Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/ff6401-1f00-4b74-ab99-4d9296e9b3ae/1/UfTZFBTcyZE1rjLtwICTjyQpbb8.roa
File:                     UfTZFBTcyZE1rjLtwICTjyQpbb8.roa (raw, json)
Hash identifier:          7FjMVTmNzUARjwpVHwPSRJ+Cg47Zw0D3KH+LLamwCCU=
Subject key identifier:   51:F4:D9:14:14:DC:C9:91:35:AE:32:ED:C0:80:93:8F:24:29:6D:BF
Certificate issuer:       /CN=2413a341967aedbe52a8b11c79cb13911a4a9f77
Certificate serial:       018CC8DCE92E457D1F724CF0AB9091CAA333
Authority key identifier: 24:13:A3:41:96:7A:ED:BE:52:A8:B1:1C:79:CB:13:91:1A:4A:9F:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JBOjQZZ67b5SqLEcecsTkRpKn3c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/ff6401-1f00-4b74-ab99-4d9296e9b3ae/1/UfTZFBTcyZE1rjLtwICTjyQpbb8.roa
Signing time:             Tue 02 Jan 2024 06:29:29 +0000
ROA not before:           Tue 02 Jan 2024 06:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41755
IP address blocks:        193.37.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/ff6401-1f00-4b74-ab99-4d9296e9b3ae/1/JBOjQZZ67b5SqLEcecsTkRpKn3c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/ff6401-1f00-4b74-ab99-4d9296e9b3ae/1/JBOjQZZ67b5SqLEcecsTkRpKn3c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JBOjQZZ67b5SqLEcecsTkRpKn3c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:e9:2e:45:7d:1f:72:4c:f0:ab:90:91:ca:a3:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2413a341967aedbe52a8b11c79cb13911a4a9f77
        Validity
            Not Before: Jan  2 06:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51f4d91414dcc99135ae32edc080938f24296dbf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:bb:df:1d:68:12:12:cd:10:31:cb:b3:78:61:
                    27:f5:87:67:09:dc:24:18:91:72:c6:c7:1e:ac:be:
                    02:57:2f:70:a8:39:fe:a6:c9:a2:8a:83:f4:19:a8:
                    26:88:1d:82:0b:0b:31:e4:dc:f4:31:de:29:2d:34:
                    ed:c7:d4:75:e8:32:d9:50:29:2a:ae:27:9b:9b:c0:
                    2f:51:8f:68:43:a4:3e:59:a6:aa:43:f9:57:f3:3d:
                    29:b1:d5:da:0a:a4:bf:22:60:e7:b1:11:90:41:6e:
                    99:67:52:c6:e8:79:b4:e1:ac:7e:7f:df:6d:c8:e6:
                    a0:4e:ec:47:aa:5c:68:c3:50:aa:b3:34:0d:f2:fb:
                    69:33:37:b1:26:f7:c9:a1:56:8a:ae:e8:2c:39:59:
                    4c:29:cd:17:1b:ff:b6:32:2e:65:b4:fb:9e:02:b3:
                    1e:91:05:4c:b6:13:08:96:4c:46:a9:88:6c:96:b0:
                    c6:cb:34:0e:09:3b:1c:ca:24:b3:7a:ae:e3:4e:ca:
                    98:5e:b5:48:ac:96:ee:c9:34:40:52:6f:0f:cf:80:
                    36:a7:e8:08:17:3a:cf:97:c2:78:8e:d0:d7:b7:66:
                    3e:3b:f6:7b:93:42:ad:d8:46:9f:ef:f3:e1:87:b2:
                    80:23:cd:4c:83:ea:7f:78:34:d5:9d:56:2c:9f:ff:
                    e5:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:F4:D9:14:14:DC:C9:91:35:AE:32:ED:C0:80:93:8F:24:29:6D:BF
            X509v3 Authority Key Identifier:
                keyid:24:13:A3:41:96:7A:ED:BE:52:A8:B1:1C:79:CB:13:91:1A:4A:9F:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JBOjQZZ67b5SqLEcecsTkRpKn3c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/ff6401-1f00-4b74-ab99-4d9296e9b3ae/1/UfTZFBTcyZE1rjLtwICTjyQpbb8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/ff6401-1f00-4b74-ab99-4d9296e9b3ae/1/JBOjQZZ67b5SqLEcecsTkRpKn3c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:0c:56:00:04:00:50:cb:5c:8a:0e:e9:29:81:6a:48:8d:ca:
         94:12:ae:d4:ae:62:f9:3e:e5:51:87:b3:7d:99:1d:5c:2f:2a:
         66:d4:36:1e:31:d5:48:30:d4:b3:77:fa:47:31:7a:5f:9f:db:
         5c:26:ce:e3:a8:26:5d:38:90:ab:67:ad:99:ad:36:e1:92:2d:
         7c:25:48:c9:26:30:f4:4e:a1:d1:43:5d:65:2f:fc:70:f9:89:
         81:87:25:13:a8:9c:6c:b6:86:85:e2:38:8f:f6:20:11:f3:f9:
         05:6a:5c:77:cc:59:3e:3e:21:2b:95:6d:12:d7:4a:5d:6d:0b:
         7d:93:97:53:62:bd:5c:50:09:59:81:56:cc:83:6e:3c:5a:f1:
         76:e7:25:70:5b:fa:ab:2b:14:be:99:c3:65:71:9e:47:ef:fc:
         8c:3b:31:f6:1e:02:4a:32:fa:dd:1a:17:e3:f3:af:fb:09:e3:
         85:b8:20:ee:f6:2b:4a:bc:fb:96:90:42:ec:02:dc:36:23:28:
         44:79:79:bf:a1:d9:0e:45:60:91:4a:b0:e3:33:4b:1b:22:15:
         0d:05:48:b2:ba:db:4a:25:2d:b9:7e:25:e1:0c:ad:13:13:75:
         76:e0:f9:3a:49:ea:04:f3:2d:30:4c:5c:6e:05:47:2d:eb:ce:
         95:4f:9d:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3OkuRX0fckzwq5CRyqMzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0MTNhMzQxOTY3YWVkYmU1MmE4YjExYzc5Y2IxMzkxMWE0
YTlmNzcwHhcNMjQwMTAyMDYyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWY0ZDkxNDE0ZGNjOTkxMzVhZTMyZWRjMDgwOTM4ZjI0Mjk2ZGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp7vfHWgSEs0QMcuzeGEn9YdnCdwk
GJFyxscerL4CVy9wqDn+psmiioP0GagmiB2CCwsx5Nz0Md4pLTTtx9R16DLZUCkq
riebm8AvUY9oQ6Q+WaaqQ/lX8z0psdXaCqS/ImDnsRGQQW6ZZ1LG6Hm04ax+f99t
yOagTuxHqlxow1CqszQN8vtpMzexJvfJoVaKrugsOVlMKc0XG/+2Mi5ltPueArMe
kQVMthMIlkxGqYhslrDGyzQOCTscyiSzeq7jTsqYXrVIrJbuyTRAUm8Pz4A2p+gI
FzrPl8J4jtDXt2Y+O/Z7k0Kt2Eaf7/Phh7KAI81Mg+p/eDTVnVYsn//lBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFH02RQU3MmRNa4y7cCAk48kKW2/MB8GA1UdIwQY
MBaAFCQTo0GWeu2+UqixHHnLE5EaSp93MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkJPalFaWjY3YjVTcUxFY2Vjc1RrUnBLbjNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9mZjY0MDEtMWYwMC00Yjc0LWFiOTkt
NGQ5Mjk2ZTliM2FlLzEvVWZUWkZCVGN5WkUxcmpMdHdJQ1RqeVFwYmI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9mZjY0MDEtMWYwMC00Yjc0LWFiOTktNGQ5Mjk2ZTliM2Fl
LzEvSkJPalFaWjY3YjVTcUxFY2Vjc1RrUnBLbjNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSWaMA0G
CSqGSIb3DQEBCwUAA4IBAQAcDFYABABQy1yKDukpgWpIjcqUEq7UrmL5PuVRh7N9
mR1cLypm1DYeMdVIMNSzd/pHMXpfn9tcJs7jqCZdOJCrZ62ZrTbhki18JUjJJjD0
TqHRQ11lL/xw+YmBhyUTqJxstoaF4jiP9iAR8/kFalx3zFk+PiErlW0S10pdbQt9
k5dTYr1cUAlZgVbMg248WvF25yVwW/qrKxS+mcNlcZ5H7/yMOzH2HgJKMvrdGhfj
86/7CeOFuCDu9itKvPuWkELsAtw2IyhEeXm/odkORWCRSrDjM0sbIhUNBUiyuttK
JS25fiXhDK0TE3V24Pk6SeoE8y0wTFxuBUct686VT52y
-----END CERTIFICATE-----