Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/1de613-61b9-4b07-ad47-50e4b0504f48/1/uzyYi33mvfWZ6v5pYk4Uaz54rIc.roa
File:                     uzyYi33mvfWZ6v5pYk4Uaz54rIc.roa (raw, json)
Hash identifier:          MetcWPr/T5uelctwyuNHR7ICegUrXzGOkBcYMnSt5nQ=
Subject key identifier:   BB:3C:98:8B:7D:E6:BD:F5:99:EA:FE:69:62:4E:14:6B:3E:78:AC:87
Certificate issuer:       /CN=9e740cd3b66b60e18b3d96ffb3f4218d79b5b770
Certificate serial:       018CC94E59DF06F5182E3DC57B066E81B009
Authority key identifier: 9E:74:0C:D3:B6:6B:60:E1:8B:3D:96:FF:B3:F4:21:8D:79:B5:B7:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nnQM07ZrYOGLPZb_s_QhjXm1t3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/1de613-61b9-4b07-ad47-50e4b0504f48/1/uzyYi33mvfWZ6v5pYk4Uaz54rIc.roa
Signing time:             Tue 02 Jan 2024 08:33:24 +0000
ROA not before:           Tue 02 Jan 2024 08:33:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9044
IP address blocks:        193.27.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/1de613-61b9-4b07-ad47-50e4b0504f48/1/nnQM07ZrYOGLPZb_s_QhjXm1t3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/1de613-61b9-4b07-ad47-50e4b0504f48/1/nnQM07ZrYOGLPZb_s_QhjXm1t3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nnQM07ZrYOGLPZb_s_QhjXm1t3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:59:df:06:f5:18:2e:3d:c5:7b:06:6e:81:b0:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e740cd3b66b60e18b3d96ffb3f4218d79b5b770
        Validity
            Not Before: Jan  2 08:33:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb3c988b7de6bdf599eafe69624e146b3e78ac87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:14:7b:52:57:90:4a:6e:e1:a4:f5:58:db:fd:
                    dd:57:5e:d2:65:8c:1b:ce:c5:b8:76:da:c7:68:fc:
                    97:6d:61:51:65:57:cb:6d:80:8f:cd:a6:15:c1:cb:
                    ad:54:78:59:5b:72:ba:49:12:52:99:be:0d:07:83:
                    b1:c0:82:1b:1f:cd:08:a4:95:4f:54:38:09:2b:a0:
                    52:3e:a2:f0:3b:30:84:ac:65:e5:10:20:3a:b8:8f:
                    0a:96:08:db:bf:e1:f7:46:bf:21:5d:91:58:65:0e:
                    9e:12:b0:00:1c:92:74:2c:b9:65:24:83:57:e4:4c:
                    5f:fc:07:3f:5e:39:fb:94:81:2a:d6:64:8b:f8:54:
                    37:b7:fd:c3:f4:d2:48:bf:37:5d:21:7b:a5:a9:3f:
                    63:fa:0a:4e:a5:7f:ad:7f:17:17:2d:e1:12:7d:f2:
                    f9:f3:fa:c5:05:1f:34:9b:cc:b1:45:27:59:ea:44:
                    4c:34:c6:1d:9f:64:4b:da:4c:c4:e0:b0:6b:e1:79:
                    34:b6:06:c6:bf:0b:4b:3f:cd:35:8b:de:a0:96:66:
                    82:ad:b2:cf:3e:7b:bd:2a:f0:6d:c0:9e:6e:5e:d7:
                    33:6a:4b:28:96:58:52:7d:39:b2:bb:61:07:4c:38:
                    5e:92:ae:27:fb:11:7c:ce:bd:21:f8:c3:48:77:bf:
                    61:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:3C:98:8B:7D:E6:BD:F5:99:EA:FE:69:62:4E:14:6B:3E:78:AC:87
            X509v3 Authority Key Identifier:
