Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/32f3bb-2594-4b37-94aa-941244f5dded/1/Uvy-7U-6VYX7Un5O1qd_2mmNxmo.roa
File:                     Uvy-7U-6VYX7Un5O1qd_2mmNxmo.roa (raw, json)
Hash identifier:          4Fj5U2ISP2I1kzhQOPbE33YltrHUoeMbB6khIxaBpd4=
Subject key identifier:   52:FC:BE:ED:4F:BA:55:85:FB:52:7E:4E:D6:A7:7F:DA:69:8D:C6:6A
Certificate issuer:       /CN=c27cf5560207ece8482c32fcb6995f77d7f730cb
Certificate serial:       0192B3842D19358C164410F8A29AD13743A3
Authority key identifier: C2:7C:F5:56:02:07:EC:E8:48:2C:32:FC:B6:99:5F:77:D7:F7:30:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wnz1VgIH7OhILDL8tplfd9f3MMs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/32f3bb-2594-4b37-94aa-941244f5dded/1/Uvy-7U-6VYX7Un5O1qd_2mmNxmo.roa
Signing time:             Tue 22 Oct 2024 09:17:16 +0000
ROA not before:           Tue 22 Oct 2024 09:17:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2116
IP address blocks:        91.208.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/32f3bb-2594-4b37-94aa-941244f5dded/1/wnz1VgIH7OhILDL8tplfd9f3MMs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/32f3bb-2594-4b37-94aa-941244f5dded/1/wnz1VgIH7OhILDL8tplfd9f3MMs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wnz1VgIH7OhILDL8tplfd9f3MMs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b3:84:2d:19:35:8c:16:44:10:f8:a2:9a:d1:37:43:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c27cf5560207ece8482c32fcb6995f77d7f730cb
        Validity
            Not Before: Oct 22 09:17:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=52fcbeed4fba5585fb527e4ed6a77fda698dc66a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:d9:cc:3e:de:8c:85:b7:7f:93:64:20:29:05:
                    ff:49:fd:ea:a7:27:76:b8:f6:a9:38:33:65:56:a2:
                    89:eb:29:26:95:f2:e7:8c:c4:f4:02:aa:14:ee:2b:
                    5c:4b:5e:94:9b:6a:dc:5d:c9:6a:ba:6d:7f:69:63:
                    92:5e:ae:e7:cd:f9:e7:60:62:82:b2:d1:f0:6a:cf:
                    f4:94:c4:f5:32:1b:f5:9c:aa:a1:79:79:53:05:e3:
                    69:60:c8:9c:8e:9c:d0:8c:8f:2e:31:af:94:96:ba:
                    52:88:5c:a0:f9:32:dd:74:ac:d9:42:1e:62:1d:84:
                    63:82:f8:64:6b:de:3d:f1:ab:94:92:4a:c6:82:01:
                    99:e9:b9:94:6e:bf:c8:02:da:01:c5:ce:0c:5b:c9:
                    c1:27:8e:3e:af:52:f3:92:d0:c6:04:28:86:18:71:
                    1f:b4:ea:74:a0:d4:40:ca:0f:3f:a4:0f:2c:27:2a:
                    80:d3:c2:03:2a:42:b7:66:31:b2:84:c2:89:ac:6e:
                    7f:a5:07:85:97:48:5f:ae:86:dd:b4:fa:31:7b:4e:
                    3f:1a:ad:f5:d0:13:0b:f2:cf:c6:da:b5:66:b2:f5:
                    a9:34:f6:f1:53:cb:47:24:77:41:41:c6:6b:24:09:
                    0f:a1:ed:90:b0:52:9f:37:2a:cb:63:93:15:b9:3a:
                    2f:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:FC:BE:ED:4F:BA:55:85:FB:52:7E:4E:D6:A7:7F:DA:69:8D:C6:6A
            X509v3 Authority Key Identifier:
                keyid:C2:7C:F5:56:02:07:EC:E8:48:2C:32:FC:B6:99:5F:77:D7:F7:30:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wnz1VgIH7OhILDL8tplfd9f3MMs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/32f3bb-2594-4b37-94aa-941244f5dded/1/Uvy-7U-6VYX7Un5O1qd_2mmNxmo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/32f3bb-2594-4b37-94aa-941244f5dded/1/wnz1VgIH7OhILDL8tplfd9f3MMs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:11:73:9f:27:8c:14:4b:95:44:aa:2f:db:a3:5c:b9:ce:e9:
         93:ff:f4:ed:7d:d3:ec:55:e9:30:8f:1e:57:35:16:52:05:95:
         e8:8e:4d:4e:d1:ba:0f:69:49:06:4d:22:27:82:75:89:c7:32:
         e9:ae:93:a3:3d:d4:60:35:27:63:8e:ae:c4:04:c1:d5:a7:5e:
         a6:b6:94:49:a2:19:77:5c:c2:c3:74:0a:15:0a:b5:14:8b:1c:
         34:a2:ca:3b:9c:73:f2:ba:90:b0:64:83:9c:fb:98:a8:5c:fb:
         2f:c2:54:4c:15:b0:7c:9b:6c:3e:19:0d:a1:ee:ca:2e:cd:1e:
         80:ef:5a:81:d2:4e:00:7b:15:ac:58:d3:8f:98:f6:82:16:45:
         ef:b4:a0:65:b9:de:7b:12:91:c3:97:3d:be:fd:7f:64:e4:49:
         3f:f8:57:48:5d:b0:e9:10:04:93:d6:9f:48:17:23:fe:c3:e8:
         2a:e7:7d:9f:ba:18:ad:3a:0d:9b:1c:09:e3:e6:67:d1:51:f4:
         cf:81:27:49:4b:6e:61:c3:ee:74:bb:7f:4c:ae:fb:5e:05:14:
         a2:05:ab:ae:a1:08:cc:cd:a9:84:b1:2c:a2:0e:69:7c:80:9d:
         47:b5:e4:ea:8b:48:6f:12:6e:9c:91:3e:8a:97:b7:07:b4:9f:
         56:5b:fe:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKzhC0ZNYwWRBD4oprRN0OjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyN2NmNTU2MDIwN2VjZTg0ODJjMzJmY2I2OTk1Zjc3ZDdm
NzMwY2IwHhcNMjQxMDIyMDkxNzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmZjYmVlZDRmYmE1NTg1ZmI1MjdlNGVkNmE3N2ZkYTY5OGRjNjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxtnMPt6Mhbd/k2QgKQX/Sf3qpyd2
uPapODNlVqKJ6ykmlfLnjMT0AqoU7itcS16Um2rcXclqum1/aWOSXq7nzfnnYGKC
stHwas/0lMT1Mhv1nKqheXlTBeNpYMicjpzQjI8uMa+UlrpSiFyg+TLddKzZQh5i
HYRjgvhka9498auUkkrGggGZ6bmUbr/IAtoBxc4MW8nBJ44+r1LzktDGBCiGGHEf
tOp0oNRAyg8/pA8sJyqA08IDKkK3ZjGyhMKJrG5/pQeFl0hfrobdtPoxe04/Gq31
0BML8s/G2rVmsvWpNPbxU8tHJHdBQcZrJAkPoe2QsFKfNyrLY5MVuTovmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFL8vu1PulWF+1J+Ttanf9ppjcZqMB8GA1UdIwQY
MBaAFMJ89VYCB+zoSCwy/LaZX3fX9zDLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd256MVZnSUg3T2hJTERMOHRwbGZkOWYzTU1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi8zMmYzYmItMjU5NC00YjM3LTk0YWEt
OTQxMjQ0ZjVkZGVkLzEvVXZ5LTdVLTZWWVg3VW41TzFxZF8ybW1OeG1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi8zMmYzYmItMjU5NC00YjM3LTk0YWEtOTQxMjQ0ZjVkZGVk
LzEvd256MVZnSUg3T2hJTERMOHRwbGZkOWYzTU1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9AIMA0G
CSqGSIb3DQEBCwUAA4IBAQAVEXOfJ4wUS5VEqi/bo1y5zumT//TtfdPsVekwjx5X
NRZSBZXojk1O0boPaUkGTSIngnWJxzLprpOjPdRgNSdjjq7EBMHVp16mtpRJohl3
XMLDdAoVCrUUixw0oso7nHPyupCwZIOc+5ioXPsvwlRMFbB8m2w+GQ2h7souzR6A
71qB0k4AexWsWNOPmPaCFkXvtKBlud57EpHDlz2+/X9k5Ek/+FdIXbDpEAST1p9I
FyP+w+gq532fuhitOg2bHAnj5mfRUfTPgSdJS25hw+50u39MrvteBRSiBauuoQjM
zamEsSyiDml8gJ1HteTqi0hvEm6ckT6Kl7cHtJ9WW/4x
-----END CERTIFICATE-----