Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/42ec68-d433-4000-906c-c3eae6b0fb9c/1/uCXLrf88eLR-TjXN_43VdoZjMoU.roa
File:                     uCXLrf88eLR-TjXN_43VdoZjMoU.roa (raw, json)
Hash identifier:          t40JVdqohy0LWNUQMYZHmfsEEJsgBt4V6EiZcg8o2cM=
Subject key identifier:   B8:25:CB:AD:FF:3C:78:B4:7E:4E:35:CD:FF:8D:D5:76:86:63:32:85
Certificate issuer:       /CN=9980c70f76f0b5f5c8457a0337ad5d63122cf7e6
Certificate serial:       018CC7262059773B3A6A1185715EF1037FA1
Authority key identifier: 99:80:C7:0F:76:F0:B5:F5:C8:45:7A:03:37:AD:5D:63:12:2C:F7:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mYDHD3bwtfXIRXoDN61dYxIs9-Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/42ec68-d433-4000-906c-c3eae6b0fb9c/1/uCXLrf88eLR-TjXN_43VdoZjMoU.roa
Signing time:             Mon 01 Jan 2024 22:30:13 +0000
ROA not before:           Mon 01 Jan 2024 22:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43008
IP address blocks:        91.194.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/42ec68-d433-4000-906c-c3eae6b0fb9c/1/mYDHD3bwtfXIRXoDN61dYxIs9-Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/42ec68-d433-4000-906c-c3eae6b0fb9c/1/mYDHD3bwtfXIRXoDN61dYxIs9-Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mYDHD3bwtfXIRXoDN61dYxIs9-Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:20:59:77:3b:3a:6a:11:85:71:5e:f1:03:7f:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9980c70f76f0b5f5c8457a0337ad5d63122cf7e6
        Validity
            Not Before: Jan  1 22:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b825cbadff3c78b47e4e35cdff8dd57686633285
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:d9:05:24:fb:db:21:cd:ef:70:ed:b7:e4:d4:
                    a9:0d:c6:35:40:e6:b7:b6:55:3f:34:05:ab:a4:da:
                    ad:c1:0a:15:ef:23:6e:4c:8c:23:4b:c4:b6:ab:62:
                    9e:9a:27:c0:d4:8c:52:b2:88:71:1a:1f:6f:93:db:
                    17:ad:57:5d:30:70:fa:b3:c9:e5:83:91:2e:23:29:
                    9e:3d:95:c9:bf:f0:95:9e:59:25:cc:49:d3:d2:94:
                    09:a2:f8:10:c0:22:a4:67:21:d4:8b:5e:f0:9e:39:
                    8b:8a:ba:49:ca:65:b8:3c:eb:24:3b:91:6b:af:36:
                    81:52:03:52:2b:54:eb:38:7a:93:ad:fd:f6:70:80:
                    00:1a:12:e4:64:45:c5:ef:22:11:38:86:cd:3d:76:
                    a4:ab:16:bd:bc:02:26:64:fa:f8:f3:a3:10:50:d3:
                    24:66:4c:e5:da:1a:f1:82:6a:f3:17:5b:d4:a2:97:
                    2a:18:3b:93:b0:c7:66:ae:a2:d5:b7:c7:3d:21:dc:
                    0a:ba:9a:50:d1:6d:18:54:db:f0:3a:59:a5:c4:df:
                    4a:3e:b6:e7:dd:20:dd:db:8a:4a:a9:41:2b:6f:28:
                    b7:f8:5d:a5:12:92:dc:06:6a:48:0b:4b:d3:3e:5f:
                    5e:ed:96:5d:e3:d3:c7:3b:0e:62:55:7e:11:df:51:
                    78:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:25:CB:AD:FF:3C:78:B4:7E:4E:35:CD:FF:8D:D5:76:86:63:32:85
            X509v3 Authority Key Identifier:
                keyid:99:80:C7:0F:76:F0:B5:F5:C8:45:7A:03:37:AD:5D:63:12:2C:F7:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mYDHD3bwtfXIRXoDN61dYxIs9-Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/42ec68-d433-4000-906c-c3eae6b0fb9c/1/uCXLrf88eLR-TjXN_43VdoZjMoU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/42ec68-d433-4000-906c-c3eae6b0fb9c/1/mYDHD3bwtfXIRXoDN61dYxIs9-Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:66:b9:f8:b8:68:85:1a:87:aa:fe:72:c0:08:eb:de:f0:f5:
         9f:55:0a:e3:69:42:1a:96:6c:19:3a:47:71:2a:b5:89:34:da:
         ec:37:bf:d2:2e:41:16:9a:54:71:4b:ff:a2:3e:e6:34:3f:ed:
         4f:4f:16:52:0a:fb:26:4b:f2:f8:ca:c7:1e:a4:f7:12:91:5a:
         d6:05:1f:83:2c:30:2d:94:bc:a5:d8:99:94:7c:d5:8d:50:63:
         b2:00:43:c6:78:23:f3:3a:99:a5:aa:e2:70:99:f5:b2:5a:94:
         38:f7:32:62:ab:d8:15:68:af:c9:a9:97:37:08:69:cd:d8:c5:
         52:a1:ef:1b:55:97:9c:a2:97:fc:ee:b5:5b:ac:0e:8e:de:93:
         5b:01:88:92:57:be:f4:00:03:db:eb:c1:e0:37:5c:3c:74:3d:
         d6:d3:80:51:6b:f5:d2:5d:3f:77:29:03:ac:53:0a:2d:06:56:
         5f:f1:68:94:d6:ed:aa:75:10:6e:bb:c5:03:9d:6d:f9:b5:d2:
         0d:6a:e6:10:85:44:2e:a9:dd:e3:8e:b5:d7:60:6e:63:3d:7c:
         ba:cf:d6:7e:7b:22:b6:1e:39:87:a7:d4:b7:93:b9:c6:29:16:
         62:4c:f9:d8:a8:2c:32:59:f6:d3:9a:3b:ca:47:72:74:5d:03:
         ff:1e:df:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJiBZdzs6ahGFcV7xA3+hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5ODBjNzBmNzZmMGI1ZjVjODQ1N2EwMzM3YWQ1ZDYzMTIy
Y2Y3ZTYwHhcNMjQwMTAxMjIzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODI1Y2JhZGZmM2M3OGI0N2U0ZTM1Y2RmZjhkZDU3Njg2NjMzMjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAytkFJPvbIc3vcO235NSpDcY1QOa3
tlU/NAWrpNqtwQoV7yNuTIwjS8S2q2KemifA1IxSsohxGh9vk9sXrVddMHD6s8nl
g5EuIymePZXJv/CVnlklzEnT0pQJovgQwCKkZyHUi17wnjmLirpJymW4POskO5Fr
rzaBUgNSK1TrOHqTrf32cIAAGhLkZEXF7yIROIbNPXakqxa9vAImZPr486MQUNMk
Zkzl2hrxgmrzF1vUopcqGDuTsMdmrqLVt8c9IdwKuppQ0W0YVNvwOlmlxN9KPrbn
3SDd24pKqUErbyi3+F2lEpLcBmpIC0vTPl9e7ZZd49PHOw5iVX4R31F4bQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLgly63/PHi0fk41zf+N1XaGYzKFMB8GA1UdIwQY
MBaAFJmAxw928LX1yEV6AzetXWMSLPfmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVlESEQzYnd0ZlhJUlhvRE42MWRZeElzOS1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC80MmVjNjgtZDQzMy00MDAwLTkwNmMt
YzNlYWU2YjBmYjljLzEvdUNYTHJmODhlTFItVGpYTl80M1Zkb1pqTW9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC80MmVjNjgtZDQzMy00MDAwLTkwNmMtYzNlYWU2YjBmYjlj
LzEvbVlESEQzYnd0ZlhJUlhvRE42MWRZeElzOS1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8IeMA0G
CSqGSIb3DQEBCwUAA4IBAQC2Zrn4uGiFGoeq/nLACOve8PWfVQrjaUIalmwZOkdx
KrWJNNrsN7/SLkEWmlRxS/+iPuY0P+1PTxZSCvsmS/L4yscepPcSkVrWBR+DLDAt
lLyl2JmUfNWNUGOyAEPGeCPzOpmlquJwmfWyWpQ49zJiq9gVaK/JqZc3CGnN2MVS
oe8bVZecopf87rVbrA6O3pNbAYiSV770AAPb68HgN1w8dD3W04BRa/XSXT93KQOs
UwotBlZf8WiU1u2qdRBuu8UDnW35tdINauYQhUQuqd3jjrXXYG5jPXy6z9Z+eyK2
HjmHp9S3k7nGKRZiTPnYqCwyWfbTmjvKR3J0XQP/Ht9i
-----END CERTIFICATE-----