                keyid:9E:74:0C:D3:B6:6B:60:E1:8B:3D:96:FF:B3:F4:21:8D:79:B5:B7:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nnQM07ZrYOGLPZb_s_QhjXm1t3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/1de613-61b9-4b07-ad47-50e4b0504f48/1/uzyYi33mvfWZ6v5pYk4Uaz54rIc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/1de613-61b9-4b07-ad47-50e4b0504f48/1/nnQM07ZrYOGLPZb_s_QhjXm1t3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.27.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:64:7b:f7:bf:24:b9:2d:78:4b:1a:20:36:64:d9:b8:a5:05:
         22:3a:5b:a4:3e:b4:58:ab:f9:df:ac:a8:5d:64:8c:82:1b:cc:
         d5:a6:74:3e:a9:00:03:44:2d:99:75:ab:b0:a9:7a:05:2d:f5:
         1a:31:f3:30:b4:34:ed:22:08:af:f9:ea:0b:84:f1:0b:e1:d5:
         63:f2:36:17:e4:b3:a2:03:41:6b:06:85:a7:c1:35:6d:a6:03:
         b6:e1:58:1a:3a:e3:28:f3:79:0d:a8:a8:f9:95:6f:bc:1e:30:
         30:60:b3:82:ae:68:a2:1b:fb:50:0b:8e:27:40:08:8d:8a:d0:
         01:d2:6d:73:39:61:0d:37:06:2d:68:f3:d2:67:3a:30:60:59:
         cd:55:23:39:04:e0:77:d0:a2:4c:54:de:9b:ea:f8:83:a3:85:
         d0:0c:5d:2d:e2:1b:16:37:cd:75:80:f8:46:55:e5:d4:cb:dc:
         26:27:f6:1a:ba:09:4f:e8:59:b6:2d:cf:e4:e3:81:e9:ef:b3:
         18:5a:ee:93:a4:04:2a:34:c2:18:c1:da:83:e6:79:25:ff:ca:
         22:f6:f3:d7:ff:85:b6:bd:24:12:af:f3:ab:e9:0e:9e:40:51:
         d2:da:ad:7a:4d:bb:95:71:2a:a2:4a:5d:2f:ed:d2:da:1d:77:
         07:d5:6f:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTlnfBvUYLj3FewZugbAJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNzQwY2QzYjY2YjYwZTE4YjNkOTZmZmIzZjQyMThkNzli
NWI3NzAwHhcNMjQwMTAyMDgzMzI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjNjOTg4YjdkZTZiZGY1OTllYWZlNjk2MjRlMTQ2YjNlNzhhYzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmRR7UleQSm7hpPVY2/3dV17SZYwb
zsW4dtrHaPyXbWFRZVfLbYCPzaYVwcutVHhZW3K6SRJSmb4NB4OxwIIbH80IpJVP
VDgJK6BSPqLwOzCErGXlECA6uI8Klgjbv+H3Rr8hXZFYZQ6eErAAHJJ0LLllJINX
5Exf/Ac/Xjn7lIEq1mSL+FQ3t/3D9NJIvzddIXulqT9j+gpOpX+tfxcXLeESffL5
8/rFBR80m8yxRSdZ6kRMNMYdn2RL2kzE4LBr4Xk0tgbGvwtLP801i96glmaCrbLP
Pnu9KvBtwJ5uXtczaksollhSfTmyu2EHTDhekq4n+xF8zr0h+MNId79h2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLs8mIt95r31mer+aWJOFGs+eKyHMB8GA1UdIwQY
MBaAFJ50DNO2a2Dhiz2W/7P0IY15tbdwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbm5RTTA3WnJZT0dMUFpiX3NfUWhqWG0xdDNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8xZGU2MTMtNjFiOS00YjA3LWFkNDct
NTBlNGIwNTA0ZjQ4LzEvdXp5WWkzM212ZldaNnY1cFlrNFVhejU0ckljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8xZGU2MTMtNjFiOS00YjA3LWFkNDctNTBlNGIwNTA0ZjQ4
LzEvbm5RTTA3WnJZT0dMUFpiX3NfUWhqWG0xdDNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRsrMA0G
CSqGSIb3DQEBCwUAA4IBAQAKZHv3vyS5LXhLGiA2ZNm4pQUiOlukPrRYq/nfrKhd
ZIyCG8zVpnQ+qQADRC2ZdauwqXoFLfUaMfMwtDTtIgiv+eoLhPEL4dVj8jYX5LOi
A0FrBoWnwTVtpgO24VgaOuMo83kNqKj5lW+8HjAwYLOCrmiiG/tQC44nQAiNitAB
0m1zOWENNwYtaPPSZzowYFnNVSM5BOB30KJMVN6b6viDo4XQDF0t4hsWN811gPhG
VeXUy9wmJ/YauglP6Fm2Lc/k44Hp77MYWu6TpAQqNMIYwdqD5nkl/8oi9vPX/4W2
vSQSr/Or6Q6eQFHS2q16TbuVcSqiSl0v7dLaHXcH1W+P
-----END CERTIFICATE-----