Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/f907c8-53a3-457a-8d05-963b25fa3068/1/UyR2vwyWdcbPE4qSeYCxiw11d20.roa
File:                     UyR2vwyWdcbPE4qSeYCxiw11d20.roa (raw, json)
Hash identifier:          NI4ELB6ZUon4yXZu9Dv5VaModfxkB4HUTgrvJF9+aZU=
Subject key identifier:   53:24:76:BF:0C:96:75:C6:CF:13:8A:92:79:80:B1:8B:0D:75:77:6D
Certificate issuer:       /CN=cdc9814a82ccb68f51c37bf83ae6cf578244ca1a
Certificate serial:       018CC34906E347B99518F613DA3917A3CD69
Authority key identifier: CD:C9:81:4A:82:CC:B6:8F:51:C3:7B:F8:3A:E6:CF:57:82:44:CA:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zcmBSoLMto9Rw3v4OubPV4JEyho.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/f907c8-53a3-457a-8d05-963b25fa3068/1/UyR2vwyWdcbPE4qSeYCxiw11d20.roa
Signing time:             Mon 01 Jan 2024 04:29:52 +0000
ROA not before:           Mon 01 Jan 2024 04:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31500
IP address blocks:        83.243.69.0/25 maxlen: 25
                          83.243.69.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/f907c8-53a3-457a-8d05-963b25fa3068/1/zcmBSoLMto9Rw3v4OubPV4JEyho.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/f907c8-53a3-457a-8d05-963b25fa3068/1/zcmBSoLMto9Rw3v4OubPV4JEyho.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zcmBSoLMto9Rw3v4OubPV4JEyho.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:06:e3:47:b9:95:18:f6:13:da:39:17:a3:cd:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdc9814a82ccb68f51c37bf83ae6cf578244ca1a
        Validity
            Not Before: Jan  1 04:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=532476bf0c9675c6cf138a927980b18b0d75776d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:8e:3d:16:4e:3d:b4:82:29:02:c8:71:26:26:
                    ad:5f:82:f7:cb:58:74:8d:4c:51:a7:15:21:04:6b:
                    a1:ec:e1:c3:e9:0d:ed:23:75:1a:3d:0d:53:7b:79:
                    3f:3d:ae:4f:33:e8:79:b4:e0:42:19:75:12:f7:0e:
                    07:2e:68:29:dc:0e:db:e4:20:44:a8:f3:53:9a:87:
                    0e:ce:ab:8e:10:c5:78:de:ea:f6:af:b6:9e:00:84:
                    df:58:5f:ba:bd:c5:17:32:9f:23:87:d0:49:82:0a:
                    4c:c2:ab:91:f3:97:53:b6:79:96:82:0e:84:b8:35:
                    05:c2:47:f6:a4:26:2a:59:f8:65:ae:21:bf:ac:0c:
                    65:0c:5e:13:b8:bf:ac:60:03:8c:21:d3:50:2e:e3:
                    5e:de:06:3d:8b:eb:f5:dc:be:f9:e2:89:72:85:7d:
                    f1:15:e8:25:56:38:41:41:c9:96:ef:21:ce:c9:1b:
                    81:b9:91:99:cc:c6:35:5a:06:14:b3:7d:fe:47:8a:
                    70:bf:56:17:69:31:48:a9:cf:d4:ad:e8:8b:25:72:
                    49:4b:ae:1a:72:d8:29:15:bc:18:b5:d4:e6:cd:fc:
                    ac:32:f2:57:3d:94:ef:21:2c:eb:ca:b9:61:0f:96:
                    fd:1d:9a:5e:92:26:b9:16:7e:bd:13:b0:3c:34:70:
                    c4:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:24:76:BF:0C:96:75:C6:CF:13:8A:92:79:80:B1:8B:0D:75:77:6D
            X509v3 Authority Key Identifier:
