Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/cf0715-b993-4348-97e9-6ec982951cf7/1/uSIQt9KXd075SCg8c12ZzLqXops.roa
File:                     uSIQt9KXd075SCg8c12ZzLqXops.roa (raw, json)
Hash identifier:          z+Hzn7QPqhaHeYgZRbu/8y7jiAY+lRtM2aTK4tLSJ1g=
Subject key identifier:   B9:22:10:B7:D2:97:77:4E:F9:48:28:3C:73:5D:99:CC:BA:97:A2:9B
Certificate issuer:       /CN=6cf2fb0fa52de13c336689cf3f4829d63506750f
Certificate serial:       018CC56EC5B785955DFD2F56FAA95034D68D
Authority key identifier: 6C:F2:FB:0F:A5:2D:E1:3C:33:66:89:CF:3F:48:29:D6:35:06:75:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bPL7D6Ut4TwzZonPP0gp1jUGdQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/cf0715-b993-4348-97e9-6ec982951cf7/1/uSIQt9KXd075SCg8c12ZzLqXops.roa
Signing time:             Mon 01 Jan 2024 14:30:20 +0000
ROA not before:           Mon 01 Jan 2024 14:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43751
IP address blocks:        93.191.216.0/21 maxlen: 24
                          2a02:4b0::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/cf0715-b993-4348-97e9-6ec982951cf7/1/bPL7D6Ut4TwzZonPP0gp1jUGdQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/cf0715-b993-4348-97e9-6ec982951cf7/1/bPL7D6Ut4TwzZonPP0gp1jUGdQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bPL7D6Ut4TwzZonPP0gp1jUGdQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 05:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:c5:b7:85:95:5d:fd:2f:56:fa:a9:50:34:d6:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cf2fb0fa52de13c336689cf3f4829d63506750f
        Validity
            Not Before: Jan  1 14:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b92210b7d297774ef948283c735d99ccba97a29b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:bc:94:f5:24:55:28:94:ae:8a:68:16:5c:f8:
                    6a:20:79:f2:58:dc:8b:7c:0c:64:02:2a:0a:d5:cc:
                    07:7e:4f:9f:c3:03:6c:6a:c7:a9:71:47:e8:b1:3e:
                    3a:12:f3:6a:91:73:22:1a:f2:98:aa:51:96:f5:b9:
                    be:9b:a5:81:cb:c8:c8:de:99:14:6e:6b:bf:a8:5d:
                    df:5d:eb:ea:2d:61:12:fa:f2:da:ff:25:f8:60:22:
                    60:5d:4d:13:2c:d6:ff:23:d6:b8:15:dd:f1:69:31:
                    ae:fb:80:7e:f6:2e:53:aa:e6:76:fe:24:fe:3b:0c:
                    1e:28:fb:42:2e:fe:e6:a9:eb:00:60:2e:69:84:b5:
                    40:0e:b1:be:54:ad:a1:28:75:3a:08:36:aa:f9:bb:
                    b3:1d:f3:9e:13:7b:2e:d1:40:b5:88:df:d2:f1:d3:
                    7e:d1:42:d3:b6:5e:59:bf:a7:82:58:85:48:76:a8:
                    7c:81:5c:67:85:23:00:0d:26:11:0d:9e:72:d3:dd:
                    1f:90:39:90:cc:e0:8c:6b:d4:b5:ae:c7:2e:8a:47:
                    8e:83:ff:3c:e4:d0:3e:4b:a5:22:4a:72:5c:ca:13:
                    b2:93:02:a3:64:d0:f8:f3:35:e9:80:77:df:d1:f0:
                    28:dd:0e:df:5f:bb:09:1f:6f:4c:fc:39:6e:52:49:
                    bd:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:22:10:B7:D2:97:77:4E:F9:48:28:3C:73:5D:99:CC:BA:97:A2:9B
            X509v3 Authority Key Identifier:
