Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/uh-byu9JHOmYwuTDO2HEQr50lNY.roa
File:                     uh-byu9JHOmYwuTDO2HEQr50lNY.roa (raw, json)
Hash identifier:          dhuLDyLJFhfAzSmIiuyO0khq1tOqJxgZOHzq3EAgk0w=
Subject key identifier:   BA:1F:9B:CA:EF:49:1C:E9:98:C2:E4:C3:3B:61:C4:42:BE:74:94:D6
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0190175C79B75523E73191B50FC9507292ED
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/uh-byu9JHOmYwuTDO2HEQr50lNY.roa
Signing time:             Fri 14 Jun 2024 15:27:34 +0000
ROA not before:           Fri 14 Jun 2024 15:27:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215413
IP address blocks:        82.153.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:17:5c:79:b7:55:23:e7:31:91:b5:0f:c9:50:72:92:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun 14 15:27:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba1f9bcaef491ce998c2e4c33b61c442be7494d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:27:4e:6c:df:46:8d:e5:43:70:64:67:0a:59:
                    6e:8d:e2:a5:fa:03:fa:a6:44:a2:3f:4c:1d:14:30:
                    b9:1a:2e:f0:4c:09:da:3a:fb:56:33:62:4a:87:45:
                    1a:94:df:ad:84:ea:f1:44:26:ed:33:71:37:18:b4:
                    ad:f0:cc:a6:5e:9a:fc:42:b5:a4:69:bb:73:c0:6b:
                    65:68:05:35:75:21:37:f7:ad:50:c1:2f:85:0f:c3:
                    b0:9a:18:e9:1b:6e:fd:82:d7:e7:8e:1c:e5:26:2e:
                    90:de:85:d1:dc:7b:c2:c6:ba:d0:31:dc:6e:b1:91:
                    33:ef:f0:90:cb:b9:94:b3:b8:dc:ca:d2:1e:56:1a:
                    8f:68:2d:dc:a7:ec:e9:ba:1e:08:87:59:dc:9b:bd:
                    e8:aa:ec:7c:5c:c1:34:8c:38:ef:b3:9a:ac:4a:bc:
                    68:60:b9:ba:18:31:37:89:b6:bb:2f:7d:51:31:2c:
                    a6:ed:09:9d:4e:0f:b7:32:53:0e:b0:97:0c:c7:7c:
                    c9:17:2b:d4:9e:b2:ce:bb:0b:65:86:a7:d5:6a:49:
                    bc:3d:cf:b5:e7:e6:61:fc:61:b3:ce:28:b1:b6:4d:
                    6f:20:71:06:b6:ca:83:7f:3a:82:a7:dd:c4:b8:71:
                    8b:5c:ba:1d:43:55:98:3f:c3:75:e4:08:fc:30:26:
                    cd:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:1F:9B:CA:EF:49:1C:E9:98:C2:E4:C3:3B:61:C4:42:BE:74:94:D6
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/uh-byu9JHOmYwuTDO2HEQr50lNY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:35:3e:c9:d0:16:85:64:3d:1c:3d:2d:56:dc:e8:ef:90:34:
         d9:f0:1b:c9:11:67:82:78:11:66:b0:76:00:d5:d5:2a:70:0b:
         70:39:82:42:f1:15:76:da:2a:f7:fe:38:1c:69:f9:ff:4b:bd:
         85:ba:42:1a:4c:0a:87:51:ff:75:c4:e0:61:ed:5a:19:59:03:
         63:7c:7a:c2:6c:93:0d:ed:16:e0:3a:db:1b:bd:ea:90:bd:7e:
         75:2b:81:8b:6f:07:44:13:26:57:c0:d6:67:10:16:20:c9:19:
         a4:4c:e8:a9:fa:9d:85:9a:e1:a2:4a:3b:71:23:38:db:37:88:
         58:bf:ee:ea:81:97:64:89:2f:05:cd:50:df:dc:0b:0e:14:fb:
         37:f3:4c:3c:60:c5:86:d1:7d:9f:6b:82:2e:74:b2:4c:b8:51:
         7c:81:00:66:b9:39:fc:60:ed:53:1e:bd:14:7d:d2:87:a8:25:
         ab:8b:2d:a3:31:39:0c:bc:52:2d:71:f0:47:eb:1c:94:f6:05:
         3b:3d:74:a1:1b:ce:be:97:12:d8:db:2d:64:f9:f0:46:42:25:
         8f:ae:5a:49:00:7d:32:23:d5:b5:06:9b:43:5d:df:a4:b6:59:
         ac:a5:f6:30:c4:e7:5d:e0:6b:df:b5:d9:07:10:54:ce:e9:1c:
         23:9b:13:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAXXHm3VSPnMZG1D8lQcpLtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNjE0MTUyNzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTFmOWJjYWVmNDkxY2U5OThjMmU0YzMzYjYxYzQ0MmJlNzQ5NGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqCdObN9GjeVDcGRnCllujeKl+gP6
pkSiP0wdFDC5Gi7wTAnaOvtWM2JKh0UalN+thOrxRCbtM3E3GLSt8MymXpr8QrWk
abtzwGtlaAU1dSE3961QwS+FD8OwmhjpG279gtfnjhzlJi6Q3oXR3HvCxrrQMdxu
sZEz7/CQy7mUs7jcytIeVhqPaC3cp+zpuh4Ih1ncm73oqux8XME0jDjvs5qsSrxo
YLm6GDE3iba7L31RMSym7QmdTg+3MlMOsJcMx3zJFyvUnrLOuwtlhqfVakm8Pc+1
5+Zh/GGzziixtk1vIHEGtsqDfzqCp93EuHGLXLodQ1WYP8N15Aj8MCbNMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLofm8rvSRzpmMLkwzthxEK+dJTWMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvdWgtYnl1OUpIT21Zd3VURE8ySEVRcjUwbE5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpmfMA0G
CSqGSIb3DQEBCwUAA4IBAQB6NT7J0BaFZD0cPS1W3OjvkDTZ8BvJEWeCeBFmsHYA
1dUqcAtwOYJC8RV22ir3/jgcafn/S72FukIaTAqHUf91xOBh7VoZWQNjfHrCbJMN
7RbgOtsbveqQvX51K4GLbwdEEyZXwNZnEBYgyRmkTOip+p2FmuGiSjtxIzjbN4hY
v+7qgZdkiS8FzVDf3AsOFPs380w8YMWG0X2fa4IudLJMuFF8gQBmuTn8YO1THr0U
fdKHqCWriy2jMTkMvFItcfBH6xyU9gU7PXShG86+lxLY2y1k+fBGQiWPrlpJAH0y
I9W1BptDXd+ktlmspfYwxOdd4GvftdkHEFTO6RwjmxM8
-----END CERTIFICATE-----