Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/8bff72-5c16-4484-acc2-7eb4c088590f/1/ujqxZWYUkm_291dR7q2YAlEqbKI.roa
File:                     ujqxZWYUkm_291dR7q2YAlEqbKI.roa (raw, json)
Hash identifier:          qO1HRcMkLp/OsoI/xiHf6JGQ2YFreP1Hgonh/BcG0EY=
Subject key identifier:   BA:3A:B1:65:66:14:92:6F:F6:F7:57:51:EE:AD:98:02:51:2A:6C:A2
Certificate issuer:       /CN=cadc74e10830421d4eeea98244cfd1b4119037ff
Certificate serial:       018CC8019E481D65FD4A874E7D449344CE6D
Authority key identifier: CA:DC:74:E1:08:30:42:1D:4E:EE:A9:82:44:CF:D1:B4:11:90:37:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ytx04QgwQh1O7qmCRM_RtBGQN_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/8bff72-5c16-4484-acc2-7eb4c088590f/1/ujqxZWYUkm_291dR7q2YAlEqbKI.roa
Signing time:             Tue 02 Jan 2024 02:29:58 +0000
ROA not before:           Tue 02 Jan 2024 02:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        141.71.0.0/16 maxlen: 16
                          192.108.51.0/24 maxlen: 24
                          192.108.52.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/8bff72-5c16-4484-acc2-7eb4c088590f/1/ytx04QgwQh1O7qmCRM_RtBGQN_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/8bff72-5c16-4484-acc2-7eb4c088590f/1/ytx04QgwQh1O7qmCRM_RtBGQN_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ytx04QgwQh1O7qmCRM_RtBGQN_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:9e:48:1d:65:fd:4a:87:4e:7d:44:93:44:ce:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cadc74e10830421d4eeea98244cfd1b4119037ff
        Validity
            Not Before: Jan  2 02:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba3ab1656614926ff6f75751eead9802512a6ca2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:a6:2a:9b:28:c3:05:81:ab:70:ce:c5:dc:63:
                    30:75:29:8b:10:cd:01:7d:1f:f4:a6:03:bc:dc:c1:
                    f8:7d:84:a6:e3:d6:bb:17:41:6b:36:76:c5:31:bc:
                    50:8a:c7:a1:e9:57:26:6a:d6:4f:b7:29:94:46:e4:
                    13:db:46:38:39:b4:1b:bb:f3:75:5b:b4:db:2b:d7:
                    db:c0:d9:66:71:a1:cf:c1:17:df:75:2a:bc:b1:88:
                    81:8a:dd:3f:06:7f:98:c8:67:27:3a:3f:7f:31:2e:
                    34:1c:39:32:42:75:37:d4:78:61:53:63:7c:fd:d3:
                    12:00:77:78:1a:48:90:7b:1c:92:9a:a0:4a:27:6e:
                    af:d9:f5:85:6b:ef:a4:30:f9:37:98:55:a3:4e:d1:
                    76:7b:88:49:50:a7:02:ae:4c:80:6a:e1:ff:a1:1a:
                    2c:60:9f:2b:d6:db:dd:63:83:29:c5:80:5a:6c:9b:
                    fb:86:2f:6f:5d:52:8a:76:7e:65:44:d1:8f:3c:1f:
                    48:81:73:10:f8:e7:32:fe:12:9f:aa:a6:44:6c:ac:
                    0f:b4:d1:4f:77:69:ca:a5:63:f3:60:8a:bd:3f:48:
                    2e:f1:20:27:3c:20:a1:43:54:53:ed:fb:c6:e9:9e:
                    37:c7:26:b7:51:52:b6:bd:59:37:ee:fd:87:01:af:
                    f3:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:3A:B1:65:66:14:92:6F:F6:F7:57:51:EE:AD:98:02:51:2A:6C:A2
            X509v3 Authority Key Identifier:
                keyid:CA:DC:74:E1:08:30:42:1D:4E:EE:A9:82:44:CF:D1:B4:11:90:37:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ytx04QgwQh1O7qmCRM_RtBGQN_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/8bff72-5c16-4484-acc2-7eb4c088590f/1/ujqxZWYUkm_291dR7q2YAlEqbKI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/8bff72-5c16-4484-acc2-7eb4c088590f/1/ytx04QgwQh1O7qmCRM_RtBGQN_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.71.0.0/16
                  192.108.51.0-192.108.53.255

    Signature Algorithm: sha256WithRSAEncryption
         99:75:12:bf:ea:a1:ec:46:c4:ea:3a:c0:92:4a:8b:4a:86:11:
         d3:58:c0:98:eb:9f:fc:bc:c6:7a:48:1e:6a:e8:cd:77:72:66:
         06:25:78:0a:56:b1:0c:98:72:ee:dd:d1:62:ce:b8:f8:77:1c:
         04:5f:c0:ce:b6:10:17:52:90:c0:36:da:b7:19:3b:c7:93:19:
         8a:02:95:05:23:e0:7e:af:23:e0:ba:9d:4e:d8:81:77:34:ed:
         44:4d:c0:1a:e4:01:29:4e:a0:62:b9:e6:3f:9a:64:eb:51:26:
         25:8c:64:e2:3f:d7:0e:3b:9f:5f:2e:0c:ed:1c:48:79:4e:6c:
         86:25:8c:73:e1:a4:77:36:93:c9:56:27:04:1d:a6:2c:57:a3:
         4d:c3:33:f7:51:97:34:a6:57:f5:63:1b:ab:04:4b:ec:af:da:
         df:1a:4b:09:ba:37:53:00:99:aa:db:74:fa:d4:0c:fe:29:66:
         e9:59:71:6c:d6:82:5e:e4:44:d1:a8:e6:0e:77:3c:8d:f1:68:
         56:fa:76:49:eb:f0:8f:79:5f:bb:f2:23:f0:9e:2c:ff:cc:e0:
         05:b9:1c:35:ec:fb:b7:37:c9:c4:f5:3d:3e:38:4a:4e:4b:63:
         98:f6:48:91:3f:08:9c:64:c8:3c:4b:d2:42:11:54:cf:ef:c4:
         c4:2d:84:ac
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAYzIAZ5IHWX9SodOfUSTRM5tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhZGM3NGUxMDgzMDQyMWQ0ZWVlYTk4MjQ0Y2ZkMWI0MTE5
MDM3ZmYwHhcNMjQwMTAyMDIyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTNhYjE2NTY2MTQ5MjZmZjZmNzU3NTFlZWFkOTgwMjUxMmE2Y2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6YqmyjDBYGrcM7F3GMwdSmLEM0B
fR/0pgO83MH4fYSm49a7F0FrNnbFMbxQiseh6VcmatZPtymURuQT20Y4ObQbu/N1
W7TbK9fbwNlmcaHPwRffdSq8sYiBit0/Bn+YyGcnOj9/MS40HDkyQnU31HhhU2N8
/dMSAHd4GkiQexySmqBKJ26v2fWFa++kMPk3mFWjTtF2e4hJUKcCrkyAauH/oRos
YJ8r1tvdY4MpxYBabJv7hi9vXVKKdn5lRNGPPB9IgXMQ+Ocy/hKfqqZEbKwPtNFP
d2nKpWPzYIq9P0gu8SAnPCChQ1RT7fvG6Z43xya3UVK2vVk37v2HAa/zuwIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFLo6sWVmFJJv9vdXUe6tmAJRKmyiMB8GA1UdIwQY
MBaAFMrcdOEIMEIdTu6pgkTP0bQRkDf/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXR4MDRRZ3dRaDFPN3FtQ1JNX1J0QkdRTl84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC84YmZmNzItNWMxNi00NDg0LWFjYzIt
N2ViNGMwODg1OTBmLzEvdWpxeFpXWVVrbV8yOTFkUjdxMllBbEVxYktJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC84YmZmNzItNWMxNi00NDg0LWFjYzItN2ViNGMwODg1OTBm
LzEveXR4MDRRZ3dRaDFPN3FtQ1JNX1J0QkdRTl84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCwGCCsGAQUFBwEHAQH/BB0wGzAZBAIAATATAwMAjUcwDAME
AMBsMwMEAcBsNDANBgkqhkiG9w0BAQsFAAOCAQEAmXUSv+qh7EbE6jrAkkqLSoYR
01jAmOuf/LzGekgeaujNd3JmBiV4ClaxDJhy7t3RYs64+HccBF/AzrYQF1KQwDba
txk7x5MZigKVBSPgfq8j4LqdTtiBdzTtRE3AGuQBKU6gYrnmP5pk61EmJYxk4j/X
DjufXy4M7RxIeU5shiWMc+GkdzaTyVYnBB2mLFejTcMz91GXNKZX9WMbqwRL7K/a
3xpLCbo3UwCZqtt0+tQM/ilm6VlxbNaCXuRE0ajmDnc8jfFoVvp2Sevwj3lfu/Ij
8J4s/8zgBbkcNez7tzfJxPU9PjhKTktjmPZIkT8InGTIPEvSQhFUz+/ExC2ErA==
-----END CERTIFICATE-----