Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/844769-cb3e-45cd-9165-687ae6fba3ad/1/uuP8C8pmmecPaA_3_tnr8ocmk3Q.roa
File:                     uuP8C8pmmecPaA_3_tnr8ocmk3Q.roa (raw, json)
Hash identifier:          orNJ9pT3NinT9ZTfi5iQPIBQpMkr3mM83VZErVrX7gM=
Subject key identifier:   BA:E3:FC:0B:CA:66:99:E7:0F:68:0F:F7:FE:D9:EB:F2:87:26:93:74
Certificate issuer:       /CN=733683cb856d6d9ff58e287e8a905d292dca6b34
Certificate serial:       018E79F0C1F033C9CAF8C09A83B7B60BCEC9
Authority key identifier: 73:36:83:CB:85:6D:6D:9F:F5:8E:28:7E:8A:90:5D:29:2D:CA:6B:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/czaDy4VtbZ_1jih-ipBdKS3KazQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/844769-cb3e-45cd-9165-687ae6fba3ad/1/uuP8C8pmmecPaA_3_tnr8ocmk3Q.roa
Signing time:             Tue 26 Mar 2024 08:46:45 +0000
ROA not before:           Tue 26 Mar 2024 08:46:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206080
IP address blocks:        185.113.124.0/23 maxlen: 24
                          2a0a:9900::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/844769-cb3e-45cd-9165-687ae6fba3ad/1/czaDy4VtbZ_1jih-ipBdKS3KazQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/844769-cb3e-45cd-9165-687ae6fba3ad/1/czaDy4VtbZ_1jih-ipBdKS3KazQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/czaDy4VtbZ_1jih-ipBdKS3KazQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:79:f0:c1:f0:33:c9:ca:f8:c0:9a:83:b7:b6:0b:ce:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=733683cb856d6d9ff58e287e8a905d292dca6b34
        Validity
            Not Before: Mar 26 08:46:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bae3fc0bca6699e70f680ff7fed9ebf287269374
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:5d:fc:84:5a:bf:a1:ae:48:fd:b0:7e:75:7f:
                    f8:46:b6:21:b6:27:b3:d8:c7:94:71:45:50:35:25:
                    b2:32:54:ab:83:5b:ae:e8:ad:44:43:60:a8:86:fd:
                    a9:be:dd:18:c8:3e:41:31:ac:d8:55:9b:40:42:6c:
                    8d:9d:65:a3:f6:05:a3:3f:0f:96:38:dd:c4:bc:96:
                    d7:84:77:f5:98:18:73:6a:95:cd:36:82:81:40:d7:
                    0d:06:b8:f7:53:9b:10:2d:c1:80:33:da:50:0c:48:
                    68:08:80:c9:fe:3a:61:55:96:5e:d0:ec:af:55:da:
                    58:22:2c:b5:db:ee:c2:3d:80:67:fe:67:be:78:f5:
                    d0:b8:d3:9e:ff:3f:b5:96:80:86:e2:6f:74:f3:79:
                    7f:7f:54:f9:5e:d2:2b:0e:dc:ca:43:c1:f4:26:42:
                    a3:2b:87:da:55:28:8c:c5:c6:8e:e1:ba:7b:42:69:
                    7e:71:e3:05:59:52:6b:00:e0:2d:e9:db:f6:2c:d8:
                    0d:d1:92:28:0f:db:0d:ac:56:ae:80:72:f3:d3:00:
                    4e:4c:ea:7a:ae:d2:10:9d:4a:52:9d:12:fc:3f:95:
                    1d:4a:39:5b:c4:6b:62:7a:3b:88:0d:ec:e7:33:7c:
                    83:1f:28:eb:af:0c:8b:e3:85:89:06:39:45:55:ff:
                    b3:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:E3:FC:0B:CA:66:99:E7:0F:68:0F:F7:FE:D9:EB:F2:87:26:93:74
            X509v3 Authority Key Identifier:
