Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/uj8bwgRGTaHNaEgyvMI_XAvPCf4.roa
File:                     uj8bwgRGTaHNaEgyvMI_XAvPCf4.roa (raw, json)
Hash identifier:          dnELcoh5i9t2m8A0ekocKTbQJPsunpWXHgp5EJkbQSk=
Subject key identifier:   BA:3F:1B:C2:04:46:4D:A1:CD:68:48:32:BC:C2:3F:5C:0B:CF:09:FE
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0193495385EFE3BEA882922299A07F9F020B
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/uj8bwgRGTaHNaEgyvMI_XAvPCf4.roa
Signing time:             Wed 20 Nov 2024 11:27:10 +0000
ROA not before:           Wed 20 Nov 2024 11:27:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211441
IP address blocks:        195.34.67.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 14:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:49:53:85:ef:e3:be:a8:82:92:22:99:a0:7f:9f:02:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Nov 20 11:27:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba3f1bc204464da1cd684832bcc23f5c0bcf09fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:15:e7:8e:90:d9:9a:11:90:d0:b8:ea:b4:aa:
                    dc:b0:0b:af:40:4b:54:04:57:a6:de:63:77:30:7f:
                    7b:9c:a3:4d:43:ed:df:5a:2a:62:68:8c:d5:8a:6e:
                    d3:b7:2c:e8:a8:c0:4a:c8:4e:3a:02:e9:6a:c3:70:
                    03:6c:29:20:9f:97:47:f5:0c:09:83:10:a1:da:4d:
                    c2:46:13:88:ad:09:f3:46:92:f2:0c:cc:d6:b2:9f:
                    33:bf:83:62:d2:41:eb:08:0a:6c:97:24:3e:26:e9:
                    05:84:4e:aa:83:37:bb:8e:f5:ae:93:10:49:95:1e:
                    a9:10:2a:12:0c:d4:19:86:0a:b9:bb:d5:a7:d7:6d:
                    de:f6:d4:9b:3f:7d:02:a2:b5:30:96:03:44:c7:91:
                    56:57:f1:45:41:80:47:ed:ba:b8:a1:59:3c:01:f1:
                    19:bd:ef:77:14:56:78:5a:5c:d6:cc:60:1f:05:34:
                    9f:99:81:88:4b:64:04:39:25:ee:dd:15:70:15:01:
                    3b:96:30:22:e6:ba:45:ff:32:c3:36:27:b1:41:5b:
                    09:7a:23:a0:69:ba:62:54:aa:8a:a9:7c:5a:be:10:
                    6c:3b:31:ee:79:9a:55:4d:77:ce:29:26:ae:ff:cb:
                    7e:be:81:ea:c7:7f:84:84:4e:f1:a6:3d:b1:e1:34:
                    7f:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:3F:1B:C2:04:46:4D:A1:CD:68:48:32:BC:C2:3F:5C:0B:CF:09:FE
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/uj8bwgRGTaHNaEgyvMI_XAvPCf4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.34.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:6e:33:83:4c:37:de:d2:20:bb:df:a8:62:f6:3a:fd:45:5f:
         97:97:c0:f7:10:de:76:24:32:c7:2b:05:f7:79:42:38:36:e0:
         00:35:a1:78:eb:97:b2:cf:14:a5:79:6f:69:48:51:5a:ec:e3:
         ea:71:0b:9d:af:de:f1:e3:85:18:53:be:0c:cb:38:c7:62:ce:
         9f:ae:64:b0:ce:60:84:84:5c:6b:bb:5f:8f:e1:21:28:3a:88:
         d5:a3:16:d7:2c:a3:0e:6d:ba:6a:ce:01:ea:59:2e:d8:bd:cf:
         24:b2:e7:43:a1:0a:0c:7a:b7:5f:01:a7:a0:29:6d:4e:64:2b:
         65:b2:ff:13:c1:f0:7e:fe:cc:5e:08:b7:64:ce:17:35:b3:41:
         62:69:fa:84:d9:f9:52:a8:8c:e7:7d:66:4f:0c:5a:fe:50:ee:
         3c:89:be:10:6f:44:60:6e:ac:e3:1e:94:87:7c:0c:33:4c:05:
         d7:63:b8:4b:f3:27:c5:35:55:d6:5d:78:3d:00:05:b4:34:a0:
         f7:f0:34:70:90:43:f4:a5:35:b4:29:3a:e7:b0:7e:19:6e:8d:
         3f:fa:0c:a1:f1:7b:7a:44:56:14:82:f0:e8:0c:67:7f:45:e5:
         57:01:15:22:72:ef:33:0c:96:19:52:a3:4f:15:dc:91:ff:d4:
         ee:ba:45:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNJU4Xv476ogpIimaB/nwILMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQxMTIwMTEyNzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTNmMWJjMjA0NDY0ZGExY2Q2ODQ4MzJiY2MyM2Y1YzBiY2YwOWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyBXnjpDZmhGQ0LjqtKrcsAuvQEtU
BFem3mN3MH97nKNNQ+3fWipiaIzVim7TtyzoqMBKyE46Aulqw3ADbCkgn5dH9QwJ
gxCh2k3CRhOIrQnzRpLyDMzWsp8zv4Ni0kHrCApslyQ+JukFhE6qgze7jvWukxBJ
lR6pECoSDNQZhgq5u9Wn123e9tSbP30CorUwlgNEx5FWV/FFQYBH7bq4oVk8AfEZ
ve93FFZ4WlzWzGAfBTSfmYGIS2QEOSXu3RVwFQE7ljAi5rpF/zLDNiexQVsJeiOg
abpiVKqKqXxavhBsOzHueZpVTXfOKSau/8t+voHqx3+EhE7xpj2x4TR/xwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLo/G8IERk2hzWhIMrzCP1wLzwn+MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvdWo4YndnUkdUYUhOYUVneXZNSV9YQXZQQ2Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwyJDMA0G
CSqGSIb3DQEBCwUAA4IBAQAhbjODTDfe0iC736hi9jr9RV+Xl8D3EN52JDLHKwX3
eUI4NuAANaF465eyzxSleW9pSFFa7OPqcQudr97x44UYU74MyzjHYs6frmSwzmCE
hFxru1+P4SEoOojVoxbXLKMObbpqzgHqWS7Yvc8ksudDoQoMerdfAaegKW1OZCtl
sv8TwfB+/sxeCLdkzhc1s0FiafqE2flSqIznfWZPDFr+UO48ib4Qb0RgbqzjHpSH
fAwzTAXXY7hL8yfFNVXWXXg9AAW0NKD38DRwkEP0pTW0KTrnsH4Zbo0/+gyh8Xt6
RFYUgvDoDGd/ReVXARUicu8zDJYZUqNPFdyR/9TuukXH
-----END CERTIFICATE-----