Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uy210clAk9jlyF5Rd1QuITEukv4.roa
File:                     uy210clAk9jlyF5Rd1QuITEukv4.roa (raw, json)
Hash identifier:          f1OJrytPcn9EZQuHlfL0u4QOWGHJZQ5W0onv3L7hJWs=
Subject key identifier:   BB:2D:B5:D1:C9:40:93:D8:E5:C8:5E:51:77:54:2E:21:31:2E:92:FE
Certificate issuer:       /CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
Certificate serial:       018CC7945C110A558ADAE2E2E43E24070006
Authority key identifier: B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uy210clAk9jlyF5Rd1QuITEukv4.roa
Signing time:             Tue 02 Jan 2024 00:30:37 +0000
ROA not before:           Tue 02 Jan 2024 00:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57971
IP address blocks:        5.59.176.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 28 Jun 2024 22:02:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:5c:11:0a:55:8a:da:e2:e2:e4:3e:24:07:00:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
        Validity
            Not Before: Jan  2 00:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb2db5d1c94093d8e5c85e5177542e21312e92fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:0f:b4:af:59:0d:a2:3a:3b:01:78:81:c8:97:
                    5f:fa:05:04:dd:b4:cd:30:70:b2:7e:3b:d2:a4:a9:
                    74:2c:44:92:aa:5e:e0:af:e5:0b:d9:aa:4c:2f:7f:
                    26:d0:ec:74:d3:84:79:fe:27:ff:51:5b:6b:8d:30:
                    f8:29:17:67:cd:c5:c0:b1:d0:7c:e8:ff:24:9f:4d:
                    2d:58:22:ed:b6:be:5e:87:56:0e:26:56:b0:d5:a4:
                    55:64:d3:46:0d:08:5d:d8:a3:26:21:0c:7a:ee:ef:
                    d3:37:3f:c6:e9:6d:19:f4:44:49:d4:69:18:36:fb:
                    86:d4:c3:9a:cd:26:74:45:4a:84:77:5a:ed:47:63:
                    14:fb:5b:60:84:ae:6f:c2:9c:65:ad:8a:fe:a0:de:
                    6d:1d:1b:01:a8:c7:d5:6a:57:d0:a9:40:06:7a:a7:
                    8d:b4:36:bc:ac:fa:87:60:16:4a:e8:15:f5:de:f0:
                    ad:c5:00:12:9a:65:4f:bc:30:d7:31:c8:c8:e6:44:
                    16:b7:6f:09:ab:b9:5f:d0:64:fe:b4:f7:cc:05:1f:
                    e2:63:f5:dd:0e:3f:47:66:70:93:92:2f:46:fa:08:
                    6e:61:f2:b5:c9:e6:ab:01:6b:35:75:c9:8b:6e:09:
                    42:78:8d:dc:52:57:24:a5:53:39:61:64:93:8b:6e:
                    a4:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:2D:B5:D1:C9:40:93:D8:E5:C8:5E:51:77:54:2E:21:31:2E:92:FE
            X509v3 Authority Key Identifier:
                keyid:B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uy210clAk9jlyF5Rd1QuITEukv4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.59.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4b:44:1a:83:f2:04:4b:bd:12:04:51:93:99:4f:b9:8d:de:e9:
         a6:04:e9:8f:a0:b9:d0:ed:f8:a3:58:ff:11:a5:32:82:43:76:
         5d:51:be:62:a4:5f:47:cb:6b:64:63:c8:04:60:25:18:f6:ae:
         ec:f7:4e:d1:7b:05:9d:72:6f:a7:42:f9:17:27:12:ca:ed:4f:
         d7:70:36:05:5f:98:6f:95:ce:e8:82:2e:24:86:b7:dd:cc:aa:
         53:9d:23:36:e3:b7:e4:08:3b:02:74:75:9a:45:02:66:d4:01:
         dd:89:13:ba:29:55:3f:fb:b8:dd:6d:c3:eb:ab:9d:79:78:b2:
         02:dc:1a:ed:07:d0:f5:76:0c:c3:a1:34:22:e9:3b:9e:df:f1:
         e0:86:4e:a6:ea:04:9a:d6:33:6c:94:d7:4f:35:6e:b5:53:6e:
         f8:1b:82:ca:7d:a8:11:69:8a:80:49:ce:9d:f0:4a:99:13:60:
         f2:22:b1:7b:b2:f9:a1:49:61:72:7b:1c:32:67:e4:96:83:59:
         c9:65:4a:d9:71:39:d8:4e:bf:f9:84:93:ad:01:a9:79:2d:3d:
         ae:ca:be:9c:c4:8e:f0:78:e6:ba:9d:24:7e:50:d3:f3:c3:13:
         58:f3:cf:ee:b1:c8:fe:1c:d1:2f:33:fb:48:2c:25:f1:ff:e7:
         0f:58:b6:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlFwRClWK2uLi5D4kBwAGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5NDgxMTE5YWZlMWJmZjIyOWZhY2Q0ZWY5YzhjNjFiMGZh
YmVhZjIwHhcNMjQwMTAyMDAzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjJkYjVkMWM5NDA5M2Q4ZTVjODVlNTE3NzU0MmUyMTMxMmU5MmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjA+0r1kNojo7AXiByJdf+gUE3bTN
MHCyfjvSpKl0LESSql7gr+UL2apML38m0Ox004R5/if/UVtrjTD4KRdnzcXAsdB8
6P8kn00tWCLttr5eh1YOJlaw1aRVZNNGDQhd2KMmIQx67u/TNz/G6W0Z9ERJ1GkY
NvuG1MOazSZ0RUqEd1rtR2MU+1tghK5vwpxlrYr+oN5tHRsBqMfValfQqUAGeqeN
tDa8rPqHYBZK6BX13vCtxQASmmVPvDDXMcjI5kQWt28Jq7lf0GT+tPfMBR/iY/Xd
Dj9HZnCTki9G+ghuYfK1yearAWs1dcmLbglCeI3cUlckpVM5YWSTi26k6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLsttdHJQJPY5cheUXdULiExLpL+MB8GA1UdIwQY
MBaAFLlIERmv4b/yKfrNTvnIxhsPq+ryMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAt
OWI5YmNlMTVlMGM2LzEvdXkyMTBjbEFrOWpseUY1UmQxUXVJVEV1a3Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAtOWI5YmNlMTVlMGM2
LzEvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBTuwMA0G
CSqGSIb3DQEBCwUAA4IBAQBLRBqD8gRLvRIEUZOZT7mN3ummBOmPoLnQ7fijWP8R
pTKCQ3ZdUb5ipF9Hy2tkY8gEYCUY9q7s907RewWdcm+nQvkXJxLK7U/XcDYFX5hv
lc7ogi4khrfdzKpTnSM247fkCDsCdHWaRQJm1AHdiRO6KVU/+7jdbcPrq515eLIC
3BrtB9D1dgzDoTQi6Tue3/Hghk6m6gSa1jNslNdPNW61U274G4LKfagRaYqASc6d
8EqZE2DyIrF7svmhSWFyexwyZ+SWg1nJZUrZcTnYTr/5hJOtAal5LT2uyr6cxI7w
eOa6nSR+UNPzwxNY88/uscj+HNEvM/tILCXx/+cPWLbb
-----END CERTIFICATE-----