Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/03ca01-b959-41a6-8133-07228812d017/1/usuxmxnRmJ2wxn21JqO8rPTzq0E.roa
File:                     usuxmxnRmJ2wxn21JqO8rPTzq0E.roa (raw, json)
Hash identifier:          Rhl66hlVDRQA5d6a3/wIWgFFgaIFPyx6Phyb/3qoUzw=
Subject key identifier:   BA:CB:B1:9B:19:D1:98:9D:B0:C6:7D:B5:26:A3:BC:AC:F4:F3:AB:41
Certificate issuer:       /CN=c8003c979603f7cea12aca01ebc2057c36fd7f30
Certificate serial:       018CC500609FEE3E44D901C49B092D1A9CB2
Authority key identifier: C8:00:3C:97:96:03:F7:CE:A1:2A:CA:01:EB:C2:05:7C:36:FD:7F:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yAA8l5YD986hKsoB68IFfDb9fzA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/03ca01-b959-41a6-8133-07228812d017/1/usuxmxnRmJ2wxn21JqO8rPTzq0E.roa
Signing time:             Mon 01 Jan 2024 12:29:45 +0000
ROA not before:           Mon 01 Jan 2024 12:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48645
IP address blocks:        94.143.208.0/21 maxlen: 24
                          185.63.20.0/22 maxlen: 24
                          2a02:27c8::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/03ca01-b959-41a6-8133-07228812d017/1/yAA8l5YD986hKsoB68IFfDb9fzA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/03ca01-b959-41a6-8133-07228812d017/1/yAA8l5YD986hKsoB68IFfDb9fzA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yAA8l5YD986hKsoB68IFfDb9fzA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:60:9f:ee:3e:44:d9:01:c4:9b:09:2d:1a:9c:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8003c979603f7cea12aca01ebc2057c36fd7f30
        Validity
            Not Before: Jan  1 12:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bacbb19b19d1989db0c67db526a3bcacf4f3ab41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:20:f2:0d:0d:58:aa:7a:66:85:a7:a9:58:5b:
                    64:74:43:8c:ae:20:f4:81:7c:6d:4f:bf:02:54:79:
                    a7:ec:05:43:d3:36:4e:b5:d9:31:69:8b:0c:2b:e0:
                    ea:c2:44:1c:25:31:57:73:2c:b2:29:7a:c7:da:81:
                    6a:81:84:b0:0a:e2:8c:11:bc:04:1b:19:10:bc:0a:
                    8c:c9:4a:b3:4e:9a:7b:5a:9f:83:94:56:0d:3a:80:
                    c0:05:7f:f0:ee:e1:8a:2b:59:a2:98:81:08:25:ad:
                    59:69:a1:32:79:2b:2a:ec:6c:63:75:68:3d:fe:dd:
                    c6:1e:e5:c3:8d:4a:80:72:a5:59:0e:89:70:61:33:
                    e3:2a:f4:e7:b6:bd:b2:47:5d:70:6c:af:2a:0b:e9:
                    7e:2f:bd:4a:4b:b9:2a:ca:1b:69:29:33:8d:b9:39:
                    05:8c:a0:6c:39:19:6d:4f:ae:b2:20:8c:f4:31:2d:
                    cc:db:e0:b6:79:64:9f:85:18:25:87:4c:28:ac:19:
                    ec:28:6e:91:b9:20:e2:3b:45:95:7b:4b:40:3e:22:
                    cb:2a:75:a8:7b:46:3e:37:f2:3e:48:a2:f2:1e:23:
                    aa:05:fa:0e:31:a4:53:14:d7:6d:73:33:92:70:9a:
                    2b:b5:62:25:2e:eb:3e:f8:d5:82:e8:29:52:bd:e9:
                    2a:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:CB:B1:9B:19:D1:98:9D:B0:C6:7D:B5:26:A3:BC:AC:F4:F3:AB:41
            X509v3 Authority Key Identifier:
