Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/UCJyoSVzGCZqzjm-fo5HtRwl7bE.roa
File:                     UCJyoSVzGCZqzjm-fo5HtRwl7bE.roa (raw, json)
Hash identifier:          krSQZ31zUqnpvTG5WYKJJMXigq64M70wFd0S4ql3U+A=
Subject key identifier:   50:22:72:A1:25:73:18:26:6A:CE:39:BE:7E:8E:47:B5:1C:25:ED:B1
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       0191468446F7D0B1292F1620BE13ADD2814C
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/UCJyoSVzGCZqzjm-fo5HtRwl7bE.roa
Signing time:             Mon 12 Aug 2024 12:15:59 +0000
ROA not before:           Mon 12 Aug 2024 12:15:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198231
IP address blocks:        2a0f:a300::/29 maxlen: 29
                          2a10:a280::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:46:84:46:f7:d0:b1:29:2f:16:20:be:13:ad:d2:81:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: Aug 12 12:15:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=502272a1257318266ace39be7e8e47b51c25edb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:a0:97:a4:47:15:21:60:21:4b:f1:54:83:1f:
                    15:aa:38:87:f3:2d:81:9c:53:03:ef:98:df:35:56:
                    42:b5:aa:9c:7a:2c:fa:a9:3d:6c:9f:e5:40:3c:94:
                    da:ad:b3:bb:06:d7:ef:02:71:cd:a8:21:ae:cb:9c:
                    9c:7c:ce:41:be:6b:34:0e:33:17:a9:60:0a:17:b9:
                    62:30:c5:7b:90:ab:a6:4e:ca:7c:9d:9c:25:9c:16:
                    18:4e:60:a8:8d:38:8f:6a:68:70:81:f1:1d:72:c7:
                    d3:d3:a7:40:7a:ec:30:59:d0:19:eb:31:d1:ff:80:
                    39:24:3f:44:af:45:c8:22:77:62:2a:3f:47:94:d2:
                    6e:2b:26:dc:92:a5:7a:59:06:b0:b6:bc:e3:7a:ba:
                    49:f0:cc:99:34:1b:80:53:f3:55:d7:5b:9c:7a:c5:
                    db:73:e9:53:e5:01:ef:88:7c:da:45:cf:92:6c:ef:
                    b6:e3:e8:7b:bf:06:d0:37:3b:2d:5e:dc:68:22:32:
                    08:42:bf:f6:ec:ef:59:52:e9:55:73:7a:6a:55:51:
                    da:54:9b:b9:ab:c5:51:04:49:ca:5e:1b:9d:ac:ea:
                    8e:d8:ed:b8:07:83:8f:6b:ca:02:fa:c0:5f:66:b0:
                    fa:ef:d1:58:22:cf:d2:da:e0:de:fc:a9:21:91:bb:
                    06:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:22:72:A1:25:73:18:26:6A:CE:39:BE:7E:8E:47:B5:1C:25:ED:B1
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/UCJyoSVzGCZqzjm-fo5HtRwl7bE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:a300::/29
                  2a10:a280::/29

    Signature Algorithm: sha256WithRSAEncryption
         88:3f:a2:29:e4:60:d5:e2:31:d2:2a:3b:86:0a:cf:00:7e:01:
         ea:75:e9:15:db:0d:78:17:71:19:a1:ed:d0:8c:8b:82:1b:84:
         75:e2:13:aa:42:22:fb:5e:ed:21:67:e6:58:f8:57:1d:62:1d:
         77:44:55:48:1f:e9:e0:f4:35:76:86:fd:42:b3:57:45:33:f7:
         c9:5e:71:3c:b2:08:34:b1:5f:65:55:4a:04:ee:37:7f:f8:29:
         ab:a5:b8:47:b7:94:ef:55:eb:de:0c:47:f2:b6:da:8e:be:a8:
         f5:a2:fd:e4:55:75:33:06:53:d0:76:60:20:37:1f:39:f4:4c:
         5d:de:f7:30:5b:f5:f2:d8:a7:7c:19:c3:73:9a:b0:b8:d1:7f:
         ce:f2:6e:b7:8b:43:b7:a8:14:9c:1b:39:2e:69:aa:d8:23:97:
         08:e7:84:4d:a4:6d:87:ab:b4:6b:1f:29:f0:ef:b1:93:6e:28:
         09:4a:5c:7f:a6:f9:2a:57:d9:eb:07:fe:51:3d:d5:72:30:49:
         94:25:42:aa:50:05:e1:e9:b2:23:c7:87:46:00:09:f7:00:01:
         1c:8b:bc:ce:3c:26:c7:f1:4b:79:ce:e5:51:97:33:de:f8:07:
         11:37:74:a8:42:6e:51:3a:73:ae:f6:58:ab:10:93:66:01:67:
         73:a1:b4:c1
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZFGhEb30LEpLxYgvhOt0oFMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjQwODEyMTIxNTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDIyNzJhMTI1NzMxODI2NmFjZTM5YmU3ZThlNDdiNTFjMjVlZGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAraCXpEcVIWAhS/FUgx8VqjiH8y2B
nFMD75jfNVZCtaqceiz6qT1sn+VAPJTarbO7BtfvAnHNqCGuy5ycfM5Bvms0DjMX
qWAKF7liMMV7kKumTsp8nZwlnBYYTmCojTiPamhwgfEdcsfT06dAeuwwWdAZ6zHR
/4A5JD9Er0XIIndiKj9HlNJuKybckqV6WQawtrzjerpJ8MyZNBuAU/NV11ucesXb
c+lT5QHviHzaRc+SbO+24+h7vwbQNzstXtxoIjIIQr/27O9ZUulVc3pqVVHaVJu5
q8VRBEnKXhudrOqO2O24B4OPa8oC+sBfZrD679FYIs/S2uDe/KkhkbsG0QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFAicqElcxgmas45vn6OR7UcJe2xMB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEvVUNKeW9TVnpHQ1pxemptLWZvNUh0UndsN2JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUtMTMyZmZjOGJkZTQ2
LzEvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKg+jAAMF
AyoQooAwDQYJKoZIhvcNAQELBQADggEBAIg/oinkYNXiMdIqO4YKzwB+Aep16RXb
DXgXcRmh7dCMi4IbhHXiE6pCIvte7SFn5lj4Vx1iHXdEVUgf6eD0NXaG/UKzV0Uz
98lecTyyCDSxX2VVSgTuN3/4KauluEe3lO9V694MR/K22o6+qPWi/eRVdTMGU9B2
YCA3Hzn0TF3e9zBb9fLYp3wZw3OasLjRf87ybreLQ7eoFJwbOS5pqtgjlwjnhE2k
bYertGsfKfDvsZNuKAlKXH+m+SpX2esH/lE91XIwSZQlQqpQBeHpsiPHh0YACfcA
ARyLvM48JsfxS3nO5VGXM974BxE3dKhCblE6c672WKsQk2YBZ3OhtME=
-----END CERTIFICATE-----