Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/c71464-ee2b-468d-84cb-56cfc60a1f1d/1/uxugqkwC4zDEdJjbn_yCEZxYfEg.roa
File:                     uxugqkwC4zDEdJjbn_yCEZxYfEg.roa (raw, json)
Hash identifier:          KNtl1SfNT69SM1OjDaJhmd5EiuEIE//H+GnnuW1+exQ=
Subject key identifier:   BB:1B:A0:AA:4C:02:E3:30:C4:74:98:DB:9F:FC:82:11:9C:58:7C:48
Certificate issuer:       /CN=1338c2462a7593f6a5ad982a3c81241959a68911
Certificate serial:       018CC94D3AE7433FDAF04B5C296BFBF9C443
Authority key identifier: 13:38:C2:46:2A:75:93:F6:A5:AD:98:2A:3C:81:24:19:59:A6:89:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EzjCRip1k_alrZgqPIEkGVmmiRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/c71464-ee2b-468d-84cb-56cfc60a1f1d/1/uxugqkwC4zDEdJjbn_yCEZxYfEg.roa
Signing time:             Tue 02 Jan 2024 08:32:10 +0000
ROA not before:           Tue 02 Jan 2024 08:32:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39855
IP address blocks:        91.212.122.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/c71464-ee2b-468d-84cb-56cfc60a1f1d/1/EzjCRip1k_alrZgqPIEkGVmmiRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/c71464-ee2b-468d-84cb-56cfc60a1f1d/1/EzjCRip1k_alrZgqPIEkGVmmiRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EzjCRip1k_alrZgqPIEkGVmmiRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:3a:e7:43:3f:da:f0:4b:5c:29:6b:fb:f9:c4:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1338c2462a7593f6a5ad982a3c81241959a68911
        Validity
            Not Before: Jan  2 08:32:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb1ba0aa4c02e330c47498db9ffc82119c587c48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:a4:6d:6a:a6:87:58:0d:80:98:99:3f:12:27:
                    36:ac:6f:dc:5f:ee:4c:6b:bd:35:71:78:33:d0:7b:
                    77:4e:b2:cc:ec:d0:da:f2:35:84:a5:85:f3:a8:cb:
                    3d:d0:76:ad:aa:5c:19:38:67:13:5b:bd:ef:85:b8:
                    c1:1e:be:ab:0a:5c:85:4a:48:74:ed:c0:e2:32:47:
                    22:b1:a9:3a:f6:d1:d4:d9:af:bd:21:95:77:d9:76:
                    00:45:67:af:e6:0b:cf:20:a5:f1:5b:2c:32:dc:2c:
                    d5:70:e4:1c:bc:1c:45:05:27:7c:35:9c:bd:f9:7d:
                    17:cc:12:b8:27:f2:3e:55:21:84:2b:77:c8:b9:91:
                    d2:d6:78:fa:00:a8:39:d6:9b:66:5b:91:8e:e2:99:
                    11:dd:2c:40:df:5d:af:18:7b:4b:68:85:8a:b3:d0:
                    d4:77:4c:ee:78:76:e2:f3:60:df:e2:7a:94:38:db:
                    36:7d:11:b3:2e:dc:6b:a2:fa:b4:81:3f:e0:a7:c4:
                    52:c5:91:b9:e9:f0:ff:2c:6c:92:13:68:78:99:51:
                    c2:ac:e5:a2:77:23:43:b2:26:e9:0c:67:83:8f:f1:
                    24:13:e8:1c:cc:6d:de:17:55:46:b4:12:48:e9:65:
                    ab:66:85:61:28:d9:5b:5e:30:8e:3c:a6:8a:04:11:
                    40:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:1B:A0:AA:4C:02:E3:30:C4:74:98:DB:9F:FC:82:11:9C:58:7C:48
            X509v3 Authority Key Identifier:
                keyid:13:38:C2:46:2A:75:93:F6:A5:AD:98:2A:3C:81:24:19:59:A6:89:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EzjCRip1k_alrZgqPIEkGVmmiRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/c71464-ee2b-468d-84cb-56cfc60a1f1d/1/uxugqkwC4zDEdJjbn_yCEZxYfEg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/c71464-ee2b-468d-84cb-56cfc60a1f1d/1/EzjCRip1k_alrZgqPIEkGVmmiRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:a1:fd:46:a0:dc:ce:58:04:2b:38:3b:12:1c:b7:48:81:f9:
         f4:ad:40:f1:97:d7:73:4f:b3:09:c2:69:32:e3:4e:ec:4b:44:
         b6:5c:25:9d:85:37:6c:9c:12:fa:84:ea:92:e0:5d:28:32:9b:
         30:9b:6e:6b:82:50:0d:47:dd:99:e0:6b:b8:64:c8:63:dd:22:
         5a:77:64:3f:0c:e6:b6:59:29:8d:74:eb:6e:5e:4c:cb:fa:11:
         62:90:90:6e:0c:31:1c:6d:59:87:ce:f6:6f:6c:eb:71:03:33:
         62:41:40:76:78:e0:22:8c:60:0a:8d:db:6d:28:3e:d5:cf:9c:
         6c:6b:e2:16:d2:23:13:00:7a:47:f7:7f:6f:76:be:83:f3:10:
         ad:49:19:e1:ba:48:06:b4:a8:51:9b:77:0f:8e:c1:27:38:1a:
         25:f5:2c:e6:b8:3f:03:f8:b0:32:ce:0f:c1:fd:81:53:5c:a1:
         91:9c:61:5d:e3:2f:20:03:31:e9:8b:80:e6:eb:bf:f6:56:df:
         da:6a:34:07:d5:4c:e2:0e:59:6a:58:ed:7a:39:73:92:a2:76:
         94:26:0d:c9:12:00:f0:d0:0d:28:cf:b3:01:17:35:b2:75:e2:
         df:b5:08:56:1a:f0:23:02:1d:41:95:76:b6:d0:df:7d:be:0c:
         d8:55:be:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTTrnQz/a8EtcKWv7+cRDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMzhjMjQ2MmE3NTkzZjZhNWFkOTgyYTNjODEyNDE5NTlh
Njg5MTEwHhcNMjQwMTAyMDgzMjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjFiYTBhYTRjMDJlMzMwYzQ3NDk4ZGI5ZmZjODIxMTljNTg3YzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt6RtaqaHWA2AmJk/Eic2rG/cX+5M
a701cXgz0Ht3TrLM7NDa8jWEpYXzqMs90HatqlwZOGcTW73vhbjBHr6rClyFSkh0
7cDiMkcisak69tHU2a+9IZV32XYARWev5gvPIKXxWywy3CzVcOQcvBxFBSd8NZy9
+X0XzBK4J/I+VSGEK3fIuZHS1nj6AKg51ptmW5GO4pkR3SxA312vGHtLaIWKs9DU
d0zueHbi82Df4nqUONs2fRGzLtxrovq0gT/gp8RSxZG56fD/LGySE2h4mVHCrOWi
dyNDsibpDGeDj/EkE+gczG3eF1VGtBJI6WWrZoVhKNlbXjCOPKaKBBFAqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLsboKpMAuMwxHSY25/8ghGcWHxIMB8GA1UdIwQY
MBaAFBM4wkYqdZP2pa2YKjyBJBlZpokRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXpqQ1JpcDFrX2FsclpncVBJRWtHVm1taVJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9jNzE0NjQtZWUyYi00NjhkLTg0Y2It
NTZjZmM2MGExZjFkLzEvdXh1Z3Frd0M0ekRFZEpqYm5feUNFWnhZZkVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9jNzE0NjQtZWUyYi00NjhkLTg0Y2ItNTZjZmM2MGExZjFk
LzEvRXpqQ1JpcDFrX2FsclpncVBJRWtHVm1taVJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9R6MA0G
CSqGSIb3DQEBCwUAA4IBAQB9of1GoNzOWAQrODsSHLdIgfn0rUDxl9dzT7MJwmky
407sS0S2XCWdhTdsnBL6hOqS4F0oMpswm25rglANR92Z4Gu4ZMhj3SJad2Q/DOa2
WSmNdOtuXkzL+hFikJBuDDEcbVmHzvZvbOtxAzNiQUB2eOAijGAKjdttKD7Vz5xs
a+IW0iMTAHpH939vdr6D8xCtSRnhukgGtKhRm3cPjsEnOBol9SzmuD8D+LAyzg/B
/YFTXKGRnGFd4y8gAzHpi4Dm67/2Vt/aajQH1UziDllqWO16OXOSonaUJg3JEgDw
0A0oz7MBFzWydeLftQhWGvAjAh1BlXa20N99vgzYVb4G
-----END CERTIFICATE-----