Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/f1d976-726b-4cb7-9fa2-02b33582c747/1/uAZdSzvzVJ0WsMBvdsB8t2vNi_U.roa
File:                     uAZdSzvzVJ0WsMBvdsB8t2vNi_U.roa (raw, json)
Hash identifier:          TgHrTPsK3TvqfYQFfVP/bQ9n/PMkcRfH8P/rLi+KzcA=
Subject key identifier:   B8:06:5D:4B:3B:F3:54:9D:16:B0:C0:6F:76:C0:7C:B7:6B:CD:8B:F5
Certificate issuer:       /CN=2ce71b1f4eea0159246125fc5ae9ad51a44792ce
Certificate serial:       018CC2DAD598707E2981A25D577AEE34F7A8
Authority key identifier: 2C:E7:1B:1F:4E:EA:01:59:24:61:25:FC:5A:E9:AD:51:A4:47:92:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LOcbH07qAVkkYSX8WumtUaRHks4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/f1d976-726b-4cb7-9fa2-02b33582c747/1/uAZdSzvzVJ0WsMBvdsB8t2vNi_U.roa
Signing time:             Mon 01 Jan 2024 02:29:30 +0000
ROA not before:           Mon 01 Jan 2024 02:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30725
IP address blocks:        91.226.27.0/24 maxlen: 24
                          91.226.26.0/23 maxlen: 23
                          91.226.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/f1d976-726b-4cb7-9fa2-02b33582c747/1/LOcbH07qAVkkYSX8WumtUaRHks4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/f1d976-726b-4cb7-9fa2-02b33582c747/1/LOcbH07qAVkkYSX8WumtUaRHks4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LOcbH07qAVkkYSX8WumtUaRHks4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:03:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:d5:98:70:7e:29:81:a2:5d:57:7a:ee:34:f7:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ce71b1f4eea0159246125fc5ae9ad51a44792ce
        Validity
            Not Before: Jan  1 02:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b8065d4b3bf3549d16b0c06f76c07cb76bcd8bf5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:1a:9e:81:8c:2d:84:e9:c3:e5:d8:1d:9c:fe:
                    fc:d5:5d:43:94:7a:2f:97:7b:58:ca:de:98:dd:0f:
                    e1:41:d9:ae:ff:2b:fd:db:0b:e9:ae:70:12:82:72:
                    da:0c:b6:33:d2:05:09:c5:98:f2:e4:19:64:75:c4:
                    58:e1:0f:53:8c:c0:ec:ec:f2:de:69:ac:91:f1:03:
                    1c:d0:1b:5c:e3:da:83:de:f3:a7:00:57:37:2d:95:
                    51:c2:e8:06:2f:e2:d6:c1:99:66:4d:09:cf:2e:bd:
                    ca:d3:f9:40:0c:02:c9:35:0f:34:61:56:d5:19:03:
                    e1:08:d5:69:69:a4:77:a2:30:c5:8b:03:f5:c2:58:
                    92:d4:fa:c8:90:12:53:25:4b:9d:b3:ad:59:f0:db:
                    20:fd:7e:ce:f2:15:bd:35:59:6d:b1:08:1f:59:5e:
                    d0:ba:88:67:0b:2f:36:a8:67:1d:9d:72:f7:e5:56:
                    d3:4e:9b:c4:e4:5a:86:ed:35:42:b2:9c:e2:70:df:
                    ec:ba:11:a6:d3:19:94:57:36:6f:5e:7c:4f:ca:5d:
                    89:22:8c:19:3b:a3:f7:c0:07:05:3b:80:37:08:af:
                    83:1e:08:c6:56:f0:54:e5:c3:b8:87:df:1c:77:57:
                    0b:15:32:aa:65:1b:14:36:88:39:7b:76:15:52:fa:
                    f6:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:06:5D:4B:3B:F3:54:9D:16:B0:C0:6F:76:C0:7C:B7:6B:CD:8B:F5
            X509v3 Authority Key Identifier:
                keyid:2C:E7:1B:1F:4E:EA:01:59:24:61:25:FC:5A:E9:AD:51:A4:47:92:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LOcbH07qAVkkYSX8WumtUaRHks4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/f1d976-726b-4cb7-9fa2-02b33582c747/1/uAZdSzvzVJ0WsMBvdsB8t2vNi_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/f1d976-726b-4cb7-9fa2-02b33582c747/1/LOcbH07qAVkkYSX8WumtUaRHks4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.226.26.0/23

    Signature Algorithm: sha256WithRSAEncryption
         58:76:63:c9:80:ee:49:68:54:26:3d:ba:ea:71:85:b1:f4:f9:
         f6:91:60:40:6a:e9:26:6a:82:48:78:fb:8e:21:57:34:8c:70:
         4f:bc:a8:79:43:ad:2f:1a:fa:81:a3:29:ab:37:db:33:56:7c:
         18:1e:90:7f:85:db:5a:d8:f7:de:fb:ac:8f:9b:2b:d7:96:e3:
         a8:e6:68:c1:0a:2e:11:ae:ea:ec:a2:64:a2:33:ec:3a:e7:bf:
         a4:d5:69:89:e3:06:c8:a8:ad:f2:26:a9:fd:2a:21:e7:fa:23:
         16:27:ec:c4:90:ab:de:7b:eb:51:49:d9:f7:ca:49:43:f3:40:
         49:10:92:68:05:3a:5d:40:4d:17:47:4a:96:cc:09:e1:96:34:
         57:d2:8c:8b:81:2c:8f:b3:8e:c2:bd:a3:86:b3:89:63:b9:b2:
         ec:b5:ee:2e:1e:00:b6:fc:f5:54:03:55:47:06:af:8f:50:99:
         3b:5c:c5:95:79:1d:ce:f4:3c:64:f0:3d:9d:3d:2e:e8:ee:43:
         bc:64:9e:a8:31:25:2d:09:92:33:50:fb:51:26:56:38:b3:d1:
         38:e8:58:87:92:7d:6a:83:a8:b6:92:83:c2:c2:1e:55:98:f3:
         f6:1e:a7:19:b2:69:64:b1:89:1f:d1:80:db:41:4f:22:f4:29:
         f2:60:73:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2tWYcH4pgaJdV3ruNPeoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjZTcxYjFmNGVlYTAxNTkyNDYxMjVmYzVhZTlhZDUxYTQ0
NzkyY2UwHhcNMjQwMTAxMDIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODA2NWQ0YjNiZjM1NDlkMTZiMGMwNmY3NmMwN2NiNzZiY2Q4YmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhqegYwthOnD5dgdnP781V1DlHov
l3tYyt6Y3Q/hQdmu/yv92wvprnASgnLaDLYz0gUJxZjy5BlkdcRY4Q9TjMDs7PLe
aayR8QMc0Btc49qD3vOnAFc3LZVRwugGL+LWwZlmTQnPLr3K0/lADALJNQ80YVbV
GQPhCNVpaaR3ojDFiwP1wliS1PrIkBJTJUuds61Z8Nsg/X7O8hW9NVltsQgfWV7Q
uohnCy82qGcdnXL35VbTTpvE5FqG7TVCspzicN/suhGm0xmUVzZvXnxPyl2JIowZ
O6P3wAcFO4A3CK+DHgjGVvBU5cO4h98cd1cLFTKqZRsUNog5e3YVUvr22wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLgGXUs781SdFrDAb3bAfLdrzYv1MB8GA1UdIwQY
MBaAFCznGx9O6gFZJGEl/FrprVGkR5LOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTE9jYkgwN3FBVmtrWVNYOFd1bXRVYVJIa3M0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9mMWQ5NzYtNzI2Yi00Y2I3LTlmYTIt
MDJiMzM1ODJjNzQ3LzEvdUFaZFN6dnpWSjBXc01CdmRzQjh0MnZOaV9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9mMWQ5NzYtNzI2Yi00Y2I3LTlmYTItMDJiMzM1ODJjNzQ3
LzEvTE9jYkgwN3FBVmtrWVNYOFd1bXRVYVJIa3M0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+IaMA0G
CSqGSIb3DQEBCwUAA4IBAQBYdmPJgO5JaFQmPbrqcYWx9Pn2kWBAaukmaoJIePuO
IVc0jHBPvKh5Q60vGvqBoymrN9szVnwYHpB/hdta2Pfe+6yPmyvXluOo5mjBCi4R
rursomSiM+w657+k1WmJ4wbIqK3yJqn9KiHn+iMWJ+zEkKvee+tRSdn3yklD80BJ
EJJoBTpdQE0XR0qWzAnhljRX0oyLgSyPs47CvaOGs4ljubLste4uHgC2/PVUA1VH
Bq+PUJk7XMWVeR3O9Dxk8D2dPS7o7kO8ZJ6oMSUtCZIzUPtRJlY4s9E46FiHkn1q
g6i2koPCwh5VmPP2HqcZsmlksYkf0YDbQU8i9CnyYHMV
-----END CERTIFICATE-----