Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/1331cf-b3f0-47d9-9e40-7914383363f7/1/UoBTQzz3Ac2tTELEdpbKI52k0mk.roa
File:                     UoBTQzz3Ac2tTELEdpbKI52k0mk.roa (raw, json)
Hash identifier:          AwyrSTZNYCYzHAyzBEA0m5SsyBWGF/HXdkeWX/xUaqw=
Subject key identifier:   52:80:53:43:3C:F7:01:CD:AD:4C:42:C4:76:96:CA:23:9D:A4:D2:69
Certificate issuer:       /CN=713f83dee92d8d3e28d7362dfc7187553d88c75c
Certificate serial:       018CC348EA7AFED358E001E50467E65B30B4
Authority key identifier: 71:3F:83:DE:E9:2D:8D:3E:28:D7:36:2D:FC:71:87:55:3D:88:C7:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cT-D3uktjT4o1zYt_HGHVT2Ix1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/1331cf-b3f0-47d9-9e40-7914383363f7/1/UoBTQzz3Ac2tTELEdpbKI52k0mk.roa
Signing time:             Mon 01 Jan 2024 04:29:44 +0000
ROA not before:           Mon 01 Jan 2024 04:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9096
IP address blocks:        193.110.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/1331cf-b3f0-47d9-9e40-7914383363f7/1/cT-D3uktjT4o1zYt_HGHVT2Ix1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/1331cf-b3f0-47d9-9e40-7914383363f7/1/cT-D3uktjT4o1zYt_HGHVT2Ix1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cT-D3uktjT4o1zYt_HGHVT2Ix1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ea:7a:fe:d3:58:e0:01:e5:04:67:e6:5b:30:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=713f83dee92d8d3e28d7362dfc7187553d88c75c
        Validity
            Not Before: Jan  1 04:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=528053433cf701cdad4c42c47696ca239da4d269
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:e7:f4:f7:a6:e4:2b:5c:68:7e:5e:b2:42:31:
                    05:4f:57:f0:c6:9c:9c:d1:4d:95:85:cd:6b:87:38:
                    fc:0e:f5:ad:f0:ad:0b:64:ba:80:d2:d3:e2:bc:fc:
                    89:4f:98:34:0b:a2:d8:b6:ad:4a:1b:32:fe:83:57:
                    e6:42:19:27:9d:b9:23:69:1b:cd:af:84:93:11:dc:
                    ac:3b:85:15:40:74:37:73:4e:83:7d:63:4d:ae:41:
                    86:10:70:2e:fa:32:d5:9d:fd:32:c8:6e:8f:da:e9:
                    42:e0:c4:c1:14:0e:73:59:56:03:36:b3:9b:7b:4f:
                    e4:f8:93:e7:fb:d5:59:e5:d4:7e:70:35:91:41:10:
                    30:d3:bc:32:e8:c7:9c:9b:53:7c:ef:db:17:39:35:
                    9e:1a:a2:28:26:3c:12:5f:de:b6:25:ee:4f:dc:22:
                    85:41:60:ba:22:b9:b0:39:fc:92:c6:fa:70:e8:e4:
                    58:ab:77:8a:20:1e:aa:a4:e3:cb:f8:56:8c:11:4d:
                    a2:36:8d:1c:17:06:50:ef:f5:42:86:3d:d8:92:67:
                    0e:d4:b8:c2:af:e1:bc:f1:2e:e7:e9:66:2d:08:28:
                    6e:af:7e:97:16:24:7c:ee:87:06:a9:59:bc:bb:c0:
                    d4:8d:41:5e:ba:3f:79:a2:ff:5b:7e:01:58:c1:2f:
                    f7:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:80:53:43:3C:F7:01:CD:AD:4C:42:C4:76:96:CA:23:9D:A4:D2:69
            X509v3 Authority Key Identifier:
                keyid:71:3F:83:DE:E9:2D:8D:3E:28:D7:36:2D:FC:71:87:55:3D:88:C7:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cT-D3uktjT4o1zYt_HGHVT2Ix1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/1331cf-b3f0-47d9-9e40-7914383363f7/1/UoBTQzz3Ac2tTELEdpbKI52k0mk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/1331cf-b3f0-47d9-9e40-7914383363f7/1/cT-D3uktjT4o1zYt_HGHVT2Ix1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.110.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:f4:02:76:0f:b8:c6:27:6d:3e:7c:79:23:54:82:09:f7:62:
         d3:0b:a1:eb:d6:f7:34:f5:b3:b8:ef:e0:36:89:4b:1c:05:0b:
         9d:13:46:64:52:76:f2:64:6b:75:04:2c:ea:54:75:d1:2f:54:
         83:e1:d3:58:51:be:cb:c3:33:d5:b6:e8:83:3d:7d:c7:c6:8b:
         f9:f7:e0:35:35:48:c1:9e:8f:0b:05:4f:14:3c:1a:fa:57:0b:
         72:fb:0a:32:c6:10:0e:44:97:24:b9:ba:e1:90:85:06:1f:2e:
         43:4f:eb:d3:18:b2:91:0c:35:0b:28:70:d2:19:41:dc:4a:bf:
         ce:d9:57:64:d3:75:33:2d:69:7c:6f:4e:d4:0a:62:4b:c7:7b:
         70:8e:c5:91:d5:0c:f8:e4:b8:6f:07:70:46:17:41:ae:56:ab:
         d5:8b:94:d6:02:64:a1:6a:14:d7:72:9f:5b:ad:bb:8a:3e:2e:
         0d:75:39:ba:92:f0:4c:4b:f9:2f:81:e1:61:fb:c4:1d:3c:92:
         9e:3c:a8:b3:32:1a:7b:b0:1e:0c:47:da:fd:ab:bc:91:bb:ac:
         f9:1c:10:2b:01:5e:08:ad:d1:fd:ac:c5:22:70:bf:7c:7f:6c:
         fc:80:84:46:57:de:60:34:d0:f9:7f:63:92:00:84:f6:4d:c2:
         0c:9e:8d:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSOp6/tNY4AHlBGfmWzC0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxM2Y4M2RlZTkyZDhkM2UyOGQ3MzYyZGZjNzE4NzU1M2Q4
OGM3NWMwHhcNMjQwMTAxMDQyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjgwNTM0MzNjZjcwMWNkYWQ0YzQyYzQ3Njk2Y2EyMzlkYTRkMjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgef096bkK1xofl6yQjEFT1fwxpyc
0U2Vhc1rhzj8DvWt8K0LZLqA0tPivPyJT5g0C6LYtq1KGzL+g1fmQhknnbkjaRvN
r4STEdysO4UVQHQ3c06DfWNNrkGGEHAu+jLVnf0yyG6P2ulC4MTBFA5zWVYDNrOb
e0/k+JPn+9VZ5dR+cDWRQRAw07wy6Mecm1N879sXOTWeGqIoJjwSX962Je5P3CKF
QWC6IrmwOfySxvpw6ORYq3eKIB6qpOPL+FaMEU2iNo0cFwZQ7/VChj3YkmcO1LjC
r+G88S7n6WYtCChur36XFiR87ocGqVm8u8DUjUFeuj95ov9bfgFYwS/3MQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFKAU0M89wHNrUxCxHaWyiOdpNJpMB8GA1UdIwQY
MBaAFHE/g97pLY0+KNc2Lfxxh1U9iMdcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1QtRDN1a3RqVDRvMXpZdF9IR0hWVDJJeDF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi8xMzMxY2YtYjNmMC00N2Q5LTllNDAt
NzkxNDM4MzM2M2Y3LzEvVW9CVFF6ejNBYzJ0VEVMRWRwYktJNTJrMG1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi8xMzMxY2YtYjNmMC00N2Q5LTllNDAtNzkxNDM4MzM2M2Y3
LzEvY1QtRDN1a3RqVDRvMXpZdF9IR0hWVDJJeDF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwW6KMA0G
CSqGSIb3DQEBCwUAA4IBAQCG9AJ2D7jGJ20+fHkjVIIJ92LTC6Hr1vc09bO47+A2
iUscBQudE0ZkUnbyZGt1BCzqVHXRL1SD4dNYUb7LwzPVtuiDPX3Hxov59+A1NUjB
no8LBU8UPBr6Vwty+woyxhAORJckubrhkIUGHy5DT+vTGLKRDDULKHDSGUHcSr/O
2Vdk03UzLWl8b07UCmJLx3twjsWR1Qz45LhvB3BGF0GuVqvVi5TWAmShahTXcp9b
rbuKPi4NdTm6kvBMS/kvgeFh+8QdPJKePKizMhp7sB4MR9r9q7yRu6z5HBArAV4I
rdH9rMUicL98f2z8gIRGV95gNND5f2OSAIT2TcIMno1w
-----END CERTIFICATE-----