Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/c14115-8cf8-40c8-87c8-ce82ebe11ac8/1/uxBup1z10_pyVjUMP4Aww7vIxh8.roa
File:                     uxBup1z10_pyVjUMP4Aww7vIxh8.roa (raw, json)
Hash identifier:          PT26xUyNYzvM1LKNwIvgTklPeZojoYw2TaxwyhXkqpM=
Subject key identifier:   BB:10:6E:A7:5C:F5:D3:FA:72:56:35:0C:3F:80:30:C3:BB:C8:C6:1F
Certificate issuer:       /CN=1e9a92daf08c20b4691b925cf032e5491fe0acc0
Certificate serial:       018CC6B7F99A348B768AB341DB7BDAAC23C2
Authority key identifier: 1E:9A:92:DA:F0:8C:20:B4:69:1B:92:5C:F0:32:E5:49:1F:E0:AC:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HpqS2vCMILRpG5Jc8DLlSR_grMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/c14115-8cf8-40c8-87c8-ce82ebe11ac8/1/uxBup1z10_pyVjUMP4Aww7vIxh8.roa
Signing time:             Mon 01 Jan 2024 20:29:54 +0000
ROA not before:           Mon 01 Jan 2024 20:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39785
IP address blocks:        185.26.216.0/23 maxlen: 23
                          89.105.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/c14115-8cf8-40c8-87c8-ce82ebe11ac8/1/HpqS2vCMILRpG5Jc8DLlSR_grMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/c14115-8cf8-40c8-87c8-ce82ebe11ac8/1/HpqS2vCMILRpG5Jc8DLlSR_grMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HpqS2vCMILRpG5Jc8DLlSR_grMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:f9:9a:34:8b:76:8a:b3:41:db:7b:da:ac:23:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e9a92daf08c20b4691b925cf032e5491fe0acc0
        Validity
            Not Before: Jan  1 20:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb106ea75cf5d3fa7256350c3f8030c3bbc8c61f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:d0:50:97:c0:40:2d:2e:07:f4:2d:08:c1:f1:
                    57:59:6b:52:80:1b:f2:2f:7d:05:a4:9d:b3:7a:5c:
                    bc:d9:8d:bb:2b:40:ef:3c:3a:c1:9f:af:ca:61:d8:
                    e0:14:4e:ca:c1:a3:22:d8:ca:fb:b6:ad:03:c2:b0:
                    17:da:ee:36:ff:47:a8:00:79:2d:f5:97:67:c0:ed:
                    c1:29:71:e3:ac:8b:9d:7a:72:d6:5d:a1:8a:36:0d:
                    eb:f4:f2:58:b6:4b:87:00:15:fc:27:c6:d3:fe:af:
                    c2:a6:51:04:80:ca:3e:4c:9d:16:2e:af:31:68:b9:
                    ef:72:30:53:e6:ad:17:ee:4f:0b:c6:a2:cf:12:e5:
                    19:1e:1e:d5:29:af:0d:c8:da:2e:08:82:70:69:3a:
                    54:ec:67:9e:00:90:73:2c:69:a1:ab:33:d4:a1:9d:
                    13:dc:37:8c:6d:e7:c8:18:0f:a8:e0:bc:91:21:15:
                    ee:e0:4c:ab:c1:39:8a:45:69:32:79:35:5f:eb:0c:
                    5a:d5:27:25:72:64:5e:70:ae:da:38:5a:4f:16:4f:
                    5c:65:e8:85:a6:8f:fb:67:08:72:ec:5c:de:7d:c6:
                    0a:7f:5d:67:f5:08:57:c6:c3:f7:34:f9:76:e9:7b:
                    43:4d:5b:f9:03:61:1f:10:df:83:d5:9e:65:6f:f1:
                    64:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:10:6E:A7:5C:F5:D3:FA:72:56:35:0C:3F:80:30:C3:BB:C8:C6:1F
            X509v3 Authority Key Identifier:
