Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/8d509f-fb64-423d-b261-388443d5f00f/1/uJ6qlYeaI0HEgCERT3id2BEuALs.roa
File:                     uJ6qlYeaI0HEgCERT3id2BEuALs.roa (raw, json)
Hash identifier:          FJONdAC9H9fI0pXZTUjXRmsEV4xr8OsNwkNqJooyfoQ=
Subject key identifier:   B8:9E:AA:95:87:9A:23:41:C4:80:21:11:4F:78:9D:D8:11:2E:00:BB
Certificate issuer:       /CN=0a4bd1d30f7235cd71739c042310dc26080738f6
Certificate serial:       018CC9BCA11025BE235FF78D9ED8C21F5A5A
Authority key identifier: 0A:4B:D1:D3:0F:72:35:CD:71:73:9C:04:23:10:DC:26:08:07:38:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CkvR0w9yNc1xc5wEIxDcJggHOPY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/8d509f-fb64-423d-b261-388443d5f00f/1/uJ6qlYeaI0HEgCERT3id2BEuALs.roa
Signing time:             Tue 02 Jan 2024 10:33:51 +0000
ROA not before:           Tue 02 Jan 2024 10:33:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51269
IP address blocks:        178.255.96.0/21 maxlen: 24
                          185.103.140.0/22 maxlen: 24
                          2a03:b700::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/8d509f-fb64-423d-b261-388443d5f00f/1/CkvR0w9yNc1xc5wEIxDcJggHOPY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/8d509f-fb64-423d-b261-388443d5f00f/1/CkvR0w9yNc1xc5wEIxDcJggHOPY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CkvR0w9yNc1xc5wEIxDcJggHOPY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:a1:10:25:be:23:5f:f7:8d:9e:d8:c2:1f:5a:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a4bd1d30f7235cd71739c042310dc26080738f6
        Validity
            Not Before: Jan  2 10:33:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b89eaa95879a2341c48021114f789dd8112e00bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:63:ed:f2:16:5d:55:09:12:19:3c:1e:04:0b:
                    75:22:b7:a1:73:dc:eb:12:9a:fc:9d:8f:d4:af:bd:
                    9f:45:e9:9f:26:ab:96:23:fc:4e:30:1c:98:ca:f5:
                    2b:48:36:6f:2b:d3:b1:01:27:85:42:23:a5:91:6d:
                    83:d0:63:8a:71:c6:0a:a8:56:08:40:ca:1e:52:f9:
                    c9:46:16:00:6e:5a:a4:47:8c:c7:cb:a5:83:61:4a:
                    08:02:e4:be:70:92:70:30:f9:2d:c2:57:dd:6b:08:
                    48:cc:67:2e:e0:65:50:b4:b5:fa:54:0a:e8:a0:e3:
                    ee:09:86:4f:9d:27:36:15:02:9b:27:9f:ba:72:46:
                    f3:d7:e7:d8:4a:8c:7d:9d:87:dd:f7:2a:bd:23:be:
                    c9:9d:db:22:bb:58:fa:fc:91:c5:c2:4e:60:06:80:
                    75:ef:58:7c:0c:da:4d:6d:3f:87:8a:99:39:da:40:
                    0c:09:59:e4:90:0b:ab:96:30:c7:e9:09:f6:f4:74:
                    b0:f1:7b:a7:c2:42:df:ab:d3:19:c6:8f:25:d8:68:
                    9d:0b:04:a6:7a:8a:c2:e1:43:b2:b9:3f:12:f9:1e:
                    93:f9:64:9f:f7:36:5b:2c:cc:df:f2:fe:16:df:14:
                    d9:b6:00:f6:41:9b:cf:41:90:70:5c:7a:9c:4c:8d:
                    ed:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:9E:AA:95:87:9A:23:41:C4:80:21:11:4F:78:9D:D8:11:2E:00:BB
            X509v3 Authority Key Identifier:
                keyid:0A:4B:D1:D3:0F:72:35:CD:71:73:9C:04:23:10:DC:26:08:07:38:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CkvR0w9yNc1xc5wEIxDcJggHOPY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/8d509f-fb64-423d-b261-388443d5f00f/1/uJ6qlYeaI0HEgCERT3id2BEuALs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/8d509f-fb64-423d-b261-388443d5f00f/1/CkvR0w9yNc1xc5wEIxDcJggHOPY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.255.96.0/21
                  185.103.140.0/22
                IPv6:
                  2a03:b700::/29

    Signature Algorithm: sha256WithRSAEncryption
         25:6b:e3:51:39:22:99:5a:bf:5c:84:46:53:41:58:fb:8e:90:
         02:c4:37:da:98:ab:d7:07:e8:f0:62:b1:7f:cd:7b:52:ea:7c:
         e0:dc:fc:64:a0:5d:e0:18:62:e6:14:c9:93:20:b6:73:a0:ef:
         78:59:c2:e5:8d:b0:36:fd:57:45:c0:12:f9:cd:f5:2b:cf:68:
         3e:46:e1:a6:07:36:c0:0c:cc:15:38:52:92:93:63:29:2a:0e:
         65:6f:c6:b2:3a:84:02:1d:41:26:1c:16:bf:78:4a:67:3e:ec:
         9e:de:fb:60:fe:56:69:a0:63:bd:f2:26:eb:b9:34:e4:35:67:
         31:fa:20:4b:8d:46:5e:87:6c:33:0a:7c:9a:7a:e1:49:49:69:
         85:ef:2b:25:c8:c3:4e:8b:81:e8:2d:41:6c:6b:50:cc:9a:b0:
         80:39:56:97:f5:95:12:0d:ec:cb:1e:16:96:b4:8a:ee:30:66:
         33:c9:50:4b:b5:e0:9c:35:4d:e8:4f:15:54:88:ed:32:80:98:
         af:f8:6c:4a:0a:59:12:40:e3:f1:d8:91:05:d5:2e:a2:53:c7:
         73:c7:eb:77:60:9f:3a:82:f8:8d:2b:54:9b:7c:58:c3:ff:78:
         ba:41:45:66:0f:de:71:75:6e:82:2b:36:f2:39:ec:56:59:19:
         23:c3:c3:77
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzJvKEQJb4jX/eNntjCH1paMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNGJkMWQzMGY3MjM1Y2Q3MTczOWMwNDIzMTBkYzI2MDgw
NzM4ZjYwHhcNMjQwMTAyMTAzMzUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODllYWE5NTg3OWEyMzQxYzQ4MDIxMTE0Zjc4OWRkODExMmUwMGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqmPt8hZdVQkSGTweBAt1Irehc9zr
Epr8nY/Ur72fRemfJquWI/xOMByYyvUrSDZvK9OxASeFQiOlkW2D0GOKccYKqFYI
QMoeUvnJRhYAblqkR4zHy6WDYUoIAuS+cJJwMPktwlfdawhIzGcu4GVQtLX6VAro
oOPuCYZPnSc2FQKbJ5+6ckbz1+fYSox9nYfd9yq9I77Jndsiu1j6/JHFwk5gBoB1
71h8DNpNbT+Hipk52kAMCVnkkAurljDH6Qn29HSw8XunwkLfq9MZxo8l2GidCwSm
eorC4UOyuT8S+R6T+WSf9zZbLMzf8v4W3xTZtgD2QZvPQZBwXHqcTI3thQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLieqpWHmiNBxIAhEU94ndgRLgC7MB8GA1UdIwQY
MBaAFApL0dMPcjXNcXOcBCMQ3CYIBzj2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2t2UjB3OXlOYzF4YzV3RUl4RGNKZ2dIT1BZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi84ZDUwOWYtZmI2NC00MjNkLWIyNjEt
Mzg4NDQzZDVmMDBmLzEvdUo2cWxZZWFJMEhFZ0NFUlQzaWQyQkV1QUxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi84ZDUwOWYtZmI2NC00MjNkLWIyNjEtMzg4NDQzZDVmMDBm
LzEvQ2t2UjB3OXlOYzF4YzV3RUl4RGNKZ2dIT1BZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDsv9gAwQC
uWeMMA0EAgACMAcDBQMqA7cAMA0GCSqGSIb3DQEBCwUAA4IBAQAla+NROSKZWr9c
hEZTQVj7jpACxDfamKvXB+jwYrF/zXtS6nzg3PxkoF3gGGLmFMmTILZzoO94WcLl
jbA2/VdFwBL5zfUrz2g+RuGmBzbADMwVOFKSk2MpKg5lb8ayOoQCHUEmHBa/eEpn
Puye3vtg/lZpoGO98ibruTTkNWcx+iBLjUZeh2wzCnyaeuFJSWmF7yslyMNOi4Ho
LUFsa1DMmrCAOVaX9ZUSDezLHhaWtIruMGYzyVBLteCcNU3oTxVUiO0ygJiv+GxK
ClkSQOPx2JEF1S6iU8dzx+t3YJ86gviNK1SbfFjD/3i6QUVmD95xdW6CKzbyOexW
WRkjw8N3
-----END CERTIFICATE-----