Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/uBc9Ds_H0qaEVuXhuAqDlualOAM.roa
File:                     uBc9Ds_H0qaEVuXhuAqDlualOAM.roa (raw, json)
Hash identifier:          Bf8b2wyPbIdijQai4OaqNo5NhGShQGQH13J2PGWKy9A=
Subject key identifier:   B8:17:3D:0E:CF:C7:D2:A6:84:56:E5:E1:B8:0A:83:96:E6:A5:38:03
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       0192378755D302F41F7344234F6F09C3B95D
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/uBc9Ds_H0qaEVuXhuAqDlualOAM.roa
Signing time:             Sat 28 Sep 2024 07:27:49 +0000
ROA not before:           Sat 28 Sep 2024 07:27:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5065
IP address blocks:        83.147.223.0/24 maxlen: 24
                          83.147.252.0/22 maxlen: 24
                          94.241.136.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 12:48:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:37:87:55:d3:02:f4:1f:73:44:23:4f:6f:09:c3:b9:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Sep 28 07:27:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b8173d0ecfc7d2a68456e5e1b80a8396e6a53803
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:63:56:90:ee:5c:03:47:b0:d8:98:ce:b5:1a:
                    d0:02:65:28:4a:7c:b3:ad:49:43:15:7b:3e:4b:d6:
                    c6:97:f9:d6:03:cd:32:82:24:17:45:e5:76:cc:b7:
                    10:fd:92:bb:17:fc:6d:ea:27:01:16:55:09:c4:c7:
                    c4:6d:a3:76:f7:2f:a5:3c:52:4c:03:9f:2a:81:28:
                    18:65:68:0c:1b:01:8c:85:9c:95:a9:4e:ab:3f:e1:
                    2d:a6:d3:36:cd:63:2d:6f:5b:e8:90:5f:b1:88:8e:
                    42:0d:04:f3:ec:1e:3a:5e:39:20:fd:76:b3:93:e4:
                    59:b0:b5:f4:4c:07:09:bb:12:64:26:2a:a2:08:9e:
                    b8:c5:b9:e3:01:55:ff:fa:62:00:aa:05:b6:94:67:
                    a1:31:55:4f:ab:c6:16:f0:30:58:49:23:6a:29:77:
                    e9:41:6a:08:51:20:ca:1d:10:dd:5f:d3:ca:bf:91:
                    47:55:34:e4:f3:bc:2c:40:2c:6d:a6:85:79:07:cc:
                    88:eb:98:cb:54:61:6c:e7:09:ec:2e:05:5d:44:5c:
                    34:6d:3e:7d:a9:60:50:66:d1:1c:29:82:cf:32:f9:
                    c1:2e:5c:b5:4b:b4:58:32:7d:f1:84:a2:97:d3:9b:
                    81:4f:69:fa:42:05:5d:ed:dc:19:13:f2:c6:d2:6c:
                    8d:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:17:3D:0E:CF:C7:D2:A6:84:56:E5:E1:B8:0A:83:96:E6:A5:38:03
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/uBc9Ds_H0qaEVuXhuAqDlualOAM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.223.0/24
                  83.147.252.0/22
                  94.241.136.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9e:d1:20:ef:1e:41:29:41:47:80:97:59:38:c2:cb:33:6c:97:
         ea:e5:f2:d1:5c:c3:78:86:55:24:42:1c:ff:ae:e4:41:5d:d1:
         1d:67:b8:7f:4a:26:93:2d:d4:a6:ee:68:d6:c8:84:19:b4:a7:
         60:4c:c9:91:d5:37:44:41:1f:73:c0:30:b1:b1:43:ba:47:05:
         f4:37:42:14:62:6c:b9:86:db:00:0e:91:d5:d6:02:a1:8b:c3:
         87:6b:0a:ba:59:4c:dc:0f:08:66:8a:72:4b:23:06:b3:31:af:
         74:62:83:e2:f6:9a:b3:b5:a5:5c:18:f9:04:e0:03:fe:dc:2e:
         c0:8b:9b:31:d3:a1:a1:fe:c2:de:be:86:1b:b7:dd:57:88:ed:
         c1:da:00:55:86:03:d2:28:5f:d6:21:b9:5c:e4:8c:3f:af:1f:
         d2:2d:68:1c:85:86:ee:37:d8:75:fc:42:88:85:be:2f:89:17:
         fc:ea:9d:da:a5:7f:f6:50:bd:3e:7e:fe:30:7f:7c:c6:9d:a2:
         9b:fa:4b:ae:43:29:44:73:38:e0:72:92:8a:5d:87:b4:14:63:
         6a:04:e1:cb:8d:5d:54:37:4c:0c:20:76:17:29:9a:79:c8:7a:
         39:4c:08:4c:93:f0:43:ed:af:f7:7a:40:4c:86:f9:1d:0a:30:
         35:a8:ea:4e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZI3h1XTAvQfc0QjT28Jw7ldMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQwOTI4MDcyNzQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODE3M2QwZWNmYzdkMmE2ODQ1NmU1ZTFiODBhODM5NmU2YTUzODAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtGNWkO5cA0ew2JjOtRrQAmUoSnyz
rUlDFXs+S9bGl/nWA80ygiQXReV2zLcQ/ZK7F/xt6icBFlUJxMfEbaN29y+lPFJM
A58qgSgYZWgMGwGMhZyVqU6rP+EtptM2zWMtb1vokF+xiI5CDQTz7B46Xjkg/Xaz
k+RZsLX0TAcJuxJkJiqiCJ64xbnjAVX/+mIAqgW2lGehMVVPq8YW8DBYSSNqKXfp
QWoIUSDKHRDdX9PKv5FHVTTk87wsQCxtpoV5B8yI65jLVGFs5wnsLgVdRFw0bT59
qWBQZtEcKYLPMvnBLly1S7RYMn3xhKKX05uBT2n6QgVd7dwZE/LG0myNoQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLgXPQ7Px9KmhFbl4bgKg5bmpTgDMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvdUJjOURzX0gwcWFFVnVYaHVBcURsdWFsT0FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAU5PfAwQC
U5P8AwQBXvGIMA0GCSqGSIb3DQEBCwUAA4IBAQCe0SDvHkEpQUeAl1k4wsszbJfq
5fLRXMN4hlUkQhz/ruRBXdEdZ7h/SiaTLdSm7mjWyIQZtKdgTMmR1TdEQR9zwDCx
sUO6RwX0N0IUYmy5htsADpHV1gKhi8OHawq6WUzcDwhminJLIwazMa90YoPi9pqz
taVcGPkE4AP+3C7Ai5sx06Gh/sLevoYbt91XiO3B2gBVhgPSKF/WIblc5Iw/rx/S
LWgchYbuN9h1/EKIhb4viRf86p3apX/2UL0+fv4wf3zGnaKb+kuuQylEczjgcpKK
XYe0FGNqBOHLjV1UN0wMIHYXKZp5yHo5TAhMk/BD7a/3ekBMhvkdCjA1qOpO
-----END CERTIFICATE-----