Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/63b5ec-c2c9-4f68-8d47-4d19937e2f20/1/b8fVQlGH6A4fhV-VFVkMFOf_uvs.roa
File:                     b8fVQlGH6A4fhV-VFVkMFOf_uvs.roa (raw, json)
Hash identifier:          4bIVHAmZVQB90XeLAStwG/b0f3p9nggJttkCZy9hSKo=
Subject key identifier:   6F:C7:D5:42:51:87:E8:0E:1F:85:5F:95:15:59:0C:14:E7:FF:BA:FB
Certificate issuer:       /CN=efe1fc6a15965934c53393d6ed18984c6ba56f56
Certificate serial:       018CC6B7C97BB229E36E2E460DB9E1F91ECF
Authority key identifier: EF:E1:FC:6A:15:96:59:34:C5:33:93:D6:ED:18:98:4C:6B:A5:6F:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7-H8ahWWWTTFM5PW7RiYTGulb1Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/63b5ec-c2c9-4f68-8d47-4d19937e2f20/1/b8fVQlGH6A4fhV-VFVkMFOf_uvs.roa
Signing time:             Mon 01 Jan 2024 20:29:42 +0000
ROA not before:           Mon 01 Jan 2024 20:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209256
IP address blocks:        194.6.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/63b5ec-c2c9-4f68-8d47-4d19937e2f20/1/7-H8ahWWWTTFM5PW7RiYTGulb1Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/63b5ec-c2c9-4f68-8d47-4d19937e2f20/1/7-H8ahWWWTTFM5PW7RiYTGulb1Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7-H8ahWWWTTFM5PW7RiYTGulb1Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:c9:7b:b2:29:e3:6e:2e:46:0d:b9:e1:f9:1e:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=efe1fc6a15965934c53393d6ed18984c6ba56f56
        Validity
            Not Before: Jan  1 20:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6fc7d5425187e80e1f855f9515590c14e7ffbafb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:e0:6c:bb:b1:72:86:48:97:3e:9a:bd:94:97:
                    68:93:9f:d7:0d:4d:16:ce:69:96:2e:26:e4:d4:7d:
                    bc:18:82:3a:72:e7:24:ba:81:10:45:fb:1c:49:27:
                    42:6b:8b:69:e5:95:4f:17:fc:7f:fb:0a:c9:11:14:
                    d5:19:54:ef:f1:8f:d8:09:90:68:ef:a2:94:d7:89:
                    70:03:c4:4b:55:64:c6:f2:f4:3d:8a:5f:7d:10:87:
                    7e:80:53:5b:45:ae:99:94:d4:7c:cd:c3:69:99:e1:
                    31:34:9b:1d:7a:e6:b8:5a:c6:f7:78:7a:13:f5:70:
                    40:36:ab:d6:99:0a:ec:3a:d3:7d:79:0a:9f:33:a5:
                    fe:c8:45:78:8e:8d:96:c9:34:0a:19:6e:2d:0c:08:
                    11:1f:70:8d:56:59:bd:bb:62:ee:8f:be:8f:c1:56:
                    21:f6:e4:4d:ae:0b:8c:56:5a:0f:c1:12:19:0a:a3:
                    c5:26:d5:1c:c7:48:83:a9:0c:71:b3:86:c6:13:a1:
                    a3:34:3a:e4:4d:03:88:fd:74:f4:b0:d7:4b:b7:81:
                    f5:fc:49:d6:b2:3a:bd:58:bf:ce:0b:63:f6:b2:1f:
                    5a:1d:42:cd:88:f2:2b:05:f2:5c:d4:97:b5:25:13:
                    91:23:c3:27:e6:a7:6a:b8:59:ed:cd:7c:7b:f9:e8:
                    06:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:C7:D5:42:51:87:E8:0E:1F:85:5F:95:15:59:0C:14:E7:FF:BA:FB
            X509v3 Authority Key Identifier:
