Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/a9bd93-92bd-4bf9-b655-adcefdaa1028/1/UyywyPkaNA9IpHwp-y1p5SZFhf0.roa
File:                     UyywyPkaNA9IpHwp-y1p5SZFhf0.roa (raw, json)
Hash identifier:          T0isqaDgigjeK08c0LqyjoF9nNlC/TKbY6Zrka7cAPU=
Subject key identifier:   53:2C:B0:C8:F9:1A:34:0F:48:A4:7C:29:FB:2D:69:E5:26:45:85:FD
Certificate issuer:       /CN=9be343c2fb3d6b8d23789ab4da6fcd465a690583
Certificate serial:       018CC26D36A743376CBB3A5EE7DA110467FE
Authority key identifier: 9B:E3:43:C2:FB:3D:6B:8D:23:78:9A:B4:DA:6F:CD:46:5A:69:05:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m-NDwvs9a40jeJq02m_NRlppBYM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/a9bd93-92bd-4bf9-b655-adcefdaa1028/1/UyywyPkaNA9IpHwp-y1p5SZFhf0.roa
Signing time:             Mon 01 Jan 2024 00:29:46 +0000
ROA not before:           Mon 01 Jan 2024 00:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205600
IP address blocks:        185.236.47.0/24 maxlen: 24
                          2a10:88c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/a9bd93-92bd-4bf9-b655-adcefdaa1028/1/m-NDwvs9a40jeJq02m_NRlppBYM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/a9bd93-92bd-4bf9-b655-adcefdaa1028/1/m-NDwvs9a40jeJq02m_NRlppBYM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m-NDwvs9a40jeJq02m_NRlppBYM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:02:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:36:a7:43:37:6c:bb:3a:5e:e7:da:11:04:67:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9be343c2fb3d6b8d23789ab4da6fcd465a690583
        Validity
            Not Before: Jan  1 00:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=532cb0c8f91a340f48a47c29fb2d69e5264585fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:6f:5a:4b:e6:21:b0:d0:c0:e1:bc:84:c0:4b:
                    87:27:d7:e3:4e:3e:79:85:d2:da:da:e2:63:98:a7:
                    59:36:24:5d:df:69:ed:53:63:a2:13:8f:55:c8:fd:
                    63:53:97:4b:d1:bc:f8:b2:c1:a5:82:e5:ae:23:b5:
                    dd:c7:88:16:67:c1:4f:37:f4:48:74:6e:81:cf:6b:
                    72:a6:13:de:71:e6:49:59:22:a7:ee:e2:3a:9f:4e:
                    54:32:2f:30:7f:3c:3b:36:7d:bd:fb:49:ca:33:10:
                    db:96:1a:cf:d1:f1:f2:35:ed:4a:9d:10:c6:89:d4:
                    39:88:e5:f0:cb:75:eb:da:53:b9:33:86:f0:54:47:
                    a8:4e:d1:2b:f5:68:70:84:e0:f1:23:ac:97:fa:e2:
                    a0:4c:4a:fc:b7:72:39:90:de:c6:fc:06:bf:54:65:
                    86:d1:fc:90:57:0c:a6:09:c2:dc:83:37:1a:22:a2:
                    6f:26:cb:49:a4:b6:ac:9f:5d:57:6f:da:c1:97:47:
                    b1:e0:37:a0:da:94:bc:c5:98:1a:e2:de:b2:87:f1:
                    82:c0:42:fb:cc:3f:26:25:11:55:15:f6:1f:3f:84:
                    9d:d0:46:d8:d6:fc:27:97:f1:ee:b5:20:63:6f:a6:
                    ca:02:db:30:35:d9:ef:5f:ab:61:77:32:02:42:48:
                    b1:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:2C:B0:C8:F9:1A:34:0F:48:A4:7C:29:FB:2D:69:E5:26:45:85:FD
            X509v3 Authority Key Identifier:
                keyid:9B:E3:43:C2:FB:3D:6B:8D:23:78:9A:B4:DA:6F:CD:46:5A:69:05:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m-NDwvs9a40jeJq02m_NRlppBYM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a9bd93-92bd-4bf9-b655-adcefdaa1028/1/UyywyPkaNA9IpHwp-y1p5SZFhf0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a9bd93-92bd-4bf9-b655-adcefdaa1028/1/m-NDwvs9a40jeJq02m_NRlppBYM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.236.47.0/24
                IPv6:
                  2a10:88c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         1a:82:4a:0a:7c:0d:7d:f6:37:6c:6d:f6:28:3b:1b:65:2a:c0:
         89:f1:6a:74:0c:9a:e0:a4:35:01:94:e2:95:41:f8:27:98:d9:
         87:99:7c:f2:e8:cc:1d:71:83:47:24:81:89:10:b6:21:82:a2:
         52:52:b3:fa:79:ba:73:df:74:2b:66:35:67:d0:fa:2f:9b:a4:
         b7:86:52:ca:44:90:d3:58:d7:95:16:b4:2d:40:9c:f8:64:26:
         e5:d8:fc:63:87:92:b8:94:f9:fc:57:7b:c1:33:7d:a1:58:68:
         d9:1b:61:0d:74:34:cf:23:11:ad:14:72:40:95:64:84:05:58:
         81:97:da:65:ea:9f:31:2a:26:a3:9e:f4:b3:d8:81:6e:b0:29:
         52:42:26:92:74:d1:0a:20:09:b3:e2:df:b0:89:55:e3:09:2d:
         54:54:df:b2:04:49:5d:aa:8a:22:9e:4e:08:38:81:5e:20:8e:
         66:71:fe:98:58:dd:65:77:dd:d2:09:0b:85:ff:7f:8c:b6:05:
         08:5f:9f:ab:92:a4:03:ec:f8:da:67:0c:ee:88:4c:7c:ee:10:
         69:4f:87:05:80:01:f5:42:1c:5a:b8:c6:90:df:31:50:52:dc:
         a3:86:a7:21:d4:b7:45:d7:38:44:af:22:88:9f:69:12:da:f9:
         4b:10:1c:c0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzCbTanQzdsuzpe59oRBGf+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliZTM0M2MyZmIzZDZiOGQyMzc4OWFiNGRhNmZjZDQ2NWE2
OTA1ODMwHhcNMjQwMTAxMDAyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzJjYjBjOGY5MWEzNDBmNDhhNDdjMjlmYjJkNjllNTI2NDU4NWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwW9aS+YhsNDA4byEwEuHJ9fjTj55
hdLa2uJjmKdZNiRd32ntU2OiE49VyP1jU5dL0bz4ssGlguWuI7Xdx4gWZ8FPN/RI
dG6Bz2typhPeceZJWSKn7uI6n05UMi8wfzw7Nn29+0nKMxDblhrP0fHyNe1KnRDG
idQ5iOXwy3Xr2lO5M4bwVEeoTtEr9WhwhODxI6yX+uKgTEr8t3I5kN7G/Aa/VGWG
0fyQVwymCcLcgzcaIqJvJstJpLasn11Xb9rBl0ex4Deg2pS8xZga4t6yh/GCwEL7
zD8mJRFVFfYfP4Sd0EbY1vwnl/HutSBjb6bKAtswNdnvX6thdzICQkixsQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFMssMj5GjQPSKR8KfstaeUmRYX9MB8GA1UdIwQY
MBaAFJvjQ8L7PWuNI3iatNpvzUZaaQWDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbS1ORHd2czlhNDBqZUpxMDJtX05SbHBwQllNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9hOWJkOTMtOTJiZC00YmY5LWI2NTUt
YWRjZWZkYWExMDI4LzEvVXl5d3lQa2FOQTlJcEh3cC15MXA1U1pGaGYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9hOWJkOTMtOTJiZC00YmY5LWI2NTUtYWRjZWZkYWExMDI4
LzEvbS1ORHd2czlhNDBqZUpxMDJtX05SbHBwQllNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuewvMA0E
AgACMAcDBQMqEIjAMA0GCSqGSIb3DQEBCwUAA4IBAQAagkoKfA199jdsbfYoOxtl
KsCJ8Wp0DJrgpDUBlOKVQfgnmNmHmXzy6MwdcYNHJIGJELYhgqJSUrP6ebpz33Qr
ZjVn0Povm6S3hlLKRJDTWNeVFrQtQJz4ZCbl2Pxjh5K4lPn8V3vBM32hWGjZG2EN
dDTPIxGtFHJAlWSEBViBl9pl6p8xKiajnvSz2IFusClSQiaSdNEKIAmz4t+wiVXj
CS1UVN+yBEldqooink4IOIFeII5mcf6YWN1ld93SCQuF/3+MtgUIX5+rkqQD7Pja
ZwzuiEx87hBpT4cFgAH1QhxauMaQ3zFQUtyjhqch1LdF1zhEryKIn2kS2vlLEBzA
-----END CERTIFICATE-----