Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/6456de-740b-434d-b765-171d9f2cce3d/1/uoaKSfCHjeR6vkPFW9TtzG_Dhl8.roa
File:                     uoaKSfCHjeR6vkPFW9TtzG_Dhl8.roa (raw, json)
Hash identifier:          81+4hj+L0N9CKzfXJ5r6b6U/n8g4RDPaSj0B+3XP4jA=
Subject key identifier:   BA:86:8A:49:F0:87:8D:E4:7A:BE:43:C5:5B:D4:ED:CC:6F:C3:86:5F
Certificate issuer:       /CN=0d7901c430ae39fcb05beb5b34267f5224f04f61
Certificate serial:       0191109807B6CF84206453D4FA0ECB235875
Authority key identifier: 0D:79:01:C4:30:AE:39:FC:B0:5B:EB:5B:34:26:7F:52:24:F0:4F:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXkBxDCuOfywW-tbNCZ_UiTwT2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/6456de-740b-434d-b765-171d9f2cce3d/1/uoaKSfCHjeR6vkPFW9TtzG_Dhl8.roa
Signing time:             Fri 02 Aug 2024 00:58:04 +0000
ROA not before:           Fri 02 Aug 2024 00:58:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15422
IP address blocks:        193.104.231.0/24 maxlen: 24
                          195.24.246.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/6456de-740b-434d-b765-171d9f2cce3d/1/DXkBxDCuOfywW-tbNCZ_UiTwT2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/6456de-740b-434d-b765-171d9f2cce3d/1/DXkBxDCuOfywW-tbNCZ_UiTwT2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXkBxDCuOfywW-tbNCZ_UiTwT2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:10:98:07:b6:cf:84:20:64:53:d4:fa:0e:cb:23:58:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d7901c430ae39fcb05beb5b34267f5224f04f61
        Validity
            Not Before: Aug  2 00:58:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba868a49f0878de47abe43c55bd4edcc6fc3865f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:61:d7:c5:af:d5:59:c4:70:6e:80:36:2d:f6:
                    d2:3e:89:01:99:ff:b3:b3:4c:38:fc:52:e6:68:ca:
                    b9:1c:3c:06:81:d9:60:32:b0:74:16:cc:fc:96:af:
                    d4:da:73:90:e3:d9:5b:39:39:10:a9:e3:39:16:c7:
                    27:1b:b3:6b:18:7c:e6:a9:55:6b:21:fc:0c:2b:b3:
                    3e:23:22:a3:5c:e1:3f:43:4b:2d:b0:b4:05:c0:d6:
                    4b:13:08:bc:00:ff:61:03:62:3f:c0:f9:b2:02:d9:
                    13:25:97:13:cb:0b:fc:33:0d:ca:e2:0d:df:f5:56:
                    f7:38:e7:0d:7c:2a:97:6f:f1:c6:9c:7c:49:2e:58:
                    2f:7c:f2:3d:28:aa:e6:64:d2:e4:cf:d4:fb:0f:9d:
                    ab:9f:a6:ad:01:7f:36:dc:46:54:ac:3d:f0:85:67:
                    36:4f:ea:d5:a8:77:16:15:2b:ec:5b:73:66:e0:a1:
                    78:c1:49:76:f6:b1:8f:ae:89:e7:03:ba:ff:d2:68:
                    16:e2:b3:ea:31:32:4b:59:a0:28:4f:05:29:5b:8e:
                    df:ba:8d:9f:8b:ad:53:4b:5b:d8:20:30:fb:01:df:
                    1b:c6:15:08:f4:50:b4:54:99:78:5e:ec:a4:04:99:
                    f4:fd:9c:09:af:4e:74:16:b0:bc:39:25:85:da:c5:
                    c0:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:86:8A:49:F0:87:8D:E4:7A:BE:43:C5:5B:D4:ED:CC:6F:C3:86:5F
            X509v3 Authority Key Identifier:
                keyid:0D:79:01:C4:30:AE:39:FC:B0:5B:EB:5B:34:26:7F:52:24:F0:4F:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXkBxDCuOfywW-tbNCZ_UiTwT2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/6456de-740b-434d-b765-171d9f2cce3d/1/uoaKSfCHjeR6vkPFW9TtzG_Dhl8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/6456de-740b-434d-b765-171d9f2cce3d/1/DXkBxDCuOfywW-tbNCZ_UiTwT2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.231.0/24
                  195.24.246.0/23

    Signature Algorithm: sha256WithRSAEncryption
         cb:47:1a:13:71:38:78:58:47:8a:53:0e:ab:b8:8a:9c:90:03:
         51:52:6f:8b:dc:3d:80:d5:b2:bd:0d:61:6c:48:81:ef:1a:5b:
         38:24:fe:37:cd:ac:e8:e1:d6:3e:28:df:6b:af:2a:d8:84:03:
         40:72:55:ba:64:66:fa:d1:b9:0e:b2:1a:20:ab:58:8f:97:13:
         0f:ec:f6:c5:c3:09:de:8e:a6:7b:9a:a9:5f:9e:92:47:88:c9:
         71:5a:09:b6:6f:68:63:c2:b0:94:d9:93:6e:f6:01:01:75:7a:
         fa:a3:f3:5e:db:09:88:5a:da:f8:b0:d1:a4:be:d5:4a:1d:29:
         fe:12:fc:35:e1:00:99:46:b4:b5:c7:0d:91:6e:c4:60:fc:5a:
         66:07:b2:d5:1d:d8:c3:49:b2:77:94:8d:17:bc:25:fd:fb:3a:
         65:e1:37:b3:d5:50:d2:e0:40:c7:40:f0:65:07:69:b3:96:de:
         8d:e4:34:f8:50:84:32:29:b2:1b:08:9e:08:6b:86:59:aa:2b:
         e0:e9:b2:2d:58:67:fd:fa:f4:6b:64:05:47:33:11:e9:f2:ee:
         30:53:e7:fc:38:12:0a:9e:16:bf:0b:d1:5b:39:21:8c:c9:e6:
         5b:b0:e1:be:9f:64:01:9f:cf:6b:14:46:63:7b:8d:36:40:ec:
         4d:f2:50:97
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZEQmAe2z4QgZFPU+g7LI1h1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzkwMWM0MzBhZTM5ZmNiMDViZWI1YjM0MjY3ZjUyMjRm
MDRmNjEwHhcNMjQwODAyMDA1ODA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTg2OGE0OWYwODc4ZGU0N2FiZTQzYzU1YmQ0ZWRjYzZmYzM4NjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWHXxa/VWcRwboA2LfbSPokBmf+z
s0w4/FLmaMq5HDwGgdlgMrB0Fsz8lq/U2nOQ49lbOTkQqeM5FscnG7NrGHzmqVVr
IfwMK7M+IyKjXOE/Q0stsLQFwNZLEwi8AP9hA2I/wPmyAtkTJZcTywv8Mw3K4g3f
9Vb3OOcNfCqXb/HGnHxJLlgvfPI9KKrmZNLkz9T7D52rn6atAX823EZUrD3whWc2
T+rVqHcWFSvsW3Nm4KF4wUl29rGPronnA7r/0mgW4rPqMTJLWaAoTwUpW47fuo2f
i61TS1vYIDD7Ad8bxhUI9FC0VJl4XuykBJn0/ZwJr050FrC8OSWF2sXA5wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLqGiknwh43ker5DxVvU7cxvw4ZfMB8GA1UdIwQY
MBaAFA15AcQwrjn8sFvrWzQmf1Ik8E9hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhrQnhEQ3VPZnl3Vy10Yk5DWl9VaVR3VDJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS82NDU2ZGUtNzQwYi00MzRkLWI3NjUt
MTcxZDlmMmNjZTNkLzEvdW9hS1NmQ0hqZVI2dmtQRlc5VHR6R19EaGw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS82NDU2ZGUtNzQwYi00MzRkLWI3NjUtMTcxZDlmMmNjZTNk
LzEvRFhrQnhEQ3VPZnl3Vy10Yk5DWl9VaVR3VDJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwWjnAwQB
wxj2MA0GCSqGSIb3DQEBCwUAA4IBAQDLRxoTcTh4WEeKUw6ruIqckANRUm+L3D2A
1bK9DWFsSIHvGls4JP43zazo4dY+KN9rryrYhANAclW6ZGb60bkOshogq1iPlxMP
7PbFwwnejqZ7mqlfnpJHiMlxWgm2b2hjwrCU2ZNu9gEBdXr6o/Ne2wmIWtr4sNGk
vtVKHSn+Evw14QCZRrS1xw2RbsRg/FpmB7LVHdjDSbJ3lI0XvCX9+zpl4Tez1VDS
4EDHQPBlB2mzlt6N5DT4UIQyKbIbCJ4Ia4ZZqivg6bItWGf9+vRrZAVHMxHp8u4w
U+f8OBIKnha/C9FbOSGMyeZbsOG+n2QBn89rFEZje402QOxN8lCX
-----END CERTIFICATE-----