Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/24d79d-1766-4045-9d24-6a0baeb2336e/1/uaEXGSBAvju3GA_Mo_SkheEJc08.roa
File:                     uaEXGSBAvju3GA_Mo_SkheEJc08.roa (raw, json)
Hash identifier:          xYpNCDEOIEuLsrjqCYpZhP3sZSvuF7QHlTqYOtqYAM8=
Subject key identifier:   B9:A1:17:19:20:40:BE:3B:B7:18:0F:CC:A3:F4:A4:85:E1:09:73:4F
Certificate issuer:       /CN=6f773eb3d30794d22d75cd872b91a3ba848842d7
Certificate serial:       018CC725FDCE39AF6CF523F3B0B2037598C8
Authority key identifier: 6F:77:3E:B3:D3:07:94:D2:2D:75:CD:87:2B:91:A3:BA:84:88:42:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3c-s9MHlNItdc2HK5GjuoSIQtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/24d79d-1766-4045-9d24-6a0baeb2336e/1/uaEXGSBAvju3GA_Mo_SkheEJc08.roa
Signing time:             Mon 01 Jan 2024 22:30:04 +0000
ROA not before:           Mon 01 Jan 2024 22:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210287
IP address blocks:        185.160.48.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/24d79d-1766-4045-9d24-6a0baeb2336e/1/b3c-s9MHlNItdc2HK5GjuoSIQtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/24d79d-1766-4045-9d24-6a0baeb2336e/1/b3c-s9MHlNItdc2HK5GjuoSIQtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3c-s9MHlNItdc2HK5GjuoSIQtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:fd:ce:39:af:6c:f5:23:f3:b0:b2:03:75:98:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f773eb3d30794d22d75cd872b91a3ba848842d7
        Validity
            Not Before: Jan  1 22:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9a117192040be3bb7180fcca3f4a485e109734f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c7:ea:99:8d:a5:bc:9b:27:34:96:fe:45:7f:
                    5b:ef:60:51:35:bd:53:51:77:b9:e4:8d:6b:7e:72:
                    23:66:ae:80:be:75:9e:8f:c7:db:de:4e:57:6d:c2:
                    57:6f:1a:54:31:6c:c6:fb:6c:e5:b7:f5:9a:aa:77:
                    8b:0a:cb:c0:e8:2c:33:be:51:60:36:c2:48:e1:6c:
                    72:5e:1f:f9:bf:06:d9:6b:95:06:1a:27:6c:4f:cb:
                    68:fe:ab:be:bd:66:9f:ab:83:4f:74:c7:b3:55:92:
                    c2:bc:1c:e9:93:38:f5:f5:e7:c3:36:01:46:0c:7a:
                    65:30:75:93:55:df:5a:1f:9b:b7:de:7b:f1:51:a5:
                    ef:a2:49:21:98:3a:38:a2:84:60:42:2d:1d:8f:ac:
                    2c:69:4c:a6:ee:c0:0b:6a:6a:3f:91:a0:58:60:73:
                    3d:67:28:91:f4:8d:4e:57:8a:36:9b:85:1a:b3:34:
                    da:ff:7e:59:7e:99:66:b1:23:49:5b:d3:71:e8:26:
                    0c:ab:bb:8b:3f:9d:ab:80:98:b9:e1:92:52:9e:ab:
                    79:57:63:30:7f:49:e1:51:6d:aa:0d:38:1f:8c:c6:
                    be:b9:dd:7d:1c:bd:ed:ba:3b:b9:6d:ef:31:cd:bd:
                    4f:8c:c8:cc:58:fa:ff:28:05:33:31:af:79:34:d2:
                    ef:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:A1:17:19:20:40:BE:3B:B7:18:0F:CC:A3:F4:A4:85:E1:09:73:4F
            X509v3 Authority Key Identifier:
