Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/e64398-9601-4b7c-b783-079ba0570f75/1/uAkyPz2FoGqErHRq64ixWZHBaHY.roa
File:                     uAkyPz2FoGqErHRq64ixWZHBaHY.roa (raw, json)
Hash identifier:          6QlxpkgRU34Vxu/ftztgk4lwStV7vrge0BHVTzstoAg=
Subject key identifier:   B8:09:32:3F:3D:85:A0:6A:84:AC:74:6A:EB:88:B1:59:91:C1:68:76
Certificate issuer:       /CN=a29d9751f3675f51332734da68ea960260045b12
Certificate serial:       018CC8DF761BCF85956AA4E3935C23CFBF54
Authority key identifier: A2:9D:97:51:F3:67:5F:51:33:27:34:DA:68:EA:96:02:60:04:5B:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/op2XUfNnX1EzJzTaaOqWAmAEWxI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/e64398-9601-4b7c-b783-079ba0570f75/1/uAkyPz2FoGqErHRq64ixWZHBaHY.roa
Signing time:             Tue 02 Jan 2024 06:32:17 +0000
ROA not before:           Tue 02 Jan 2024 06:32:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49037
IP address blocks:        93.185.144.0/20 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/e64398-9601-4b7c-b783-079ba0570f75/1/op2XUfNnX1EzJzTaaOqWAmAEWxI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/e64398-9601-4b7c-b783-079ba0570f75/1/op2XUfNnX1EzJzTaaOqWAmAEWxI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/op2XUfNnX1EzJzTaaOqWAmAEWxI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 07:03:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:76:1b:cf:85:95:6a:a4:e3:93:5c:23:cf:bf:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a29d9751f3675f51332734da68ea960260045b12
        Validity
            Not Before: Jan  2 06:32:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b809323f3d85a06a84ac746aeb88b15991c16876
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:08:dd:0f:6d:bc:69:a2:e3:a0:4e:a8:68:72:
                    5b:d9:14:ea:a7:8c:81:fb:2f:74:6f:bc:b1:41:dd:
                    d7:fb:d2:c6:43:fe:8e:a2:68:14:36:67:7c:49:e4:
                    45:cf:4c:52:09:0e:1a:41:b9:f4:98:d4:90:da:f7:
                    b5:b2:ca:af:e8:47:2b:6d:57:7a:e3:c7:87:97:01:
                    d6:50:86:02:c1:dd:48:3a:cb:d1:b9:60:32:2d:21:
                    80:d4:7b:bc:10:c2:28:75:c0:7f:83:0f:f2:f8:4f:
                    60:51:bd:51:41:7d:df:94:38:d8:41:1c:71:1c:4e:
                    9b:07:ae:0d:34:9c:97:44:1c:8d:a2:ea:c6:08:bf:
                    11:e4:34:9b:3e:b0:61:f6:43:29:e0:94:3c:3a:25:
                    a9:2d:c7:96:d4:a4:8e:c6:62:89:a4:33:22:97:2c:
                    78:39:be:4b:40:49:e3:f7:ab:a7:33:39:3f:02:0e:
                    59:4f:e1:12:d3:d9:71:ab:60:b4:97:00:9d:7f:e4:
                    34:b1:cd:48:41:fe:cb:7c:e8:59:0f:1a:87:be:25:
                    45:2a:42:cc:ec:5f:d0:6d:87:18:0a:f6:d4:19:a5:
                    d3:ba:c9:66:d8:23:b0:4a:77:01:49:a4:76:51:23:
                    a4:a9:0d:1b:fc:27:f1:95:d7:1c:44:aa:25:3b:b2:
                    48:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:09:32:3F:3D:85:A0:6A:84:AC:74:6A:EB:88:B1:59:91:C1:68:76
            X509v3 Authority Key Identifier:
                keyid:A2:9D:97:51:F3:67:5F:51:33:27:34:DA:68:EA:96:02:60:04:5B:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/op2XUfNnX1EzJzTaaOqWAmAEWxI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/e64398-9601-4b7c-b783-079ba0570f75/1/uAkyPz2FoGqErHRq64ixWZHBaHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/e64398-9601-4b7c-b783-079ba0570f75/1/op2XUfNnX1EzJzTaaOqWAmAEWxI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.185.144.0/20

    Signature Algorithm: sha256WithRSAEncryption
         3b:24:fb:bb:47:16:6c:5e:3e:bb:01:2d:56:9b:81:45:11:8b:
         19:a8:ee:93:42:df:32:db:4e:76:d1:91:11:8c:e0:ee:9b:4c:
         98:91:1e:03:cd:33:77:aa:b7:6b:5f:ca:91:de:04:c7:01:20:
         cb:53:a0:0a:0d:cc:10:f5:cb:60:21:bb:3f:a2:85:fc:93:12:
         55:5a:b7:e0:92:7a:d7:7b:11:89:b5:4b:b3:19:e5:de:62:7d:
         e3:37:8e:fd:19:13:ba:8e:39:ad:7d:b0:78:df:d5:21:13:fb:
         42:d8:4f:f3:7e:fd:c8:9a:fc:0f:45:60:85:da:cf:a2:96:b9:
         b5:77:15:32:4a:45:47:cf:40:b6:06:11:eb:fd:81:7b:ad:5d:
         36:35:87:b3:86:b5:f7:da:57:43:7c:96:5f:a6:dc:1a:e6:00:
         cb:72:0a:e9:7a:7d:01:49:c0:5d:15:79:c7:fe:a1:e2:1d:ad:
         24:3c:67:91:17:84:22:96:9a:6b:d5:99:38:0f:1b:82:43:49:
         3c:32:0b:d2:85:e2:3f:dc:4e:01:34:ed:35:2d:27:16:cc:0f:
         bc:8f:dc:b2:95:da:74:de:77:20:f2:6f:4a:6e:b7:1c:6e:18:
         87:13:e7:f7:df:0c:da:e4:4c:b7:e4:57:2b:5f:e6:83:50:ba:
         04:92:be:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI33Ybz4WVaqTjk1wjz79UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyOWQ5NzUxZjM2NzVmNTEzMzI3MzRkYTY4ZWE5NjAyNjAw
NDViMTIwHhcNMjQwMTAyMDYzMjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODA5MzIzZjNkODVhMDZhODRhYzc0NmFlYjg4YjE1OTkxYzE2ODc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwjdD228aaLjoE6oaHJb2RTqp4yB
+y90b7yxQd3X+9LGQ/6OomgUNmd8SeRFz0xSCQ4aQbn0mNSQ2ve1ssqv6EcrbVd6
48eHlwHWUIYCwd1IOsvRuWAyLSGA1Hu8EMIodcB/gw/y+E9gUb1RQX3flDjYQRxx
HE6bB64NNJyXRByNourGCL8R5DSbPrBh9kMp4JQ8OiWpLceW1KSOxmKJpDMilyx4
Ob5LQEnj96unMzk/Ag5ZT+ES09lxq2C0lwCdf+Q0sc1IQf7LfOhZDxqHviVFKkLM
7F/QbYcYCvbUGaXTuslm2COwSncBSaR2USOkqQ0b/CfxldccRKolO7JIRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLgJMj89haBqhKx0auuIsVmRwWh2MB8GA1UdIwQY
MBaAFKKdl1HzZ19RMyc02mjqlgJgBFsSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3AyWFVmTm5YMUV6SnpUYWFPcVdBbUFFV3hJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9lNjQzOTgtOTYwMS00YjdjLWI3ODMt
MDc5YmEwNTcwZjc1LzEvdUFreVB6MkZvR3FFckhScTY0aXhXWkhCYUhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9lNjQzOTgtOTYwMS00YjdjLWI3ODMtMDc5YmEwNTcwZjc1
LzEvb3AyWFVmTm5YMUV6SnpUYWFPcVdBbUFFV3hJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEXbmQMA0G
CSqGSIb3DQEBCwUAA4IBAQA7JPu7RxZsXj67AS1Wm4FFEYsZqO6TQt8y20520ZER
jODum0yYkR4DzTN3qrdrX8qR3gTHASDLU6AKDcwQ9ctgIbs/ooX8kxJVWrfgknrX
exGJtUuzGeXeYn3jN479GRO6jjmtfbB439UhE/tC2E/zfv3ImvwPRWCF2s+ilrm1
dxUySkVHz0C2BhHr/YF7rV02NYezhrX32ldDfJZfptwa5gDLcgrpen0BScBdFXnH
/qHiHa0kPGeRF4Qilppr1Zk4DxuCQ0k8MgvSheI/3E4BNO01LScWzA+8j9yyldp0
3ncg8m9KbrccbhiHE+f33wza5Ey35FcrX+aDULoEkr52
-----END CERTIFICATE-----