                keyid:C8:00:3C:97:96:03:F7:CE:A1:2A:CA:01:EB:C2:05:7C:36:FD:7F:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yAA8l5YD986hKsoB68IFfDb9fzA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/03ca01-b959-41a6-8133-07228812d017/1/usuxmxnRmJ2wxn21JqO8rPTzq0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/03ca01-b959-41a6-8133-07228812d017/1/yAA8l5YD986hKsoB68IFfDb9fzA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.143.208.0/21
                  185.63.20.0/22
                IPv6:
                  2a02:27c8::/32

    Signature Algorithm: sha256WithRSAEncryption
         93:80:12:42:16:53:9d:d4:45:b0:3f:54:5f:13:a3:9a:b1:39:
         2b:97:01:82:84:28:85:63:91:68:13:00:0c:07:e7:57:09:e7:
         5e:4c:80:d3:36:a9:de:37:a2:c2:16:b3:47:1d:71:ee:b1:78:
         64:52:18:06:f7:6e:a7:6e:c5:ee:a2:4a:52:fb:9d:db:fd:d5:
         91:e6:07:23:19:62:c5:cf:d4:52:e3:de:29:8d:2d:a9:91:e4:
         3a:57:23:27:0b:a0:69:9f:ce:8d:65:98:a0:9f:a9:cb:51:e7:
         2b:33:0a:a3:89:0a:73:c9:e2:9b:79:39:5e:56:a4:2a:f9:2d:
         5c:a0:74:52:5d:06:ed:8d:12:9e:28:bc:a6:50:6d:02:7e:0d:
         90:fc:98:c0:88:d6:c3:c0:b3:e6:bc:78:37:21:42:da:48:3d:
         e9:9a:e1:de:ba:a0:1d:90:4e:65:53:d7:bd:37:79:55:c1:0f:
         cc:f0:23:a6:3e:d0:13:c9:ad:39:ae:b3:f7:28:61:be:5b:96:
         9d:62:8c:bf:cc:f6:1e:03:3a:94:90:27:28:97:2d:df:96:59:
         3b:11:9d:6f:1c:07:65:75:54:7b:7f:cf:25:6a:68:fb:ee:11:
         99:8c:95:54:38:f9:7f:1f:97:c6:6d:0e:2e:f5:7b:84:34:2e:
         5f:f2:8c:11
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzFAGCf7j5E2QHEmwktGpyyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4MDAzYzk3OTYwM2Y3Y2VhMTJhY2EwMWViYzIwNTdjMzZm
ZDdmMzAwHhcNMjQwMTAxMTIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWNiYjE5YjE5ZDE5ODlkYjBjNjdkYjUyNmEzYmNhY2Y0ZjNhYjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0yDyDQ1YqnpmhaepWFtkdEOMriD0
gXxtT78CVHmn7AVD0zZOtdkxaYsMK+DqwkQcJTFXcyyyKXrH2oFqgYSwCuKMEbwE
GxkQvAqMyUqzTpp7Wp+DlFYNOoDABX/w7uGKK1mimIEIJa1ZaaEyeSsq7GxjdWg9
/t3GHuXDjUqAcqVZDolwYTPjKvTntr2yR11wbK8qC+l+L71KS7kqyhtpKTONuTkF
jKBsORltT66yIIz0MS3M2+C2eWSfhRglh0worBnsKG6RuSDiO0WVe0tAPiLLKnWo
e0Y+N/I+SKLyHiOqBfoOMaRTFNdtczOScJortWIlLus++NWC6ClSvekqpwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLrLsZsZ0ZidsMZ9tSajvKz086tBMB8GA1UdIwQY
MBaAFMgAPJeWA/fOoSrKAevCBXw2/X8wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUFBOGw1WUQ5ODZoS3NvQjY4SUZmRGI5ZnpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8wM2NhMDEtYjk1OS00MWE2LTgxMzMt
MDcyMjg4MTJkMDE3LzEvdXN1eG14blJtSjJ3eG4yMUpxTzhyUFR6cTBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8wM2NhMDEtYjk1OS00MWE2LTgxMzMtMDcyMjg4MTJkMDE3
LzEveUFBOGw1WUQ5ODZoS3NvQjY4SUZmRGI5ZnpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDXo/QAwQC
uT8UMA0EAgACMAcDBQAqAifIMA0GCSqGSIb3DQEBCwUAA4IBAQCTgBJCFlOd1EWw
P1RfE6OasTkrlwGChCiFY5FoEwAMB+dXCedeTIDTNqneN6LCFrNHHXHusXhkUhgG
926nbsXuokpS+53b/dWR5gcjGWLFz9RS494pjS2pkeQ6VyMnC6Bpn86NZZign6nL
UecrMwqjiQpzyeKbeTleVqQq+S1coHRSXQbtjRKeKLymUG0Cfg2Q/JjAiNbDwLPm
vHg3IULaSD3pmuHeuqAdkE5lU9e9N3lVwQ/M8COmPtATya05rrP3KGG+W5adYoy/
zPYeAzqUkCcoly3fllk7EZ1vHAdldVR7f88lamj77hGZjJVUOPl/H5fGbQ4u9XuE
NC5f8owR
-----END CERTIFICATE-----