Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/f70db4-62ea-49db-8319-cdfa60122690/1/Uu-twUVldjr_oEZ0y2ql0PTNJ1M.roa
File:                     Uu-twUVldjr_oEZ0y2ql0PTNJ1M.roa (raw, json)
Hash identifier:          3hPqYy5WoGWMWA4gqs0dXFaS1nRTYeA2qjp4I1TcUuc=
Subject key identifier:   52:EF:AD:C1:45:65:76:3A:FF:A0:46:74:CB:6A:A5:D0:F4:CD:27:53
Certificate issuer:       /CN=de51da32762a6f9c126d63ba705d62c050b8484e
Certificate serial:       018CC8DF1825485F4FCBBA9CE0116C3C71AF
Authority key identifier: DE:51:DA:32:76:2A:6F:9C:12:6D:63:BA:70:5D:62:C0:50:B8:48:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3lHaMnYqb5wSbWO6cF1iwFC4SE4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/f70db4-62ea-49db-8319-cdfa60122690/1/Uu-twUVldjr_oEZ0y2ql0PTNJ1M.roa
Signing time:             Tue 02 Jan 2024 06:31:52 +0000
ROA not before:           Tue 02 Jan 2024 06:31:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59649
IP address blocks:        185.72.16.0/24 maxlen: 24
                          2a03:3da0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/f70db4-62ea-49db-8319-cdfa60122690/1/3lHaMnYqb5wSbWO6cF1iwFC4SE4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/f70db4-62ea-49db-8319-cdfa60122690/1/3lHaMnYqb5wSbWO6cF1iwFC4SE4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3lHaMnYqb5wSbWO6cF1iwFC4SE4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:18:25:48:5f:4f:cb:ba:9c:e0:11:6c:3c:71:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de51da32762a6f9c126d63ba705d62c050b8484e
        Validity
            Not Before: Jan  2 06:31:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=52efadc14565763affa04674cb6aa5d0f4cd2753
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:ac:7f:cf:c5:04:74:93:a1:bb:b4:f5:ca:05:
                    1b:db:f7:f3:d9:ec:44:00:27:f0:19:cf:3d:53:ac:
                    4e:37:fd:d0:c5:3b:28:5b:56:4f:77:96:b9:e1:11:
                    1e:92:3a:90:fc:55:bc:ff:dc:ce:e3:b9:51:63:bf:
                    74:04:cd:e1:01:bb:bf:c2:fc:5f:23:23:1c:24:43:
                    6a:05:22:e5:d1:a4:64:35:68:4b:83:77:1a:ea:e7:
                    db:16:93:bb:02:18:44:69:32:d3:d2:e3:c4:3e:bf:
                    bb:14:10:ca:07:9a:ff:68:ec:ac:ac:35:57:f1:1d:
                    e1:28:f2:81:a9:b7:6b:2b:06:5b:98:26:48:eb:79:
                    d2:a8:80:03:59:b4:20:f4:81:b7:f6:24:a4:f0:c6:
                    c9:a2:4c:12:58:e2:f1:38:f9:71:a1:99:50:00:24:
                    53:31:8f:e8:c4:f5:50:08:fc:a2:41:db:8d:c3:8d:
                    4e:02:93:06:61:64:31:4d:68:a8:76:52:e5:0f:f0:
                    9d:4c:17:c6:8b:7f:51:1f:c1:4a:61:f1:a7:f5:75:
                    a6:da:0d:7c:26:49:aa:93:7a:f7:53:e9:66:9a:49:
                    ca:9d:ad:b3:76:84:e5:bc:7e:df:b4:a5:33:fd:14:
                    2f:05:70:da:99:a4:dd:72:cf:d9:d4:7d:c2:a3:63:
                    a1:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:EF:AD:C1:45:65:76:3A:FF:A0:46:74:CB:6A:A5:D0:F4:CD:27:53
            X509v3 Authority Key Identifier:
                keyid:DE:51:DA:32:76:2A:6F:9C:12:6D:63:BA:70:5D:62:C0:50:B8:48:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3lHaMnYqb5wSbWO6cF1iwFC4SE4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/f70db4-62ea-49db-8319-cdfa60122690/1/Uu-twUVldjr_oEZ0y2ql0PTNJ1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/f70db4-62ea-49db-8319-cdfa60122690/1/3lHaMnYqb5wSbWO6cF1iwFC4SE4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.72.16.0/24
                IPv6:
                  2a03:3da0::/48

    Signature Algorithm: sha256WithRSAEncryption
         9e:70:90:14:a7:53:b7:32:24:02:02:f7:27:8c:f0:45:7d:0e:
         ab:2e:39:a3:64:89:eb:d6:3f:64:a5:6b:13:30:62:67:47:1d:
         be:9c:c1:1b:1a:f1:10:ee:3b:f1:a5:92:9c:08:90:6d:39:00:
         bd:a8:8e:1c:99:4a:0b:e5:ac:7b:83:91:4c:ae:89:6c:bf:bc:
         c5:52:d8:7f:47:f5:6e:68:44:7a:19:50:70:a3:0f:70:2c:0a:
         89:05:f5:57:a4:8a:18:57:72:5d:f5:76:cb:1e:7e:82:83:6e:
         7e:c4:25:bc:92:ac:8d:c3:89:1a:2c:f6:3c:3f:2c:6f:14:d0:
         c4:48:c7:74:65:d0:25:3f:b3:42:e5:f5:52:16:5b:ba:01:ba:
         4a:0c:91:08:83:45:1f:c2:02:4d:4a:9d:39:a0:34:7d:c0:bf:
         82:db:e5:a0:1b:f0:77:40:f9:9d:14:a0:20:8a:09:53:85:ac:
         85:47:fa:66:d4:48:b7:1b:58:e3:4d:b2:db:c0:90:e5:70:89:
         4f:2c:19:6a:d8:13:7c:70:e3:7e:d9:82:6a:1d:b4:25:21:77:
         6c:7e:a2:df:26:06:69:70:c6:29:65:a5:3f:09:d2:24:91:c1:
         26:d8:62:61:ac:73:e2:3b:b5:49:78:1d:05:66:4f:bc:a6:df:
         76:89:87:59
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzI3xglSF9Py7qc4BFsPHGvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlNTFkYTMyNzYyYTZmOWMxMjZkNjNiYTcwNWQ2MmMwNTBi
ODQ4NGUwHhcNMjQwMTAyMDYzMTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmVmYWRjMTQ1NjU3NjNhZmZhMDQ2NzRjYjZhYTVkMGY0Y2QyNzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoax/z8UEdJOhu7T1ygUb2/fz2exE
ACfwGc89U6xON/3QxTsoW1ZPd5a54REekjqQ/FW8/9zO47lRY790BM3hAbu/wvxf
IyMcJENqBSLl0aRkNWhLg3ca6ufbFpO7AhhEaTLT0uPEPr+7FBDKB5r/aOysrDVX
8R3hKPKBqbdrKwZbmCZI63nSqIADWbQg9IG39iSk8MbJokwSWOLxOPlxoZlQACRT
MY/oxPVQCPyiQduNw41OApMGYWQxTWiodlLlD/CdTBfGi39RH8FKYfGn9XWm2g18
Jkmqk3r3U+lmmknKna2zdoTlvH7ftKUz/RQvBXDamaTdcs/Z1H3Co2OhhQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFLvrcFFZXY6/6BGdMtqpdD0zSdTMB8GA1UdIwQY
MBaAFN5R2jJ2Km+cEm1junBdYsBQuEhOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2xIYU1uWXFiNXdTYldPNmNGMWl3RkM0U0U0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9mNzBkYjQtNjJlYS00OWRiLTgzMTkt
Y2RmYTYwMTIyNjkwLzEvVXUtdHdVVmxkanJfb0VaMHkycWwwUFROSjFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9mNzBkYjQtNjJlYS00OWRiLTgzMTktY2RmYTYwMTIyNjkw
LzEvM2xIYU1uWXFiNXdTYldPNmNGMWl3RkM0U0U0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuUgQMA8E
AgACMAkDBwAqAz2gAAAwDQYJKoZIhvcNAQELBQADggEBAJ5wkBSnU7cyJAIC9yeM
8EV9DqsuOaNkievWP2SlaxMwYmdHHb6cwRsa8RDuO/GlkpwIkG05AL2ojhyZSgvl
rHuDkUyuiWy/vMVS2H9H9W5oRHoZUHCjD3AsCokF9VekihhXcl31dssefoKDbn7E
JbySrI3DiRos9jw/LG8U0MRIx3Rl0CU/s0Ll9VIWW7oBukoMkQiDRR/CAk1KnTmg
NH3Av4Lb5aAb8HdA+Z0UoCCKCVOFrIVH+mbUSLcbWONNstvAkOVwiU8sGWrYE3xw
437ZgmodtCUhd2x+ot8mBmlwxillpT8J0iSRwSbYYmGsc+I7tUl4HQVmT7ym33aJ
h1k=
-----END CERTIFICATE-----