Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/c3ef54-67fa-4939-b658-38544c2a87bb/1/uCEzdENk6D5HI0Zv8ulR7xwTkn4.roa
File:                     uCEzdENk6D5HI0Zv8ulR7xwTkn4.roa (raw, json)
Hash identifier:          YJep8gfXcQaA2+ED3de1qhiSC4O8pzogz9/BdmR05+k=
Subject key identifier:   B8:21:33:74:43:64:E8:3E:47:23:46:6F:F2:E9:51:EF:1C:13:92:7E
Certificate issuer:       /CN=14d4210a344c999493e61cf9dd735677d38bc05d
Certificate serial:       018CC8DF1C509CCAFCDE2C34B59090E8AC25
Authority key identifier: 14:D4:21:0A:34:4C:99:94:93:E6:1C:F9:DD:73:56:77:D3:8B:C0:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FNQhCjRMmZST5hz53XNWd9OLwF0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/c3ef54-67fa-4939-b658-38544c2a87bb/1/uCEzdENk6D5HI0Zv8ulR7xwTkn4.roa
Signing time:             Tue 02 Jan 2024 06:31:54 +0000
ROA not before:           Tue 02 Jan 2024 06:31:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212935
IP address blocks:        91.203.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/c3ef54-67fa-4939-b658-38544c2a87bb/1/FNQhCjRMmZST5hz53XNWd9OLwF0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/c3ef54-67fa-4939-b658-38544c2a87bb/1/FNQhCjRMmZST5hz53XNWd9OLwF0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FNQhCjRMmZST5hz53XNWd9OLwF0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 11:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:1c:50:9c:ca:fc:de:2c:34:b5:90:90:e8:ac:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=14d4210a344c999493e61cf9dd735677d38bc05d
        Validity
            Not Before: Jan  2 06:31:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b82133744364e83e4723466ff2e951ef1c13927e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:0b:d2:eb:f5:72:a9:73:e8:e5:23:6d:b1:51:
                    82:5e:14:08:a2:d6:b5:1c:67:1a:57:1a:b2:ca:0c:
                    dc:94:3d:89:dd:17:af:45:be:5d:11:41:7f:50:67:
                    53:35:c8:4f:20:16:ae:cb:f2:6c:bb:cb:82:44:c5:
                    1b:47:16:f6:51:b9:25:9b:58:da:41:98:f8:ce:f0:
                    74:a7:97:4f:28:89:27:f9:ad:87:39:5d:f7:b8:0d:
                    0f:0b:c9:15:7e:48:b2:e9:21:04:ab:ff:b0:53:08:
                    1a:01:82:4d:bc:3e:d2:64:0d:ef:1a:91:ea:8b:54:
                    d4:74:d8:76:d5:4a:c6:55:7f:88:80:7c:0a:ba:ab:
                    8a:bd:5b:6d:ad:69:38:f7:7a:5b:a7:76:73:06:14:
                    e9:9e:d2:ee:d9:fd:b9:21:05:ec:cc:32:54:59:f1:
                    79:c1:49:78:ff:e0:0a:af:a3:aa:dc:47:19:17:f6:
                    c1:bf:3b:79:04:bf:61:bd:68:6e:cd:f8:95:1f:22:
                    36:80:28:c9:14:90:6b:0b:10:1e:8d:53:81:01:6a:
                    00:ce:9b:e0:16:c4:b4:9c:f2:8f:43:73:a4:56:07:
                    46:c2:fe:b0:f0:80:31:12:86:ac:af:41:11:41:70:
                    01:73:d8:94:f8:10:a4:e8:45:50:a3:02:de:74:6f:
                    6c:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:21:33:74:43:64:E8:3E:47:23:46:6F:F2:E9:51:EF:1C:13:92:7E
            X509v3 Authority Key Identifier:
