Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/96dec8-7720-4efc-bd39-84faaf105a97/1/uzCmRPY5e0dwgyl4AtQ5clRpYus.roa
File:                     uzCmRPY5e0dwgyl4AtQ5clRpYus.roa (raw, json)
Hash identifier:          CsqOyziaXD6loMO7RhpUvFuZN3Y7fS3IsRnDmCO95rE=
Subject key identifier:   BB:30:A6:44:F6:39:7B:47:70:83:29:78:02:D4:39:72:54:69:62:EB
Certificate issuer:       /CN=897da6001b12383068fe71a30f8cf285c66830fe
Certificate serial:       018CC26D12F842FF7F66DC385F2A0593D459
Authority key identifier: 89:7D:A6:00:1B:12:38:30:68:FE:71:A3:0F:8C:F2:85:C6:68:30:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iX2mABsSODBo_nGjD4zyhcZoMP4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/96dec8-7720-4efc-bd39-84faaf105a97/1/uzCmRPY5e0dwgyl4AtQ5clRpYus.roa
Signing time:             Mon 01 Jan 2024 00:29:37 +0000
ROA not before:           Mon 01 Jan 2024 00:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        185.236.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/96dec8-7720-4efc-bd39-84faaf105a97/1/iX2mABsSODBo_nGjD4zyhcZoMP4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/96dec8-7720-4efc-bd39-84faaf105a97/1/iX2mABsSODBo_nGjD4zyhcZoMP4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iX2mABsSODBo_nGjD4zyhcZoMP4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:12:f8:42:ff:7f:66:dc:38:5f:2a:05:93:d4:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=897da6001b12383068fe71a30f8cf285c66830fe
        Validity
            Not Before: Jan  1 00:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb30a644f6397b477083297802d43972546962eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:1b:21:4b:7e:ca:82:1c:d3:57:54:e5:66:84:
                    03:fa:e0:db:3f:9d:bb:43:b6:5c:e6:0e:5a:8a:50:
                    78:d7:ad:3d:39:b2:86:30:11:5c:c2:33:84:7b:d5:
                    71:26:7a:54:0f:c1:8c:15:ee:b2:e2:51:79:0e:ae:
                    81:b0:5e:13:47:0d:22:17:f3:27:e5:78:86:2c:de:
                    a9:2d:50:20:bf:04:3a:e2:c4:a0:2d:96:26:6d:6c:
                    3d:2b:b1:65:0f:86:78:25:d3:da:90:68:f7:06:c4:
                    1f:f7:b6:8d:bc:31:87:38:1d:10:a5:74:8c:84:f1:
                    bf:fa:33:e0:a3:b0:db:df:54:2d:45:d5:56:21:13:
                    05:43:4e:a0:86:d4:2a:d7:24:4d:3f:67:bf:be:5c:
                    2f:15:f8:93:b9:33:52:0c:cf:b1:03:f7:9b:58:06:
                    88:3d:ea:32:dc:d7:3e:55:47:af:6a:6b:19:6e:20:
                    fb:4e:35:bf:0f:72:c7:7f:42:63:39:4f:20:d9:f0:
                    8f:78:f2:ea:96:de:5b:7f:d9:15:90:7f:20:75:91:
                    c6:a5:5d:10:73:3a:9d:91:2f:ca:eb:ba:bb:82:b0:
                    73:99:69:b5:11:4c:35:9f:8b:4d:91:2f:c4:40:91:
                    1f:b8:b0:04:5b:9a:f5:b0:03:52:51:41:79:f9:95:
                    20:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:30:A6:44:F6:39:7B:47:70:83:29:78:02:D4:39:72:54:69:62:EB
            X509v3 Authority Key Identifier:
                keyid:89:7D:A6:00:1B:12:38:30:68:FE:71:A3:0F:8C:F2:85:C6:68:30:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iX2mABsSODBo_nGjD4zyhcZoMP4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/96dec8-7720-4efc-bd39-84faaf105a97/1/uzCmRPY5e0dwgyl4AtQ5clRpYus.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/96dec8-7720-4efc-bd39-84faaf105a97/1/iX2mABsSODBo_nGjD4zyhcZoMP4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.236.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:1e:cb:58:51:c0:24:ac:31:eb:85:cb:a8:d5:b4:51:7b:41:
         fa:dd:c7:aa:7c:a6:87:a7:83:5b:4e:a9:1e:a5:5d:bf:26:75:
         11:73:ab:3d:9e:45:54:7c:e5:a2:2c:9c:c0:ec:28:15:77:e9:
         34:d5:11:9b:d4:59:08:24:fd:64:30:7f:f6:0f:8f:99:3b:21:
         12:73:a4:98:71:e4:14:f0:86:cc:6a:dd:65:1d:8d:ff:f3:fb:
         81:7a:87:98:c7:a1:ed:09:eb:53:a5:81:73:b8:0d:03:59:37:
         f4:22:2d:97:d1:d9:73:63:83:29:29:ad:77:70:36:b4:44:ee:
         67:cf:2b:a5:7d:47:6e:ad:b7:7e:69:9c:fd:c1:bf:18:40:9a:
         f0:0a:b3:6c:a8:49:3a:5e:4c:04:18:1c:67:06:0f:50:0f:06:
         e3:b0:13:e6:a5:a6:90:36:70:46:dd:4f:75:a1:6c:f2:75:af:
         df:94:99:41:ba:c0:20:35:22:73:15:0a:a2:9e:b8:53:20:3a:
         2d:cd:8a:6b:0a:b0:6a:fc:eb:4a:74:72:6f:2e:04:a1:73:5b:
         88:9d:fe:1f:14:a1:e4:78:6a:0e:84:d7:aa:a8:33:a4:76:b7:
         2e:f1:e8:71:4b:ee:34:94:b0:41:8c:5f:ba:2e:88:89:0a:6b:
         57:6f:63:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbRL4Qv9/Ztw4XyoFk9RZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5N2RhNjAwMWIxMjM4MzA2OGZlNzFhMzBmOGNmMjg1YzY2
ODMwZmUwHhcNMjQwMTAxMDAyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjMwYTY0NGY2Mzk3YjQ3NzA4MzI5NzgwMmQ0Mzk3MjU0Njk2MmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6hshS37KghzTV1TlZoQD+uDbP527
Q7Zc5g5ailB41609ObKGMBFcwjOEe9VxJnpUD8GMFe6y4lF5Dq6BsF4TRw0iF/Mn
5XiGLN6pLVAgvwQ64sSgLZYmbWw9K7FlD4Z4JdPakGj3BsQf97aNvDGHOB0QpXSM
hPG/+jPgo7Db31QtRdVWIRMFQ06ghtQq1yRNP2e/vlwvFfiTuTNSDM+xA/ebWAaI
Peoy3Nc+VUevamsZbiD7TjW/D3LHf0JjOU8g2fCPePLqlt5bf9kVkH8gdZHGpV0Q
czqdkS/K67q7grBzmWm1EUw1n4tNkS/EQJEfuLAEW5r1sANSUUF5+ZUgSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLswpkT2OXtHcIMpeALUOXJUaWLrMB8GA1UdIwQY
MBaAFIl9pgAbEjgwaP5xow+M8oXGaDD+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVgybUFCc1NPREJvX25HakQ0enloY1pvTVA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni85NmRlYzgtNzcyMC00ZWZjLWJkMzkt
ODRmYWFmMTA1YTk3LzEvdXpDbVJQWTVlMGR3Z3lsNEF0UTVjbFJwWXVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni85NmRlYzgtNzcyMC00ZWZjLWJkMzktODRmYWFmMTA1YTk3
LzEvaVgybUFCc1NPREJvX25HakQ0enloY1pvTVA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuezdMA0G
CSqGSIb3DQEBCwUAA4IBAQBNHstYUcAkrDHrhcuo1bRRe0H63ceqfKaHp4NbTqke
pV2/JnURc6s9nkVUfOWiLJzA7CgVd+k01RGb1FkIJP1kMH/2D4+ZOyESc6SYceQU
8IbMat1lHY3/8/uBeoeYx6HtCetTpYFzuA0DWTf0Ii2X0dlzY4MpKa13cDa0RO5n
zyulfUdurbd+aZz9wb8YQJrwCrNsqEk6XkwEGBxnBg9QDwbjsBPmpaaQNnBG3U91
oWzyda/flJlBusAgNSJzFQqinrhTIDotzYprCrBq/OtKdHJvLgShc1uInf4fFKHk
eGoOhNeqqDOkdrcu8ehxS+40lLBBjF+6LoiJCmtXb2NS
-----END CERTIFICATE-----