Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/24fae9-ed87-44f6-a795-006420e4344d/1/cUI097Ku_DC2hY3y1UR15E_QYgw.roa
File:                     cUI097Ku_DC2hY3y1UR15E_QYgw.roa (raw, json)
Hash identifier:          VtX+JLn5OimWTpC/ZWzVsOLFsJJHGTxVLhG5fC+4N6I=
Subject key identifier:   71:42:34:F7:B2:AE:FC:30:B6:85:8D:F2:D5:44:75:E4:4F:D0:62:0C
Certificate issuer:       /CN=c463c34603a946952ff276e0a25fd361fcacf251
Certificate serial:       018CC56DE35722F419BB88F099BC8AE4381E
Authority key identifier: C4:63:C3:46:03:A9:46:95:2F:F2:76:E0:A2:5F:D3:61:FC:AC:F2:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xGPDRgOpRpUv8nbgol_TYfys8lE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/24fae9-ed87-44f6-a795-006420e4344d/1/cUI097Ku_DC2hY3y1UR15E_QYgw.roa
Signing time:             Mon 01 Jan 2024 14:29:22 +0000
ROA not before:           Mon 01 Jan 2024 14:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198363
IP address blocks:        176.103.248.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/24fae9-ed87-44f6-a795-006420e4344d/1/xGPDRgOpRpUv8nbgol_TYfys8lE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/24fae9-ed87-44f6-a795-006420e4344d/1/xGPDRgOpRpUv8nbgol_TYfys8lE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xGPDRgOpRpUv8nbgol_TYfys8lE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 05:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:e3:57:22:f4:19:bb:88:f0:99:bc:8a:e4:38:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c463c34603a946952ff276e0a25fd361fcacf251
        Validity
            Not Before: Jan  1 14:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=714234f7b2aefc30b6858df2d54475e44fd0620c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:95:a3:41:91:77:bf:6a:1f:c9:91:9a:0b:3e:
                    a4:fd:67:27:3b:dc:fd:78:6a:fc:68:c2:d3:d2:4a:
                    51:94:2e:7a:1b:27:71:86:38:18:dd:ee:a6:9d:c5:
                    11:78:62:38:d1:5d:14:61:b2:04:b8:c1:bf:42:5a:
                    90:e8:2c:18:8b:89:e0:eb:69:81:dd:d2:62:b4:02:
                    f4:f2:52:32:ed:e1:2c:82:21:76:90:18:03:76:91:
                    82:13:e2:38:fd:07:46:74:a7:b8:a9:1a:ac:be:fe:
                    95:a5:f4:4f:30:55:dc:f4:29:fb:81:2d:44:93:d7:
                    23:f4:fa:eb:f5:09:19:5c:61:28:b7:27:60:54:91:
                    9d:c1:e5:c4:43:97:f3:8f:f2:e8:4a:85:54:59:aa:
                    03:7f:71:22:bb:4f:72:2e:9b:18:d5:6f:89:81:a1:
                    67:f6:e8:b7:39:ab:40:d6:d0:17:62:80:43:1e:3f:
                    0e:70:79:56:59:a5:3d:7f:7c:19:ea:58:f4:35:60:
                    d4:95:ed:22:14:59:f5:08:18:3d:85:6a:f2:63:5d:
                    f1:4e:5f:f9:20:06:55:e3:06:d8:6a:97:90:4e:47:
                    48:64:34:fe:4f:09:8b:b3:72:e6:83:1d:19:3c:88:
                    19:e1:8f:a7:bf:48:36:c1:6b:69:68:f1:d8:dc:fe:
                    d0:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:42:34:F7:B2:AE:FC:30:B6:85:8D:F2:D5:44:75:E4:4F:D0:62:0C
            X509v3 Authority Key Identifier:
