Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/c920da-1df8-4927-8831-ab0664e63fb6/1/UuBG0aOb6_GftuhFLQe4PZGjyng.roa
File:                     UuBG0aOb6_GftuhFLQe4PZGjyng.roa (raw, json)
Hash identifier:          sdSq+5L8tFFEWuJI49wUxFMZoGaEooBPts7hj6uRRyk=
Subject key identifier:   52:E0:46:D1:A3:9B:EB:F1:9F:B6:E8:45:2D:07:B8:3D:91:A3:CA:78
Certificate issuer:       /CN=99252ff7f4dcf62234d22f86a1135b344923daab
Certificate serial:       018CC7943868724B17F6F5ACF7714B47A1F7
Authority key identifier: 99:25:2F:F7:F4:DC:F6:22:34:D2:2F:86:A1:13:5B:34:49:23:DA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mSUv9_Tc9iI00i-GoRNbNEkj2qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/c920da-1df8-4927-8831-ab0664e63fb6/1/UuBG0aOb6_GftuhFLQe4PZGjyng.roa
Signing time:             Tue 02 Jan 2024 00:30:28 +0000
ROA not before:           Tue 02 Jan 2024 00:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209538
IP address blocks:        193.107.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/c920da-1df8-4927-8831-ab0664e63fb6/1/mSUv9_Tc9iI00i-GoRNbNEkj2qs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/c920da-1df8-4927-8831-ab0664e63fb6/1/mSUv9_Tc9iI00i-GoRNbNEkj2qs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mSUv9_Tc9iI00i-GoRNbNEkj2qs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:38:68:72:4b:17:f6:f5:ac:f7:71:4b:47:a1:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99252ff7f4dcf62234d22f86a1135b344923daab
        Validity
            Not Before: Jan  2 00:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=52e046d1a39bebf19fb6e8452d07b83d91a3ca78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:de:70:61:5d:b0:95:e8:06:a1:65:15:e4:b5:
                    c3:1e:1e:21:da:6c:b8:38:64:c9:0b:dd:3a:03:19:
                    f8:e3:23:90:19:48:d7:db:f1:6a:0b:3f:18:db:fc:
                    0f:6b:a0:c3:4b:0d:4a:a6:15:27:23:d2:f7:a4:60:
                    d4:34:02:42:64:4e:5a:7a:b7:07:1b:7b:8f:ff:78:
                    16:b3:ce:40:6a:fc:0a:e9:dc:44:29:ab:b3:de:58:
                    ac:9f:fc:5b:d8:c6:ec:d2:a2:71:32:7a:a9:f3:eb:
                    6c:59:b2:a5:89:93:60:43:a0:cc:e0:c8:fd:8d:4b:
                    03:ee:84:bb:68:23:cd:ad:f6:3c:18:38:23:54:84:
                    e3:44:0e:1b:ef:7f:72:45:ff:e7:a4:e4:e2:34:5f:
                    5b:82:d0:39:af:9e:79:14:77:d3:52:e9:18:72:80:
                    a5:f9:0a:8d:b2:21:25:ec:b4:95:01:9a:ee:21:b1:
                    20:c6:76:56:ff:7c:bf:56:7d:b4:33:47:c6:19:d8:
                    a8:63:33:9d:74:c4:c4:e3:eb:bd:c0:eb:9a:b8:36:
                    bf:28:15:28:35:45:c8:e5:a1:54:50:51:91:9e:f4:
                    06:21:64:ad:ca:d4:69:31:ee:88:2c:0c:a5:6b:8c:
                    0b:03:8a:79:a2:51:fc:73:14:13:38:43:8b:55:98:
                    da:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:E0:46:D1:A3:9B:EB:F1:9F:B6:E8:45:2D:07:B8:3D:91:A3:CA:78
            X509v3 Authority Key Identifier:
