Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/8cdbc5-9365-4a0c-b9a3-ae7746f09630/1/g_UujNB2z9eBxu8zegS7RSQUqCE.roa
File:                     g_UujNB2z9eBxu8zegS7RSQUqCE.roa (raw, json)
Hash identifier:          qLDQReV1bLkgGNPxojebCN5vU/9ihiE4kPKZ1jggvzg=
Subject key identifier:   83:F5:2E:8C:D0:76:CF:D7:81:C6:EF:33:7A:04:BB:45:24:14:A8:21
Certificate issuer:       /CN=bdfa3af839aa1dce758f489e2d31ae22092fc99a
Certificate serial:       018CCA286B4671ED2275D980044A3DBCEED4
Authority key identifier: BD:FA:3A:F8:39:AA:1D:CE:75:8F:48:9E:2D:31:AE:22:09:2F:C9:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vfo6-DmqHc51j0ieLTGuIgkvyZo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/8cdbc5-9365-4a0c-b9a3-ae7746f09630/1/g_UujNB2z9eBxu8zegS7RSQUqCE.roa
Signing time:             Tue 02 Jan 2024 12:31:35 +0000
ROA not before:           Tue 02 Jan 2024 12:31:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3304
IP address blocks:        193.28.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/8cdbc5-9365-4a0c-b9a3-ae7746f09630/1/vfo6-DmqHc51j0ieLTGuIgkvyZo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/8cdbc5-9365-4a0c-b9a3-ae7746f09630/1/vfo6-DmqHc51j0ieLTGuIgkvyZo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vfo6-DmqHc51j0ieLTGuIgkvyZo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:28:6b:46:71:ed:22:75:d9:80:04:4a:3d:bc:ee:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdfa3af839aa1dce758f489e2d31ae22092fc99a
        Validity
            Not Before: Jan  2 12:31:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=83f52e8cd076cfd781c6ef337a04bb452414a821
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:57:c6:53:6d:c2:42:5d:15:49:82:45:1d:3b:
                    9d:04:b0:b5:22:16:02:08:95:4f:1a:b1:28:b0:a4:
                    13:c9:4a:7e:21:ab:ea:09:be:03:b0:0f:f2:32:28:
                    1d:57:b1:b5:f9:74:24:85:45:62:41:8b:68:ba:cf:
                    f9:00:1c:19:13:06:c4:4c:1e:a5:dc:e5:b7:31:d2:
                    09:73:8e:19:34:28:6a:3a:26:60:f5:41:92:15:a9:
                    3b:71:47:87:b3:2d:61:85:23:06:be:01:45:6b:9d:
                    3a:9d:93:b4:23:74:a2:a8:20:1c:35:fb:58:f3:07:
                    e4:c0:4e:eb:3a:f1:21:4d:a5:ca:6f:82:2d:a4:f6:
                    37:59:35:cf:fe:bb:94:cc:50:05:6f:f0:9b:34:e9:
                    05:24:6c:d2:9a:26:89:77:c0:70:cc:0d:b6:29:56:
                    a0:29:8c:14:b5:63:68:65:4a:56:97:0e:b5:26:34:
                    39:7c:b3:44:62:8c:89:52:96:8e:80:53:af:c2:af:
                    ae:97:86:14:82:cc:35:dd:b4:1c:31:fe:1d:66:ea:
                    fa:a6:0d:d0:57:23:00:85:17:e6:6d:12:bf:b9:f0:
                    a2:67:1e:8b:66:2e:aa:a7:9b:15:b0:75:dd:b9:37:
                    53:4d:09:0d:d2:9a:44:cd:11:dc:23:bc:ac:10:9d:
                    e3:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:F5:2E:8C:D0:76:CF:D7:81:C6:EF:33:7A:04:BB:45:24:14:A8:21
            X509v3 Authority Key Identifier:
                keyid:BD:FA:3A:F8:39:AA:1D:CE:75:8F:48:9E:2D:31:AE:22:09:2F:C9:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vfo6-DmqHc51j0ieLTGuIgkvyZo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/8cdbc5-9365-4a0c-b9a3-ae7746f09630/1/g_UujNB2z9eBxu8zegS7RSQUqCE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/8cdbc5-9365-4a0c-b9a3-ae7746f09630/1/vfo6-DmqHc51j0ieLTGuIgkvyZo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.28.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:aa:b8:fb:29:08:8c:1c:c6:e0:62:9c:16:2a:65:29:19:d6:
         61:20:af:bd:e0:4f:07:7a:7e:6a:56:d4:de:96:7b:9f:c3:7f:
         60:19:b4:de:3f:94:c6:61:5b:0d:4e:7a:c3:26:1d:cc:fe:29:
         90:06:e5:c4:8c:b5:9f:ee:4a:b3:c1:78:fd:9e:e9:81:59:28:
         93:45:19:1d:24:ef:70:af:e4:6d:9d:a1:9e:70:9b:dc:96:3d:
         a3:3e:b8:14:5e:e0:15:93:3e:2a:79:34:54:22:13:fe:97:3d:
         cb:7e:42:a6:e3:b4:b9:a9:de:15:18:e0:ce:0f:ff:68:c0:64:
         08:e5:ee:59:e8:fe:bb:27:a0:e7:41:db:0c:33:e7:4d:3b:e9:
         6c:6a:48:66:b6:cc:39:43:fa:60:45:58:17:ac:68:e8:aa:a8:
         1b:e5:7d:8a:dc:08:24:c0:36:f3:0b:89:16:a3:0c:79:bd:c2:
         fd:58:53:1d:f9:41:6d:09:ee:2d:5d:01:7a:69:25:2b:ed:76:
         3f:6b:8e:f9:c7:36:be:c3:7d:96:41:27:0c:38:1a:e8:69:5d:
         7e:49:93:ae:32:14:a6:59:8d:4d:c6:4b:16:15:37:29:10:d6:
         90:b9:31:c7:14:d5:68:ed:49:f5:4f:d6:df:18:91:f4:be:1a:
         7f:cc:0b:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKGtGce0iddmABEo9vO7UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZmEzYWY4MzlhYTFkY2U3NThmNDg5ZTJkMzFhZTIyMDky
ZmM5OWEwHhcNMjQwMTAyMTIzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2Y1MmU4Y2QwNzZjZmQ3ODFjNmVmMzM3YTA0YmI0NTI0MTRhODIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyFfGU23CQl0VSYJFHTudBLC1IhYC
CJVPGrEosKQTyUp+IavqCb4DsA/yMigdV7G1+XQkhUViQYtous/5ABwZEwbETB6l
3OW3MdIJc44ZNChqOiZg9UGSFak7cUeHsy1hhSMGvgFFa506nZO0I3SiqCAcNftY
8wfkwE7rOvEhTaXKb4ItpPY3WTXP/ruUzFAFb/CbNOkFJGzSmiaJd8BwzA22KVag
KYwUtWNoZUpWlw61JjQ5fLNEYoyJUpaOgFOvwq+ul4YUgsw13bQcMf4dZur6pg3Q
VyMAhRfmbRK/ufCiZx6LZi6qp5sVsHXduTdTTQkN0ppEzRHcI7ysEJ3j8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIP1LozQds/XgcbvM3oEu0UkFKghMB8GA1UdIwQY
MBaAFL36Ovg5qh3OdY9Ini0xriIJL8maMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmZvNi1EbXFIYzUxajBpZUxUR3VJZ2t2eVpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC84Y2RiYzUtOTM2NS00YTBjLWI5YTMt
YWU3NzQ2ZjA5NjMwLzEvZ19VdWpOQjJ6OWVCeHU4emVnUzdSU1FVcUNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC84Y2RiYzUtOTM2NS00YTBjLWI5YTMtYWU3NzQ2ZjA5NjMw
LzEvdmZvNi1EbXFIYzUxajBpZUxUR3VJZ2t2eVpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRwvMA0G
CSqGSIb3DQEBCwUAA4IBAQBmqrj7KQiMHMbgYpwWKmUpGdZhIK+94E8Hen5qVtTe
lnufw39gGbTeP5TGYVsNTnrDJh3M/imQBuXEjLWf7kqzwXj9numBWSiTRRkdJO9w
r+RtnaGecJvclj2jPrgUXuAVkz4qeTRUIhP+lz3LfkKm47S5qd4VGODOD/9owGQI
5e5Z6P67J6DnQdsMM+dNO+lsakhmtsw5Q/pgRVgXrGjoqqgb5X2K3AgkwDbzC4kW
owx5vcL9WFMd+UFtCe4tXQF6aSUr7XY/a475xza+w32WQScMOBroaV1+SZOuMhSm
WY1NxksWFTcpENaQuTHHFNVo7Un1T9bfGJH0vhp/zAtM
-----END CERTIFICATE-----