Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/c01306-66f5-4209-8c88-2db691b1d4ab/1/UOTWrjU9h5hDScznEdnlyFoQCJU.roa
File:                     UOTWrjU9h5hDScznEdnlyFoQCJU.roa (raw, json)
Hash identifier:          grDO8mpgZurLld6qE/UyetGsVzAOmBIjOa9F+xnFFVQ=
Subject key identifier:   50:E4:D6:AE:35:3D:87:98:43:49:CC:E7:11:D9:E5:C8:5A:10:08:95
Certificate issuer:       /CN=8300996c08890bd5e1e6dd0528217d28f9d09355
Certificate serial:       018CC4254056B57CEA69DE11D10155CBF200
Authority key identifier: 83:00:99:6C:08:89:0B:D5:E1:E6:DD:05:28:21:7D:28:F9:D0:93:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gwCZbAiJC9Xh5t0FKCF9KPnQk1U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/c01306-66f5-4209-8c88-2db691b1d4ab/1/UOTWrjU9h5hDScznEdnlyFoQCJU.roa
Signing time:             Mon 01 Jan 2024 08:30:24 +0000
ROA not before:           Mon 01 Jan 2024 08:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197422
IP address blocks:        185.119.168.0/22 maxlen: 24
                          91.224.148.0/23 maxlen: 24
                          2a03:7220::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/c01306-66f5-4209-8c88-2db691b1d4ab/1/gwCZbAiJC9Xh5t0FKCF9KPnQk1U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/c01306-66f5-4209-8c88-2db691b1d4ab/1/gwCZbAiJC9Xh5t0FKCF9KPnQk1U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gwCZbAiJC9Xh5t0FKCF9KPnQk1U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:40:56:b5:7c:ea:69:de:11:d1:01:55:cb:f2:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8300996c08890bd5e1e6dd0528217d28f9d09355
        Validity
            Not Before: Jan  1 08:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=50e4d6ae353d87984349cce711d9e5c85a100895
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:11:d0:0e:ac:47:d0:3a:0f:b7:7e:be:a2:98:
                    c1:76:5c:c4:94:22:44:5d:67:4b:34:2c:60:b8:d3:
                    5a:ed:f1:d7:f2:ef:ad:fe:b8:16:97:08:49:d9:67:
                    7f:f3:a2:2f:de:02:1f:17:c8:e8:15:63:09:66:74:
                    76:ff:9c:eb:0b:22:a5:40:f5:17:31:ec:28:f3:34:
                    7a:ff:61:0b:b9:92:e6:ec:33:1f:8e:95:06:7d:6b:
                    1d:79:7b:09:05:0e:11:d6:43:81:5d:3d:27:dc:70:
                    9d:fa:ed:54:7f:28:fe:2a:2a:af:04:77:d4:80:6d:
                    6e:c7:ba:80:79:b8:ff:e3:d5:ca:57:cb:f9:4c:ec:
                    94:2d:d8:59:4f:1b:70:af:33:94:d2:1f:c5:f8:6a:
                    59:74:18:8a:36:e0:7c:1a:42:55:c3:97:96:9c:b7:
                    6f:08:7f:59:e1:54:10:6a:bd:7a:30:91:b1:ca:e8:
                    87:2f:eb:79:54:7b:71:c2:c4:88:82:5b:01:f7:93:
                    d4:7c:ae:6f:fa:25:cd:3d:cf:c7:b7:47:7b:44:8a:
                    80:40:d7:8d:2c:1b:e4:76:df:ff:2b:b3:d2:32:fa:
                    5a:fa:26:8d:c5:01:4d:c4:ce:a0:93:e2:d9:05:f1:
                    0f:7e:b0:13:ed:4a:cc:c1:2d:56:aa:46:b4:cb:98:
                    76:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:E4:D6:AE:35:3D:87:98:43:49:CC:E7:11:D9:E5:C8:5A:10:08:95
            X509v3 Authority Key Identifier:
                keyid:83:00:99:6C:08:89:0B:D5:E1:E6:DD:05:28:21:7D:28:F9:D0:93:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gwCZbAiJC9Xh5t0FKCF9KPnQk1U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/c01306-66f5-4209-8c88-2db691b1d4ab/1/UOTWrjU9h5hDScznEdnlyFoQCJU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/c01306-66f5-4209-8c88-2db691b1d4ab/1/gwCZbAiJC9Xh5t0FKCF9KPnQk1U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.148.0/23
                  185.119.168.0/22
                IPv6:
                  2a03:7220::/29

    Signature Algorithm: sha256WithRSAEncryption
         76:77:84:6d:9e:38:15:a1:86:ea:e8:1c:fa:62:76:01:25:85:
         a1:57:45:95:1c:7e:b5:5d:d8:e7:32:eb:ca:de:e1:23:d6:22:
         4c:3c:4f:89:4d:71:b3:ed:5a:29:c8:aa:45:ff:09:86:57:7b:
         48:45:d6:2f:af:d6:fd:1f:a3:f3:fc:c3:d6:46:da:a7:e5:2a:
         99:1f:28:62:73:69:8c:89:c5:1d:50:29:ca:9e:f4:1c:f0:36:
         11:ff:57:cb:ac:f6:84:f0:c6:73:63:4e:91:ec:61:72:f9:ef:
         2c:28:3a:be:83:c1:53:d4:50:fe:80:f2:d1:21:85:90:d3:26:
         60:27:da:81:11:8f:98:5d:9d:71:da:ba:a3:36:e8:da:23:7d:
         0a:b4:98:b7:81:e6:ab:0f:e1:96:1b:2b:2f:78:52:de:76:83:
         59:3d:91:ad:af:ec:88:6e:69:46:3c:fd:47:69:86:e2:9c:9f:
         ce:51:60:ba:d1:ae:50:0d:4b:e8:c8:24:6f:89:4f:0c:f8:33:
         e1:69:e8:0e:6e:4b:93:4e:08:2a:c0:87:dc:49:54:31:89:ef:
         36:8d:0d:9b:b9:de:24:bc:53:25:3d:5e:7c:63:9a:55:e7:47:
         80:9b:a6:ae:8e:b9:af:52:a5:50:2e:d6:c5:0e:21:0b:ef:2f:
         72:85:16:0b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzEJUBWtXzqad4R0QFVy/IAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMDA5OTZjMDg4OTBiZDVlMWU2ZGQwNTI4MjE3ZDI4Zjlk
MDkzNTUwHhcNMjQwMTAxMDgzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGU0ZDZhZTM1M2Q4Nzk4NDM0OWNjZTcxMWQ5ZTVjODVhMTAwODk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2hHQDqxH0DoPt36+opjBdlzElCJE
XWdLNCxguNNa7fHX8u+t/rgWlwhJ2Wd/86Iv3gIfF8joFWMJZnR2/5zrCyKlQPUX
Mewo8zR6/2ELuZLm7DMfjpUGfWsdeXsJBQ4R1kOBXT0n3HCd+u1Ufyj+KiqvBHfU
gG1ux7qAebj/49XKV8v5TOyULdhZTxtwrzOU0h/F+GpZdBiKNuB8GkJVw5eWnLdv
CH9Z4VQQar16MJGxyuiHL+t5VHtxwsSIglsB95PUfK5v+iXNPc/Ht0d7RIqAQNeN
LBvkdt//K7PSMvpa+iaNxQFNxM6gk+LZBfEPfrAT7UrMwS1Wqka0y5h20wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFDk1q41PYeYQ0nM5xHZ5chaEAiVMB8GA1UdIwQY
MBaAFIMAmWwIiQvV4ebdBSghfSj50JNVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3dDWmJBaUpDOVhoNXQwRktDRjlLUG5RazFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy9jMDEzMDYtNjZmNS00MjA5LThjODgt
MmRiNjkxYjFkNGFiLzEvVU9UV3JqVTloNWhEU2N6bkVkbmx5Rm9RQ0pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy9jMDEzMDYtNjZmNS00MjA5LThjODgtMmRiNjkxYjFkNGFi
LzEvZ3dDWmJBaUpDOVhoNXQwRktDRjlLUG5RazFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBW+CUAwQC
uXeoMA0EAgACMAcDBQMqA3IgMA0GCSqGSIb3DQEBCwUAA4IBAQB2d4RtnjgVoYbq
6Bz6YnYBJYWhV0WVHH61XdjnMuvK3uEj1iJMPE+JTXGz7VopyKpF/wmGV3tIRdYv
r9b9H6Pz/MPWRtqn5SqZHyhic2mMicUdUCnKnvQc8DYR/1fLrPaE8MZzY06R7GFy
+e8sKDq+g8FT1FD+gPLRIYWQ0yZgJ9qBEY+YXZ1x2rqjNujaI30KtJi3gearD+GW
GysveFLedoNZPZGtr+yIbmlGPP1HaYbinJ/OUWC60a5QDUvoyCRviU8M+DPhaegO
bkuTTggqwIfcSVQxie82jQ2bud4kvFMlPV58Y5pV50eAm6aujrmvUqVQLtbFDiEL
7y9yhRYL
-----END CERTIFICATE-----