Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/8cfd73-1257-4dfa-8c59-76ae42356ce5/1/UiQZW6QcoicQe4BI-Bc5lyGvKiY.roa
File:                     UiQZW6QcoicQe4BI-Bc5lyGvKiY.roa (raw, json)
Hash identifier:          o4MgBvKE0yTyfmMDcoN/8/pl35BA2L91fB3GUUyVw5o=
Subject key identifier:   52:24:19:5B:A4:1C:A2:27:10:7B:80:48:F8:17:39:97:21:AF:2A:26
Certificate issuer:       /CN=6931d7e7a99749a385eaeb27f850ab89da8f2ee0
Certificate serial:       018E2F09F3993C1AAF6C80CBFBD016D92B85
Authority key identifier: 69:31:D7:E7:A9:97:49:A3:85:EA:EB:27:F8:50:AB:89:DA:8F:2E:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aTHX56mXSaOF6usn-FCridqPLuA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/8cfd73-1257-4dfa-8c59-76ae42356ce5/1/UiQZW6QcoicQe4BI-Bc5lyGvKiY.roa
Signing time:             Mon 11 Mar 2024 19:42:45 +0000
ROA not before:           Mon 11 Mar 2024 19:42:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60538
IP address blocks:        193.36.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/8cfd73-1257-4dfa-8c59-76ae42356ce5/1/aTHX56mXSaOF6usn-FCridqPLuA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/8cfd73-1257-4dfa-8c59-76ae42356ce5/1/aTHX56mXSaOF6usn-FCridqPLuA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aTHX56mXSaOF6usn-FCridqPLuA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:2f:09:f3:99:3c:1a:af:6c:80:cb:fb:d0:16:d9:2b:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6931d7e7a99749a385eaeb27f850ab89da8f2ee0
        Validity
            Not Before: Mar 11 19:42:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5224195ba41ca227107b8048f817399721af2a26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:d2:01:89:66:24:30:fc:51:e0:fd:1b:f0:78:
                    68:f7:70:4f:35:53:26:fc:d8:2f:69:98:4d:91:24:
                    3e:52:39:3e:2d:c1:8d:da:ad:66:a4:6c:6a:a3:52:
                    c1:04:56:0a:ff:57:1e:f1:6a:26:4b:76:b4:43:48:
                    76:48:0b:31:86:05:85:7b:31:ce:a0:26:35:35:77:
                    29:fd:18:b5:a7:11:df:01:e9:62:84:c3:73:ed:f1:
                    78:bd:0a:ef:61:a0:ac:f5:33:25:e1:d7:63:4c:60:
                    3e:c9:12:ef:e6:46:4b:cf:cc:1c:9a:5b:6e:0b:6c:
                    d2:69:9d:e4:2b:7c:8f:c1:52:6e:84:19:fa:27:2c:
                    22:1e:d3:86:1f:90:8c:00:4b:fa:2f:93:38:bf:4b:
                    34:d0:c7:2a:c8:47:1b:32:f9:36:e2:5e:90:27:02:
                    29:62:97:ff:5a:b5:99:b5:5c:21:15:30:73:b2:9e:
                    82:df:4b:c5:9e:84:46:66:e9:27:d0:a0:3a:19:45:
                    19:b5:6b:12:8a:60:28:9c:23:c9:a9:81:da:6f:01:
                    53:31:39:fb:41:70:70:18:17:1d:eb:07:45:bd:9e:
                    1b:60:0b:71:df:f7:0a:1f:c8:67:64:e6:ac:28:d7:
                    7c:d8:dd:cc:a9:dc:0a:ec:78:08:b4:bb:bb:4f:5a:
                    b7:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:24:19:5B:A4:1C:A2:27:10:7B:80:48:F8:17:39:97:21:AF:2A:26
            X509v3 Authority Key Identifier:
                keyid:69:31:D7:E7:A9:97:49:A3:85:EA:EB:27:F8:50:AB:89:DA:8F:2E:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aTHX56mXSaOF6usn-FCridqPLuA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/8cfd73-1257-4dfa-8c59-76ae42356ce5/1/UiQZW6QcoicQe4BI-Bc5lyGvKiY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/8cfd73-1257-4dfa-8c59-76ae42356ce5/1/aTHX56mXSaOF6usn-FCridqPLuA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.36.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:2e:d3:fe:55:dd:cf:4a:7c:b2:a2:4f:a4:ae:0a:63:4d:f7:
         81:71:5b:ec:88:c5:0e:41:17:b1:7c:3a:18:27:a0:23:c9:c7:
         7c:e0:69:8e:96:87:c3:46:c3:84:8f:2f:2e:55:9b:1a:21:89:
         47:a0:2d:96:db:32:75:b4:f0:9f:0d:54:7d:59:7f:2e:84:7b:
         7d:b2:60:29:b1:04:0b:f8:e8:f4:51:08:f7:c2:a1:9a:ac:b6:
         49:92:fc:bb:1b:2a:1e:d9:0a:6f:c7:7d:a5:28:95:10:b4:71:
         04:0d:66:d3:81:b0:b1:cd:32:14:7c:ad:6b:cd:05:16:94:0e:
         bb:29:85:2b:d3:31:e8:51:77:f5:a0:5d:54:78:22:b1:98:a0:
         66:af:1b:ad:ff:33:9e:4d:51:92:ef:eb:98:31:6e:87:76:32:
         ba:14:db:67:b3:75:55:f3:02:da:ff:05:85:58:b8:8c:7e:19:
         ac:06:9e:bb:69:5e:62:e2:06:c3:b5:2b:4b:f4:7e:24:f9:89:
         16:84:e1:58:1c:dd:5e:e9:cf:93:72:53:f4:70:94:8b:ff:f3:
         02:8e:93:2d:65:9c:9a:13:e6:c3:1e:50:48:7a:2c:1a:68:e1:
         74:86:bd:b9:94:b4:11:54:fa:1e:39:a7:b5:36:94:66:d9:3c:
         19:44:4f:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4vCfOZPBqvbIDL+9AW2SuFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5MzFkN2U3YTk5NzQ5YTM4NWVhZWIyN2Y4NTBhYjg5ZGE4
ZjJlZTAwHhcNMjQwMzExMTk0MjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjI0MTk1YmE0MWNhMjI3MTA3YjgwNDhmODE3Mzk5NzIxYWYyYTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAutIBiWYkMPxR4P0b8Hho93BPNVMm
/NgvaZhNkSQ+Ujk+LcGN2q1mpGxqo1LBBFYK/1ce8WomS3a0Q0h2SAsxhgWFezHO
oCY1NXcp/Ri1pxHfAelihMNz7fF4vQrvYaCs9TMl4ddjTGA+yRLv5kZLz8wcmltu
C2zSaZ3kK3yPwVJuhBn6JywiHtOGH5CMAEv6L5M4v0s00McqyEcbMvk24l6QJwIp
Ypf/WrWZtVwhFTBzsp6C30vFnoRGZukn0KA6GUUZtWsSimAonCPJqYHabwFTMTn7
QXBwGBcd6wdFvZ4bYAtx3/cKH8hnZOasKNd82N3MqdwK7HgItLu7T1q3SwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFIkGVukHKInEHuASPgXOZchryomMB8GA1UdIwQY
MBaAFGkx1+epl0mjherrJ/hQq4najy7gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVRIWDU2bVhTYU9GNnVzbi1GQ3JpZHFQTHVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC84Y2ZkNzMtMTI1Ny00ZGZhLThjNTkt
NzZhZTQyMzU2Y2U1LzEvVWlRWlc2UWNvaWNRZTRCSS1CYzVseUd2S2lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC84Y2ZkNzMtMTI1Ny00ZGZhLThjNTktNzZhZTQyMzU2Y2U1
LzEvYVRIWDU2bVhTYU9GNnVzbi1GQ3JpZHFQTHVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSQBMA0G
CSqGSIb3DQEBCwUAA4IBAQCMLtP+Vd3PSnyyok+krgpjTfeBcVvsiMUOQRexfDoY
J6Ajycd84GmOlofDRsOEjy8uVZsaIYlHoC2W2zJ1tPCfDVR9WX8uhHt9smApsQQL
+Oj0UQj3wqGarLZJkvy7Gyoe2Qpvx32lKJUQtHEEDWbTgbCxzTIUfK1rzQUWlA67
KYUr0zHoUXf1oF1UeCKxmKBmrxut/zOeTVGS7+uYMW6HdjK6FNtns3VV8wLa/wWF
WLiMfhmsBp67aV5i4gbDtStL9H4k+YkWhOFYHN1e6c+TclP0cJSL//MCjpMtZZya
E+bDHlBIeiwaaOF0hr25lLQRVPoeOae1NpRm2TwZRE98
-----END CERTIFICATE-----