Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/uIurjUgBxRijsZge-_WCNFbE8yo.roa
File:                     uIurjUgBxRijsZge-_WCNFbE8yo.roa (raw, json)
Hash identifier:          gDxEyYNu+jNIztEKwbSSR3t7DSic+w+j8CocRM+0phY=
Subject key identifier:   B8:8B:AB:8D:48:01:C5:18:A3:B1:98:1E:FB:F5:82:34:56:C4:F3:2A
Certificate issuer:       /CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Certificate serial:       018CC348C5F5B410AE4F3C8DB2F9DE01FBCB
Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/uIurjUgBxRijsZge-_WCNFbE8yo.roa
Signing time:             Mon 01 Jan 2024 04:29:35 +0000
ROA not before:           Mon 01 Jan 2024 04:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58121
IP address blocks:        95.215.160.0/23 maxlen: 23
                          85.9.94.0/24 maxlen: 24
                          185.155.14.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c5:f5:b4:10:ae:4f:3c:8d:b2:f9:de:01:fb:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba
        Validity
            Not Before: Jan  1 04:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b88bab8d4801c518a3b1981efbf5823456c4f32a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:63:16:d1:59:f2:b6:82:98:61:30:3f:28:d6:
                    15:de:84:3f:58:3c:48:8f:2b:fd:8b:74:de:e5:d3:
                    74:44:bb:ea:3a:e6:91:b9:13:b5:d6:b8:97:ea:76:
                    96:76:65:8b:6b:b8:6f:eb:29:85:de:bb:ae:00:72:
                    c6:61:ef:aa:86:07:dd:99:13:14:7c:82:4d:05:11:
                    79:76:c4:41:6a:6f:d4:80:36:8c:0e:4b:23:56:ab:
                    f6:e4:20:a4:8a:a5:6f:1b:f7:f4:8d:66:54:80:a5:
                    f7:cf:2f:8f:1c:c7:44:3d:b3:8c:21:95:8b:ea:3d:
                    84:a3:4e:68:de:49:b5:22:a2:1d:d1:3a:5d:a1:92:
                    61:ba:c3:ae:39:4f:3f:60:ee:2a:9d:ca:75:4d:58:
                    02:48:28:a2:8b:6c:e4:f4:17:8a:fe:4c:35:e5:c3:
                    f5:31:ac:bd:5c:23:8e:b0:cd:ea:de:37:09:bc:84:
                    32:60:38:9a:3e:41:94:3d:7c:f1:d6:2c:43:b5:4d:
                    a3:2b:95:93:79:c2:58:5a:fa:bd:fd:91:67:8d:ca:
                    c4:4c:40:49:27:e3:22:c9:f1:17:5a:51:c7:b3:24:
                    59:cf:0b:4e:fc:f2:d4:a1:75:c6:14:17:ad:7c:e9:
                    e8:15:21:87:74:92:fc:66:87:a9:a5:72:3c:aa:f3:
                    a1:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:8B:AB:8D:48:01:C5:18:A3:B1:98:1E:FB:F5:82:34:56:C4:F3:2A
            X509v3 Authority Key Identifier:
                keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/uIurjUgBxRijsZge-_WCNFbE8yo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.9.94.0/24
                  95.215.160.0/23
                  185.155.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         23:29:6a:1b:43:3b:16:a5:42:57:7a:5f:25:f7:a5:b2:e2:f5:
         50:63:f5:07:e8:97:2b:73:77:6d:48:f1:c5:aa:bd:d8:34:ad:
         72:23:c4:64:90:58:e8:43:51:1a:b3:89:86:33:5c:c7:f2:07:
         a6:ef:6a:7c:fb:f1:a1:e3:e8:b4:87:3f:d3:c3:66:6f:72:d3:
         2b:15:bc:6f:d5:48:6d:19:d8:25:90:a4:2c:29:af:1b:51:32:
         dd:2c:b3:d2:38:96:8b:f0:01:32:a1:3c:98:5a:9b:3b:e2:bf:
         8a:59:1f:8e:f7:45:84:1c:4c:29:8d:02:e2:55:b6:a2:b0:14:
         34:15:7a:82:32:e1:48:b6:53:1c:3a:e2:49:ee:a3:83:22:95:
         45:e7:03:9e:0f:82:2e:e1:3f:9e:d6:58:42:f8:ef:91:f7:4c:
         3c:f0:a5:8c:f3:4d:7b:e1:0a:f2:b8:28:bd:64:2f:5d:49:5c:
         80:7c:9b:47:5e:f9:e7:ab:f7:ce:e1:81:f3:5f:ea:d0:e1:a9:
         99:9c:e5:22:63:56:f1:57:5b:b1:fe:e2:d5:f7:f9:b9:06:25:
         6a:75:df:8d:d6:9d:f0:69:38:1c:df:9a:23:46:73:5f:df:75:
         ce:c3:df:14:81:cf:74:b5:17:73:f4:a9:48:aa:d3:06:dc:34:
         bd:2a:83:57
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzDSMX1tBCuTzyNsvneAfvLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMWU2OTM2OGFiZDM0NTM4ZmU3N2RkYWFiY2RjODM1YWY1
OTVlYmEwHhcNMjQwMTAxMDQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODhiYWI4ZDQ4MDFjNTE4YTNiMTk4MWVmYmY1ODIzNDU2YzRmMzJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiGMW0VnytoKYYTA/KNYV3oQ/WDxI
jyv9i3Te5dN0RLvqOuaRuRO11riX6naWdmWLa7hv6ymF3ruuAHLGYe+qhgfdmRMU
fIJNBRF5dsRBam/UgDaMDksjVqv25CCkiqVvG/f0jWZUgKX3zy+PHMdEPbOMIZWL
6j2Eo05o3km1IqId0TpdoZJhusOuOU8/YO4qncp1TVgCSCiii2zk9BeK/kw15cP1
May9XCOOsM3q3jcJvIQyYDiaPkGUPXzx1ixDtU2jK5WTecJYWvq9/ZFnjcrETEBJ
J+MiyfEXWlHHsyRZzwtO/PLUoXXGFBetfOnoFSGHdJL8ZoeppXI8qvOhMQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLiLq41IAcUYo7GYHvv1gjRWxPMqMB8GA1UdIwQY
MBaAFJoeaTaKvTRTj+d92qvNyDWvWV66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjIt
MTA5ODJlMDQwZDUzLzEvdUl1cmpVZ0J4Umlqc1pnZS1fV0NORmJFOHlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjItMTA5ODJlMDQwZDUz
LzEvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVQleAwQB
X9egAwQBuZsOMA0GCSqGSIb3DQEBCwUAA4IBAQAjKWobQzsWpUJXel8l96Wy4vVQ
Y/UH6Jcrc3dtSPHFqr3YNK1yI8RkkFjoQ1Eas4mGM1zH8gem72p8+/Gh4+i0hz/T
w2ZvctMrFbxv1UhtGdglkKQsKa8bUTLdLLPSOJaL8AEyoTyYWps74r+KWR+O90WE
HEwpjQLiVbaisBQ0FXqCMuFItlMcOuJJ7qODIpVF5wOeD4Iu4T+e1lhC+O+R90w8
8KWM80174QryuCi9ZC9dSVyAfJtHXvnnq/fO4YHzX+rQ4amZnOUiY1bxV1ux/uLV
9/m5BiVqdd+N1p3waTgc35ojRnNf33XOw98Ugc90tRdz9KlIqtMG3DS9KoNX
-----END CERTIFICATE-----