Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/uOLXJ6B-CZzPqxhp449eBCGuyGs.roa
File:                     uOLXJ6B-CZzPqxhp449eBCGuyGs.roa (raw, json)
Hash identifier:          v6VVPuimQEx0AMDhtzZod9ojU9KeYOxCtvxljywC5c0=
Subject key identifier:   B8:E2:D7:27:A0:7E:09:9C:CF:AB:18:69:E3:8F:5E:04:21:AE:C8:6B
Certificate issuer:       /CN=d5637692ff5c45486d1053b149dc1420026cd733
Certificate serial:       018E28EBAA5103F40845C4DADBF3CF46CFC1
Authority key identifier: D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/uOLXJ6B-CZzPqxhp449eBCGuyGs.roa
Signing time:             Sun 10 Mar 2024 15:11:56 +0000
ROA not before:           Sun 10 Mar 2024 15:11:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        80.246.232.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 15:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:28:eb:aa:51:03:f4:08:45:c4:da:db:f3:cf:46:cf:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5637692ff5c45486d1053b149dc1420026cd733
        Validity
            Not Before: Mar 10 15:11:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b8e2d727a07e099ccfab1869e38f5e0421aec86b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:4b:48:82:3e:33:65:31:51:aa:67:1e:cf:1e:
                    a3:51:95:ed:67:f3:5a:69:0e:42:b3:d7:a1:17:0b:
                    e6:68:4d:03:c5:20:bd:1c:f4:21:34:fe:47:8b:6b:
                    dc:76:e0:a9:89:b7:b0:b2:a2:04:c3:ca:a4:e6:fa:
                    fc:c0:f5:5b:23:ee:bc:3e:ed:66:94:b9:60:e5:8a:
                    d6:23:e9:d2:f6:a0:45:45:39:86:b7:5d:61:b7:09:
                    bf:e5:93:8c:dd:ea:ca:c2:f7:dc:8a:02:3b:58:7b:
                    eb:be:9d:e6:0e:09:9d:10:b5:7d:ce:8a:0b:54:d7:
                    e5:d6:e9:6c:bc:5d:8c:6d:29:19:a7:a6:8f:40:01:
                    47:02:19:07:50:a1:22:60:a0:e8:46:13:f7:2f:89:
                    31:21:64:64:64:1d:80:46:4e:8e:01:55:6a:af:83:
                    24:6e:41:aa:5f:c9:73:4b:1e:d8:6a:1d:dc:1d:9c:
                    c8:38:27:34:2a:0f:7d:49:0b:51:e5:fe:e8:2a:f2:
                    ae:f8:5b:b7:23:b6:01:2a:c4:32:99:cb:d4:33:4e:
                    1e:f5:98:3d:f5:34:7b:a8:bb:02:fa:ff:1e:22:91:
                    27:d8:5f:71:16:a9:1f:d1:91:f4:bb:15:00:c2:cf:
                    55:27:98:74:3e:01:36:95:b8:d3:a5:50:3b:98:2b:
                    4a:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:E2:D7:27:A0:7E:09:9C:CF:AB:18:69:E3:8F:5E:04:21:AE:C8:6B
            X509v3 Authority Key Identifier:
                keyid:D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/uOLXJ6B-CZzPqxhp449eBCGuyGs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.246.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         25:2b:dd:38:47:c5:b3:a5:a7:e6:a6:45:40:59:af:72:1a:26:
         46:ae:83:32:a1:63:be:9a:89:e9:ed:9f:2a:bd:19:8f:12:fb:
         2f:b3:79:97:42:b1:87:6c:c8:a5:cb:c5:7f:a7:84:6c:eb:91:
         09:09:ec:1e:66:14:fe:4b:fd:9a:0a:37:03:6f:d5:18:21:ac:
         c8:ef:d9:d2:43:4e:43:8f:d5:04:19:cb:45:25:00:be:8a:41:
         35:f8:9b:bb:6a:25:e9:2f:b5:d2:5a:9b:74:4a:7b:91:ab:ea:
         17:75:a9:9d:5b:4e:c7:fc:b1:97:9a:0e:5f:4d:03:1c:fb:1b:
         09:3b:31:ee:03:40:15:e0:74:8c:75:49:6c:05:ae:fc:1a:86:
         18:a4:31:9d:c1:ac:b1:95:e2:00:31:4f:23:d2:d8:03:e4:0d:
         28:d0:82:5a:cf:e3:c3:22:39:d9:cf:8a:5b:e5:8b:3d:08:58:
         f8:b9:5f:72:04:e4:b0:e3:c3:b6:20:70:8f:2a:a2:63:b2:cc:
         c4:b4:e2:cc:af:e3:54:93:b2:44:1a:e1:33:fa:5e:84:98:73:
         c2:7f:e2:11:36:c3:52:3a:69:48:59:5c:5b:e3:1f:a9:c3:3e:
         7d:91:3d:8a:0f:50:d7:50:ff:23:09:16:b1:17:e4:95:2b:1f:
         fe:e2:b7:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4o66pRA/QIRcTa2/PPRs/BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NjM3NjkyZmY1YzQ1NDg2ZDEwNTNiMTQ5ZGMxNDIwMDI2
Y2Q3MzMwHhcNMjQwMzEwMTUxMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGUyZDcyN2EwN2UwOTljY2ZhYjE4NjllMzhmNWUwNDIxYWVjODZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlEtIgj4zZTFRqmcezx6jUZXtZ/Na
aQ5Cs9ehFwvmaE0DxSC9HPQhNP5Hi2vcduCpibewsqIEw8qk5vr8wPVbI+68Pu1m
lLlg5YrWI+nS9qBFRTmGt11htwm/5ZOM3erKwvfcigI7WHvrvp3mDgmdELV9zooL
VNfl1ulsvF2MbSkZp6aPQAFHAhkHUKEiYKDoRhP3L4kxIWRkZB2ARk6OAVVqr4Mk
bkGqX8lzSx7Yah3cHZzIOCc0Kg99SQtR5f7oKvKu+Fu3I7YBKsQymcvUM04e9Zg9
9TR7qLsC+v8eIpEn2F9xFqkf0ZH0uxUAws9VJ5h0PgE2lbjTpVA7mCtKGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLji1yegfgmcz6sYaeOPXgQhrshrMB8GA1UdIwQY
MBaAFNVjdpL/XEVIbRBTsUncFCACbNczMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDkt
YWRlYWRlMjg2NWMxLzEvdU9MWEo2Qi1DWnpQcXhocDQ0OWVCQ0d1eUdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDktYWRlYWRlMjg2NWMx
LzEvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDUPboMA0G
CSqGSIb3DQEBCwUAA4IBAQAlK904R8WzpafmpkVAWa9yGiZGroMyoWO+monp7Z8q
vRmPEvsvs3mXQrGHbMily8V/p4Rs65EJCeweZhT+S/2aCjcDb9UYIazI79nSQ05D
j9UEGctFJQC+ikE1+Ju7aiXpL7XSWpt0SnuRq+oXdamdW07H/LGXmg5fTQMc+xsJ
OzHuA0AV4HSMdUlsBa78GoYYpDGdwayxleIAMU8j0tgD5A0o0IJaz+PDIjnZz4pb
5Ys9CFj4uV9yBOSw48O2IHCPKqJjsszEtOLMr+NUk7JEGuEz+l6EmHPCf+IRNsNS
OmlIWVxb4x+pwz59kT2KD1DXUP8jCRaxF+SVKx/+4rcR
-----END CERTIFICATE-----