                keyid:6F:77:3E:B3:D3:07:94:D2:2D:75:CD:87:2B:91:A3:BA:84:88:42:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3c-s9MHlNItdc2HK5GjuoSIQtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/24d79d-1766-4045-9d24-6a0baeb2336e/1/uaEXGSBAvju3GA_Mo_SkheEJc08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/24d79d-1766-4045-9d24-6a0baeb2336e/1/b3c-s9MHlNItdc2HK5GjuoSIQtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.160.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         27:1f:4b:c5:b3:6e:ea:f2:7d:4b:b3:ac:b8:5e:3d:c6:4d:1b:
         73:0c:56:f5:8c:58:73:f6:3d:5b:1a:37:32:04:9a:e0:7f:e2:
         b2:c9:36:04:d2:7a:30:b1:df:a1:eb:22:21:c7:21:84:da:d3:
         e0:a7:70:c0:60:60:8a:49:42:37:66:05:29:68:3b:c3:72:89:
         8e:0c:26:94:8f:8b:3a:3a:6a:16:7e:60:d8:94:5c:45:c8:4b:
         59:6c:a6:94:dc:1a:3d:1f:56:72:f2:15:d1:00:75:d8:25:d7:
         d6:cd:1e:58:45:13:1b:35:0b:18:97:12:26:e3:85:ed:3a:00:
         d6:c7:85:1a:2a:a2:a7:7f:26:b4:fc:b2:8f:7d:b3:2a:4e:0d:
         ae:a9:d8:8a:68:1e:b8:dd:cb:c7:30:b0:6f:da:ce:db:25:2d:
         b9:81:4a:1d:f3:06:c8:c5:78:01:25:8c:24:75:76:c9:0f:2a:
         51:a1:42:a2:e0:20:00:0b:3c:ca:a0:9f:ac:30:f9:93:c7:de:
         ca:b6:7d:6c:a1:41:b9:3a:55:f3:c0:52:db:fe:0a:53:42:66:
         d0:a4:35:4f:37:3e:9e:23:f0:df:e7:49:84:83:fb:06:e6:1e:
         df:e6:2c:71:5e:f9:c5:e4:6e:2b:10:c8:96:06:33:51:e5:49:
         ca:ce:51:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJf3OOa9s9SPzsLIDdZjIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzczZWIzZDMwNzk0ZDIyZDc1Y2Q4NzJiOTFhM2JhODQ4
ODQyZDcwHhcNMjQwMTAxMjIzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWExMTcxOTIwNDBiZTNiYjcxODBmY2NhM2Y0YTQ4NWUxMDk3MzRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcfqmY2lvJsnNJb+RX9b72BRNb1T
UXe55I1rfnIjZq6AvnWej8fb3k5XbcJXbxpUMWzG+2zlt/WaqneLCsvA6CwzvlFg
NsJI4WxyXh/5vwbZa5UGGidsT8to/qu+vWafq4NPdMezVZLCvBzpkzj19efDNgFG
DHplMHWTVd9aH5u33nvxUaXvokkhmDo4ooRgQi0dj6wsaUym7sALamo/kaBYYHM9
ZyiR9I1OV4o2m4UaszTa/35ZfplmsSNJW9Nx6CYMq7uLP52rgJi54ZJSnqt5V2Mw
f0nhUW2qDTgfjMa+ud19HL3tuju5be8xzb1PjMjMWPr/KAUzMa95NNLv0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLmhFxkgQL47txgPzKP0pIXhCXNPMB8GA1UdIwQY
MBaAFG93PrPTB5TSLXXNhyuRo7qEiELXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNjLXM5TUhsTkl0ZGMySEs1R2p1b1NJUXRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8yNGQ3OWQtMTc2Ni00MDQ1LTlkMjQt
NmEwYmFlYjIzMzZlLzEvdWFFWEdTQkF2anUzR0FfTW9fU2toZUVKYzA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8yNGQ3OWQtMTc2Ni00MDQ1LTlkMjQtNmEwYmFlYjIzMzZl
LzEvYjNjLXM5TUhsTkl0ZGMySEs1R2p1b1NJUXRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaAwMA0G
CSqGSIb3DQEBCwUAA4IBAQAnH0vFs27q8n1Ls6y4Xj3GTRtzDFb1jFhz9j1bGjcy
BJrgf+KyyTYE0nowsd+h6yIhxyGE2tPgp3DAYGCKSUI3ZgUpaDvDcomODCaUj4s6
OmoWfmDYlFxFyEtZbKaU3Bo9H1Zy8hXRAHXYJdfWzR5YRRMbNQsYlxIm44XtOgDW
x4UaKqKnfya0/LKPfbMqTg2uqdiKaB643cvHMLBv2s7bJS25gUod8wbIxXgBJYwk
dXbJDypRoUKi4CAACzzKoJ+sMPmTx97Ktn1soUG5OlXzwFLb/gpTQmbQpDVPNz6e
I/Df50mEg/sG5h7f5ixxXvnF5G4rEMiWBjNR5UnKzlGN
-----END CERTIFICATE-----