Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/7c0c57-15a8-4307-850d-e021f8ce6c51/1/uFRXh251IBltMV_cu-qhDZkrK0Q.roa
File:                     uFRXh251IBltMV_cu-qhDZkrK0Q.roa (raw, json)
Hash identifier:          9jOUEX6JKFnNNVAFD74QHzTpo5qkVhQ6+hLs9o49OcI=
Subject key identifier:   B8:54:57:87:6E:75:20:19:6D:31:5F:DC:BB:EA:A1:0D:99:2B:2B:44
Certificate issuer:       /CN=7755cd8be71e29e72d9690c7cd4087b5f26116f0
Certificate serial:       018CC5DC6742245032051B9BB3A059D67AA8
Authority key identifier: 77:55:CD:8B:E7:1E:29:E7:2D:96:90:C7:CD:40:87:B5:F2:61:16:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d1XNi-ceKectlpDHzUCHtfJhFvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/7c0c57-15a8-4307-850d-e021f8ce6c51/1/uFRXh251IBltMV_cu-qhDZkrK0Q.roa
Signing time:             Mon 01 Jan 2024 16:30:05 +0000
ROA not before:           Mon 01 Jan 2024 16:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5406
IP address blocks:        193.53.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/7c0c57-15a8-4307-850d-e021f8ce6c51/1/d1XNi-ceKectlpDHzUCHtfJhFvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/7c0c57-15a8-4307-850d-e021f8ce6c51/1/d1XNi-ceKectlpDHzUCHtfJhFvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d1XNi-ceKectlpDHzUCHtfJhFvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 04:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:67:42:24:50:32:05:1b:9b:b3:a0:59:d6:7a:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7755cd8be71e29e72d9690c7cd4087b5f26116f0
        Validity
            Not Before: Jan  1 16:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b85457876e7520196d315fdcbbeaa10d992b2b44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:31:55:ed:41:21:11:f9:cb:ca:1d:22:8d:f7:
                    0f:58:15:e0:c8:f3:18:4a:07:c7:b2:5a:ec:09:d9:
                    98:23:df:8f:9b:15:ba:bf:33:ee:77:99:84:d4:de:
                    10:e7:f7:9d:ce:aa:c3:df:89:ef:b9:b1:75:40:c9:
                    31:8d:52:2d:59:1f:0e:5c:40:fe:f1:2b:60:77:9d:
                    ac:25:ed:fc:84:45:3d:5c:a2:f8:64:71:ce:99:7d:
                    c9:97:bf:6f:ac:60:de:25:9f:3c:ab:b7:ed:3f:44:
                    93:74:c3:33:7f:7a:b2:8d:6f:01:e6:e1:2c:d7:25:
                    db:c8:64:ac:8b:01:32:09:d7:19:cb:7c:1e:1b:b3:
                    d4:b7:47:6a:06:bb:46:2e:26:cf:15:71:17:0a:cc:
                    8b:7c:5e:b9:6c:0c:18:59:cb:38:93:aa:16:c0:52:
                    15:e2:f1:39:39:bd:4d:64:9c:17:e0:bc:4c:df:b9:
                    51:84:c5:71:76:1c:0f:e8:46:e2:d2:1f:a9:41:66:
                    7f:7a:23:5c:b3:87:28:c3:43:cb:3c:5e:7d:26:c1:
                    2d:e7:e2:1d:09:a5:72:5b:20:2e:7b:2a:e0:11:d1:
                    fd:38:da:2a:8f:f5:5a:0e:ab:9f:36:13:9e:31:30:
                    9b:74:3b:b3:4f:64:70:8d:d9:00:7f:98:e5:5d:ae:
                    7b:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:54:57:87:6E:75:20:19:6D:31:5F:DC:BB:EA:A1:0D:99:2B:2B:44
            X509v3 Authority Key Identifier:
                keyid:77:55:CD:8B:E7:1E:29:E7:2D:96:90:C7:CD:40:87:B5:F2:61:16:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1XNi-ceKectlpDHzUCHtfJhFvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/7c0c57-15a8-4307-850d-e021f8ce6c51/1/uFRXh251IBltMV_cu-qhDZkrK0Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/7c0c57-15a8-4307-850d-e021f8ce6c51/1/d1XNi-ceKectlpDHzUCHtfJhFvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.53.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:83:b1:cd:c9:f8:c5:e5:b7:52:f2:61:db:02:d9:6f:43:bb:
         df:14:f3:b4:94:76:cb:eb:66:d1:81:52:ec:f8:25:56:a1:34:
         55:8b:57:53:c8:ac:38:61:0f:a5:58:df:ce:97:c1:b0:cf:53:
         0c:2f:a9:24:85:85:21:f5:ef:6c:ba:29:a9:f3:77:d0:9e:eb:
         57:79:c6:6c:fc:e9:19:b7:9c:35:18:fd:db:bc:39:3a:9e:9f:
         14:b2:5d:c1:18:cb:a2:24:72:a6:6f:51:3e:57:02:03:88:35:
         c1:9e:27:e0:4f:2f:f5:cd:77:8f:f4:b0:06:08:0a:b7:2b:3a:
         b2:23:19:11:19:77:02:e0:a4:6c:f8:a3:7c:03:64:05:8a:ef:
         0d:38:84:73:55:d4:52:2f:42:04:06:98:2a:b4:bb:b1:dd:49:
         2d:cb:39:01:d3:9f:bf:2e:53:bd:d1:00:26:b3:ae:a9:b5:fc:
         ed:0b:a7:72:8d:8d:56:8e:65:1a:25:cb:6d:96:36:79:62:1e:
         a3:25:8e:d5:ec:6d:4d:ab:17:59:3b:b6:41:8f:4b:a5:c9:cf:
         d7:3e:6d:c3:d6:4f:c5:1c:a9:9c:20:4c:2c:4c:87:44:ab:1c:
         a2:56:1f:b8:c5:fa:c3:2d:96:f6:1c:60:a3:4f:cf:91:da:a4:
         16:2b:36:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3GdCJFAyBRubs6BZ1nqoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3NTVjZDhiZTcxZTI5ZTcyZDk2OTBjN2NkNDA4N2I1ZjI2
MTE2ZjAwHhcNMjQwMTAxMTYzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODU0NTc4NzZlNzUyMDE5NmQzMTVmZGNiYmVhYTEwZDk5MmIyYjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyzFV7UEhEfnLyh0ijfcPWBXgyPMY
SgfHslrsCdmYI9+PmxW6vzPud5mE1N4Q5/edzqrD34nvubF1QMkxjVItWR8OXED+
8Stgd52sJe38hEU9XKL4ZHHOmX3Jl79vrGDeJZ88q7ftP0STdMMzf3qyjW8B5uEs
1yXbyGSsiwEyCdcZy3weG7PUt0dqBrtGLibPFXEXCsyLfF65bAwYWcs4k6oWwFIV
4vE5Ob1NZJwX4LxM37lRhMVxdhwP6Ebi0h+pQWZ/eiNcs4cow0PLPF59JsEt5+Id
CaVyWyAueyrgEdH9ONoqj/VaDqufNhOeMTCbdDuzT2RwjdkAf5jlXa57jQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLhUV4dudSAZbTFf3LvqoQ2ZKytEMB8GA1UdIwQY
MBaAFHdVzYvnHinnLZaQx81Ah7XyYRbwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDFYTmktY2VLZWN0bHBESHpVQ0h0ZkpoRnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My83YzBjNTctMTVhOC00MzA3LTg1MGQt
ZTAyMWY4Y2U2YzUxLzEvdUZSWGgyNTFJQmx0TVZfY3UtcWhEWmtySzBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My83YzBjNTctMTVhOC00MzA3LTg1MGQtZTAyMWY4Y2U2YzUx
LzEvZDFYTmktY2VLZWN0bHBESHpVQ0h0ZkpoRnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTV9MA0G
CSqGSIb3DQEBCwUAA4IBAQClg7HNyfjF5bdS8mHbAtlvQ7vfFPO0lHbL62bRgVLs
+CVWoTRVi1dTyKw4YQ+lWN/Ol8Gwz1MML6kkhYUh9e9suimp83fQnutXecZs/OkZ
t5w1GP3bvDk6np8Usl3BGMuiJHKmb1E+VwIDiDXBnifgTy/1zXeP9LAGCAq3Kzqy
IxkRGXcC4KRs+KN8A2QFiu8NOIRzVdRSL0IEBpgqtLux3UktyzkB05+/LlO90QAm
s66ptfztC6dyjY1WjmUaJcttljZ5Yh6jJY7V7G1NqxdZO7ZBj0ulyc/XPm3D1k/F
HKmcIEwsTIdEqxyiVh+4xfrDLZb2HGCjT8+R2qQWKzYb
-----END CERTIFICATE-----