                keyid:14:D4:21:0A:34:4C:99:94:93:E6:1C:F9:DD:73:56:77:D3:8B:C0:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FNQhCjRMmZST5hz53XNWd9OLwF0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/c3ef54-67fa-4939-b658-38544c2a87bb/1/uCEzdENk6D5HI0Zv8ulR7xwTkn4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/c3ef54-67fa-4939-b658-38544c2a87bb/1/FNQhCjRMmZST5hz53XNWd9OLwF0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.203.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:71:d1:71:53:1b:41:e1:d0:35:ba:a2:a9:d5:22:98:75:1f:
         e2:07:66:e5:7a:1e:84:74:b1:bf:27:68:e5:d4:c7:fc:27:15:
         86:05:e6:cb:36:b7:00:e5:63:2a:d9:22:26:1a:b0:00:75:90:
         52:c0:9e:94:04:1d:87:f6:83:5e:31:72:d1:97:2a:94:2f:dc:
         eb:ab:af:b3:c7:84:03:50:c0:45:79:4e:b9:5c:78:7f:bb:7e:
         2a:6e:37:70:5e:48:21:2b:d1:07:16:b0:6c:76:80:de:24:81:
         f5:c7:ef:51:33:9c:e8:0e:c7:be:7c:c6:69:a9:4c:59:49:72:
         36:ec:17:55:55:95:ad:93:15:70:71:5b:db:c4:f6:d9:4a:56:
         86:fc:c2:e7:bb:95:2f:d3:91:72:77:a7:10:0c:31:cf:11:72:
         7d:09:6e:4e:e0:db:96:c2:b2:40:5a:10:4f:6c:46:2c:62:05:
         bc:99:a7:0b:bf:c5:58:98:50:74:8a:49:df:d6:e1:76:a5:4e:
         54:58:be:36:c1:23:a9:8f:68:87:6d:14:db:1d:34:40:d0:8e:
         bc:c1:f9:8b:33:19:32:ce:69:0a:d6:cc:81:50:5f:41:b2:ad:
         61:27:8a:cc:8a:c9:a5:21:3d:e4:8f:f5:39:38:56:35:88:e9:
         5e:64:67:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3xxQnMr83iw0tZCQ6KwlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0ZDQyMTBhMzQ0Yzk5OTQ5M2U2MWNmOWRkNzM1Njc3ZDM4
YmMwNWQwHhcNMjQwMTAyMDYzMTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODIxMzM3NDQzNjRlODNlNDcyMzQ2NmZmMmU5NTFlZjFjMTM5MjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQvS6/VyqXPo5SNtsVGCXhQIota1
HGcaVxqyygzclD2J3RevRb5dEUF/UGdTNchPIBauy/Jsu8uCRMUbRxb2Ubklm1ja
QZj4zvB0p5dPKIkn+a2HOV33uA0PC8kVfkiy6SEEq/+wUwgaAYJNvD7SZA3vGpHq
i1TUdNh21UrGVX+IgHwKuquKvVttrWk493pbp3ZzBhTpntLu2f25IQXszDJUWfF5
wUl4/+AKr6Oq3EcZF/bBvzt5BL9hvWhuzfiVHyI2gCjJFJBrCxAejVOBAWoAzpvg
FsS0nPKPQ3OkVgdGwv6w8IAxEoasr0ERQXABc9iU+BCk6EVQowLedG9sQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLghM3RDZOg+RyNGb/LpUe8cE5J+MB8GA1UdIwQY
MBaAFBTUIQo0TJmUk+Yc+d1zVnfTi8BdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRk5RaENqUk1tWlNUNWh6NTNYTldkOU9Md0YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi9jM2VmNTQtNjdmYS00OTM5LWI2NTgt
Mzg1NDRjMmE4N2JiLzEvdUNFemRFTms2RDVISTBadjh1bFI3eHdUa240LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi9jM2VmNTQtNjdmYS00OTM5LWI2NTgtMzg1NDRjMmE4N2Ji
LzEvRk5RaENqUk1tWlNUNWh6NTNYTldkOU9Md0YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8seMA0G
CSqGSIb3DQEBCwUAA4IBAQB1cdFxUxtB4dA1uqKp1SKYdR/iB2bleh6EdLG/J2jl
1Mf8JxWGBebLNrcA5WMq2SImGrAAdZBSwJ6UBB2H9oNeMXLRlyqUL9zrq6+zx4QD
UMBFeU65XHh/u34qbjdwXkghK9EHFrBsdoDeJIH1x+9RM5zoDse+fMZpqUxZSXI2
7BdVVZWtkxVwcVvbxPbZSlaG/MLnu5Uv05Fyd6cQDDHPEXJ9CW5O4NuWwrJAWhBP
bEYsYgW8macLv8VYmFB0iknf1uF2pU5UWL42wSOpj2iHbRTbHTRA0I68wfmLMxky
zmkK1syBUF9Bsq1hJ4rMismlIT3kj/U5OFY1iOleZGfG
-----END CERTIFICATE-----