Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/UU6-88moy2talruHEOnSeF-998s.roa
File:                     UU6-88moy2talruHEOnSeF-998s.roa (raw, json)
Hash identifier:          MimApHl3dokBIGWqg+L989jqpEHn7GAsGXBWpTYZtlM=
Subject key identifier:   51:4E:BE:F3:C9:A8:CB:6B:5A:96:BB:87:10:E9:D2:78:5F:BD:F7:CB
Certificate issuer:       /CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
Certificate serial:       018FA558AB38752FCCF5EFEF67CE771F1FB7
Authority key identifier: E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/UU6-88moy2talruHEOnSeF-998s.roa
Signing time:             Thu 23 May 2024 12:06:42 +0000
ROA not before:           Thu 23 May 2024 12:06:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201364
IP address blocks:        45.10.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 19:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a5:58:ab:38:75:2f:cc:f5:ef:ef:67:ce:77:1f:1f:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
        Validity
            Not Before: May 23 12:06:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=514ebef3c9a8cb6b5a96bb8710e9d2785fbdf7cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:d6:ce:9d:c1:0b:a3:88:54:d6:3e:b0:2e:02:
                    37:a2:e9:c7:0c:9c:68:d9:bb:81:7a:0b:dd:77:21:
                    59:40:3f:04:70:98:29:d0:60:9a:c6:a1:cf:b1:e4:
                    8f:07:21:8b:ec:f7:cf:c6:76:8d:e9:3c:d4:d2:6a:
                    be:bc:a4:01:8d:d5:04:d7:49:25:ab:a5:b1:ef:97:
                    c9:8d:5c:0e:65:94:37:8f:f1:98:98:a8:fe:7c:0b:
                    59:a4:28:54:a2:53:c8:96:99:7b:86:32:8f:e0:e9:
                    68:a8:3b:7f:bc:50:8d:53:35:01:ef:78:e7:4d:a9:
                    fb:47:85:63:4b:ac:80:db:cd:b1:8c:67:63:78:cd:
                    12:00:d8:c7:71:e1:65:11:cf:0c:ed:03:c7:ee:21:
                    97:8f:8c:2c:37:2c:78:61:d7:8f:92:0f:2b:29:3d:
                    54:09:eb:32:f8:ac:7d:f5:66:e6:c2:d2:2b:9f:c8:
                    d1:48:63:c1:c0:81:c2:dd:3b:ea:cd:5b:fd:d5:e4:
                    73:eb:26:c2:71:6b:c8:59:10:dd:b7:36:f8:9a:c8:
                    cd:b6:d7:c5:b3:ed:e7:7d:d2:d1:3a:26:e1:5c:68:
                    4b:19:bb:d5:f0:ba:c1:6d:9f:c6:6b:a4:38:27:9c:
                    aa:a0:5e:1a:1d:8e:72:4d:f8:e6:ad:01:bb:68:22:
                    b1:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:4E:BE:F3:C9:A8:CB:6B:5A:96:BB:87:10:E9:D2:78:5F:BD:F7:CB
            X509v3 Authority Key Identifier:
                keyid:E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/UU6-88moy2talruHEOnSeF-998s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:66:33:b9:ad:1b:93:60:be:51:6d:73:63:1a:5c:02:3c:2e:
         6d:ca:1a:7f:b4:0c:48:8b:a4:6a:d9:63:56:57:e4:d1:b0:bd:
         c0:3f:83:30:81:35:1c:b9:90:61:45:c7:a7:82:ae:cd:ee:2e:
         1b:cc:40:26:79:a4:3a:b9:9c:b8:48:16:76:f8:09:5f:8c:76:
         a9:df:df:00:68:82:7f:62:ee:d5:f1:44:dd:6a:94:09:18:a6:
         d3:d7:1c:59:c7:69:38:36:88:6e:07:86:0a:8f:31:fd:7d:3e:
         cc:55:e6:14:b9:af:cf:c5:9b:e3:e4:90:dc:d6:81:75:3a:29:
         90:33:7f:04:0a:e6:97:f4:70:7f:31:82:59:5a:25:07:06:22:
         f8:e9:d6:99:69:aa:0c:87:30:fe:bb:be:12:9e:c8:75:5c:c5:
         dc:54:c0:95:28:d8:f8:b2:3b:ed:a1:00:f1:af:b7:fc:b9:6d:
         5d:09:26:f4:d6:54:95:46:02:26:cc:ef:aa:34:24:32:c2:51:
         a4:8b:66:9f:1a:c3:48:76:47:fb:83:cc:45:81:20:4c:bb:ea:
         ba:10:d3:1a:48:13:0a:7c:14:8e:6d:d7:3e:5a:a4:ea:5b:05:
         12:7e:33:b5:e3:b9:16:de:18:6e:82:f7:02:ce:64:22:26:c2:
         2f:64:9f:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+lWKs4dS/M9e/vZ853Hx+3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNTU5Y2U4ODlhZTQyNDExMjFmZTBhMTY1M2U0Yjk1NWYz
ZWRmNGIwHhcNMjQwNTIzMTIwNjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTRlYmVmM2M5YThjYjZiNWE5NmJiODcxMGU5ZDI3ODVmYmRmN2NiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxtbOncELo4hU1j6wLgI3ounHDJxo
2buBegvddyFZQD8EcJgp0GCaxqHPseSPByGL7PfPxnaN6TzU0mq+vKQBjdUE10kl
q6Wx75fJjVwOZZQ3j/GYmKj+fAtZpChUolPIlpl7hjKP4OloqDt/vFCNUzUB73jn
Tan7R4VjS6yA282xjGdjeM0SANjHceFlEc8M7QPH7iGXj4wsNyx4YdePkg8rKT1U
Cesy+Kx99WbmwtIrn8jRSGPBwIHC3TvqzVv91eRz6ybCcWvIWRDdtzb4msjNttfF
s+3nfdLROibhXGhLGbvV8LrBbZ/Ga6Q4J5yqoF4aHY5yTfjmrQG7aCKxuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFFOvvPJqMtrWpa7hxDp0nhfvffLMB8GA1UdIwQY
MBaAFOBVnOiJrkJBEh/goWU+S5VfPt9LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYt
OTQ0OTk1N2ZkNWE1LzEvVVU2LTg4bW95MnRhbHJ1SEVPblNlRi05OThzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYtOTQ0OTk1N2ZkNWE1
LzEvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQo4MA0G
CSqGSIb3DQEBCwUAA4IBAQCMZjO5rRuTYL5RbXNjGlwCPC5tyhp/tAxIi6Rq2WNW
V+TRsL3AP4MwgTUcuZBhRcengq7N7i4bzEAmeaQ6uZy4SBZ2+AlfjHap398AaIJ/
Yu7V8UTdapQJGKbT1xxZx2k4NohuB4YKjzH9fT7MVeYUua/PxZvj5JDc1oF1OimQ
M38ECuaX9HB/MYJZWiUHBiL46daZaaoMhzD+u74Snsh1XMXcVMCVKNj4sjvtoQDx
r7f8uW1dCSb01lSVRgImzO+qNCQywlGki2afGsNIdkf7g8xFgSBMu+q6ENMaSBMK
fBSObdc+WqTqWwUSfjO147kW3hhugvcCzmQiJsIvZJ9Z
-----END CERTIFICATE-----