                keyid:C4:63:C3:46:03:A9:46:95:2F:F2:76:E0:A2:5F:D3:61:FC:AC:F2:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xGPDRgOpRpUv8nbgol_TYfys8lE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/24fae9-ed87-44f6-a795-006420e4344d/1/cUI097Ku_DC2hY3y1UR15E_QYgw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/24fae9-ed87-44f6-a795-006420e4344d/1/xGPDRgOpRpUv8nbgol_TYfys8lE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.103.248.0/21

    Signature Algorithm: sha256WithRSAEncryption
         32:c1:e5:ea:41:69:6b:0f:3a:cc:fe:64:a9:9c:53:3f:0b:a7:
         91:27:9f:b0:01:76:f4:e1:0c:94:dc:5f:40:cd:82:fe:64:93:
         95:94:2d:2e:9c:c8:45:33:fa:b9:51:c9:89:94:72:db:46:28:
         e0:db:19:d2:69:94:fb:f2:87:58:57:05:ce:5d:d5:8d:cd:f4:
         9a:35:8a:84:a1:ed:77:99:eb:b8:5a:50:3a:c1:95:68:66:4d:
         49:b9:37:8c:51:65:5f:36:5d:8f:e8:32:29:80:8b:fd:71:34:
         56:d6:31:bc:81:36:b4:84:0e:c4:b9:a5:97:89:ec:14:ff:68:
         d0:f6:61:3f:35:42:58:2b:34:57:7e:82:83:fd:9d:e5:86:e7:
         27:a7:21:c6:f8:fb:c1:ab:72:30:de:de:70:fb:98:7c:c5:95:
         56:c4:6b:c1:63:65:bb:b3:9f:53:19:a2:70:ee:c6:3a:f0:60:
         c5:ed:18:83:8f:01:59:4a:17:e8:3c:28:fe:1d:7c:7e:56:f3:
         33:21:a4:a1:79:e8:be:97:fb:ec:f5:f0:51:3f:64:77:5f:35:
         64:21:8b:23:39:50:d3:8e:cf:32:51:b0:a9:10:d7:fe:2f:d0:
         7c:41:20:64:70:93:7f:4b:78:c5:f6:c5:e7:0b:8d:b4:ef:49:
         55:8f:e8:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbeNXIvQZu4jwmbyK5DgeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0NjNjMzQ2MDNhOTQ2OTUyZmYyNzZlMGEyNWZkMzYxZmNh
Y2YyNTEwHhcNMjQwMTAxMTQyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTQyMzRmN2IyYWVmYzMwYjY4NThkZjJkNTQ0NzVlNDRmZDA2MjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArJWjQZF3v2ofyZGaCz6k/WcnO9z9
eGr8aMLT0kpRlC56GydxhjgY3e6mncUReGI40V0UYbIEuMG/QlqQ6CwYi4ng62mB
3dJitAL08lIy7eEsgiF2kBgDdpGCE+I4/QdGdKe4qRqsvv6VpfRPMFXc9Cn7gS1E
k9cj9Prr9QkZXGEotydgVJGdweXEQ5fzj/LoSoVUWaoDf3Eiu09yLpsY1W+JgaFn
9ui3OatA1tAXYoBDHj8OcHlWWaU9f3wZ6lj0NWDUle0iFFn1CBg9hWryY13xTl/5
IAZV4wbYapeQTkdIZDT+TwmLs3Lmgx0ZPIgZ4Y+nv0g2wWtpaPHY3P7QoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHFCNPeyrvwwtoWN8tVEdeRP0GIMMB8GA1UdIwQY
MBaAFMRjw0YDqUaVL/J24KJf02H8rPJRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEdQRFJnT3BScFV2OG5iZ29sX1RZZnlzOGxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS8yNGZhZTktZWQ4Ny00NGY2LWE3OTUt
MDA2NDIwZTQzNDRkLzEvY1VJMDk3S3VfREMyaFkzeTFVUjE1RV9RWWd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS8yNGZhZTktZWQ4Ny00NGY2LWE3OTUtMDA2NDIwZTQzNDRk
LzEveEdQRFJnT3BScFV2OG5iZ29sX1RZZnlzOGxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDsGf4MA0G
CSqGSIb3DQEBCwUAA4IBAQAyweXqQWlrDzrM/mSpnFM/C6eRJ5+wAXb04QyU3F9A
zYL+ZJOVlC0unMhFM/q5UcmJlHLbRijg2xnSaZT78odYVwXOXdWNzfSaNYqEoe13
meu4WlA6wZVoZk1JuTeMUWVfNl2P6DIpgIv9cTRW1jG8gTa0hA7EuaWXiewU/2jQ
9mE/NUJYKzRXfoKD/Z3lhucnpyHG+PvBq3Iw3t5w+5h8xZVWxGvBY2W7s59TGaJw
7sY68GDF7RiDjwFZShfoPCj+HXx+VvMzIaSheei+l/vs9fBRP2R3XzVkIYsjOVDT
js8yUbCpENf+L9B8QSBkcJN/S3jF9sXnC42070lVj+iL
-----END CERTIFICATE-----