Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/ufURIR1IJs4_CPP9mPlzrbBlP50.roa
File:                     ufURIR1IJs4_CPP9mPlzrbBlP50.roa (raw, json)
Hash identifier:          qU8xQh0qwz2gnrLSaXtbQFK6AzzpS/biPAgYdfT8olA=
Subject key identifier:   B9:F5:11:21:1D:48:26:CE:3F:08:F3:FD:98:F9:73:AD:B0:65:3F:9D
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       018CC9BA9359ED10ECDA9E0E2514A28B60BD
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/ufURIR1IJs4_CPP9mPlzrbBlP50.roa
Signing time:             Tue 02 Jan 2024 10:31:37 +0000
ROA not before:           Tue 02 Jan 2024 10:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     4213
IP address blocks:        91.186.208.0/23 maxlen: 24
                          91.186.210.0/23 maxlen: 24
                          83.147.240.0/23 maxlen: 24
                          83.147.242.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:ba:93:59:ed:10:ec:da:9e:0e:25:14:a2:8b:60:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Jan  2 10:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9f511211d4826ce3f08f3fd98f973adb0653f9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:da:9d:6a:c6:79:54:67:c7:f8:d3:c5:2b:81:
                    12:3f:32:76:4c:c8:bd:1d:7c:4c:c1:78:be:76:1d:
                    be:d9:26:c7:2d:b4:04:ef:2b:d3:a5:10:88:51:b8:
                    70:02:a0:74:33:de:dc:4a:8f:95:a7:d2:53:da:5b:
                    6b:f2:8e:dc:5d:6c:6d:60:3d:fb:b7:b1:e9:32:93:
                    f6:c4:df:64:24:36:b1:ef:80:4f:64:39:11:78:54:
                    95:48:16:ab:4c:df:a8:8b:01:47:ff:22:46:20:aa:
                    fc:9c:ed:06:1b:b4:28:e1:2c:fc:47:2c:ab:c9:6e:
                    10:47:6c:0e:a1:2d:fa:54:78:bd:97:0f:7e:22:0e:
                    53:36:d4:a9:22:d1:f3:4b:ca:a8:7a:a1:47:fe:09:
                    b8:19:64:fc:36:83:34:4e:38:74:13:ae:1f:33:b0:
                    b7:94:dc:e1:1b:28:1c:00:5a:55:a7:e5:c6:43:2b:
                    73:9a:39:48:6b:bc:0b:d4:ad:6f:5a:fd:d6:30:73:
                    81:c2:d6:dd:9b:3e:49:a6:7c:b4:54:19:39:13:d9:
                    c5:c7:31:12:98:85:a9:74:68:ae:bc:1e:1c:c9:80:
                    47:bb:d2:f4:69:2b:f6:ec:a7:73:55:e2:38:20:9e:
                    bd:50:62:39:eb:40:23:34:99:32:6b:87:4a:1d:c4:
                    3a:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:F5:11:21:1D:48:26:CE:3F:08:F3:FD:98:F9:73:AD:B0:65:3F:9D
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/ufURIR1IJs4_CPP9mPlzrbBlP50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.240.0/22
                  91.186.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9e:35:75:fa:56:ca:b6:f4:c2:8f:49:76:6e:82:f3:c2:99:35:
         c4:8d:38:8f:e2:c8:0c:94:fe:d9:b6:a9:d6:bf:25:ff:a4:a3:
         42:c1:f1:b0:f0:08:88:15:55:c8:48:68:0a:93:e9:fd:e4:3b:
         55:76:f3:61:19:81:b7:88:d9:38:14:fe:1e:ee:a9:7e:56:ff:
         19:1f:bc:fc:b9:cd:7d:cd:0b:c1:30:4d:22:dc:aa:73:e2:bd:
         94:e5:55:8f:50:2a:a8:bc:22:22:e8:e7:f8:6a:a3:4c:2f:c1:
         49:dd:ab:28:78:9d:ba:bf:54:4a:79:89:2a:a6:6a:cc:1e:20:
         a0:dd:c2:6a:bb:70:b8:93:4a:d0:d9:1d:16:41:97:a1:96:5e:
         62:0e:24:12:cc:af:86:72:cf:d7:e8:e0:fd:75:d3:49:6e:30:
         da:27:82:af:ea:a3:14:d0:59:00:96:b3:3b:44:88:60:7e:d6:
         14:ca:56:cd:a9:f4:21:c1:83:35:61:22:de:9b:22:65:19:21:
         e4:50:88:aa:ed:b6:dd:d9:c9:fd:e5:53:f5:ca:33:65:92:a1:
         6e:84:60:e7:f1:7f:3b:2a:78:d7:04:8d:7c:43:1f:5d:00:3f:
         fd:41:47:a9:f1:5b:61:67:34:a5:be:45:05:bf:53:06:94:94:
         c4:c7:59:99
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJupNZ7RDs2p4OJRSii2C9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQwMTAyMTAzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWY1MTEyMTFkNDgyNmNlM2YwOGYzZmQ5OGY5NzNhZGIwNjUzZjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAldqdasZ5VGfH+NPFK4ESPzJ2TMi9
HXxMwXi+dh2+2SbHLbQE7yvTpRCIUbhwAqB0M97cSo+Vp9JT2ltr8o7cXWxtYD37
t7HpMpP2xN9kJDax74BPZDkReFSVSBarTN+oiwFH/yJGIKr8nO0GG7Qo4Sz8Ryyr
yW4QR2wOoS36VHi9lw9+Ig5TNtSpItHzS8qoeqFH/gm4GWT8NoM0Tjh0E64fM7C3
lNzhGygcAFpVp+XGQytzmjlIa7wL1K1vWv3WMHOBwtbdmz5Jpny0VBk5E9nFxzES
mIWpdGiuvB4cyYBHu9L0aSv27KdzVeI4IJ69UGI560AjNJkya4dKHcQ6NwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLn1ESEdSCbOPwjz/Zj5c62wZT+dMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvdWZVUklSMUlKczRfQ1BQOW1QbHpyYkJsUDUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCU5PwAwQC
W7rQMA0GCSqGSIb3DQEBCwUAA4IBAQCeNXX6Vsq29MKPSXZugvPCmTXEjTiP4sgM
lP7ZtqnWvyX/pKNCwfGw8AiIFVXISGgKk+n95DtVdvNhGYG3iNk4FP4e7ql+Vv8Z
H7z8uc19zQvBME0i3Kpz4r2U5VWPUCqovCIi6Of4aqNML8FJ3asoeJ26v1RKeYkq
pmrMHiCg3cJqu3C4k0rQ2R0WQZehll5iDiQSzK+Gcs/X6OD9ddNJbjDaJ4Kv6qMU
0FkAlrM7RIhgftYUylbNqfQhwYM1YSLemyJlGSHkUIiq7bbd2cn95VP1yjNlkqFu
hGDn8X87KnjXBI18Qx9dAD/9QUep8VthZzSlvkUFv1MGlJTEx1mZ
-----END CERTIFICATE-----