Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/ca8e58-8afd-493b-a916-e05aa513e5dd/1/UyvAd9pVSZYRTJEQM4Nins67arw.roa
File:                     UyvAd9pVSZYRTJEQM4Nins67arw.roa (raw, json)
Hash identifier:          76Wes8iyJIR4wKrAlcL63tsy8Jio7k8TJO8ljDp7AY8=
Subject key identifier:   53:2B:C0:77:DA:55:49:96:11:4C:91:10:33:83:62:9E:CE:BB:6A:BC
Certificate issuer:       /CN=04a7f9072e8b3004ba08681fb1ef88c03f620a88
Certificate serial:       018CC56DFF307FDD0B6E22A3D844A1FACE4C
Authority key identifier: 04:A7:F9:07:2E:8B:30:04:BA:08:68:1F:B1:EF:88:C0:3F:62:0A:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BKf5By6LMAS6CGgfse-IwD9iCog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/ca8e58-8afd-493b-a916-e05aa513e5dd/1/UyvAd9pVSZYRTJEQM4Nins67arw.roa
Signing time:             Mon 01 Jan 2024 14:29:29 +0000
ROA not before:           Mon 01 Jan 2024 14:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210161
IP address blocks:        87.101.84.0/22 maxlen: 22
                          87.101.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/ca8e58-8afd-493b-a916-e05aa513e5dd/1/BKf5By6LMAS6CGgfse-IwD9iCog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/ca8e58-8afd-493b-a916-e05aa513e5dd/1/BKf5By6LMAS6CGgfse-IwD9iCog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BKf5By6LMAS6CGgfse-IwD9iCog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:ff:30:7f:dd:0b:6e:22:a3:d8:44:a1:fa:ce:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04a7f9072e8b3004ba08681fb1ef88c03f620a88
        Validity
            Not Before: Jan  1 14:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=532bc077da554996114c91103383629ecebb6abc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:1c:57:11:a6:b3:ed:ff:38:04:7d:7c:97:9d:
                    15:77:db:2c:88:10:51:3e:ec:76:98:b6:de:09:2d:
                    a7:f8:1a:be:86:5c:eb:c7:fc:4b:5e:b5:73:c7:8e:
                    9b:e4:1f:d9:cd:cb:22:75:6e:db:8a:b3:05:de:fd:
                    21:bb:eb:6c:af:0a:12:98:e7:3d:2f:96:d0:d1:da:
                    30:8a:87:d0:92:2d:8c:cb:4a:a4:a3:a6:df:34:eb:
                    03:da:17:8c:63:67:b9:16:d0:77:89:b8:72:92:b1:
                    ed:0f:61:38:25:de:aa:31:2f:ca:b8:e9:d7:a9:d8:
                    f0:0a:e5:08:4c:5a:3f:a9:fd:03:f3:cb:83:5e:94:
                    0f:ac:bf:4d:d0:6d:fa:39:73:d6:c3:9b:e8:4b:01:
                    69:4f:55:8a:60:5b:05:2a:3d:13:36:61:2b:12:4b:
                    f7:c8:50:4b:39:58:5b:ca:71:53:b6:29:cf:a9:b4:
                    17:fe:69:d4:0a:e2:08:25:f9:3b:5f:01:ee:b7:12:
                    2c:73:67:10:17:58:d8:01:89:a1:c1:a3:d2:96:4f:
                    21:41:2b:3f:cc:82:d2:69:a7:07:99:ac:dd:e2:8c:
                    be:af:23:ec:23:c4:9e:d4:02:7e:37:0d:78:7b:42:
                    d0:18:4f:f6:c4:96:c0:88:4f:6b:f3:cd:72:7a:b6:
                    10:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:2B:C0:77:DA:55:49:96:11:4C:91:10:33:83:62:9E:CE:BB:6A:BC
            X509v3 Authority Key Identifier:
                keyid:04:A7:F9:07:2E:8B:30:04:BA:08:68:1F:B1:EF:88:C0:3F:62:0A:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BKf5By6LMAS6CGgfse-IwD9iCog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/ca8e58-8afd-493b-a916-e05aa513e5dd/1/UyvAd9pVSZYRTJEQM4Nins67arw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/ca8e58-8afd-493b-a916-e05aa513e5dd/1/BKf5By6LMAS6CGgfse-IwD9iCog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.101.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0f:77:bd:d2:b7:8a:c4:eb:99:bf:08:9d:a1:3e:1f:d2:75:a5:
         23:c5:64:de:0c:ab:07:08:aa:ae:95:54:d7:90:92:ca:7f:68:
         8c:12:80:32:8f:a5:0d:58:8a:bb:7b:cb:a6:b4:ef:d0:18:cc:
         89:5d:57:84:83:c0:2e:82:cc:cd:d8:25:15:53:53:6f:4c:d4:
         26:34:ac:12:ae:b8:5a:53:b7:08:02:20:04:bf:cb:75:2d:bb:
         ec:ae:25:80:58:86:d7:4d:11:b4:a5:ae:5e:cb:1c:e2:7e:89:
         40:15:36:4f:57:6d:80:5c:30:9b:73:fb:e3:7b:e6:8d:97:eb:
         22:a9:08:2c:c5:07:5a:f0:df:d2:10:ae:a4:f3:d5:1a:c2:0c:
         e8:31:d4:fb:a1:e9:aa:fd:db:04:6f:1e:8c:17:87:be:76:67:
         2d:ce:ff:ea:c7:b0:46:25:ec:56:84:4f:12:18:7a:a8:2d:73:
         57:d3:99:1c:05:a0:84:18:79:90:cc:c2:8e:df:9b:29:6e:63:
         34:bb:29:20:68:e8:0d:d4:d2:1a:30:d7:bb:64:ac:e5:20:90:
         24:60:85:51:e8:83:67:8a:a8:8e:26:65:37:1a:80:66:09:38:
         a2:ec:a2:38:4c:04:96:a1:81:98:f9:6f:22:5a:0d:15:2c:8f:
         1f:0c:9b:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbf8wf90LbiKj2ESh+s5MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0YTdmOTA3MmU4YjMwMDRiYTA4NjgxZmIxZWY4OGMwM2Y2
MjBhODgwHhcNMjQwMTAxMTQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzJiYzA3N2RhNTU0OTk2MTE0YzkxMTAzMzgzNjI5ZWNlYmI2YWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxRxXEaaz7f84BH18l50Vd9ssiBBR
Pux2mLbeCS2n+Bq+hlzrx/xLXrVzx46b5B/ZzcsidW7birMF3v0hu+tsrwoSmOc9
L5bQ0dowiofQki2My0qko6bfNOsD2heMY2e5FtB3ibhykrHtD2E4Jd6qMS/KuOnX
qdjwCuUITFo/qf0D88uDXpQPrL9N0G36OXPWw5voSwFpT1WKYFsFKj0TNmErEkv3
yFBLOVhbynFTtinPqbQX/mnUCuIIJfk7XwHutxIsc2cQF1jYAYmhwaPSlk8hQSs/
zILSaacHmazd4oy+ryPsI8Se1AJ+Nw14e0LQGE/2xJbAiE9r881yerYQFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFMrwHfaVUmWEUyREDODYp7Ou2q8MB8GA1UdIwQY
MBaAFASn+QcuizAEughoH7HviMA/YgqIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQktmNUJ5NkxNQVM2Q0dnZnNlLUl3RDlpQ29nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS9jYThlNTgtOGFmZC00OTNiLWE5MTYt
ZTA1YWE1MTNlNWRkLzEvVXl2QWQ5cFZTWllSVEpFUU00TmluczY3YXJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS9jYThlNTgtOGFmZC00OTNiLWE5MTYtZTA1YWE1MTNlNWRk
LzEvQktmNUJ5NkxNQVM2Q0dnZnNlLUl3RDlpQ29nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCV2VUMA0G
CSqGSIb3DQEBCwUAA4IBAQAPd73St4rE65m/CJ2hPh/SdaUjxWTeDKsHCKqulVTX
kJLKf2iMEoAyj6UNWIq7e8umtO/QGMyJXVeEg8AugszN2CUVU1NvTNQmNKwSrrha
U7cIAiAEv8t1LbvsriWAWIbXTRG0pa5eyxzifolAFTZPV22AXDCbc/vje+aNl+si
qQgsxQda8N/SEK6k89UawgzoMdT7oemq/dsEbx6MF4e+dmctzv/qx7BGJexWhE8S
GHqoLXNX05kcBaCEGHmQzMKO35spbmM0uykgaOgN1NIaMNe7ZKzlIJAkYIVR6INn
iqiOJmU3GoBmCTii7KI4TASWoYGY+W8iWg0VLI8fDJvS
-----END CERTIFICATE-----