhLWIxODYtODc4N2QwYmYxMjA3
LzEvNzRBNlNRX1dJRFVZdS1aRXZISUpyN2QteDdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwbHoMA0G
CSqGSIb3DQEBCwUAA4IBAQBR2+/ftwlvYJ4LqTyv2Q+Vq+RwMwiT2FMe4Chtflxo
xXPiXdNQvLdoYC5gnGX1sXs/NVsJDJ6X8TyQa2/0o84+1xzwdZQv0dgf6BCOR5OH
4JSiUsBqWY+JD9IXEJkPeSSWWwDEZjYAVsEIxlL51cGCsy5pRcqbOGfJuiIfnplo
/OLYdPehHjkApnL8baPsOoNZdNGUYy15b4uRt2b58bVFfYVwfnLGMkBsq0OCscW/
9HggZnXa9HpK+/Jx03s1QzCVloBaSNRpgIjAmwuFTKG2hE7fDt8J5YbpOl1xU2dv
zHwhZKUXFcwH/J97dpBHMbGNvDkH5lhiz7FuOFbdKONc
-----END CERTIFICATE-----