Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/3cb9d2-70ff-46d6-9c73-57586156354e/1/UJSMkoWYvzNtc7DAmkorRCNf8e0.roa
File:                     UJSMkoWYvzNtc7DAmkorRCNf8e0.roa (raw, json)
Hash identifier:          0+2Fwk7A6fQnGTiI5NMb17r0w30UT4i8xsmgh7RHtao=
Subject key identifier:   50:94:8C:92:85:98:BF:33:6D:73:B0:C0:9A:4A:2B:44:23:5F:F1:ED
Certificate issuer:       /CN=f261df44b346823cce8c6643b5fa6919afb23195
Certificate serial:       018CC726EDF0D4C54C80E0506F8A691A708D
Authority key identifier: F2:61:DF:44:B3:46:82:3C:CE:8C:66:43:B5:FA:69:19:AF:B2:31:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8mHfRLNGgjzOjGZDtfppGa-yMZU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/3cb9d2-70ff-46d6-9c73-57586156354e/1/UJSMkoWYvzNtc7DAmkorRCNf8e0.roa
Signing time:             Mon 01 Jan 2024 22:31:06 +0000
ROA not before:           Mon 01 Jan 2024 22:31:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208337
IP address blocks:        45.143.181.0/24 maxlen: 24
                          45.143.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/3cb9d2-70ff-46d6-9c73-57586156354e/1/8mHfRLNGgjzOjGZDtfppGa-yMZU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/3cb9d2-70ff-46d6-9c73-57586156354e/1/8mHfRLNGgjzOjGZDtfppGa-yMZU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8mHfRLNGgjzOjGZDtfppGa-yMZU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 19:54:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:ed:f0:d4:c5:4c:80:e0:50:6f:8a:69:1a:70:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f261df44b346823cce8c6643b5fa6919afb23195
        Validity
            Not Before: Jan  1 22:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=50948c928598bf336d73b0c09a4a2b44235ff1ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:3a:3a:69:31:ab:12:52:ca:2f:ae:9b:b8:58:
                    2d:cc:a4:7e:48:c1:b7:77:42:89:ba:87:67:1c:84:
                    5d:04:4b:17:9e:6b:21:f5:78:ce:5b:74:3d:ea:9d:
                    b8:61:65:98:d8:61:e4:53:f6:a6:26:af:2f:1a:3c:
                    72:a1:b2:f7:46:9e:c8:0e:b7:95:6b:9c:f2:e4:9a:
                    82:da:9e:4c:c3:53:c4:34:26:c7:33:97:a1:a1:50:
                    02:24:57:53:93:69:93:7e:d0:41:96:50:a3:6d:3e:
                    49:df:1b:ec:d7:4a:73:96:5f:05:df:00:a7:d8:5b:
                    a4:06:fe:95:b9:c8:81:d4:9a:5a:76:75:5d:a1:bd:
                    0c:72:3b:2e:0b:73:a3:3d:ff:35:d8:1f:11:a2:ff:
                    4b:46:fa:e9:91:df:b7:bc:98:e1:16:ac:ca:34:5e:
                    14:bc:3c:e2:1f:19:04:89:bd:c7:df:cc:a1:b5:91:
                    75:df:10:ce:6d:e4:df:97:ef:05:ba:3f:cb:b6:10:
                    ac:11:2e:fd:97:7d:d9:ff:c9:88:04:7e:67:24:ba:
                    5b:c6:19:0f:bd:b4:1d:ed:66:49:8b:4c:8b:ca:6d:
                    fd:6b:36:99:b3:16:0d:0b:87:1c:9b:e2:5a:13:a2:
                    31:48:b9:76:63:b0:0a:12:72:cc:f4:05:77:03:3c:
                    07:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:94:8C:92:85:98:BF:33:6D:73:B0:C0:9A:4A:2B:44:23:5F:F1:ED
            X509v3 Authority Key Identifier:
                keyid:F2:61:DF:44:B3:46:82:3C:CE:8C:66:43:B5:FA:69:19:AF:B2:31:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8mHfRLNGgjzOjGZDtfppGa-yMZU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/3cb9d2-70ff-46d6-9c73-57586156354e/1/UJSMkoWYvzNtc7DAmkorRCNf8e0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/3cb9d2-70ff-46d6-9c73-57586156354e/1/8mHfRLNGgjzOjGZDtfppGa-yMZU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.181.0-45.143.182.255

    Signature Algorithm: sha256WithRSAEncryption
         ed:a9:9c:65:fa:76:bf:5f:a1:a2:96:23:f4:48:a2:75:70:fb:
         3a:a3:d6:09:5f:53:9d:3e:d6:bf:d7:b1:a6:13:d7:67:46:15:
         8c:21:e0:27:c4:de:73:f6:7c:e9:2c:d3:73:ef:35:b2:f4:4e:
         ee:c9:74:ec:e1:74:cf:3d:e4:3b:40:95:87:ea:b1:6e:23:6b:
         5f:90:ff:4c:a7:b7:2f:68:9b:fb:ff:72:eb:a9:72:81:7c:15:
         52:e2:d8:1b:53:88:7b:26:41:c6:79:d7:4f:6d:6c:c6:20:72:
         ad:db:21:5f:d8:3a:80:22:a6:58:29:7c:c6:4a:e3:d9:29:90:
         92:1b:e7:83:8c:cc:a0:0f:0f:40:0b:72:19:32:9b:e4:22:b0:
         cd:ad:29:88:e6:46:31:6d:3e:06:1b:27:52:71:4d:55:e2:4a:
         17:14:6d:a8:49:ed:fa:8f:0d:ec:df:d7:7f:fb:a4:36:7e:71:
         34:16:b0:63:cf:12:4b:d3:f8:25:b8:2e:fc:98:3c:a1:72:83:
         92:55:ea:96:0f:28:25:27:9a:c0:30:90:74:73:fd:18:b2:c6:
         6f:c4:73:73:2c:db:d7:8d:97:d9:e8:b0:31:ea:a3:28:11:b8:
         2b:f7:6b:e3:d9:69:c4:7a:7e:cb:02:99:06:02:d9:63:ac:78:
         8c:66:93:ff
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzHJu3w1MVMgOBQb4ppGnCNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyNjFkZjQ0YjM0NjgyM2NjZThjNjY0M2I1ZmE2OTE5YWZi
MjMxOTUwHhcNMjQwMTAxMjIzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDk0OGM5Mjg1OThiZjMzNmQ3M2IwYzA5YTRhMmI0NDIzNWZmMWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhjo6aTGrElLKL66buFgtzKR+SMG3
d0KJuodnHIRdBEsXnmsh9XjOW3Q96p24YWWY2GHkU/amJq8vGjxyobL3Rp7IDreV
a5zy5JqC2p5Mw1PENCbHM5ehoVACJFdTk2mTftBBllCjbT5J3xvs10pzll8F3wCn
2FukBv6VuciB1JpadnVdob0McjsuC3OjPf812B8Rov9LRvrpkd+3vJjhFqzKNF4U
vDziHxkEib3H38yhtZF13xDObeTfl+8Fuj/LthCsES79l33Z/8mIBH5nJLpbxhkP
vbQd7WZJi0yLym39azaZsxYNC4ccm+JaE6IxSLl2Y7AKEnLM9AV3AzwHbwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFCUjJKFmL8zbXOwwJpKK0QjX/HtMB8GA1UdIwQY
MBaAFPJh30SzRoI8zoxmQ7X6aRmvsjGVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOG1IZlJMTkdnanpPakdaRHRmcHBHYS15TVpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny8zY2I5ZDItNzBmZi00NmQ2LTljNzMt
NTc1ODYxNTYzNTRlLzEvVUpTTWtvV1l2ek50YzdEQW1rb3JSQ05mOGUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny8zY2I5ZDItNzBmZi00NmQ2LTljNzMtNTc1ODYxNTYzNTRl
LzEvOG1IZlJMTkdnanpPakdaRHRmcHBHYS15TVpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAtj7UD
BAAtj7YwDQYJKoZIhvcNAQELBQADggEBAO2pnGX6dr9foaKWI/RIonVw+zqj1glf
U50+1r/XsaYT12dGFYwh4CfE3nP2fOks03PvNbL0Tu7JdOzhdM895DtAlYfqsW4j
a1+Q/0ynty9om/v/cuupcoF8FVLi2BtTiHsmQcZ5109tbMYgcq3bIV/YOoAiplgp
fMZK49kpkJIb54OMzKAPD0ALchkym+QisM2tKYjmRjFtPgYbJ1JxTVXiShcUbahJ
7fqPDezf13/7pDZ+cTQWsGPPEkvT+CW4LvyYPKFyg5JV6pYPKCUnmsAwkHRz/Riy
xm/Ec3Ms29eNl9nosDHqoygRuCv3a+PZacR6fssCmQYC2WOseIxmk/8=
-----END CERTIFICATE-----