Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/UqELcHzBwx1yma51Rs4r-IaqnkY.roa
File:                     UqELcHzBwx1yma51Rs4r-IaqnkY.roa (raw, json)
Hash identifier:          LIYkPTPKFTh8ddOa4h+kBKbDlCMNs6zLV5y8p3OQH/I=
Subject key identifier:   52:A1:0B:70:7C:C1:C3:1D:72:99:AE:75:46:CE:2B:F8:86:AA:9E:46
Certificate issuer:       /CN=929352a8d2dd70c91ffcec8e323fe69f1e9a4139
Certificate serial:       018CC9BC769D8309861195F7360A3F776E61
Authority key identifier: 92:93:52:A8:D2:DD:70:C9:1F:FC:EC:8E:32:3F:E6:9F:1E:9A:41:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kpNSqNLdcMkf_OyOMj_mnx6aQTk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/UqELcHzBwx1yma51Rs4r-IaqnkY.roa
Signing time:             Tue 02 Jan 2024 10:33:40 +0000
ROA not before:           Tue 02 Jan 2024 10:33:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8747
IP address blocks:        109.235.180.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/kpNSqNLdcMkf_OyOMj_mnx6aQTk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/kpNSqNLdcMkf_OyOMj_mnx6aQTk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kpNSqNLdcMkf_OyOMj_mnx6aQTk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:76:9d:83:09:86:11:95:f7:36:0a:3f:77:6e:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=929352a8d2dd70c91ffcec8e323fe69f1e9a4139
        Validity
            Not Before: Jan  2 10:33:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=52a10b707cc1c31d7299ae7546ce2bf886aa9e46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:0f:a8:55:8a:68:41:dc:35:cd:13:df:d2:34:
                    18:ec:b2:c0:14:d1:0d:0b:12:95:e2:3a:95:49:77:
                    9b:d7:97:d8:eb:10:26:fc:36:99:67:05:f1:8d:47:
                    37:b3:1d:87:94:9c:a6:44:00:98:4d:c7:c6:7b:1b:
                    b9:ed:6a:9a:59:f8:d4:af:70:14:0e:8b:56:ac:a2:
                    78:89:34:18:0f:f0:e2:b4:73:a4:c2:63:50:ae:42:
                    2b:8e:06:03:c5:2e:b9:19:15:69:4d:d4:2c:73:23:
                    71:0b:3b:e9:63:ba:40:79:c0:4e:84:c7:1e:eb:5c:
                    e3:f3:e1:16:6c:04:62:fd:d9:01:31:a2:ab:64:63:
                    28:1b:66:de:00:04:7b:2d:ce:a9:ff:21:20:80:f9:
                    ec:dd:4b:5d:32:63:e8:35:09:87:7b:fd:02:01:f9:
                    57:f8:21:7e:db:6e:ec:2a:54:b0:2e:95:d4:dd:5d:
                    a7:42:04:f5:e2:08:38:0b:dd:bd:89:42:1d:81:03:
                    75:92:7e:e9:52:83:43:5d:16:e9:8b:9d:64:1e:f7:
                    e0:1b:6f:cc:11:cd:c5:6b:1e:fd:b4:ad:bf:ef:e5:
                    c4:9e:ad:84:4a:27:d4:7a:20:53:b8:85:c3:a6:4d:
                    eb:6f:65:d2:fe:05:7c:43:71:b6:39:d0:8b:71:a6:
                    55:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:A1:0B:70:7C:C1:C3:1D:72:99:AE:75:46:CE:2B:F8:86:AA:9E:46
            X509v3 Authority Key Identifier:
