Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/7a4402-f3f5-4f3a-98a8-2337a81b1f78/1/uhs8bgRw41k3aAftJwJBcx5iZQQ.roa
File:                     uhs8bgRw41k3aAftJwJBcx5iZQQ.roa (raw, json)
Hash identifier:          jTz8wOQz69UD9cIYufEMXKJF3CMKnFX8joPso5O2RsY=
Subject key identifier:   BA:1B:3C:6E:04:70:E3:59:37:68:07:ED:27:02:41:73:1E:62:65:04
Certificate issuer:       /CN=3389e0b8a2ff82a23b48dd6e6e76176b4cd3832e
Certificate serial:       018CC8014B5C85892DA023C2AB9AA4FEBB03
Authority key identifier: 33:89:E0:B8:A2:FF:82:A2:3B:48:DD:6E:6E:76:17:6B:4C:D3:83:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M4nguKL_gqI7SN1ubnYXa0zTgy4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/7a4402-f3f5-4f3a-98a8-2337a81b1f78/1/uhs8bgRw41k3aAftJwJBcx5iZQQ.roa
Signing time:             Tue 02 Jan 2024 02:29:37 +0000
ROA not before:           Tue 02 Jan 2024 02:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41489
IP address blocks:        91.240.176.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/7a4402-f3f5-4f3a-98a8-2337a81b1f78/1/M4nguKL_gqI7SN1ubnYXa0zTgy4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/7a4402-f3f5-4f3a-98a8-2337a81b1f78/1/M4nguKL_gqI7SN1ubnYXa0zTgy4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M4nguKL_gqI7SN1ubnYXa0zTgy4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 04:02:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:4b:5c:85:89:2d:a0:23:c2:ab:9a:a4:fe:bb:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3389e0b8a2ff82a23b48dd6e6e76176b4cd3832e
        Validity
            Not Before: Jan  2 02:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba1b3c6e0470e359376807ed270241731e626504
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:94:7a:8a:33:6a:90:1f:75:30:68:85:b9:b0:
                    93:8d:6d:f2:98:36:33:e1:a0:80:fc:d5:24:71:e5:
                    cb:a2:51:20:14:e9:8c:ea:b3:b5:e8:27:b3:27:23:
                    94:1d:63:97:9a:e6:cf:39:e6:86:bd:38:60:99:ad:
                    ec:21:30:9c:42:c1:96:b8:cf:c3:48:ca:ce:73:34:
                    68:14:79:b4:2a:4a:7b:eb:e3:e5:46:64:c4:df:03:
                    ff:db:4f:38:1f:d7:45:f8:69:8d:5c:c4:04:cc:03:
                    97:8c:7f:f4:cd:4d:14:a1:bd:95:25:5f:db:a4:de:
                    20:8e:3b:e7:be:c3:83:38:90:b7:29:82:94:4e:97:
                    e0:58:6d:ef:ac:47:d6:1f:f4:7e:1d:29:9c:d9:f3:
                    69:b8:ad:45:6f:55:5c:c7:d8:ff:f4:f7:76:2b:cd:
                    00:4c:c5:12:70:9b:50:19:b5:3d:da:5b:66:35:7d:
                    b6:52:b6:fc:41:49:cf:a2:f0:c4:bc:23:4a:23:80:
                    76:01:50:72:ce:74:37:ec:b0:c0:49:09:da:60:bf:
                    90:6e:00:45:c9:1f:53:9c:cf:52:31:07:04:0e:7e:
                    19:45:18:89:33:47:0f:18:d2:5a:92:3c:bd:37:aa:
                    e1:48:87:5e:1f:83:d2:1a:04:0b:4a:54:c6:8b:b6:
                    32:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:1B:3C:6E:04:70:E3:59:37:68:07:ED:27:02:41:73:1E:62:65:04
            X509v3 Authority Key Identifier:
                keyid:33:89:E0:B8:A2:FF:82:A2:3B:48:DD:6E:6E:76:17:6B:4C:D3:83:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M4nguKL_gqI7SN1ubnYXa0zTgy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/7a4402-f3f5-4f3a-98a8-2337a81b1f78/1/uhs8bgRw41k3aAftJwJBcx5iZQQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/7a4402-f3f5-4f3a-98a8-2337a81b1f78/1/M4nguKL_gqI7SN1ubnYXa0zTgy4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:b3:96:8e:ed:d9:71:8d:8c:7b:ec:88:6e:a3:d2:52:99:fa:
         da:2a:98:e2:aa:cf:36:50:c2:49:8c:9b:51:b3:c3:35:f7:b9:
         5c:37:90:06:f5:df:a9:41:ec:ac:da:10:9d:22:01:c4:fd:d2:
         c8:9a:69:29:a5:ab:4d:98:ae:28:c6:a2:a4:32:1c:8f:47:ed:
         fc:0e:71:96:88:67:90:f8:16:9c:dc:00:d0:43:1f:b7:6e:1b:
         7a:43:59:69:cd:01:00:44:20:45:d0:f8:24:ed:41:4e:cc:e2:
         67:5a:ae:e1:87:11:89:e5:60:91:e4:ca:41:79:c6:7f:3d:14:
         cc:40:60:c8:85:20:e2:11:db:6c:78:33:cd:53:d6:d8:de:fd:
         23:f7:cc:7c:64:8a:d6:fa:13:da:00:a2:7a:a3:d2:2f:d2:a8:
         a7:62:1b:53:31:4b:71:3e:74:20:85:db:e6:e2:c7:7a:61:7d:
         b4:45:b2:3a:fa:c2:e9:7f:d5:62:7b:11:2e:00:8f:17:e1:71:
         4d:6c:45:24:35:45:a0:59:86:ef:5a:dc:a7:0a:1a:1f:01:5a:
         62:a5:37:8d:d8:52:4a:c4:47:a4:c6:6e:e7:19:30:da:8c:64:
         7d:4d:d9:19:d7:91:11:9a:f6:3b:cc:9d:5b:89:ef:33:b2:e1:
         91:a4:02:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAUtchYktoCPCq5qk/rsDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzODllMGI4YTJmZjgyYTIzYjQ4ZGQ2ZTZlNzYxNzZiNGNk
MzgzMmUwHhcNMjQwMTAyMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTFiM2M2ZTA0NzBlMzU5Mzc2ODA3ZWQyNzAyNDE3MzFlNjI2NTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgpR6ijNqkB91MGiFubCTjW3ymDYz
4aCA/NUkceXLolEgFOmM6rO16CezJyOUHWOXmubPOeaGvThgma3sITCcQsGWuM/D
SMrOczRoFHm0Kkp76+PlRmTE3wP/2084H9dF+GmNXMQEzAOXjH/0zU0Uob2VJV/b
pN4gjjvnvsODOJC3KYKUTpfgWG3vrEfWH/R+HSmc2fNpuK1Fb1Vcx9j/9Pd2K80A
TMUScJtQGbU92ltmNX22Urb8QUnPovDEvCNKI4B2AVByznQ37LDASQnaYL+QbgBF
yR9TnM9SMQcEDn4ZRRiJM0cPGNJakjy9N6rhSIdeH4PSGgQLSlTGi7YymwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLobPG4EcONZN2gH7ScCQXMeYmUEMB8GA1UdIwQY
MBaAFDOJ4Lii/4KiO0jdbm52F2tM04MuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTRuZ3VLTF9ncUk3U04xdWJuWVhhMHpUZ3k0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS83YTQ0MDItZjNmNS00ZjNhLTk4YTgt
MjMzN2E4MWIxZjc4LzEvdWhzOGJnUnc0MWszYUFmdEp3SkJjeDVpWlFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS83YTQ0MDItZjNmNS00ZjNhLTk4YTgtMjMzN2E4MWIxZjc4
LzEvTTRuZ3VLTF9ncUk3U04xdWJuWVhhMHpUZ3k0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/CwMA0G
CSqGSIb3DQEBCwUAA4IBAQBVs5aO7dlxjYx77Ihuo9JSmfraKpjiqs82UMJJjJtR
s8M197lcN5AG9d+pQeys2hCdIgHE/dLImmkppatNmK4oxqKkMhyPR+38DnGWiGeQ
+Bac3ADQQx+3bht6Q1lpzQEARCBF0Pgk7UFOzOJnWq7hhxGJ5WCR5MpBecZ/PRTM
QGDIhSDiEdtseDPNU9bY3v0j98x8ZIrW+hPaAKJ6o9Iv0qinYhtTMUtxPnQghdvm
4sd6YX20RbI6+sLpf9ViexEuAI8X4XFNbEUkNUWgWYbvWtynChofAVpipTeN2FJK
xEekxm7nGTDajGR9TdkZ15ERmvY7zJ1bie8zsuGRpAKy
-----END CERTIFICATE-----