Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/0b556b-ed22-4453-925d-5dbb36f7a033/1/uhs7k9-7IihUS16ecjm03SJR1ZM.roa
File:                     uhs7k9-7IihUS16ecjm03SJR1ZM.roa (raw, json)
Hash identifier:          gRTKtW8pEP1s6rgO1euVDsyU2SNgkBfARVxWYLjq8Wc=
Subject key identifier:   BA:1B:3B:93:DF:BB:22:28:54:4B:5E:9E:72:39:B4:DD:22:51:D5:93
Certificate issuer:       /CN=14a3de4b7e66c87cf9c33e008a02d1a46e3fc766
Certificate serial:       018CC8DE5FFF1F066FF7F70C1E9D01271403
Authority key identifier: 14:A3:DE:4B:7E:66:C8:7C:F9:C3:3E:00:8A:02:D1:A4:6E:3F:C7:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FKPeS35myHz5wz4AigLRpG4_x2Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/0b556b-ed22-4453-925d-5dbb36f7a033/1/uhs7k9-7IihUS16ecjm03SJR1ZM.roa
Signing time:             Tue 02 Jan 2024 06:31:05 +0000
ROA not before:           Tue 02 Jan 2024 06:31:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198515
IP address blocks:        2a0d:70c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/0b556b-ed22-4453-925d-5dbb36f7a033/1/FKPeS35myHz5wz4AigLRpG4_x2Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/0b556b-ed22-4453-925d-5dbb36f7a033/1/FKPeS35myHz5wz4AigLRpG4_x2Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FKPeS35myHz5wz4AigLRpG4_x2Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:5f:ff:1f:06:6f:f7:f7:0c:1e:9d:01:27:14:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=14a3de4b7e66c87cf9c33e008a02d1a46e3fc766
        Validity
            Not Before: Jan  2 06:31:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba1b3b93dfbb2228544b5e9e7239b4dd2251d593
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:83:68:01:89:45:bc:96:e6:45:88:f6:bf:ac:
                    95:94:9f:10:1c:1a:3a:50:84:c8:66:9a:dc:cb:df:
                    ca:3e:92:89:fc:fb:12:73:e5:1e:e8:28:a5:3c:2e:
                    bd:76:02:b3:6e:4c:22:eb:16:3d:66:96:6c:a6:79:
                    05:96:7c:5b:41:87:9f:2b:9a:33:a0:83:fb:a4:40:
                    86:44:e8:96:4f:8f:c2:77:bd:86:a1:85:70:97:58:
                    42:61:37:46:3d:cb:15:eb:68:f3:57:3d:83:67:e0:
                    75:59:16:2f:ad:a7:40:f5:bd:95:d7:2a:b4:9e:ff:
                    d1:ff:94:77:cc:d9:37:34:1b:b8:68:d2:eb:8d:f1:
                    4e:66:0d:37:bc:a3:60:f9:e1:87:8a:51:e6:b6:1b:
                    21:91:c3:92:9f:ec:f7:5e:9e:22:94:c8:6d:40:2d:
                    c6:16:af:b4:ca:55:aa:e4:74:3f:93:1a:0a:de:77:
                    f8:3d:30:ad:f5:16:8e:00:64:da:3b:7a:c8:0d:06:
                    87:48:0f:52:7f:d2:6f:a3:fc:90:d0:c9:a2:5a:c0:
                    22:32:2b:69:8d:30:f7:a2:7b:5c:d6:77:a8:31:88:
                    79:7f:39:92:fc:6c:92:6c:39:e3:ce:05:46:b5:92:
                    fd:53:7a:26:7d:d0:a3:0b:db:51:cc:4e:84:38:d7:
                    ec:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:1B:3B:93:DF:BB:22:28:54:4B:5E:9E:72:39:B4:DD:22:51:D5:93
            X509v3 Authority Key Identifier:
                keyid:14:A3:DE:4B:7E:66:C8:7C:F9:C3:3E:00:8A:02:D1:A4:6E:3F:C7:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FKPeS35myHz5wz4AigLRpG4_x2Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/0b556b-ed22-4453-925d-5dbb36f7a033/1/uhs7k9-7IihUS16ecjm03SJR1ZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/0b556b-ed22-4453-925d-5dbb36f7a033/1/FKPeS35myHz5wz4AigLRpG4_x2Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:70c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         5a:7a:89:35:71:d7:1d:6a:ce:dd:69:1e:02:45:fe:26:5b:ce:
         4d:a4:b1:6a:d9:7b:ff:da:2a:85:81:5f:5e:51:29:c2:4f:cc:
         dc:03:64:9d:b6:4f:7a:c3:34:0d:c5:4c:58:0e:6c:f8:5c:4d:
         17:da:e3:25:70:39:6d:d3:c0:f4:78:a2:50:8c:c3:93:d3:be:
         75:27:f2:e9:93:31:c3:57:e0:d0:1f:18:a2:ba:98:5a:66:23:
         4a:4f:e2:66:53:3b:43:01:1a:06:c7:bd:31:b6:34:1b:61:89:
         59:cb:50:c1:a4:4f:82:b0:04:fa:53:db:6b:fa:8c:3a:5d:6e:
         dc:59:7d:ad:66:3b:b7:b1:65:df:4e:c1:d6:be:70:49:ad:1b:
         02:02:c8:44:81:63:5b:1f:16:5c:d3:e0:a8:9a:45:8a:87:3a:
         5d:76:6e:8f:74:de:40:1c:b5:42:73:f3:77:1d:15:eb:a4:65:
         1e:12:bf:65:2d:d6:b9:af:26:32:b6:7c:94:53:d8:38:03:03:
         4c:2a:cc:25:20:5b:35:68:ce:52:68:3f:f6:96:4b:f5:dd:f7:
         f4:97:6e:25:62:43:ce:66:e5:6e:6b:84:44:74:b1:4e:b1:9b:
         55:44:fc:62:c4:b4:90:25:9f:d6:ca:30:d3:4d:7e:ad:24:8d:
         4f:b1:21:60
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzI3l//HwZv9/cMHp0BJxQDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0YTNkZTRiN2U2NmM4N2NmOWMzM2UwMDhhMDJkMWE0NmUz
ZmM3NjYwHhcNMjQwMTAyMDYzMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTFiM2I5M2RmYmIyMjI4NTQ0YjVlOWU3MjM5YjRkZDIyNTFkNTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgoNoAYlFvJbmRYj2v6yVlJ8QHBo6
UITIZprcy9/KPpKJ/PsSc+Ue6CilPC69dgKzbkwi6xY9ZpZspnkFlnxbQYefK5oz
oIP7pECGROiWT4/Cd72GoYVwl1hCYTdGPcsV62jzVz2DZ+B1WRYvradA9b2V1yq0
nv/R/5R3zNk3NBu4aNLrjfFOZg03vKNg+eGHilHmthshkcOSn+z3Xp4ilMhtQC3G
Fq+0ylWq5HQ/kxoK3nf4PTCt9RaOAGTaO3rIDQaHSA9Sf9Jvo/yQ0MmiWsAiMitp
jTD3ontc1neoMYh5fzmS/GySbDnjzgVGtZL9U3omfdCjC9tRzE6EONfsIQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLobO5PfuyIoVEtennI5tN0iUdWTMB8GA1UdIwQY
MBaAFBSj3kt+Zsh8+cM+AIoC0aRuP8dmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRktQZVMzNW15SHo1d3o0QWlnTFJwRzRfeDJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi8wYjU1NmItZWQyMi00NDUzLTkyNWQt
NWRiYjM2ZjdhMDMzLzEvdWhzN2s5LTdJaWhVUzE2ZWNqbTAzU0pSMVpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi8wYjU1NmItZWQyMi00NDUzLTkyNWQtNWRiYjM2ZjdhMDMz
LzEvRktQZVMzNW15SHo1d3o0QWlnTFJwRzRfeDJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg1wwDAN
BgkqhkiG9w0BAQsFAAOCAQEAWnqJNXHXHWrO3WkeAkX+JlvOTaSxatl7/9oqhYFf
XlEpwk/M3ANknbZPesM0DcVMWA5s+FxNF9rjJXA5bdPA9HiiUIzDk9O+dSfy6ZMx
w1fg0B8YorqYWmYjSk/iZlM7QwEaBse9MbY0G2GJWctQwaRPgrAE+lPba/qMOl1u
3Fl9rWY7t7Fl307B1r5wSa0bAgLIRIFjWx8WXNPgqJpFioc6XXZuj3TeQBy1QnPz
dx0V66RlHhK/ZS3Wua8mMrZ8lFPYOAMDTCrMJSBbNWjOUmg/9pZL9d339JduJWJD
zmblbmuERHSxTrGbVUT8YsS0kCWf1sow001+rSSNT7EhYA==
-----END CERTIFICATE-----