Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/uTqavOzXshbfOmcCVEm5icvSg9k.roa
File:                     uTqavOzXshbfOmcCVEm5icvSg9k.roa (raw, json)
Hash identifier:          oRCR5prfFV83ScldQEdL5piG6MV9YpSYLu+0dbWK4EM=
Subject key identifier:   B9:3A:9A:BC:EC:D7:B2:16:DF:3A:67:02:54:49:B9:89:CB:D2:83:D9
Certificate issuer:       /CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
Certificate serial:       018CC6B919A34437E9900F79C4319618E591
Authority key identifier: 1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/uTqavOzXshbfOmcCVEm5icvSg9k.roa
Signing time:             Mon 01 Jan 2024 20:31:08 +0000
ROA not before:           Mon 01 Jan 2024 20:31:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199058
IP address blocks:        2.59.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:19:a3:44:37:e9:90:0f:79:c4:31:96:18:e5:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
        Validity
            Not Before: Jan  1 20:31:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b93a9abcecd7b216df3a67025449b989cbd283d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:19:52:66:8d:73:a6:19:c9:13:89:16:05:5d:
                    8a:10:99:a0:89:07:96:c1:f8:3c:f7:5e:ff:69:51:
                    b6:38:24:4f:7a:4a:ae:ae:c0:19:b3:46:c7:2d:14:
                    42:15:26:78:1b:24:ae:87:ed:75:41:25:37:c1:fd:
                    4f:26:e4:bf:0d:cb:f8:ce:2e:1f:65:88:27:5d:75:
                    f9:b3:3c:51:fb:46:d6:c6:43:f7:ad:f7:23:5a:b0:
                    e4:2a:4c:d0:d6:fd:65:76:18:d2:17:04:44:06:71:
                    38:ae:7b:91:95:95:53:46:f4:5d:b2:b3:0a:6f:91:
                    a8:15:00:ef:97:8d:e9:6d:a4:67:b4:a6:d0:8f:46:
                    34:a7:b1:79:35:d3:99:19:d3:1c:db:ef:4c:ab:e1:
                    e6:de:b9:3c:34:e5:1f:6c:08:4e:cf:2d:87:84:bf:
                    c9:fa:29:0f:84:71:3b:24:6f:81:73:14:4e:aa:90:
                    7d:62:c8:5b:96:6c:19:2b:4a:b9:83:ae:06:2e:b4:
                    d9:11:99:77:08:8c:91:ce:4e:68:a4:23:13:e6:4a:
                    11:8f:08:bc:65:b9:c7:b2:23:39:bd:9a:9e:75:bd:
                    9c:14:80:2c:27:f7:f8:4a:9e:f6:76:02:d9:bc:d0:
                    8b:c8:98:38:1f:8a:21:4d:64:90:cf:2e:5d:a3:d1:
                    e8:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:3A:9A:BC:EC:D7:B2:16:DF:3A:67:02:54:49:B9:89:CB:D2:83:D9
            X509v3 Authority Key Identifier:
                keyid:1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/uTqavOzXshbfOmcCVEm5icvSg9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:6f:1e:0d:64:8f:32:41:df:a4:c3:70:90:c3:fc:49:e9:21:
         95:26:e3:8e:8b:a5:25:e8:8c:9f:66:62:d2:6d:e0:04:6e:48:
         74:f4:b0:55:b5:6f:4d:2f:a6:6a:07:ae:5d:11:02:cd:02:14:
         43:c8:be:98:43:0c:fd:2f:1c:2a:da:75:79:74:f6:01:8c:d4:
         54:d0:44:52:f3:05:77:4f:9c:07:ca:7c:e9:b5:56:28:23:95:
         ef:69:45:8c:88:84:a1:4f:bd:ca:ef:ba:d2:84:d6:c3:d8:66:
         4a:e3:36:0d:b1:ed:59:b1:1d:06:0b:07:7b:fd:5d:2e:2d:ad:
         30:e1:e0:b5:2a:6d:d2:61:4b:d6:65:aa:77:50:32:87:9e:c2:
         d2:15:7e:17:c8:0f:56:22:ee:0f:f4:e8:db:f8:95:dc:c0:d9:
         36:36:aa:7e:11:fb:a6:4b:cf:66:3c:47:b6:1f:da:8f:60:76:
         e6:b7:09:b5:37:cf:37:84:f8:63:1d:24:0c:8c:f6:a2:d6:7c:
         a7:e0:ba:74:a6:cf:a0:b8:b7:06:aa:21:44:27:d7:71:06:b9:
         6c:a5:b4:98:87:ae:ea:93:c6:3e:d0:8c:e8:64:fa:da:d7:d2:
         ff:fb:0f:b1:d8:77:f9:d4:92:37:93:21:83:59:a8:2d:7d:06:
         f0:78:a1:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuRmjRDfpkA95xDGWGOWRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhN2YwMzZlMjU5MjM5MWZiNDVhM2RkMzNjYWYwYjA3OTU2
OTczY2YwHhcNMjQwMTAxMjAzMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTNhOWFiY2VjZDdiMjE2ZGYzYTY3MDI1NDQ5Yjk4OWNiZDI4M2Q5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBlSZo1zphnJE4kWBV2KEJmgiQeW
wfg8917/aVG2OCRPekqursAZs0bHLRRCFSZ4GySuh+11QSU3wf1PJuS/Dcv4zi4f
ZYgnXXX5szxR+0bWxkP3rfcjWrDkKkzQ1v1ldhjSFwREBnE4rnuRlZVTRvRdsrMK
b5GoFQDvl43pbaRntKbQj0Y0p7F5NdOZGdMc2+9Mq+Hm3rk8NOUfbAhOzy2HhL/J
+ikPhHE7JG+BcxROqpB9YshblmwZK0q5g64GLrTZEZl3CIyRzk5opCMT5koRjwi8
ZbnHsiM5vZqedb2cFIAsJ/f4Sp72dgLZvNCLyJg4H4ohTWSQzy5do9HodwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLk6mrzs17IW3zpnAlRJuYnL0oPZMB8GA1UdIwQY
MBaAFBp/A24lkjkftFo90zyvCweVaXPPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR244RGJpV1NPUi0wV2ozVFBLOExCNVZwYzg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC8yNGJlMWEtMTZkYS00ODFjLThiY2It
MzQwZDYyNWM2ZGJhLzEvdVRxYXZPelhzaGJmT21jQ1ZFbTVpY3ZTZzlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC8yNGJlMWEtMTZkYS00ODFjLThiY2ItMzQwZDYyNWM2ZGJh
LzEvR244RGJpV1NPUi0wV2ozVFBLOExCNVZwYzg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAju3MA0G
CSqGSIb3DQEBCwUAA4IBAQBdbx4NZI8yQd+kw3CQw/xJ6SGVJuOOi6Ul6IyfZmLS
beAEbkh09LBVtW9NL6ZqB65dEQLNAhRDyL6YQwz9Lxwq2nV5dPYBjNRU0ERS8wV3
T5wHynzptVYoI5XvaUWMiIShT73K77rShNbD2GZK4zYNse1ZsR0GCwd7/V0uLa0w
4eC1Km3SYUvWZap3UDKHnsLSFX4XyA9WIu4P9Ojb+JXcwNk2Nqp+EfumS89mPEe2
H9qPYHbmtwm1N883hPhjHSQMjPai1nyn4Lp0ps+guLcGqiFEJ9dxBrlspbSYh67q
k8Y+0IzoZPra19L/+w+x2Hf51JI3kyGDWagtfQbweKHg
-----END CERTIFICATE-----