Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/ba7214-5568-4a42-a999-7a5a8d0967c8/1/Uw0T9HAMb4KJumS2TUTy9DiW80g.roa
File:                     Uw0T9HAMb4KJumS2TUTy9DiW80g.roa (raw, json)
Hash identifier:          0b8UCTu2pMPMMq69i9oYTXSb0GtvAZ1rNv9l/nhef34=
Subject key identifier:   53:0D:13:F4:70:0C:6F:82:89:BA:64:B6:4D:44:F2:F4:38:96:F3:48
Certificate issuer:       /CN=c98a186e8eeb8714edca5b0d716e51d66c168ce1
Certificate serial:       018CC56EE7CF231C0081A2CE52825E66DF23
Authority key identifier: C9:8A:18:6E:8E:EB:87:14:ED:CA:5B:0D:71:6E:51:D6:6C:16:8C:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yYoYbo7rhxTtylsNcW5R1mwWjOE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/ba7214-5568-4a42-a999-7a5a8d0967c8/1/Uw0T9HAMb4KJumS2TUTy9DiW80g.roa
Signing time:             Mon 01 Jan 2024 14:30:29 +0000
ROA not before:           Mon 01 Jan 2024 14:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2830
IP address blocks:        185.106.226.0/24 maxlen: 24
                          194.126.130.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/ba7214-5568-4a42-a999-7a5a8d0967c8/1/yYoYbo7rhxTtylsNcW5R1mwWjOE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/ba7214-5568-4a42-a999-7a5a8d0967c8/1/yYoYbo7rhxTtylsNcW5R1mwWjOE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yYoYbo7rhxTtylsNcW5R1mwWjOE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 20:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:e7:cf:23:1c:00:81:a2:ce:52:82:5e:66:df:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c98a186e8eeb8714edca5b0d716e51d66c168ce1
        Validity
            Not Before: Jan  1 14:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=530d13f4700c6f8289ba64b64d44f2f43896f348
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:32:22:a6:a7:0a:5e:8b:e7:90:5b:ec:fd:90:
                    4a:2a:75:48:69:d7:30:e1:c0:ae:e9:b4:98:57:60:
                    ff:37:57:3b:33:b0:f2:74:44:50:40:ae:03:fe:42:
                    e5:50:c3:d2:f7:5a:69:04:cb:cf:1e:bc:0c:98:a3:
                    71:32:8d:4c:79:02:59:ad:e1:f0:80:00:64:f3:46:
                    00:52:81:c6:98:9d:f5:7c:d2:6a:76:1f:bd:75:65:
                    83:21:6a:67:42:1a:69:c9:05:91:b7:6e:51:40:b5:
                    b7:cc:e3:72:4d:f4:89:60:4a:21:49:f0:54:9c:30:
                    84:7e:09:37:9c:c0:2a:b3:81:ff:b4:a6:87:e8:82:
                    63:b3:95:75:eb:7e:5f:a0:03:c0:2d:81:d3:fd:b5:
                    b4:bc:be:15:1a:7c:c3:82:30:df:c3:10:16:a4:c1:
                    e2:68:45:d4:01:b2:ce:e5:3f:6e:fa:28:fa:c3:bb:
                    15:c9:88:58:5c:8f:c0:27:cc:7b:d3:50:60:94:3f:
                    f4:1c:07:62:f4:77:81:5a:9b:97:78:33:23:fa:ae:
                    09:9d:fb:85:90:23:3d:5c:9e:78:0a:2d:e5:ad:c4:
                    d0:bc:26:ea:81:58:de:2a:c1:3a:4c:08:9d:4f:5e:
                    c5:63:3d:17:c3:36:de:9b:73:44:0e:e4:c9:ee:c8:
                    ef:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:0D:13:F4:70:0C:6F:82:89:BA:64:B6:4D:44:F2:F4:38:96:F3:48
            X509v3 Authority Key Identifier:
                keyid:C9:8A:18:6E:8E:EB:87:14:ED:CA:5B:0D:71:6E:51:D6:6C:16:8C:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yYoYbo7rhxTtylsNcW5R1mwWjOE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/ba7214-5568-4a42-a999-7a5a8d0967c8/1/Uw0T9HAMb4KJumS2TUTy9DiW80g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/ba7214-5568-4a42-a999-7a5a8d0967c8/1/yYoYbo7rhxTtylsNcW5R1mwWjOE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.106.226.0/24
                  194.126.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:f2:58:42:32:6b:93:11:86:7f:ae:c1:21:94:90:50:20:22:
         33:3e:ee:17:d7:62:a8:f5:d5:44:93:da:df:31:4c:40:bc:5e:
         9f:9e:79:d1:1d:9e:e7:ea:52:0e:a1:af:a6:1f:d0:d8:01:2f:
         28:b0:aa:b1:b6:7a:74:23:2e:b9:9f:d6:70:56:a8:d6:4f:8b:
         b1:ad:61:09:2a:02:9c:76:e5:62:74:4d:4c:58:31:8b:9f:d2:
         9c:2a:77:8d:18:b4:a2:ef:0c:ec:fc:46:95:d7:77:0a:71:71:
         f8:c7:4f:92:0f:08:09:85:64:19:20:ba:cb:56:71:78:e6:5f:
         0c:a7:a9:ac:4d:ee:b2:8e:75:f9:1e:ed:8e:b1:5f:e9:7e:14:
         e9:0b:8a:c4:4f:7a:f8:cf:c2:ef:96:d9:8c:56:e6:01:3a:b2:
         b5:56:bd:b5:03:11:6b:db:f7:56:e1:55:e0:78:bc:f4:cb:6c:
         13:21:88:3f:c3:82:a2:00:93:8f:37:3c:4b:de:42:63:1f:df:
         33:37:5d:57:dc:7f:7b:1a:e4:38:7b:76:de:66:fe:7e:f9:cc:
         29:8d:d7:12:77:f1:fe:b1:2c:88:99:db:15:4c:cf:09:11:8d:
         cf:fc:fe:5f:a1:57:dd:a0:7e:44:a8:d6:18:1c:cd:51:c5:6f:
         0b:52:a0:dd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbufPIxwAgaLOUoJeZt8jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5OGExODZlOGVlYjg3MTRlZGNhNWIwZDcxNmU1MWQ2NmMx
NjhjZTEwHhcNMjQwMTAxMTQzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzBkMTNmNDcwMGM2ZjgyODliYTY0YjY0ZDQ0ZjJmNDM4OTZmMzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvzIipqcKXovnkFvs/ZBKKnVIadcw
4cCu6bSYV2D/N1c7M7DydERQQK4D/kLlUMPS91ppBMvPHrwMmKNxMo1MeQJZreHw
gABk80YAUoHGmJ31fNJqdh+9dWWDIWpnQhppyQWRt25RQLW3zONyTfSJYEohSfBU
nDCEfgk3nMAqs4H/tKaH6IJjs5V1635foAPALYHT/bW0vL4VGnzDgjDfwxAWpMHi
aEXUAbLO5T9u+ij6w7sVyYhYXI/AJ8x701BglD/0HAdi9HeBWpuXeDMj+q4JnfuF
kCM9XJ54Ci3lrcTQvCbqgVjeKsE6TAidT17FYz0Xwzbem3NEDuTJ7sjvTQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFMNE/RwDG+Cibpktk1E8vQ4lvNIMB8GA1UdIwQY
MBaAFMmKGG6O64cU7cpbDXFuUdZsFozhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVlvWWJvN3JoeFR0eWxzTmNXNVIxbXdXak9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9iYTcyMTQtNTU2OC00YTQyLWE5OTkt
N2E1YThkMDk2N2M4LzEvVXcwVDlIQU1iNEtKdW1TMlRVVHk5RGlXODBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9iYTcyMTQtNTU2OC00YTQyLWE5OTktN2E1YThkMDk2N2M4
LzEveVlvWWJvN3JoeFR0eWxzTmNXNVIxbXdXak9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuWriAwQA
wn6CMA0GCSqGSIb3DQEBCwUAA4IBAQBD8lhCMmuTEYZ/rsEhlJBQICIzPu4X12Ko
9dVEk9rfMUxAvF6fnnnRHZ7n6lIOoa+mH9DYAS8osKqxtnp0Iy65n9ZwVqjWT4ux
rWEJKgKcduVidE1MWDGLn9KcKneNGLSi7wzs/EaV13cKcXH4x0+SDwgJhWQZILrL
VnF45l8Mp6msTe6yjnX5Hu2OsV/pfhTpC4rET3r4z8LvltmMVuYBOrK1Vr21AxFr
2/dW4VXgeLz0y2wTIYg/w4KiAJOPNzxL3kJjH98zN11X3H97GuQ4e3beZv5++cwp
jdcSd/H+sSyImdsVTM8JEY3P/P5foVfdoH5EqNYYHM1RxW8LUqDd
-----END CERTIFICATE-----