Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/e01285-660d-4cd2-ad1f-625245a00abf/1/UVwqCdRAr43btl6FtpA_qnTSo7U.roa
File:                     UVwqCdRAr43btl6FtpA_qnTSo7U.roa (raw, json)
Hash identifier:          YaeYfwMGrJoUVhcwnXkwipP1PWybW9NkF86Z8RNT5d8=
Subject key identifier:   51:5C:2A:09:D4:40:AF:8D:DB:B6:5E:85:B6:90:3F:AA:74:D2:A3:B5
Certificate issuer:       /CN=c61953c08980adc94f2fa3a3c1ba95c40d21e7d3
Certificate serial:       0191E13C94A24B213E9A596ECD69C8FB166A
Authority key identifier: C6:19:53:C0:89:80:AD:C9:4F:2F:A3:A3:C1:BA:95:C4:0D:21:E7:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhlTwImArclPL6OjwbqVxA0h59M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/e01285-660d-4cd2-ad1f-625245a00abf/1/UVwqCdRAr43btl6FtpA_qnTSo7U.roa
Signing time:             Wed 11 Sep 2024 13:18:49 +0000
ROA not before:           Wed 11 Sep 2024 13:18:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214776
IP address blocks:        212.110.141.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/e01285-660d-4cd2-ad1f-625245a00abf/1/xhlTwImArclPL6OjwbqVxA0h59M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/e01285-660d-4cd2-ad1f-625245a00abf/1/xhlTwImArclPL6OjwbqVxA0h59M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhlTwImArclPL6OjwbqVxA0h59M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e1:3c:94:a2:4b:21:3e:9a:59:6e:cd:69:c8:fb:16:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c61953c08980adc94f2fa3a3c1ba95c40d21e7d3
        Validity
            Not Before: Sep 11 13:18:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=515c2a09d440af8ddbb65e85b6903faa74d2a3b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:2f:7f:8c:29:ea:34:b5:30:83:b6:1a:d5:ab:
                    7e:61:58:1a:2c:17:e5:0c:11:1e:8f:5e:57:af:34:
                    1a:08:fe:0d:1d:af:43:f0:c2:c8:60:48:4c:95:9f:
                    82:0a:36:09:19:e4:49:ca:38:1f:97:e7:24:dc:9a:
                    c8:d2:c1:92:02:17:5d:85:c2:72:f4:15:e7:1b:5f:
                    a3:ce:71:01:78:1d:bf:b8:9a:d9:85:04:81:63:97:
                    09:58:d2:bc:61:03:19:94:9d:ac:33:ed:cb:78:43:
                    25:01:99:d2:77:8c:c7:66:54:66:82:c0:96:42:dd:
                    0a:15:d3:a2:31:e5:fe:b0:a1:fa:f7:fe:a1:c8:0d:
                    eb:d3:5c:8e:14:6f:d3:40:ec:50:27:c0:3d:04:c2:
                    3c:6e:db:bc:1c:b6:b3:55:d0:c8:8c:02:9d:70:7a:
                    71:6c:ef:c5:10:1a:c0:e1:f0:86:bd:1a:d3:8d:98:
                    50:c0:d9:14:dd:ff:a8:70:2c:21:94:7f:99:81:a0:
                    b7:29:c6:63:9a:d0:1c:cf:d3:d0:c8:34:cf:75:2c:
                    ff:04:3f:6c:e0:3c:2e:7b:87:d4:5b:fb:cd:a2:38:
                    16:7d:c0:69:ec:08:c8:97:ee:ba:2c:e5:ed:60:56:
                    d4:86:16:5e:88:01:f0:96:d9:31:72:e6:42:57:77:
                    0d:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:5C:2A:09:D4:40:AF:8D:DB:B6:5E:85:B6:90:3F:AA:74:D2:A3:B5
            X509v3 Authority Key Identifier:
                keyid:C6:19:53:C0:89:80:AD:C9:4F:2F:A3:A3:C1:BA:95:C4:0D:21:E7:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhlTwImArclPL6OjwbqVxA0h59M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/e01285-660d-4cd2-ad1f-625245a00abf/1/UVwqCdRAr43btl6FtpA_qnTSo7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/e01285-660d-4cd2-ad1f-625245a00abf/1/xhlTwImArclPL6OjwbqVxA0h59M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.110.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:75:39:6c:a6:93:92:e6:3c:de:fc:b2:b1:3a:04:43:09:8a:
         9f:4d:3d:f8:d4:b5:63:87:95:83:2c:45:20:9b:2b:0f:cd:0b:
         69:21:51:13:50:86:bf:9a:ad:7e:cc:08:20:81:11:d7:0b:6d:
         85:b0:c8:11:35:3c:b7:65:4f:90:79:7d:c7:69:1f:a4:57:71:
         b3:f7:e0:3e:2c:b0:01:b6:3b:0a:13:ff:54:31:a7:d4:fc:33:
         b5:f6:a7:1c:63:65:08:bb:fc:c4:aa:d5:32:84:80:d0:30:83:
         5a:1c:de:d5:ee:82:2b:26:86:c2:96:34:b5:ec:92:40:19:00:
         ba:34:63:9e:1a:ed:39:7e:b1:d4:0f:36:7a:f7:5f:7f:e7:d9:
         8c:1f:25:32:2f:8a:18:31:0a:5c:95:e3:d9:21:8e:0f:d0:c9:
         c8:b1:15:1b:db:e3:b8:d5:c4:bd:d2:dd:60:04:d8:82:5e:89:
         9c:de:e4:9c:7d:dc:88:78:b4:e1:03:eb:8a:c2:d2:48:43:5e:
         48:20:c0:bf:aa:84:00:3b:dd:7a:da:08:9c:b7:cc:5f:45:29:
         46:be:f6:b7:a2:d8:0e:9e:e0:3a:7e:9d:e2:9a:47:c7:2d:24:
         80:52:48:c9:08:d7:b9:05:33:2c:8a:73:c8:47:f0:f6:e5:c5:
         2a:b8:16:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHhPJSiSyE+mlluzWnI+xZqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTk1M2MwODk4MGFkYzk0ZjJmYTNhM2MxYmE5NWM0MGQy
MWU3ZDMwHhcNMjQwOTExMTMxODQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTVjMmEwOWQ0NDBhZjhkZGJiNjVlODViNjkwM2ZhYTc0ZDJhM2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuy9/jCnqNLUwg7Ya1at+YVgaLBfl
DBEej15XrzQaCP4NHa9D8MLIYEhMlZ+CCjYJGeRJyjgfl+ck3JrI0sGSAhddhcJy
9BXnG1+jznEBeB2/uJrZhQSBY5cJWNK8YQMZlJ2sM+3LeEMlAZnSd4zHZlRmgsCW
Qt0KFdOiMeX+sKH69/6hyA3r01yOFG/TQOxQJ8A9BMI8btu8HLazVdDIjAKdcHpx
bO/FEBrA4fCGvRrTjZhQwNkU3f+ocCwhlH+ZgaC3KcZjmtAcz9PQyDTPdSz/BD9s
4Dwue4fUW/vNojgWfcBp7AjIl+66LOXtYFbUhhZeiAHwltkxcuZCV3cNIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFFcKgnUQK+N27ZehbaQP6p00qO1MB8GA1UdIwQY
MBaAFMYZU8CJgK3JTy+jo8G6lcQNIefTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhsVHdJbUFyY2xQTDZPandicVZ4QTBoNTlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9lMDEyODUtNjYwZC00Y2QyLWFkMWYt
NjI1MjQ1YTAwYWJmLzEvVVZ3cUNkUkFyNDNidGw2RnRwQV9xblRTbzdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9lMDEyODUtNjYwZC00Y2QyLWFkMWYtNjI1MjQ1YTAwYWJm
LzEveGhsVHdJbUFyY2xQTDZPandicVZ4QTBoNTlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1G6NMA0G
CSqGSIb3DQEBCwUAA4IBAQA3dTlsppOS5jze/LKxOgRDCYqfTT341LVjh5WDLEUg
mysPzQtpIVETUIa/mq1+zAgggRHXC22FsMgRNTy3ZU+QeX3HaR+kV3Gz9+A+LLAB
tjsKE/9UMafU/DO19qccY2UIu/zEqtUyhIDQMINaHN7V7oIrJobCljS17JJAGQC6
NGOeGu05frHUDzZ6919/59mMHyUyL4oYMQpclePZIY4P0MnIsRUb2+O41cS90t1g
BNiCXomc3uScfdyIeLThA+uKwtJIQ15IIMC/qoQAO9162gict8xfRSlGvva3otgO
nuA6fp3imkfHLSSAUkjJCNe5BTMsinPIR/D25cUquBba
-----END CERTIFICATE-----