                keyid:1E:9A:92:DA:F0:8C:20:B4:69:1B:92:5C:F0:32:E5:49:1F:E0:AC:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HpqS2vCMILRpG5Jc8DLlSR_grMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/c14115-8cf8-40c8-87c8-ce82ebe11ac8/1/uxBup1z10_pyVjUMP4Aww7vIxh8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/c14115-8cf8-40c8-87c8-ce82ebe11ac8/1/HpqS2vCMILRpG5Jc8DLlSR_grMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.105.158.0/24
                  185.26.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         81:ad:54:a2:32:27:bc:09:be:b9:37:a8:ed:ba:a0:2a:ad:5a:
         ec:1b:c6:6a:b9:d7:2f:95:b1:3b:3b:72:23:54:61:87:50:69:
         62:8a:ff:30:1b:b1:f9:fa:21:07:14:0f:c6:d0:35:b5:f5:2b:
         51:8d:e2:52:78:ff:00:da:2b:1c:22:58:ea:f2:af:6e:cf:60:
         1c:47:69:a5:da:9b:57:12:eb:a9:a6:78:39:2c:a0:79:8c:2d:
         43:6e:6f:2e:c2:55:36:4b:8e:18:b2:cf:5b:2f:5b:b0:e3:3c:
         ab:7e:6f:a7:93:51:73:17:40:f1:42:4f:84:fe:c8:56:4d:59:
         8f:aa:c4:fb:c8:39:ce:6f:97:4f:a4:04:5f:99:a0:68:0b:4e:
         e3:2e:87:c3:c1:91:14:ac:48:f8:d3:73:ad:d5:c4:1c:83:6e:
         4f:32:fe:2b:da:47:8a:de:3c:25:5f:7e:67:11:10:8a:47:a2:
         a8:f3:cb:78:e1:59:c2:cc:d8:33:82:cf:c2:80:08:6c:07:95:
         61:44:13:12:b0:c9:32:3d:3d:32:e6:cb:37:dd:68:11:25:45:
         c9:82:cb:35:86:f4:f2:af:a3:1a:99:0c:ae:23:22:1e:0e:00:
         02:3e:2b:d8:65:fd:a7:00:45:3b:14:40:81:49:9e:58:a8:3f:
         1c:ee:bd:88
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGt/maNIt2irNB23varCPCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOWE5MmRhZjA4YzIwYjQ2OTFiOTI1Y2YwMzJlNTQ5MWZl
MGFjYzAwHhcNMjQwMTAxMjAyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjEwNmVhNzVjZjVkM2ZhNzI1NjM1MGMzZjgwMzBjM2JiYzhjNjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9BQl8BALS4H9C0IwfFXWWtSgBvy
L30FpJ2zely82Y27K0DvPDrBn6/KYdjgFE7KwaMi2Mr7tq0DwrAX2u42/0eoAHkt
9ZdnwO3BKXHjrIudenLWXaGKNg3r9PJYtkuHABX8J8bT/q/CplEEgMo+TJ0WLq8x
aLnvcjBT5q0X7k8LxqLPEuUZHh7VKa8NyNouCIJwaTpU7GeeAJBzLGmhqzPUoZ0T
3DeMbefIGA+o4LyRIRXu4EyrwTmKRWkyeTVf6wxa1SclcmRecK7aOFpPFk9cZeiF
po/7Zwhy7FzefcYKf11n9QhXxsP3NPl26XtDTVv5A2EfEN+D1Z5lb/FkwQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLsQbqdc9dP6clY1DD+AMMO7yMYfMB8GA1UdIwQY
MBaAFB6aktrwjCC0aRuSXPAy5Ukf4KzAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHBxUzJ2Q01JTFJwRzVKYzhETGxTUl9nck1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9jMTQxMTUtOGNmOC00MGM4LTg3Yzgt
Y2U4MmViZTExYWM4LzEvdXhCdXAxejEwX3B5VmpVTVA0QXd3N3ZJeGg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9jMTQxMTUtOGNmOC00MGM4LTg3YzgtY2U4MmViZTExYWM4
LzEvSHBxUzJ2Q01JTFJwRzVKYzhETGxTUl9nck1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWWmeAwQB
uRrYMA0GCSqGSIb3DQEBCwUAA4IBAQCBrVSiMie8Cb65N6jtuqAqrVrsG8Zqudcv
lbE7O3IjVGGHUGliiv8wG7H5+iEHFA/G0DW19StRjeJSeP8A2iscIljq8q9uz2Ac
R2ml2ptXEuuppng5LKB5jC1Dbm8uwlU2S44Yss9bL1uw4zyrfm+nk1FzF0DxQk+E
/shWTVmPqsT7yDnOb5dPpARfmaBoC07jLofDwZEUrEj403Ot1cQcg25PMv4r2keK
3jwlX35nERCKR6Ko88t44VnCzNgzgs/CgAhsB5VhRBMSsMkyPT0y5ss33WgRJUXJ
gss1hvTyr6MamQyuIyIeDgACPivYZf2nAEU7FECBSZ5YqD8c7r2I
-----END CERTIFICATE-----