Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/ebd49f-f569-4152-b0b8-5e53c23b55b0/1/uaIRUdhpeBrihz5_tKPya0l1HQA.roa
File:                     uaIRUdhpeBrihz5_tKPya0l1HQA.roa (raw, json)
Hash identifier:          nXStrXqy+W1GQyxvaukh3YEfHw2Y+Etye5wsJybgLMU=
Subject key identifier:   B9:A2:11:51:D8:69:78:1A:E2:87:3E:7F:B4:A3:F2:6B:49:75:1D:00
Certificate issuer:       /CN=ecf42776be532bd0575332855d8c42c4952ed931
Certificate serial:       018CC3B743292960F4FFCA2C8BF30078D4CD
Authority key identifier: EC:F4:27:76:BE:53:2B:D0:57:53:32:85:5D:8C:42:C4:95:2E:D9:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7PQndr5TK9BXUzKFXYxCxJUu2TE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/ebd49f-f569-4152-b0b8-5e53c23b55b0/1/uaIRUdhpeBrihz5_tKPya0l1HQA.roa
Signing time:             Mon 01 Jan 2024 06:30:16 +0000
ROA not before:           Mon 01 Jan 2024 06:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16085
IP address blocks:        146.109.8.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/ebd49f-f569-4152-b0b8-5e53c23b55b0/1/7PQndr5TK9BXUzKFXYxCxJUu2TE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/ebd49f-f569-4152-b0b8-5e53c23b55b0/1/7PQndr5TK9BXUzKFXYxCxJUu2TE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7PQndr5TK9BXUzKFXYxCxJUu2TE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:43:29:29:60:f4:ff:ca:2c:8b:f3:00:78:d4:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ecf42776be532bd0575332855d8c42c4952ed931
        Validity
            Not Before: Jan  1 06:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9a21151d869781ae2873e7fb4a3f26b49751d00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:4c:c5:fd:14:9f:ee:7c:7d:2c:49:d1:37:f1:
                    64:4d:4d:d4:bd:39:2a:02:28:b4:a9:91:c2:53:ac:
                    70:ce:82:c2:9a:a8:78:80:2c:ed:b0:a8:b7:db:2c:
                    e3:01:f2:82:eb:62:bb:e4:1d:bc:4f:7d:6c:05:a3:
                    32:d3:42:36:93:64:84:62:89:e7:06:cf:64:27:4e:
                    7d:32:ac:fa:91:5b:bd:55:f4:2a:74:ea:5d:5f:eb:
                    b5:1e:93:4d:f5:4b:a7:49:5c:61:11:98:65:cb:ce:
                    77:e9:fa:0a:f8:4f:f8:ea:85:58:c5:e1:1c:cd:3c:
                    28:d5:f8:76:8c:8e:44:67:3e:77:6e:85:ff:d5:29:
                    17:60:43:a1:4f:bf:ef:19:59:7b:d4:ae:b8:13:19:
                    8d:90:e5:a6:08:47:bb:da:e3:e9:f8:ea:6c:68:76:
                    8a:fb:2f:88:24:39:25:a6:10:d0:fb:e7:d0:a7:ce:
                    e5:e6:58:59:9e:89:79:2f:92:ed:8a:e8:9c:70:07:
                    b5:c6:e1:c3:a5:68:0a:3f:9f:9a:8d:5c:1f:41:dd:
                    59:ed:8e:34:d4:a9:b8:42:79:62:c2:69:2c:29:3f:
                    6f:3d:0d:b7:8f:3c:89:10:51:33:7b:b0:9e:d3:53:
                    97:9d:c9:7a:6c:44:fc:bc:d4:4b:ea:c3:9d:70:77:
                    13:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:A2:11:51:D8:69:78:1A:E2:87:3E:7F:B4:A3:F2:6B:49:75:1D:00
            X509v3 Authority Key Identifier:
