Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/14671e-86d2-42fc-80d9-825d3ff1dde8/1/uToYk_UUMDQDinnaqbWC356rtoA.roa
File:                     uToYk_UUMDQDinnaqbWC356rtoA.roa (raw, json)
Hash identifier:          455zQVAcmn9fOIFQe6acCiQB7G58N9bjJ7YcQ/XoXBo=
Subject key identifier:   B9:3A:18:93:F5:14:30:34:03:8A:79:DA:A9:B5:82:DF:9E:AB:B6:80
Certificate issuer:       /CN=faa61e29c166bf0635c8cefe8da82104a783b454
Certificate serial:       018CC49346050EB61140379A557EE62C3C2F
Authority key identifier: FA:A6:1E:29:C1:66:BF:06:35:C8:CE:FE:8D:A8:21:04:A7:83:B4:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-qYeKcFmvwY1yM7-jaghBKeDtFQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/14671e-86d2-42fc-80d9-825d3ff1dde8/1/uToYk_UUMDQDinnaqbWC356rtoA.roa
Signing time:             Mon 01 Jan 2024 10:30:35 +0000
ROA not before:           Mon 01 Jan 2024 10:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39319
IP address blocks:        94.199.224.0/21 maxlen: 21
                          185.47.72.0/22 maxlen: 22
                          2a00:ed8::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/14671e-86d2-42fc-80d9-825d3ff1dde8/1/1-qYeKcFmvwY1yM7-jaghBKeDtFQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/14671e-86d2-42fc-80d9-825d3ff1dde8/1/1-qYeKcFmvwY1yM7-jaghBKeDtFQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-qYeKcFmvwY1yM7-jaghBKeDtFQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 13:30:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:46:05:0e:b6:11:40:37:9a:55:7e:e6:2c:3c:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=faa61e29c166bf0635c8cefe8da82104a783b454
        Validity
            Not Before: Jan  1 10:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b93a1893f5143034038a79daa9b582df9eabb680
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:21:df:b2:c8:2f:f5:ff:d6:9f:c7:25:88:d0:
                    f2:47:37:a6:c9:e2:b5:df:1b:52:a5:1c:c0:80:c5:
                    e4:54:26:10:90:c7:67:91:c8:01:41:e2:c0:2b:10:
                    bc:e9:96:5a:a1:9b:63:46:ec:f1:6d:2f:42:0f:cd:
                    9b:30:99:7a:38:c0:8a:30:b1:eb:8a:29:4c:10:a4:
                    6d:2c:6d:cf:d3:44:0e:7b:aa:fb:15:5d:ff:91:51:
                    d4:7b:25:1e:8a:c1:6b:46:29:4c:a6:aa:59:17:23:
                    29:a6:c7:6b:d3:cf:d8:1c:22:94:69:1d:7d:ec:5b:
                    1b:3c:56:18:96:6b:9e:94:81:7b:b4:3f:9b:ab:f9:
                    63:38:2d:5c:44:09:62:0a:31:31:61:16:89:a8:b1:
                    56:b3:d1:87:32:30:7f:06:a8:bc:2a:24:cd:bd:14:
                    70:65:54:a9:e7:ab:1f:ec:20:73:83:b4:c5:00:b2:
                    96:2f:78:8f:34:bb:74:b3:60:88:5e:7d:0c:87:8d:
                    65:d4:98:ee:cc:1d:93:42:f5:b4:26:8c:86:b7:b7:
                    33:2d:41:1c:35:28:74:4c:ab:9a:3e:1c:28:cb:cc:
                    3d:a5:a8:e8:83:c7:c3:66:23:4f:dd:2e:6f:7a:b5:
                    11:e4:7e:4b:d3:57:8e:54:58:77:dd:fa:28:08:c4:
                    8d:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:3A:18:93:F5:14:30:34:03:8A:79:DA:A9:B5:82:DF:9E:AB:B6:80
            X509v3 Authority Key Identifier:
                keyid:FA:A6:1E:29:C1:66:BF:06:35:C8:CE:FE:8D:A8:21:04:A7:83:B4:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-qYeKcFmvwY1yM7-jaghBKeDtFQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/14671e-86d2-42fc-80d9-825d3ff1dde8/1/uToYk_UUMDQDinnaqbWC356rtoA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/14671e-86d2-42fc-80d9-825d3ff1dde8/1/1-qYeKcFmvwY1yM7-jaghBKeDtFQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.199.224.0/21
                  185.47.72.0/22
                IPv6:
                  2a00:ed8::/32

    Signature Algorithm: sha256WithRSAEncryption
         4b:ae:54:31:30:3a:f5:be:9e:0e:84:9c:7d:ae:28:e7:25:99:
         43:1a:7d:c9:64:c9:35:7d:33:5e:f6:f8:e7:85:1f:bf:0d:c8:
         f5:c5:bb:65:17:96:df:f3:61:53:47:ea:7b:fb:3a:2e:b6:3f:
         b6:23:83:dc:92:d3:73:e7:3c:2a:68:77:78:4b:78:8b:7b:48:
         ff:a0:bc:8c:67:fb:11:e8:83:7f:74:49:36:69:7e:b6:cf:58:
         54:d6:3f:20:b4:25:14:d6:7c:8b:a0:0e:0d:43:ef:7f:6c:d1:
         c3:16:69:ab:7a:3c:f2:34:ac:a8:34:1e:97:11:8a:53:04:ea:
         6e:59:5f:f5:74:55:db:76:b2:4e:f6:c3:75:81:72:7c:66:96:
         66:94:20:38:35:65:51:31:a0:be:a4:8a:03:e8:7e:08:79:fa:
         b9:82:4a:ae:80:21:b4:af:f3:3d:d7:6d:86:5c:40:af:a0:24:
         12:a2:c0:0d:fe:61:e9:f2:0f:7d:dd:2e:c5:1d:c4:db:1f:d1:
         de:1f:9d:04:50:80:e6:39:d9:15:32:4d:13:1a:db:b3:9a:1e:
         7e:fa:85:be:ab:20:9a:91:74:5c:05:af:f1:be:a8:6c:40:19:
         d8:b2:46:25:e0:4f:6b:82:4e:51:ae:fd:3e:1a:e7:d8:1b:57:
         5a:f9:e4:68
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzEk0YFDrYRQDeaVX7mLDwvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhYTYxZTI5YzE2NmJmMDYzNWM4Y2VmZThkYTgyMTA0YTc4
M2I0NTQwHhcNMjQwMTAxMTAzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTNhMTg5M2Y1MTQzMDM0MDM4YTc5ZGFhOWI1ODJkZjllYWJiNjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0CHfssgv9f/Wn8cliNDyRzemyeK1
3xtSpRzAgMXkVCYQkMdnkcgBQeLAKxC86ZZaoZtjRuzxbS9CD82bMJl6OMCKMLHr
iilMEKRtLG3P00QOe6r7FV3/kVHUeyUeisFrRilMpqpZFyMppsdr08/YHCKUaR19
7FsbPFYYlmuelIF7tD+bq/ljOC1cRAliCjExYRaJqLFWs9GHMjB/Bqi8KiTNvRRw
ZVSp56sf7CBzg7TFALKWL3iPNLt0s2CIXn0Mh41l1JjuzB2TQvW0JoyGt7czLUEc
NSh0TKuaPhwoy8w9pajog8fDZiNP3S5verUR5H5L01eOVFh33fooCMSNKwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFLk6GJP1FDA0A4p52qm1gt+eq7aAMB8GA1UdIwQY
MBaAFPqmHinBZr8GNcjO/o2oIQSng7RUMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1xWWVLY0ZtdndZMXlNNy1qYWdoQktlRHRGUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTkvMTQ2NzFlLTg2ZDItNDJmYy04MGQ5
LTgyNWQzZmYxZGRlOC8xL3VUb1lrX1VVTURRRGlubmFxYldDMzU2cnRvQS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTkvMTQ2NzFlLTg2ZDItNDJmYy04MGQ5LTgyNWQzZmYxZGRl
OC8xLzEtcVllS2NGbXZ3WTF5TTctamFnaEJLZUR0RlEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwNAYIKwYBBQUHAQcBAf8EJTAjMBIEAgABMAwDBANex+AD
BAK5L0gwDQQCAAIwBwMFACoADtgwDQYJKoZIhvcNAQELBQADggEBAEuuVDEwOvW+
ng6EnH2uKOclmUMafclkyTV9M172+OeFH78NyPXFu2UXlt/zYVNH6nv7Oi62P7Yj
g9yS03PnPCpod3hLeIt7SP+gvIxn+xHog390STZpfrbPWFTWPyC0JRTWfIugDg1D
739s0cMWaat6PPI0rKg0HpcRilME6m5ZX/V0Vdt2sk72w3WBcnxmlmaUIDg1ZVEx
oL6kigPofgh5+rmCSq6AIbSv8z3XbYZcQK+gJBKiwA3+YenyD33dLsUdxNsf0d4f
nQRQgOY52RUyTRMa27OaHn76hb6rIJqRdFwFr/G+qGxAGdiyRiXgT2uCTlGu/T4a
59gbV1r55Gg=
-----END CERTIFICATE-----