Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/54e797-dbe3-4945-a835-648b92276014/1/UkHvGiUCKcbdQEIeao5vbFNxNgY.roa
File:                     UkHvGiUCKcbdQEIeao5vbFNxNgY.roa (raw, json)
Hash identifier:          8kCoRMMYxnUg9T0df7b1WKpN1HXbwSgrEQ5QM9y2NRA=
Subject key identifier:   52:41:EF:1A:25:02:29:C6:DD:40:42:1E:6A:8E:6F:6C:53:71:36:06
Certificate issuer:       /CN=8342a1413b0cce34e3f7fbf0e7f38e0a370a6267
Certificate serial:       018CC6B7979F0E3AACB267A044180C3D4581
Authority key identifier: 83:42:A1:41:3B:0C:CE:34:E3:F7:FB:F0:E7:F3:8E:0A:37:0A:62:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g0KhQTsMzjTj9_vw5_OOCjcKYmc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/54e797-dbe3-4945-a835-648b92276014/1/UkHvGiUCKcbdQEIeao5vbFNxNgY.roa
Signing time:             Mon 01 Jan 2024 20:29:29 +0000
ROA not before:           Mon 01 Jan 2024 20:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196971
IP address blocks:        193.105.211.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/54e797-dbe3-4945-a835-648b92276014/1/g0KhQTsMzjTj9_vw5_OOCjcKYmc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/54e797-dbe3-4945-a835-648b92276014/1/g0KhQTsMzjTj9_vw5_OOCjcKYmc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g0KhQTsMzjTj9_vw5_OOCjcKYmc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:97:9f:0e:3a:ac:b2:67:a0:44:18:0c:3d:45:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8342a1413b0cce34e3f7fbf0e7f38e0a370a6267
        Validity
            Not Before: Jan  1 20:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5241ef1a250229c6dd40421e6a8e6f6c53713606
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:cf:9a:7e:a5:7a:e2:37:64:e5:6a:6d:11:9f:
                    09:56:65:0b:15:1a:8d:bd:37:6c:39:bd:71:cb:76:
                    c6:ef:10:a6:15:c5:5b:5e:92:89:bb:e4:b2:27:bf:
                    6f:9b:d2:48:66:a1:33:03:a7:04:28:3d:d6:9c:fb:
                    db:15:de:02:f3:98:e2:b7:4b:66:13:f9:3f:7d:5a:
                    5f:c1:e1:f2:c9:4f:ce:b3:7c:60:e5:d9:c6:fe:01:
                    74:0f:9c:eb:b8:a4:e3:02:76:eb:05:07:8f:3e:30:
                    ed:15:88:e0:e8:ac:93:e2:73:ce:a5:5c:46:3e:c7:
                    6e:14:14:d1:c4:69:04:0d:64:25:8a:a8:f4:6d:75:
                    57:30:e6:b6:8c:e4:9f:d4:f0:a8:19:c3:72:c5:25:
                    88:16:90:39:52:5c:14:9a:34:d7:d6:a9:72:d9:10:
                    24:b0:f6:1f:d8:89:30:29:33:02:6c:d8:f3:9b:48:
                    ce:51:92:71:f1:02:de:95:6a:c7:a0:10:b9:2e:51:
                    60:7a:d8:6c:59:3b:3a:20:20:3b:4e:5e:57:b3:66:
                    c4:0f:34:af:4d:59:d8:70:3e:75:57:37:06:27:34:
                    af:d7:c5:ee:65:43:ea:87:b9:fd:12:4a:ae:99:3f:
                    af:64:4a:21:3c:9f:ce:d5:42:ab:c0:54:be:53:9d:
                    54:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:41:EF:1A:25:02:29:C6:DD:40:42:1E:6A:8E:6F:6C:53:71:36:06
            X509v3 Authority Key Identifier:
                keyid:83:42:A1:41:3B:0C:CE:34:E3:F7:FB:F0:E7:F3:8E:0A:37:0A:62:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g0KhQTsMzjTj9_vw5_OOCjcKYmc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/54e797-dbe3-4945-a835-648b92276014/1/UkHvGiUCKcbdQEIeao5vbFNxNgY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/54e797-dbe3-4945-a835-648b92276014/1/g0KhQTsMzjTj9_vw5_OOCjcKYmc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:c1:7c:31:74:a8:f2:bb:05:a5:ee:ce:fa:f9:42:0b:98:74:
         9d:70:01:06:98:31:b0:2b:a8:47:33:27:1b:92:d7:4b:ca:c2:
         84:de:42:30:f7:db:47:ea:e2:fd:57:81:af:c3:b3:bc:32:b5:
         c2:37:9a:13:a5:73:fe:03:1c:98:3c:06:bc:d2:16:a3:05:ba:
         4d:e8:7d:61:7f:42:7a:bf:d1:3a:ad:c2:d6:5d:0f:30:2b:95:
         e8:db:bd:21:d4:0a:13:51:42:cb:b3:37:fc:00:4e:db:50:8f:
         10:38:62:10:c1:97:ce:c9:d5:ba:3b:b3:13:ba:0c:48:3e:91:
         8d:ae:dc:66:45:5d:af:c1:6d:77:73:f2:2b:3e:05:8a:3d:c1:
         5d:98:bd:48:87:7c:cd:48:80:47:71:4d:ee:45:85:a8:fb:07:
         79:d8:6a:a9:01:89:3d:71:98:4b:5f:8a:48:4c:dc:f6:c6:8f:
         c9:2c:7b:ba:68:15:48:3b:c0:de:02:e2:a8:4c:cd:5c:87:15:
         77:f0:05:c2:e3:56:d1:62:3f:b8:a9:04:c2:19:c0:43:3e:9a:
         dd:c8:76:69:41:cf:da:9e:4a:d3:65:38:51:03:63:33:9a:93:
         59:41:d0:05:08:19:e3:88:6b:31:d2:d3:f4:a4:45:35:ce:02:
         91:23:1b:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt5efDjqssmegRBgMPUWBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNDJhMTQxM2IwY2NlMzRlM2Y3ZmJmMGU3ZjM4ZTBhMzcw
YTYyNjcwHhcNMjQwMTAxMjAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjQxZWYxYTI1MDIyOWM2ZGQ0MDQyMWU2YThlNmY2YzUzNzEzNjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhM+afqV64jdk5WptEZ8JVmULFRqN
vTdsOb1xy3bG7xCmFcVbXpKJu+SyJ79vm9JIZqEzA6cEKD3WnPvbFd4C85jit0tm
E/k/fVpfweHyyU/Os3xg5dnG/gF0D5zruKTjAnbrBQePPjDtFYjg6KyT4nPOpVxG
PsduFBTRxGkEDWQliqj0bXVXMOa2jOSf1PCoGcNyxSWIFpA5UlwUmjTX1qly2RAk
sPYf2IkwKTMCbNjzm0jOUZJx8QLelWrHoBC5LlFgethsWTs6ICA7Tl5Xs2bEDzSv
TVnYcD51VzcGJzSv18XuZUPqh7n9EkqumT+vZEohPJ/O1UKrwFS+U51UOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFJB7xolAinG3UBCHmqOb2xTcTYGMB8GA1UdIwQY
MBaAFINCoUE7DM404/f78Ofzjgo3CmJnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzBLaFFUc016alRqOV92dzVfT09DamNLWW1jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS81NGU3OTctZGJlMy00OTQ1LWE4MzUt
NjQ4YjkyMjc2MDE0LzEvVWtIdkdpVUNLY2JkUUVJZWFvNXZiRk54TmdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS81NGU3OTctZGJlMy00OTQ1LWE4MzUtNjQ4YjkyMjc2MDE0
LzEvZzBLaFFUc016alRqOV92dzVfT09DamNLWW1jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWnTMA0G
CSqGSIb3DQEBCwUAA4IBAQAbwXwxdKjyuwWl7s76+UILmHSdcAEGmDGwK6hHMycb
ktdLysKE3kIw99tH6uL9V4Gvw7O8MrXCN5oTpXP+AxyYPAa80hajBbpN6H1hf0J6
v9E6rcLWXQ8wK5Xo270h1AoTUULLszf8AE7bUI8QOGIQwZfOydW6O7MTugxIPpGN
rtxmRV2vwW13c/IrPgWKPcFdmL1Ih3zNSIBHcU3uRYWo+wd52GqpAYk9cZhLX4pI
TNz2xo/JLHu6aBVIO8DeAuKoTM1chxV38AXC41bRYj+4qQTCGcBDPprdyHZpQc/a
nkrTZThRA2MzmpNZQdAFCBnjiGsx0tP0pEU1zgKRIxvR
-----END CERTIFICATE-----