                keyid:6C:F2:FB:0F:A5:2D:E1:3C:33:66:89:CF:3F:48:29:D6:35:06:75:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bPL7D6Ut4TwzZonPP0gp1jUGdQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/cf0715-b993-4348-97e9-6ec982951cf7/1/uSIQt9KXd075SCg8c12ZzLqXops.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/cf0715-b993-4348-97e9-6ec982951cf7/1/bPL7D6Ut4TwzZonPP0gp1jUGdQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.191.216.0/21
                IPv6:
                  2a02:4b0::/32

    Signature Algorithm: sha256WithRSAEncryption
         33:b0:98:de:82:29:76:58:aa:d5:2a:29:3c:e0:9a:f8:0d:75:
         b6:f6:a3:64:f8:e6:b7:eb:48:af:82:70:53:95:52:44:c4:8d:
         94:39:94:99:c2:85:0a:83:a4:d1:b5:01:c6:18:56:d5:8b:c3:
         d5:5c:db:b8:72:a3:3f:c1:9c:8d:91:1b:94:62:27:8b:86:7a:
         75:71:cf:fb:9f:2b:6c:73:31:6f:53:ef:c6:32:c6:81:25:37:
         71:9f:5f:63:2e:c3:99:7c:ff:7e:1a:f8:8a:85:4e:ca:74:5a:
         04:bf:6c:30:26:c1:58:19:bb:aa:09:67:be:3b:02:17:7e:ff:
         e9:cc:08:6f:55:13:ca:21:49:a7:55:a1:5f:5f:d2:93:84:d3:
         46:44:0f:21:49:5c:eb:be:4b:ed:a7:71:31:23:7b:30:0d:fe:
         1b:45:b6:3c:c3:06:a8:89:36:ee:8e:46:35:eb:1b:7d:5c:40:
         65:9a:35:2b:a1:ab:86:07:aa:1a:4e:c7:e9:be:e3:be:70:a9:
         b7:24:59:76:fb:46:a4:67:fb:53:bd:98:37:70:de:8f:9e:7d:
         bb:52:e3:a9:5f:fa:2a:65:ff:b2:10:74:d4:18:45:48:82:63:
         0c:0d:c3:87:68:00:0a:d7:59:9f:8e:fd:5c:a7:83:fb:21:23:
         f3:c8:c7:9f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbsW3hZVd/S9W+qlQNNaNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZjJmYjBmYTUyZGUxM2MzMzY2ODljZjNmNDgyOWQ2MzUw
Njc1MGYwHhcNMjQwMTAxMTQzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTIyMTBiN2QyOTc3NzRlZjk0ODI4M2M3MzVkOTljY2JhOTdhMjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbyU9SRVKJSuimgWXPhqIHnyWNyL
fAxkAioK1cwHfk+fwwNsasepcUfosT46EvNqkXMiGvKYqlGW9bm+m6WBy8jI3pkU
bmu/qF3fXevqLWES+vLa/yX4YCJgXU0TLNb/I9a4Fd3xaTGu+4B+9i5TquZ2/iT+
OwweKPtCLv7mqesAYC5phLVADrG+VK2hKHU6CDaq+buzHfOeE3su0UC1iN/S8dN+
0ULTtl5Zv6eCWIVIdqh8gVxnhSMADSYRDZ5y090fkDmQzOCMa9S1rscuikeOg/88
5NA+S6UiSnJcyhOykwKjZND48zXpgHff0fAo3Q7fX7sJH29M/DluUkm9BQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLkiELfSl3dO+UgoPHNdmcy6l6KbMB8GA1UdIwQY
MBaAFGzy+w+lLeE8M2aJzz9IKdY1BnUPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlBMN0Q2VXQ0VHd6Wm9uUFAwZ3AxalVHZFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9jZjA3MTUtYjk5My00MzQ4LTk3ZTkt
NmVjOTgyOTUxY2Y3LzEvdVNJUXQ5S1hkMDc1U0NnOGMxMlp6THFYb3BzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9jZjA3MTUtYjk5My00MzQ4LTk3ZTktNmVjOTgyOTUxY2Y3
LzEvYlBMN0Q2VXQ0VHd6Wm9uUFAwZ3AxalVHZFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDXb/YMA0E
AgACMAcDBQAqAgSwMA0GCSqGSIb3DQEBCwUAA4IBAQAzsJjegil2WKrVKik84Jr4
DXW29qNk+Oa360ivgnBTlVJExI2UOZSZwoUKg6TRtQHGGFbVi8PVXNu4cqM/wZyN
kRuUYieLhnp1cc/7nytsczFvU+/GMsaBJTdxn19jLsOZfP9+GviKhU7KdFoEv2ww
JsFYGbuqCWe+OwIXfv/pzAhvVRPKIUmnVaFfX9KThNNGRA8hSVzrvkvtp3ExI3sw
Df4bRbY8wwaoiTbujkY16xt9XEBlmjUroauGB6oaTsfpvuO+cKm3JFl2+0akZ/tT
vZg3cN6Pnn27UuOpX/oqZf+yEHTUGEVIgmMMDcOHaAAK11mfjv1cp4P7ISPzyMef
-----END CERTIFICATE-----