                keyid:EF:E1:FC:6A:15:96:59:34:C5:33:93:D6:ED:18:98:4C:6B:A5:6F:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7-H8ahWWWTTFM5PW7RiYTGulb1Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/63b5ec-c2c9-4f68-8d47-4d19937e2f20/1/b8fVQlGH6A4fhV-VFVkMFOf_uvs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/63b5ec-c2c9-4f68-8d47-4d19937e2f20/1/7-H8ahWWWTTFM5PW7RiYTGulb1Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.6.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         f6:f0:cf:5e:45:66:eb:9c:e2:16:46:99:e5:8d:77:f1:14:2a:
         35:01:aa:61:fb:d6:75:6c:17:64:60:dd:44:2d:ca:b6:b8:c6:
         27:a8:52:d8:6b:a4:f7:74:f9:ae:9e:8f:e2:ad:4b:4d:40:85:
         b9:20:dd:8b:59:36:80:18:fb:6c:62:c0:b5:00:ca:3b:56:b8:
         ab:3e:3d:fe:e1:e9:77:76:9d:39:7d:bb:06:a9:bd:e4:9e:9c:
         a4:71:0f:d6:2e:a1:f1:27:54:29:f5:85:f0:d4:ea:e8:b0:c0:
         53:28:7b:1f:b6:8d:b7:45:da:75:09:74:71:c1:7c:93:91:9b:
         ef:27:f9:15:6f:6d:d6:ca:cc:62:65:41:23:a5:45:c7:a0:41:
         4c:33:7f:b1:a3:6a:fe:16:18:88:29:32:3a:0a:06:03:e6:06:
         71:e6:7a:24:7c:66:a2:ef:6f:32:ba:79:04:17:50:58:91:dc:
         eb:59:39:9c:6b:17:a6:fb:0f:15:a3:d4:27:5c:19:50:4c:73:
         b2:e0:43:95:b2:35:6b:ee:59:da:a0:62:03:4f:6f:64:c3:4e:
         f5:aa:11:56:06:8e:9e:ab:dc:c2:0b:3b:d6:5c:1d:20:59:81:
         f0:e2:32:db:9f:7b:a3:1b:1b:63:de:87:9b:24:e8:b8:fe:79:
         52:d5:47:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt8l7sinjbi5GDbnh+R7PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmZTFmYzZhMTU5NjU5MzRjNTMzOTNkNmVkMTg5ODRjNmJh
NTZmNTYwHhcNMjQwMTAxMjAyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmM3ZDU0MjUxODdlODBlMWY4NTVmOTUxNTU5MGMxNGU3ZmZiYWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmOBsu7FyhkiXPpq9lJdok5/XDU0W
zmmWLibk1H28GII6cuckuoEQRfscSSdCa4tp5ZVPF/x/+wrJERTVGVTv8Y/YCZBo
76KU14lwA8RLVWTG8vQ9il99EId+gFNbRa6ZlNR8zcNpmeExNJsdeua4Wsb3eHoT
9XBANqvWmQrsOtN9eQqfM6X+yEV4jo2WyTQKGW4tDAgRH3CNVlm9u2Luj76PwVYh
9uRNrguMVloPwRIZCqPFJtUcx0iDqQxxs4bGE6GjNDrkTQOI/XT0sNdLt4H1/EnW
sjq9WL/OC2P2sh9aHULNiPIrBfJc1Je1JRORI8Mn5qdquFntzXx7+egGtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG/H1UJRh+gOH4VflRVZDBTn/7r7MB8GA1UdIwQY
MBaAFO/h/GoVllk0xTOT1u0YmExrpW9WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNy1IOGFoV1dXVFRGTTVQVzdSaVlUR3VsYjFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi82M2I1ZWMtYzJjOS00ZjY4LThkNDct
NGQxOTkzN2UyZjIwLzEvYjhmVlFsR0g2QTRmaFYtVkZWa01GT2ZfdXZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi82M2I1ZWMtYzJjOS00ZjY4LThkNDctNGQxOTkzN2UyZjIw
LzEvNy1IOGFoV1dXVFRGTTVQVzdSaVlUR3VsYjFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgbzMA0G
CSqGSIb3DQEBCwUAA4IBAQD28M9eRWbrnOIWRpnljXfxFCo1Aaph+9Z1bBdkYN1E
Lcq2uMYnqFLYa6T3dPmuno/irUtNQIW5IN2LWTaAGPtsYsC1AMo7VrirPj3+4el3
dp05fbsGqb3knpykcQ/WLqHxJ1Qp9YXw1OrosMBTKHsfto23Rdp1CXRxwXyTkZvv
J/kVb23WysxiZUEjpUXHoEFMM3+xo2r+FhiIKTI6CgYD5gZx5nokfGai728yunkE
F1BYkdzrWTmcaxem+w8Vo9QnXBlQTHOy4EOVsjVr7lnaoGIDT29kw071qhFWBo6e
q9zCCzvWXB0gWYHw4jLbn3ujGxtj3oebJOi4/nlS1UeV
-----END CERTIFICATE-----