Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/uqx2MUlWFqdSQW1V38k1yrkjSRY.roa
File:                     uqx2MUlWFqdSQW1V38k1yrkjSRY.roa (raw, json)
Hash identifier:          3cdsX6aLS8xWFZIVHq+xA4jFW7VbGSZxQWByTuibcMs=
Subject key identifier:   BA:AC:76:31:49:56:16:A7:52:41:6D:55:DF:C9:35:CA:B9:23:49:16
Certificate issuer:       /CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
Certificate serial:       018FCEB56E320EDDE0DB236C427D2CF112B3
Authority key identifier: FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/uqx2MUlWFqdSQW1V38k1yrkjSRY.roa
Signing time:             Fri 31 May 2024 12:52:27 +0000
ROA not before:           Fri 31 May 2024 12:52:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214793
IP address blocks:        91.214.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ce:b5:6e:32:0e:dd:e0:db:23:6c:42:7d:2c:f1:12:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
        Validity
            Not Before: May 31 12:52:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=baac7631495616a752416d55dfc935cab9234916
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:41:95:28:ac:00:ec:d9:87:4d:8e:91:7c:55:
                    c5:c6:2b:e8:63:df:11:57:6b:12:b5:73:30:d7:2a:
                    3b:24:e9:8a:14:82:c7:f4:49:27:7e:c4:4c:88:0d:
                    b9:4b:65:84:9d:c8:96:9e:aa:f6:d3:b6:c0:51:d1:
                    11:9b:83:1d:78:28:fc:39:22:a4:7c:1f:8e:e2:f0:
                    77:d6:9a:48:cf:e1:62:dd:6c:af:91:47:e4:dc:30:
                    8a:7f:46:af:e8:2e:c4:e2:12:08:cf:00:6d:67:98:
                    20:2c:c5:e2:c1:9c:ac:16:44:27:13:f6:fa:b0:a1:
                    a5:5b:1a:c9:c8:42:9d:a0:c8:23:dc:9f:ba:e5:0f:
                    69:e8:50:12:6c:0c:94:87:df:42:04:0f:cc:f5:a8:
                    f1:6f:fd:2d:09:da:9d:bb:db:74:03:df:37:5a:ed:
                    54:c0:c1:04:af:b1:64:6b:06:e6:ed:31:31:de:cc:
                    c4:c6:cd:93:8d:7e:80:71:31:7f:3b:4c:8d:35:e5:
                    97:65:f1:b0:8d:f3:e0:0b:d9:53:2a:df:d6:34:35:
                    43:e4:bf:41:f8:49:47:4a:11:62:98:45:88:b3:d2:
                    69:d9:a7:91:66:3d:46:76:cf:85:17:9b:24:df:48:
                    16:00:ea:2f:0f:45:cd:f9:d3:13:49:53:53:1e:f1:
                    39:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:AC:76:31:49:56:16:A7:52:41:6D:55:DF:C9:35:CA:B9:23:49:16
            X509v3 Authority Key Identifier:
                keyid:FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/uqx2MUlWFqdSQW1V38k1yrkjSRY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.214.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:bb:2d:79:70:a4:38:c0:6f:be:c5:8f:74:bf:94:56:c0:51:
         43:03:8f:e4:08:bf:45:38:e5:2b:6b:60:97:eb:53:97:74:dc:
         f0:5e:ce:ca:c0:fb:f1:4b:4e:8b:4b:8a:97:14:7c:23:d5:a6:
         e4:e4:d5:2f:d4:97:c9:31:78:ab:5c:d3:c3:9c:86:d8:e4:6c:
         00:67:ba:8f:d2:39:3b:7a:25:55:b4:21:e0:a0:59:b1:bb:1f:
         02:41:07:0e:5d:7c:92:f6:1e:55:e0:b6:31:ea:c3:a9:a7:bc:
         a8:1d:f6:ad:97:f1:7e:f9:92:3f:3d:35:40:da:b9:68:b9:77:
         5f:24:f2:84:33:49:ab:6c:63:2a:e4:a1:14:b9:23:66:db:66:
         a2:b7:dc:08:06:cc:59:89:17:32:b3:76:3f:f2:ce:4e:6e:60:
         fc:be:5a:01:c6:f2:3f:31:8e:fa:1b:c3:65:2d:56:b0:33:16:
         ed:c7:b2:86:dd:12:b3:97:4e:ab:e6:b4:40:e5:c0:97:ab:88:
         db:bf:0b:87:bb:b9:87:2e:06:46:f9:73:d4:2d:b0:48:d5:20:
         2c:36:a8:f8:36:de:71:ad:a4:e8:8d:16:59:95:f2:21:cd:5d:
         c8:b0:f9:9e:13:c3:65:41:0d:88:a7:a6:2e:4b:e9:0c:a7:45:
         07:36:ad:9c
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY/OtW4yDt3g2yNsQn0s8RKzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiMzJlOWY0YWEzMmFiYTczMTJmYWIwNTRiMTc0ZGNlOGM1
MTVjYTMwHhcNMjQwNTMxMTI1MjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWFjNzYzMTQ5NTYxNmE3NTI0MTZkNTVkZmM5MzVjYWI5MjM0OTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0GVKKwA7NmHTY6RfFXFxivoY98R
V2sStXMw1yo7JOmKFILH9EknfsRMiA25S2WEnciWnqr207bAUdERm4MdeCj8OSKk
fB+O4vB31ppIz+Fi3WyvkUfk3DCKf0av6C7E4hIIzwBtZ5ggLMXiwZysFkQnE/b6
sKGlWxrJyEKdoMgj3J+65Q9p6FASbAyUh99CBA/M9ajxb/0tCdqdu9t0A983Wu1U
wMEEr7Fkawbm7TEx3szExs2TjX6AcTF/O0yNNeWXZfGwjfPgC9lTKt/WNDVD5L9B
+ElHShFimEWIs9Jp2aeRZj1Gds+FF5sk30gWAOovD0XN+dMTSVNTHvE5vwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLqsdjFJVhanUkFtVd/JNcq5I0kWMB8GA1UdIwQY
MBaAFPsy6fSqMqunMS+rBUsXTc6MUVyjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS16THA5S295cTZjeEw2c0ZTeGROem94UlhLTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTIvMjc4NjYzLWIxMzUtNGRiMS1hMDQ0
LTIwNjI0YjNjMTU3Zi8xL3VxeDJNVWxXRnFkU1FXMVYzOGsxeXJralNSWS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTIvMjc4NjYzLWIxMzUtNGRiMS1hMDQ0LTIwNjI0YjNjMTU3
Zi8xLzEtekxwOUtveXE2Y3hMNnNGU3hkTnpveFJYS00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABb1k8w
DQYJKoZIhvcNAQELBQADggEBAAy7LXlwpDjAb77Fj3S/lFbAUUMDj+QIv0U45Str
YJfrU5d03PBezsrA+/FLTotLipcUfCPVpuTk1S/Ul8kxeKtc08OchtjkbABnuo/S
OTt6JVW0IeCgWbG7HwJBBw5dfJL2HlXgtjHqw6mnvKgd9q2X8X75kj89NUDauWi5
d18k8oQzSatsYyrkoRS5I2bbZqK33AgGzFmJFzKzdj/yzk5uYPy+WgHG8j8xjvob
w2UtVrAzFu3HsobdErOXTqvmtEDlwJeriNu/C4e7uYcuBkb5c9QtsEjVICw2qPg2
3nGtpOiNFlmV8iHNXciw+Z4Tw2VBDYinpi5L6QynRQc2rZw=
-----END CERTIFICATE-----