                keyid:92:93:52:A8:D2:DD:70:C9:1F:FC:EC:8E:32:3F:E6:9F:1E:9A:41:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kpNSqNLdcMkf_OyOMj_mnx6aQTk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/UqELcHzBwx1yma51Rs4r-IaqnkY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/kpNSqNLdcMkf_OyOMj_mnx6aQTk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.235.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:62:75:6d:98:f3:5a:01:16:6b:52:9f:5e:49:6a:82:b9:f9:
         73:38:f9:fc:4f:69:03:f2:86:96:6a:82:4c:1c:74:1d:47:ae:
         3f:e7:17:6d:fa:d5:fa:a6:7b:e5:f4:b5:88:d7:2d:74:11:34:
         f0:97:93:86:7c:0e:af:8e:8e:e3:e6:b7:26:a5:de:82:78:08:
         48:72:db:db:cf:af:eb:59:6d:8a:c0:02:45:c6:29:70:ab:e4:
         5f:84:92:34:85:49:28:16:2b:b5:e9:28:5f:64:56:49:38:9b:
         2f:04:7d:b7:78:44:f7:ba:d7:75:75:91:49:a4:1d:5d:be:83:
         2b:48:59:6e:be:44:95:65:0b:6e:76:61:5a:28:fd:71:d8:80:
         8e:61:a3:32:7b:f2:e2:7d:af:08:36:8a:d3:03:55:be:1b:a2:
         c4:9b:19:66:ea:f5:7b:53:0f:18:d6:49:7e:a1:71:a9:69:dc:
         82:e5:a9:8d:cd:41:14:0d:04:3c:a3:c8:39:f5:03:26:70:12:
         de:3f:cb:7b:71:f5:45:e7:39:ac:91:33:f1:8d:ae:ef:7e:67:
         17:d2:cd:27:8d:5b:70:eb:b5:14:ea:18:3c:71:46:7b:a6:91:
         e1:86:8a:22:2b:7c:36:41:82:f8:9b:89:4b:d6:2a:8d:59:22:
         11:c8:83:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvHadgwmGEZX3Ngo/d25hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyOTM1MmE4ZDJkZDcwYzkxZmZjZWM4ZTMyM2ZlNjlmMWU5
YTQxMzkwHhcNMjQwMTAyMTAzMzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmExMGI3MDdjYzFjMzFkNzI5OWFlNzU0NmNlMmJmODg2YWE5ZTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmg+oVYpoQdw1zRPf0jQY7LLAFNEN
CxKV4jqVSXeb15fY6xAm/DaZZwXxjUc3sx2HlJymRACYTcfGexu57WqaWfjUr3AU
DotWrKJ4iTQYD/DitHOkwmNQrkIrjgYDxS65GRVpTdQscyNxCzvpY7pAecBOhMce
61zj8+EWbARi/dkBMaKrZGMoG2beAAR7Lc6p/yEggPns3UtdMmPoNQmHe/0CAflX
+CF+227sKlSwLpXU3V2nQgT14gg4C929iUIdgQN1kn7pUoNDXRbpi51kHvfgG2/M
Ec3Fax79tK2/7+XEnq2ESifUeiBTuIXDpk3rb2XS/gV8Q3G2OdCLcaZVAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFKhC3B8wcMdcpmudUbOK/iGqp5GMB8GA1UdIwQY
MBaAFJKTUqjS3XDJH/zsjjI/5p8emkE5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3BOU3FOTGRjTWtmX095T01qX21ueDZhUVRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi83YjZlZGMtYWQyMy00ZDczLWFiNTYt
MGExYTM1ODk3ZjEwLzEvVXFFTGNIekJ3eDF5bWE1MVJzNHItSWFxbmtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi83YjZlZGMtYWQyMy00ZDczLWFiNTYtMGExYTM1ODk3ZjEw
LzEva3BOU3FOTGRjTWtmX095T01qX21ueDZhUVRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbeu0MA0G
CSqGSIb3DQEBCwUAA4IBAQCGYnVtmPNaARZrUp9eSWqCuflzOPn8T2kD8oaWaoJM
HHQdR64/5xdt+tX6pnvl9LWI1y10ETTwl5OGfA6vjo7j5rcmpd6CeAhIctvbz6/r
WW2KwAJFxilwq+RfhJI0hUkoFiu16ShfZFZJOJsvBH23eET3utd1dZFJpB1dvoMr
SFluvkSVZQtudmFaKP1x2ICOYaMye/Lifa8INorTA1W+G6LEmxlm6vV7Uw8Y1kl+
oXGpadyC5amNzUEUDQQ8o8g59QMmcBLeP8t7cfVF5zmskTPxja7vfmcX0s0njVtw
67UU6hg8cUZ7ppHhhooiK3w2QYL4m4lL1iqNWSIRyIMN
-----END CERTIFICATE-----