                keyid:EC:F4:27:76:BE:53:2B:D0:57:53:32:85:5D:8C:42:C4:95:2E:D9:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7PQndr5TK9BXUzKFXYxCxJUu2TE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/ebd49f-f569-4152-b0b8-5e53c23b55b0/1/uaIRUdhpeBrihz5_tKPya0l1HQA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/ebd49f-f569-4152-b0b8-5e53c23b55b0/1/7PQndr5TK9BXUzKFXYxCxJUu2TE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.109.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         52:48:2e:9b:b0:f5:77:ef:2d:81:3a:ae:d4:6b:2a:73:28:4c:
         ad:bc:41:f4:bd:95:ff:8f:b6:89:51:62:29:b8:73:13:19:ac:
         12:8a:d0:cf:87:02:2d:07:2b:04:8e:e8:f7:e7:bf:07:9b:9b:
         24:85:7c:17:24:aa:a9:65:3d:d6:28:50:c4:28:06:a5:64:ec:
         e3:80:21:67:88:1b:d8:01:01:44:6e:9e:30:23:03:52:29:2b:
         4a:58:0b:cd:e3:29:d5:20:2d:c4:9f:32:ac:60:a4:46:aa:13:
         6b:f9:ba:0d:4f:2f:f2:a2:5a:96:a0:a7:4a:3e:0c:12:09:9b:
         d5:71:d6:78:3c:a5:bb:2e:d5:27:c5:39:b2:f8:9c:52:fd:83:
         f5:85:61:75:b4:4e:09:62:a8:8f:77:f5:15:c7:e3:88:84:1f:
         01:52:75:40:d9:41:f1:f6:b4:cc:68:5d:2b:bd:a8:07:2e:5e:
         e8:3f:8f:26:cd:64:fe:b7:bd:dd:2d:16:14:00:f9:97:6f:1d:
         55:36:b7:ad:2a:43:21:f3:7d:bc:86:4a:4c:96:9d:12:db:90:
         47:89:a6:80:36:cb:1c:73:c0:f1:fe:e1:cb:85:83:f7:9d:00:
         d6:89:2f:a0:a1:87:9e:c4:98:ea:fa:e6:08:79:f4:8a:fa:02:
         46:8c:6f:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDt0MpKWD0/8osi/MAeNTNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjZjQyNzc2YmU1MzJiZDA1NzUzMzI4NTVkOGM0MmM0OTUy
ZWQ5MzEwHhcNMjQwMTAxMDYzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWEyMTE1MWQ4Njk3ODFhZTI4NzNlN2ZiNGEzZjI2YjQ5NzUxZDAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhEzF/RSf7nx9LEnRN/FkTU3UvTkq
Aii0qZHCU6xwzoLCmqh4gCztsKi32yzjAfKC62K75B28T31sBaMy00I2k2SEYonn
Bs9kJ059Mqz6kVu9VfQqdOpdX+u1HpNN9UunSVxhEZhly8536foK+E/46oVYxeEc
zTwo1fh2jI5EZz53boX/1SkXYEOhT7/vGVl71K64ExmNkOWmCEe72uPp+OpsaHaK
+y+IJDklphDQ++fQp87l5lhZnol5L5LtiuiccAe1xuHDpWgKP5+ajVwfQd1Z7Y40
1Km4QnliwmksKT9vPQ23jzyJEFEze7Ce01OXncl6bET8vNRL6sOdcHcTRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLmiEVHYaXga4oc+f7Sj8mtJdR0AMB8GA1UdIwQY
MBaAFOz0J3a+UyvQV1MyhV2MQsSVLtkxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1BRbmRyNVRLOUJYVXpLRlhZeEN4SlV1MlRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9lYmQ0OWYtZjU2OS00MTUyLWIwYjgt
NWU1M2MyM2I1NWIwLzEvdWFJUlVkaHBlQnJpaHo1X3RLUHlhMGwxSFFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni9lYmQ0OWYtZjU2OS00MTUyLWIwYjgtNWU1M2MyM2I1NWIw
LzEvN1BRbmRyNVRLOUJYVXpLRlhZeEN4SlV1MlRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDkm0IMA0G
CSqGSIb3DQEBCwUAA4IBAQBSSC6bsPV37y2BOq7UaypzKEytvEH0vZX/j7aJUWIp
uHMTGawSitDPhwItBysEjuj3578Hm5skhXwXJKqpZT3WKFDEKAalZOzjgCFniBvY
AQFEbp4wIwNSKStKWAvN4ynVIC3EnzKsYKRGqhNr+boNTy/yolqWoKdKPgwSCZvV
cdZ4PKW7LtUnxTmy+JxS/YP1hWF1tE4JYqiPd/UVx+OIhB8BUnVA2UHx9rTMaF0r
vagHLl7oP48mzWT+t73dLRYUAPmXbx1VNretKkMh8328hkpMlp0S25BHiaaANssc
c8Dx/uHLhYP3nQDWiS+goYeexJjq+uYIefSK+gJGjG8J
-----END CERTIFICATE-----