                keyid:73:36:83:CB:85:6D:6D:9F:F5:8E:28:7E:8A:90:5D:29:2D:CA:6B:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/czaDy4VtbZ_1jih-ipBdKS3KazQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/844769-cb3e-45cd-9165-687ae6fba3ad/1/uuP8C8pmmecPaA_3_tnr8ocmk3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/844769-cb3e-45cd-9165-687ae6fba3ad/1/czaDy4VtbZ_1jih-ipBdKS3KazQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.113.124.0/23
                IPv6:
                  2a0a:9900::/29

    Signature Algorithm: sha256WithRSAEncryption
         76:4b:2b:ef:02:a5:64:b7:50:81:d2:8a:55:44:aa:9f:a7:ad:
         c2:3f:5b:6b:cf:33:13:19:d9:7d:2b:f3:09:ff:84:00:0d:7a:
         8e:c2:d5:a0:dd:4b:ed:33:e0:42:09:9a:1b:f4:ad:06:16:d3:
         7a:e3:b1:e4:c1:df:0c:4f:42:01:a1:30:bd:c3:79:50:36:61:
         d5:93:fe:08:7b:f6:38:51:38:1c:74:04:98:94:63:13:7b:67:
         05:e6:bc:5e:cb:c6:d8:6a:57:11:30:bb:2b:1a:21:70:fc:33:
         72:75:70:ed:f3:c6:28:0a:18:77:3c:97:03:06:b3:1f:40:d8:
         40:c8:ed:cf:f8:9f:ea:02:5c:3e:60:17:ac:93:1a:2f:03:ea:
         3f:54:f1:42:c3:2a:c3:7f:f5:70:83:61:cb:96:ef:3d:27:a2:
         58:c3:d4:26:de:94:e5:14:c0:94:57:90:91:ad:96:02:5c:6e:
         f7:0b:4a:7d:a9:27:7b:da:dd:78:25:16:8c:2b:3e:7c:e3:89:
         1c:79:3a:bf:2d:f0:47:96:64:5e:2c:cf:24:3b:55:c1:48:46:
         f8:12:49:d7:c9:9e:70:47:14:f8:f1:e0:90:f7:1c:e1:5c:f9:
         59:0f:c8:d3:79:70:ab:a5:d9:1d:b1:22:89:8e:d4:9a:78:a2:
         c7:8e:90:41
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY558MHwM8nK+MCag7e2C87JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczMzY4M2NiODU2ZDZkOWZmNThlMjg3ZThhOTA1ZDI5MmRj
YTZiMzQwHhcNMjQwMzI2MDg0NjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWUzZmMwYmNhNjY5OWU3MGY2ODBmZjdmZWQ5ZWJmMjg3MjY5Mzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjF38hFq/oa5I/bB+dX/4RrYhtiez
2MeUcUVQNSWyMlSrg1uu6K1EQ2Cohv2pvt0YyD5BMazYVZtAQmyNnWWj9gWjPw+W
ON3EvJbXhHf1mBhzapXNNoKBQNcNBrj3U5sQLcGAM9pQDEhoCIDJ/jphVZZe0Oyv
VdpYIiy12+7CPYBn/me+ePXQuNOe/z+1loCG4m9083l/f1T5XtIrDtzKQ8H0JkKj
K4faVSiMxcaO4bp7Qml+ceMFWVJrAOAt6dv2LNgN0ZIoD9sNrFaugHLz0wBOTOp6
rtIQnUpSnRL8P5UdSjlbxGtiejuIDeznM3yDHyjrrwyL44WJBjlFVf+zJQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLrj/AvKZpnnD2gP9/7Z6/KHJpN0MB8GA1UdIwQY
MBaAFHM2g8uFbW2f9Y4ofoqQXSktyms0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3phRHk0VnRiWl8xamloLWlwQmRLUzNLYXpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS84NDQ3NjktY2IzZS00NWNkLTkxNjUt
Njg3YWU2ZmJhM2FkLzEvdXVQOEM4cG1tZWNQYUFfM190bnI4b2NtazNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS84NDQ3NjktY2IzZS00NWNkLTkxNjUtNjg3YWU2ZmJhM2Fk
LzEvY3phRHk0VnRiWl8xamloLWlwQmRLUzNLYXpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBuXF8MA0E
AgACMAcDBQMqCpkAMA0GCSqGSIb3DQEBCwUAA4IBAQB2SyvvAqVkt1CB0opVRKqf
p63CP1trzzMTGdl9K/MJ/4QADXqOwtWg3UvtM+BCCZob9K0GFtN647Hkwd8MT0IB
oTC9w3lQNmHVk/4Ie/Y4UTgcdASYlGMTe2cF5rxey8bYalcRMLsrGiFw/DNydXDt
88YoChh3PJcDBrMfQNhAyO3P+J/qAlw+YBeskxovA+o/VPFCwyrDf/Vwg2HLlu89
J6JYw9Qm3pTlFMCUV5CRrZYCXG73C0p9qSd72t14JRaMKz5844kceTq/LfBHlmRe
LM8kO1XBSEb4EknXyZ5wRxT48eCQ9xzhXPlZD8jTeXCrpdkdsSKJjtSaeKLHjpBB
-----END CERTIFICATE-----