Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/uTVeSBU-JOFb6Q0-sM5TOe4bvU0.roa
File:                     uTVeSBU-JOFb6Q0-sM5TOe4bvU0.roa (raw, json)
Hash identifier:          fEn+wbI3+GlJaj/V8W7cDHMTLISR1Tr8Cr52zOXm5Q8=
Subject key identifier:   B9:35:5E:48:15:3E:24:E1:5B:E9:0D:3E:B0:CE:53:39:EE:1B:BD:4D
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       018CC56DFD62D2DEC05B3DD7A72CE740150E
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/uTVeSBU-JOFb6Q0-sM5TOe4bvU0.roa
Signing time:             Mon 01 Jan 2024 14:29:29 +0000
ROA not before:           Mon 01 Jan 2024 14:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15731
IP address blocks:        193.37.196.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:02:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:fd:62:d2:de:c0:5b:3d:d7:a7:2c:e7:40:15:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Jan  1 14:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9355e48153e24e15be90d3eb0ce5339ee1bbd4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:b3:6c:5f:d9:c0:d8:d9:cf:1e:05:11:99:8b:
                    47:d0:91:48:bb:75:cd:76:3f:08:0a:e8:e8:86:7a:
                    69:e3:58:af:ba:43:cd:94:60:6d:55:84:72:fa:5f:
                    d1:f3:ae:0c:e0:9d:e7:cd:e5:3c:04:0e:94:6f:f2:
                    1c:da:d3:28:f6:3c:73:c6:ab:97:94:d0:78:c0:4e:
                    b2:46:82:20:90:3b:3b:f2:6b:87:47:bd:02:60:8d:
                    a2:5c:e7:48:35:68:34:83:0f:46:f7:8f:b3:e6:fd:
                    0a:cb:05:b1:dd:eb:b9:99:d8:c7:f9:fc:a9:5d:c1:
                    e8:31:2c:81:28:13:d6:29:17:45:51:d9:07:29:7f:
                    cc:64:f8:a4:04:dd:cb:5e:e6:ed:54:2f:65:85:03:
                    a7:c0:24:2c:40:41:49:76:f5:d1:52:2e:e5:36:50:
                    92:5b:c0:d4:14:f0:e1:1a:26:56:b5:a9:48:83:7b:
                    07:d6:2a:64:1f:de:94:ef:52:8c:f5:e4:87:1c:bd:
                    8a:d3:be:39:37:a7:f2:77:8e:54:04:fd:d2:4f:85:
                    f2:04:6d:c1:c7:ba:4c:40:23:22:2d:50:2d:17:85:
                    35:b5:9f:86:3c:f2:0a:93:2b:f1:90:f6:9f:9e:aa:
                    8a:91:cd:4b:29:6f:72:15:e7:12:3a:3d:69:8a:5d:
                    b0:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:35:5E:48:15:3E:24:E1:5B:E9:0D:3E:B0:CE:53:39:EE:1B:BD:4D
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/uTVeSBU-JOFb6Q0-sM5TOe4bvU0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:74:17:3f:3f:ee:fd:60:59:3a:9c:b4:d0:18:95:80:eb:13:
         65:22:89:a2:76:e5:af:88:1e:8b:21:ec:81:06:5d:d6:d7:15:
         b4:80:af:e8:8a:eb:74:10:82:fc:b3:e6:3a:93:69:09:1a:3a:
         91:9e:68:39:e0:d4:9f:8a:88:4e:61:d6:f5:b4:a0:a0:b9:f8:
         88:41:85:ef:06:9e:db:3e:bc:73:ba:2f:e8:c7:10:a0:68:84:
         37:ed:10:7e:39:2d:71:37:a5:52:a5:4c:3d:88:5f:a8:9c:49:
         1d:7d:a5:b9:ef:56:db:15:31:ed:b8:ef:df:d3:ca:46:26:85:
         83:69:7c:98:67:45:da:9e:31:c9:23:06:89:17:97:0e:63:e1:
         da:10:67:5b:c3:1c:3f:7b:68:c3:b6:b5:73:f6:db:af:b4:0c:
         47:6f:b1:45:a6:db:08:3f:b6:92:7a:3c:9d:c7:b1:b0:73:db:
         82:16:85:d9:ea:3a:2a:c8:a4:41:2a:ab:1b:b7:94:93:40:0c:
         51:9c:38:fc:17:9d:9e:b2:0f:6f:25:a3:3f:bd:42:bb:83:a9:
         9d:b1:4f:30:1b:79:29:5b:ac:48:1b:61:41:b2:3f:f3:61:56:
         ea:ae:63:a7:4c:56:f4:a3:ee:bd:1c:82:4e:d0:02:33:0c:43:
         2a:e6:cd:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbf1i0t7AWz3XpyznQBUOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjQwMTAxMTQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTM1NWU0ODE1M2UyNGUxNWJlOTBkM2ViMGNlNTMzOWVlMWJiZDRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbNsX9nA2NnPHgURmYtH0JFIu3XN
dj8ICujohnpp41ivukPNlGBtVYRy+l/R864M4J3nzeU8BA6Ub/Ic2tMo9jxzxquX
lNB4wE6yRoIgkDs78muHR70CYI2iXOdINWg0gw9G94+z5v0KywWx3eu5mdjH+fyp
XcHoMSyBKBPWKRdFUdkHKX/MZPikBN3LXubtVC9lhQOnwCQsQEFJdvXRUi7lNlCS
W8DUFPDhGiZWtalIg3sH1ipkH96U71KM9eSHHL2K0745N6fyd45UBP3ST4XyBG3B
x7pMQCMiLVAtF4U1tZ+GPPIKkyvxkPafnqqKkc1LKW9yFecSOj1pil2wLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLk1XkgVPiThW+kNPrDOUznuG71NMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvdVRWZVNCVS1KT0ZiNlEwLXNNNVRPZTRidlUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSXEMA0G
CSqGSIb3DQEBCwUAA4IBAQAZdBc/P+79YFk6nLTQGJWA6xNlIomiduWviB6LIeyB
Bl3W1xW0gK/oiut0EIL8s+Y6k2kJGjqRnmg54NSfiohOYdb1tKCgufiIQYXvBp7b
Prxzui/oxxCgaIQ37RB+OS1xN6VSpUw9iF+onEkdfaW571bbFTHtuO/f08pGJoWD
aXyYZ0XanjHJIwaJF5cOY+HaEGdbwxw/e2jDtrVz9tuvtAxHb7FFptsIP7aSejyd
x7Gwc9uCFoXZ6joqyKRBKqsbt5STQAxRnDj8F52esg9vJaM/vUK7g6mdsU8wG3kp
W6xIG2FBsj/zYVbqrmOnTFb0o+69HIJO0AIzDEMq5s00
-----END CERTIFICATE-----