Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/0ea9ca-ac97-43f0-8577-1c70d1e7b782/1/UqslBgQ9-oc6et7Huolu_7BjjaU.roa
File:                     UqslBgQ9-oc6et7Huolu_7BjjaU.roa (raw, json)
Hash identifier:          109e1uSRDENV2R5SmTOnvdNbYk82nLE/HTcxZ4zne6w=
Subject key identifier:   52:AB:25:06:04:3D:FA:87:3A:7A:DE:C7:BA:89:6E:FF:B0:63:8D:A5
Certificate issuer:       /CN=7bbf58975b81e8f9f9c15e4d8b899190cec00687
Certificate serial:       018CC8DCD4B56851EECCD07B0CC44063FA19
Authority key identifier: 7B:BF:58:97:5B:81:E8:F9:F9:C1:5E:4D:8B:89:91:90:CE:C0:06:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e79Yl1uB6Pn5wV5Ni4mRkM7ABoc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/0ea9ca-ac97-43f0-8577-1c70d1e7b782/1/UqslBgQ9-oc6et7Huolu_7BjjaU.roa
Signing time:             Tue 02 Jan 2024 06:29:24 +0000
ROA not before:           Tue 02 Jan 2024 06:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211219
IP address blocks:        194.31.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/0ea9ca-ac97-43f0-8577-1c70d1e7b782/1/e79Yl1uB6Pn5wV5Ni4mRkM7ABoc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/0ea9ca-ac97-43f0-8577-1c70d1e7b782/1/e79Yl1uB6Pn5wV5Ni4mRkM7ABoc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e79Yl1uB6Pn5wV5Ni4mRkM7ABoc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:d4:b5:68:51:ee:cc:d0:7b:0c:c4:40:63:fa:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bbf58975b81e8f9f9c15e4d8b899190cec00687
        Validity
            Not Before: Jan  2 06:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=52ab2506043dfa873a7adec7ba896effb0638da5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:09:d9:3e:02:df:ee:d2:1a:fc:96:71:d4:78:
                    d5:14:d0:cb:c1:ac:6b:01:9b:f7:5e:5b:83:33:d0:
                    be:13:02:91:e8:1f:92:d0:b6:c6:51:9d:77:3c:bd:
                    ce:d9:54:cc:d7:d7:df:5f:d5:f9:c7:36:0c:6f:4f:
                    57:6d:70:42:95:b5:62:95:25:fa:40:8c:de:46:85:
                    0c:ec:45:a4:0e:92:0a:c9:af:13:24:b2:62:35:6a:
                    41:24:61:d2:b9:37:42:db:c5:94:8b:d9:36:c9:6f:
                    e6:b5:1e:4c:df:b0:e3:a7:d5:50:12:3f:80:46:11:
                    72:e6:2d:19:21:de:e4:c2:75:b0:6b:05:6c:af:a4:
                    2d:a3:79:0a:90:0c:7d:16:f7:32:dc:72:40:31:e5:
                    f4:a2:ea:a3:b0:67:ed:fe:ce:b1:11:cc:a4:81:bc:
                    b3:ce:3a:84:f2:31:ef:f7:6b:de:17:bd:aa:3d:fc:
                    d5:50:59:a8:59:5c:8a:5e:8d:58:cb:2e:5f:28:a5:
                    22:66:77:7e:db:c1:4a:f6:4f:2d:7d:22:f5:bc:69:
                    13:40:dd:75:b6:4d:69:2b:40:03:53:79:eb:d7:3b:
                    54:7f:d8:ef:f2:4a:28:93:2d:a1:d1:da:b5:ca:ac:
                    4c:d9:ba:f1:71:bc:52:c4:07:ec:1b:5c:05:b9:ee:
                    e5:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:AB:25:06:04:3D:FA:87:3A:7A:DE:C7:BA:89:6E:FF:B0:63:8D:A5
            X509v3 Authority Key Identifier:
                keyid:7B:BF:58:97:5B:81:E8:F9:F9:C1:5E:4D:8B:89:91:90:CE:C0:06:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e79Yl1uB6Pn5wV5Ni4mRkM7ABoc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/0ea9ca-ac97-43f0-8577-1c70d1e7b782/1/UqslBgQ9-oc6et7Huolu_7BjjaU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/0ea9ca-ac97-43f0-8577-1c70d1e7b782/1/e79Yl1uB6Pn5wV5Ni4mRkM7ABoc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:0e:a8:34:1b:59:db:de:63:21:db:a3:e1:de:14:d9:bd:b1:
         71:05:17:77:99:87:0b:51:f5:77:f5:77:a9:72:cc:7a:a4:92:
         ec:55:c9:1a:6f:55:fa:fe:92:ef:40:8c:70:90:4e:3b:0f:18:
         75:98:ff:ae:bc:e6:d1:1c:dc:74:a7:c4:43:0a:ca:3a:1e:21:
         69:bc:d9:3d:32:92:b0:fe:f8:dd:7d:d1:1a:f0:88:a3:ea:06:
         07:a7:29:62:1b:cb:52:50:6a:a2:67:60:25:f1:71:66:56:69:
         8e:9e:9f:fa:5a:e1:ec:b8:e1:67:5b:24:65:35:40:a5:8b:da:
         3b:93:48:1b:a4:71:31:a4:e8:9a:9a:6b:bc:bd:1e:5e:1b:4a:
         4a:ce:8a:c5:55:d2:0e:cd:24:83:4a:53:5c:4c:ba:d9:6b:c8:
         17:9e:53:6b:7b:04:a0:4e:24:f5:4f:10:94:8c:c1:44:b6:c2:
         75:48:3a:71:5c:bc:de:ef:db:8f:ec:d6:f7:9a:cf:2e:64:bd:
         70:9d:8a:35:de:c3:17:b8:d7:53:fe:67:6c:f0:77:09:db:54:
         6e:ec:b0:c8:26:49:82:d9:26:ba:17:04:ee:ac:21:fb:93:99:
         59:bd:2e:70:71:7e:26:69:c0:79:7b:a0:e9:ef:47:9e:62:6c:
         4f:d7:5a:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3NS1aFHuzNB7DMRAY/oZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYmY1ODk3NWI4MWU4ZjlmOWMxNWU0ZDhiODk5MTkwY2Vj
MDA2ODcwHhcNMjQwMTAyMDYyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmFiMjUwNjA0M2RmYTg3M2E3YWRlYzdiYTg5NmVmZmIwNjM4ZGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjwnZPgLf7tIa/JZx1HjVFNDLwaxr
AZv3XluDM9C+EwKR6B+S0LbGUZ13PL3O2VTM19ffX9X5xzYMb09XbXBClbVilSX6
QIzeRoUM7EWkDpIKya8TJLJiNWpBJGHSuTdC28WUi9k2yW/mtR5M37Djp9VQEj+A
RhFy5i0ZId7kwnWwawVsr6Qto3kKkAx9Fvcy3HJAMeX0ouqjsGft/s6xEcykgbyz
zjqE8jHv92veF72qPfzVUFmoWVyKXo1Yyy5fKKUiZnd+28FK9k8tfSL1vGkTQN11
tk1pK0ADU3nr1ztUf9jv8kooky2h0dq1yqxM2brxcbxSxAfsG1wFue7lcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFKrJQYEPfqHOnrex7qJbv+wY42lMB8GA1UdIwQY
MBaAFHu/WJdbgej5+cFeTYuJkZDOwAaHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTc5WWwxdUI2UG41d1Y1Tmk0bVJrTTdBQm9jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS8wZWE5Y2EtYWM5Ny00M2YwLTg1Nzct
MWM3MGQxZTdiNzgyLzEvVXFzbEJnUTktb2M2ZXQ3SHVvbHVfN0JqamFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS8wZWE5Y2EtYWM5Ny00M2YwLTg1NzctMWM3MGQxZTdiNzgy
LzEvZTc5WWwxdUI2UG41d1Y1Tmk0bVJrTTdBQm9jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwh/9MA0G
CSqGSIb3DQEBCwUAA4IBAQAoDqg0G1nb3mMh26Ph3hTZvbFxBRd3mYcLUfV39Xep
csx6pJLsVckab1X6/pLvQIxwkE47Dxh1mP+uvObRHNx0p8RDCso6HiFpvNk9MpKw
/vjdfdEa8Iij6gYHpyliG8tSUGqiZ2Al8XFmVmmOnp/6WuHsuOFnWyRlNUCli9o7
k0gbpHExpOiammu8vR5eG0pKzorFVdIOzSSDSlNcTLrZa8gXnlNrewSgTiT1TxCU
jMFEtsJ1SDpxXLze79uP7Nb3ms8uZL1wnYo13sMXuNdT/mds8HcJ21Ru7LDIJkmC
2Sa6FwTurCH7k5lZvS5wcX4macB5e6Dp70eeYmxP11rZ
-----END CERTIFICATE-----