                keyid:CD:C9:81:4A:82:CC:B6:8F:51:C3:7B:F8:3A:E6:CF:57:82:44:CA:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zcmBSoLMto9Rw3v4OubPV4JEyho.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/f907c8-53a3-457a-8d05-963b25fa3068/1/UyR2vwyWdcbPE4qSeYCxiw11d20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/f907c8-53a3-457a-8d05-963b25fa3068/1/zcmBSoLMto9Rw3v4OubPV4JEyho.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.243.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:d5:eb:b2:38:5f:dc:f0:f2:6a:eb:92:95:dd:f8:bc:81:96:
         df:38:70:e6:5a:7f:2f:6d:eb:3d:49:6d:e6:09:c8:3a:b5:bd:
         47:95:bd:ae:57:01:3f:4c:6a:d0:57:e3:a5:1c:13:a2:65:17:
         b0:0e:cb:2f:5e:f3:bd:0d:d8:d8:4a:e3:e4:6e:4e:ac:dd:9b:
         1c:7c:af:e2:e4:3c:42:2f:7f:d6:00:94:58:51:2e:21:06:28:
         28:5b:72:35:79:91:18:82:ec:94:39:86:2c:94:4f:dc:b7:8e:
         20:8e:b1:88:95:f8:6f:e0:b0:78:e5:ad:ef:7b:bd:a2:c3:02:
         88:97:88:8d:ce:66:7a:1d:44:8f:5c:38:61:72:d8:e0:5d:51:
         85:35:18:4f:00:df:20:04:a2:24:88:49:dd:fe:31:be:3f:fb:
         1d:d3:1d:99:d8:25:f4:29:36:a3:a4:2a:d5:df:65:63:56:9d:
         26:7a:56:75:cd:19:57:e4:88:b6:d2:25:a8:17:cd:77:e8:93:
         b7:82:be:73:60:14:54:53:33:e0:b9:a3:c7:9e:87:f6:ca:6b:
         98:df:2d:10:49:8d:a9:39:de:08:90:c0:35:70:42:10:78:94:
         2e:b3:d3:c2:78:4f:71:7c:65:69:14:c4:ef:0c:6f:00:3d:d3:
         49:e4:51:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSQbjR7mVGPYT2jkXo81pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYzk4MTRhODJjY2I2OGY1MWMzN2JmODNhZTZjZjU3ODI0
NGNhMWEwHhcNMjQwMTAxMDQyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzI0NzZiZjBjOTY3NWM2Y2YxMzhhOTI3OTgwYjE4YjBkNzU3NzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi449Fk49tIIpAshxJiatX4L3y1h0
jUxRpxUhBGuh7OHD6Q3tI3UaPQ1Te3k/Pa5PM+h5tOBCGXUS9w4HLmgp3A7b5CBE
qPNTmocOzquOEMV43ur2r7aeAITfWF+6vcUXMp8jh9BJggpMwquR85dTtnmWgg6E
uDUFwkf2pCYqWfhlriG/rAxlDF4TuL+sYAOMIdNQLuNe3gY9i+v13L754olyhX3x
FeglVjhBQcmW7yHOyRuBuZGZzMY1WgYUs33+R4pwv1YXaTFIqc/UreiLJXJJS64a
ctgpFbwYtdTmzfysMvJXPZTvISzryrlhD5b9HZpekia5Fn69E7A8NHDEHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFMkdr8MlnXGzxOKknmAsYsNdXdtMB8GA1UdIwQY
MBaAFM3JgUqCzLaPUcN7+Drmz1eCRMoaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemNtQlNvTE10bzlSdzN2NE91YlBWNEpFeWhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9mOTA3YzgtNTNhMy00NTdhLThkMDUt
OTYzYjI1ZmEzMDY4LzEvVXlSMnZ3eVdkY2JQRTRxU2VZQ3hpdzExZDIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9mOTA3YzgtNTNhMy00NTdhLThkMDUtOTYzYjI1ZmEzMDY4
LzEvemNtQlNvTE10bzlSdzN2NE91YlBWNEpFeWhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU/NFMA0G
CSqGSIb3DQEBCwUAA4IBAQBN1euyOF/c8PJq65KV3fi8gZbfOHDmWn8vbes9SW3m
Ccg6tb1Hlb2uVwE/TGrQV+OlHBOiZRewDssvXvO9DdjYSuPkbk6s3ZscfK/i5DxC
L3/WAJRYUS4hBigoW3I1eZEYguyUOYYslE/ct44gjrGIlfhv4LB45a3ve72iwwKI
l4iNzmZ6HUSPXDhhctjgXVGFNRhPAN8gBKIkiEnd/jG+P/sd0x2Z2CX0KTajpCrV
32VjVp0melZ1zRlX5Ii20iWoF8136JO3gr5zYBRUUzPguaPHnof2ymuY3y0QSY2p
Od4IkMA1cEIQeJQus9PCeE9xfGVpFMTvDG8APdNJ5FFg
-----END CERTIFICATE-----