                keyid:99:25:2F:F7:F4:DC:F6:22:34:D2:2F:86:A1:13:5B:34:49:23:DA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSUv9_Tc9iI00i-GoRNbNEkj2qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/c920da-1df8-4927-8831-ab0664e63fb6/1/UuBG0aOb6_GftuhFLQe4PZGjyng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/c920da-1df8-4927-8831-ab0664e63fb6/1/mSUv9_Tc9iI00i-GoRNbNEkj2qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.107.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:81:ac:8f:f3:9b:7b:72:54:11:ea:e0:fa:b3:66:1b:06:bc:
         b8:09:9f:b3:bd:65:ac:87:d3:e5:2c:65:f0:7f:40:9b:74:88:
         bb:7c:d8:af:ac:60:7d:34:47:5d:77:3b:3c:a5:39:77:16:ac:
         35:67:69:18:5d:05:82:18:d8:3a:96:2e:5d:71:2d:2e:5f:4d:
         d6:88:d4:98:04:de:6b:2f:f5:80:64:83:5d:4b:c9:0a:58:07:
         a0:f2:0b:d6:a0:fe:86:21:bc:75:c3:e9:36:59:3b:66:84:24:
         62:0a:f3:2c:d8:48:36:f5:c9:94:aa:cd:6e:fc:fb:db:c2:99:
         1c:68:eb:89:3c:7b:e5:0f:88:ac:1c:a8:a5:8a:ef:47:81:d6:
         fe:46:28:c3:67:fb:81:9d:d3:f4:22:04:94:50:59:98:75:bc:
         42:51:10:7e:79:b2:30:bf:62:fb:8e:d8:e3:63:40:63:a3:54:
         d6:7b:01:85:27:c2:9f:0e:2e:c7:91:e4:2b:98:5d:59:81:10:
         d4:46:62:6f:f5:42:0d:40:68:e3:26:6f:f4:7f:6e:2b:ca:e7:
         72:8a:06:c0:6a:a8:2e:17:58:44:c7:51:e6:cf:4e:8d:5d:a2:
         f3:41:f1:e8:10:dc:be:3c:db:c6:be:3d:f0:22:ee:de:b8:f5:
         7a:18:41:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlDhocksX9vWs93FLR6H3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MjUyZmY3ZjRkY2Y2MjIzNGQyMmY4NmExMTM1YjM0NDky
M2RhYWIwHhcNMjQwMTAyMDAzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmUwNDZkMWEzOWJlYmYxOWZiNmU4NDUyZDA3YjgzZDkxYTNjYTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqd5wYV2wlegGoWUV5LXDHh4h2my4
OGTJC906Axn44yOQGUjX2/FqCz8Y2/wPa6DDSw1KphUnI9L3pGDUNAJCZE5aercH
G3uP/3gWs85AavwK6dxEKauz3lisn/xb2Mbs0qJxMnqp8+tsWbKliZNgQ6DM4Mj9
jUsD7oS7aCPNrfY8GDgjVITjRA4b739yRf/npOTiNF9bgtA5r555FHfTUukYcoCl
+QqNsiEl7LSVAZruIbEgxnZW/3y/Vn20M0fGGdioYzOddMTE4+u9wOuauDa/KBUo
NUXI5aFUUFGRnvQGIWStytRpMe6ILAyla4wLA4p5olH8cxQTOEOLVZjaDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFLgRtGjm+vxn7boRS0HuD2Ro8p4MB8GA1UdIwQY
MBaAFJklL/f03PYiNNIvhqETWzRJI9qrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVNVdjlfVGM5aUkwMGktR29STmJORWtqMnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9jOTIwZGEtMWRmOC00OTI3LTg4MzEt
YWIwNjY0ZTYzZmI2LzEvVXVCRzBhT2I2X0dmdHVoRkxRZTRQWkdqeW5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9jOTIwZGEtMWRmOC00OTI3LTg4MzEtYWIwNjY0ZTYzZmI2
LzEvbVNVdjlfVGM5aUkwMGktR29STmJORWtqMnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWsxMA0G
CSqGSIb3DQEBCwUAA4IBAQBngayP85t7clQR6uD6s2YbBry4CZ+zvWWsh9PlLGXw
f0CbdIi7fNivrGB9NEdddzs8pTl3Fqw1Z2kYXQWCGNg6li5dcS0uX03WiNSYBN5r
L/WAZINdS8kKWAeg8gvWoP6GIbx1w+k2WTtmhCRiCvMs2Eg29cmUqs1u/Pvbwpkc
aOuJPHvlD4isHKiliu9Hgdb+RijDZ/uBndP0IgSUUFmYdbxCURB+ebIwv2L7jtjj
Y0Bjo1TWewGFJ8KfDi7HkeQrmF1ZgRDURmJv9UINQGjjJm/0f24ryudyigbAaqgu
F1hEx1Hmz06NXaLzQfHoENy+PNvGvj3wIu7euPV6GEEO
-----END CERTIFICATE-----