Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/uyLzr0lNKusDt5k_MdYhqlyUNXg.roa
File:                     uyLzr0lNKusDt5k_MdYhqlyUNXg.roa (raw, json)
Hash identifier:          HoypJnoS/mMaeQke6hovbvRQG6HeqkqPx+ogcXiII0Y=
Subject key identifier:   BB:22:F3:AF:49:4D:2A:EB:03:B7:99:3F:31:D6:21:AA:5C:94:35:78
Certificate issuer:       /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial:       019203F741A385D2001E1DA4F6B48B11B846
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/uyLzr0lNKusDt5k_MdYhqlyUNXg.roa
Signing time:             Wed 18 Sep 2024 07:09:48 +0000
ROA not before:           Wed 18 Sep 2024 07:09:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        213.182.214.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 13:02:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:03:f7:41:a3:85:d2:00:1e:1d:a4:f6:b4:8b:11:b8:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
        Validity
            Not Before: Sep 18 07:09:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb22f3af494d2aeb03b7993f31d621aa5c943578
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:17:f0:53:de:9d:d4:bd:08:04:e2:51:a2:5c:
                    d0:0b:9f:ef:55:87:ff:b5:3b:50:d8:e8:86:88:ff:
                    e3:d8:be:25:63:32:ef:9d:40:79:87:49:66:a8:04:
                    44:9b:78:df:10:48:f3:99:86:88:8c:d6:5b:08:45:
                    ee:c1:3f:b2:a6:dd:54:a3:cb:eb:33:c7:30:a7:a4:
                    4f:f4:bc:ed:1c:cf:df:89:94:98:15:09:3b:99:c7:
                    04:fc:30:f5:d7:da:2e:59:28:df:29:76:56:26:bc:
                    0a:58:63:cc:02:36:29:b8:47:a1:13:d7:c5:36:25:
                    19:96:7b:87:36:9e:cf:b8:14:32:f8:77:31:3d:80:
                    a4:f2:f1:c7:57:d3:ef:58:cc:4c:33:6a:a5:f9:dc:
                    31:6d:cb:d7:8d:7a:0e:9b:d6:ba:41:de:35:16:91:
                    33:18:41:fe:e9:c0:22:12:71:23:5b:a6:13:64:24:
                    b6:0c:ed:57:3f:20:9f:6a:f4:13:7b:03:d0:3b:8b:
                    c4:b3:c5:c4:3d:c1:e4:74:8b:4a:fb:02:34:57:4f:
                    d2:c0:78:f3:0b:17:51:34:50:27:f1:7a:ac:9c:94:
                    ee:c1:72:73:95:2f:4c:0e:b8:f0:0e:10:69:8d:b3:
                    1b:fe:66:6b:05:b4:34:a7:ee:69:fc:31:15:88:2b:
                    15:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:22:F3:AF:49:4D:2A:EB:03:B7:99:3F:31:D6:21:AA:5C:94:35:78
            X509v3 Authority Key Identifier:
                keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/uyLzr0lNKusDt5k_MdYhqlyUNXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.182.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:7c:36:c4:15:e7:0b:d9:e0:98:e0:5f:b4:80:44:2d:91:7e:
         d4:7c:37:a0:ea:bb:ed:74:47:ff:66:77:43:99:9a:70:19:2a:
         03:03:75:77:36:ee:9f:6e:cd:04:de:0f:f2:da:01:6b:26:04:
         4e:cc:5a:35:26:56:fb:1a:6a:e1:e7:15:92:a0:a8:fc:ad:74:
         b3:4f:d6:0c:95:94:e2:fc:ce:83:e4:39:af:7f:00:63:46:92:
         c5:5a:d0:9a:b1:3e:d3:36:28:fd:2b:d3:79:ae:54:5b:5d:47:
         c8:aa:0e:05:8b:49:48:28:9e:20:2a:4c:52:f2:ca:f9:91:be:
         cf:d1:6c:60:b6:91:73:a9:66:63:c6:e8:e5:c4:fb:dd:f6:97:
         45:31:2a:f3:de:a7:c5:ff:bb:af:ce:38:54:44:53:0a:56:9c:
         65:d6:9e:ba:39:0f:2d:71:5d:8d:87:e1:11:8f:0e:af:78:70:
         84:56:6b:5b:ca:9a:20:16:b9:f3:ce:cb:80:0b:ed:ad:9a:d3:
         f6:b7:0a:3d:39:39:1f:e7:54:84:4e:71:f3:4e:3f:cb:3a:66:
         aa:9e:a4:df:4c:24:e6:1c:6b:cf:5b:af:c1:85:06:f1:d7:1e:
         ab:92:3c:c1:46:8f:22:d0:49:9e:40:ab:0e:ea:79:e3:25:10:
         a6:92:8c:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZID90GjhdIAHh2k9rSLEbhGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjQwOTE4MDcwOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjIyZjNhZjQ5NGQyYWViMDNiNzk5M2YzMWQ2MjFhYTVjOTQzNTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxhfwU96d1L0IBOJRolzQC5/vVYf/
tTtQ2OiGiP/j2L4lYzLvnUB5h0lmqAREm3jfEEjzmYaIjNZbCEXuwT+ypt1Uo8vr
M8cwp6RP9LztHM/fiZSYFQk7mccE/DD119ouWSjfKXZWJrwKWGPMAjYpuEehE9fF
NiUZlnuHNp7PuBQy+HcxPYCk8vHHV9PvWMxMM2ql+dwxbcvXjXoOm9a6Qd41FpEz
GEH+6cAiEnEjW6YTZCS2DO1XPyCfavQTewPQO4vEs8XEPcHkdItK+wI0V0/SwHjz
CxdRNFAn8XqsnJTuwXJzlS9MDrjwDhBpjbMb/mZrBbQ0p+5p/DEViCsVfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLsi869JTSrrA7eZPzHWIapclDV4MB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEvdXlMenIwbE5LdXNEdDVrX01kWWhxbHlVTlhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1bbWMA0G
CSqGSIb3DQEBCwUAA4IBAQAgfDbEFecL2eCY4F+0gEQtkX7UfDeg6rvtdEf/ZndD
mZpwGSoDA3V3Nu6fbs0E3g/y2gFrJgROzFo1Jlb7Gmrh5xWSoKj8rXSzT9YMlZTi
/M6D5DmvfwBjRpLFWtCasT7TNij9K9N5rlRbXUfIqg4Fi0lIKJ4gKkxS8sr5kb7P
0WxgtpFzqWZjxujlxPvd9pdFMSrz3qfF/7uvzjhURFMKVpxl1p66OQ8tcV2Nh+ER
jw6veHCEVmtbypogFrnzzsuAC+2tmtP2two9OTkf51SETnHzTj/LOmaqnqTfTCTm
HGvPW6/BhQbx1x6rkjzBRo8i0EmeQKsO6nnjJRCmkoyN
-----END CERTIFICATE-----