Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/f24885-a4db-4fa1-a72d-86d6c1305357/1/UjwSKdck5lhkyVjWiGu1KUs95rA.roa
File:                     UjwSKdck5lhkyVjWiGu1KUs95rA.roa (raw, json)
Hash identifier:          xpWwIS8kT3yKu50cY38i8rgt3BKKfyLBCMAz4+zNEdE=
Subject key identifier:   52:3C:12:29:D7:24:E6:58:64:C9:58:D6:88:6B:B5:29:4B:3D:E6:B0
Certificate issuer:       /CN=7b148db42f90e96447bd7f63edd8a7ccbeeaa842
Certificate serial:       0191BD9BB162379C6A3808E4FD96DFDFB014
Authority key identifier: 7B:14:8D:B4:2F:90:E9:64:47:BD:7F:63:ED:D8:A7:CC:BE:EA:A8:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/exSNtC-Q6WRHvX9j7dinzL7qqEI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/f24885-a4db-4fa1-a72d-86d6c1305357/1/UjwSKdck5lhkyVjWiGu1KUs95rA.roa
Signing time:             Wed 04 Sep 2024 15:16:22 +0000
ROA not before:           Wed 04 Sep 2024 15:16:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47254
IP address blocks:        46.30.219.0/24 maxlen: 24
                          46.30.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/f24885-a4db-4fa1-a72d-86d6c1305357/1/exSNtC-Q6WRHvX9j7dinzL7qqEI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/f24885-a4db-4fa1-a72d-86d6c1305357/1/exSNtC-Q6WRHvX9j7dinzL7qqEI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/exSNtC-Q6WRHvX9j7dinzL7qqEI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 15 Nov 2024 12:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:bd:9b:b1:62:37:9c:6a:38:08:e4:fd:96:df:df:b0:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b148db42f90e96447bd7f63edd8a7ccbeeaa842
        Validity
            Not Before: Sep  4 15:16:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=523c1229d724e65864c958d6886bb5294b3de6b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:7e:c8:b6:0a:b8:8f:30:9d:c0:3b:12:98:34:
                    01:72:41:e6:e7:7d:16:f9:13:8b:15:8f:0e:d9:cd:
                    62:74:c5:f0:91:8d:72:1a:56:50:26:f8:c6:46:8d:
                    f4:c6:28:e0:75:a6:de:e0:21:04:76:26:20:32:45:
                    ac:bc:d4:4d:f8:50:66:d5:32:f5:31:e6:1f:b6:8e:
                    40:97:c6:f4:f2:84:35:47:87:8e:18:92:51:2c:ad:
                    ce:1b:9f:1a:90:3b:ae:28:f4:ca:96:7b:a5:0f:f2:
                    ac:1f:e5:6e:0d:c2:fc:52:31:36:d8:14:50:c8:67:
                    3f:9e:88:87:74:2e:94:5f:8e:0e:b6:8e:f0:c4:38:
                    80:78:76:84:81:63:94:fe:7a:e6:68:47:98:0d:c6:
                    6d:20:25:7d:29:ac:02:59:54:c1:fa:75:40:97:8a:
                    6e:d8:29:05:fc:a3:b8:e6:eb:36:d0:48:d9:67:34:
                    d6:c8:ac:03:cc:5f:99:e2:b4:7a:7f:e1:9b:11:89:
                    5d:66:d1:02:8c:3d:cd:60:06:31:12:1f:a0:6d:b1:
                    3f:a5:0e:41:b5:37:20:0f:88:de:0c:d0:87:c3:16:
                    ad:47:ca:db:01:a5:47:24:48:2c:81:41:d6:7e:4e:
                    f8:14:20:1f:f0:b7:5a:ba:61:e1:06:2c:34:24:f4:
                    ec:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:3C:12:29:D7:24:E6:58:64:C9:58:D6:88:6B:B5:29:4B:3D:E6:B0
            X509v3 Authority Key Identifier:
                keyid:7B:14:8D:B4:2F:90:E9:64:47:BD:7F:63:ED:D8:A7:CC:BE:EA:A8:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/exSNtC-Q6WRHvX9j7dinzL7qqEI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/f24885-a4db-4fa1-a72d-86d6c1305357/1/UjwSKdck5lhkyVjWiGu1KUs95rA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/f24885-a4db-4fa1-a72d-86d6c1305357/1/exSNtC-Q6WRHvX9j7dinzL7qqEI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.30.219.0/24
                  46.30.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:1b:00:2d:47:94:36:a3:e5:ea:6e:d6:62:45:e7:69:04:e6:
         58:c5:75:97:5b:6f:5d:52:78:51:83:7d:78:33:a2:4c:df:71:
         e7:51:8d:b3:76:4f:02:32:f6:57:f2:1b:b8:89:37:05:ec:39:
         73:66:1c:d3:a9:d9:d5:4e:2e:15:a7:bc:16:f5:33:d4:89:a0:
         db:db:9c:8f:80:67:a2:52:56:20:27:91:81:d0:6a:26:16:91:
         47:23:5a:fd:85:3a:d9:4a:54:cb:a9:3b:f8:c1:99:fa:0b:79:
         9d:7d:55:f5:f5:dc:45:55:1a:6f:25:63:ec:d4:a2:cc:9a:da:
         ce:3a:bb:c4:4f:21:b1:46:e0:ba:8f:41:9c:e1:3a:8a:bd:1e:
         40:c6:8f:dc:06:9a:75:c8:38:a2:7a:aa:ee:d6:76:57:34:e8:
         25:55:cd:7d:96:b0:3f:d6:2c:27:2d:25:de:98:6f:ac:f6:79:
         28:c4:bd:e3:c9:a1:da:75:75:68:41:8c:9d:ba:2e:76:69:4e:
         67:fc:8c:4e:ca:19:7e:01:86:47:5c:a0:94:d4:85:d2:35:9f:
         7f:90:02:dc:f9:6d:ad:56:a8:e8:fc:54:59:e9:b4:d0:15:7d:
         51:89:7a:22:83:32:9e:be:77:9a:09:bb:4d:f7:f8:81:e9:58:
         82:9a:be:e3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZG9m7FiN5xqOAjk/Zbf37AUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiMTQ4ZGI0MmY5MGU5NjQ0N2JkN2Y2M2VkZDhhN2NjYmVl
YWE4NDIwHhcNMjQwOTA0MTUxNjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjNjMTIyOWQ3MjRlNjU4NjRjOTU4ZDY4ODZiYjUyOTRiM2RlNmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3H7Itgq4jzCdwDsSmDQBckHm530W
+ROLFY8O2c1idMXwkY1yGlZQJvjGRo30xijgdabe4CEEdiYgMkWsvNRN+FBm1TL1
MeYfto5Al8b08oQ1R4eOGJJRLK3OG58akDuuKPTKlnulD/KsH+VuDcL8UjE22BRQ
yGc/noiHdC6UX44Oto7wxDiAeHaEgWOU/nrmaEeYDcZtICV9KawCWVTB+nVAl4pu
2CkF/KO45us20EjZZzTWyKwDzF+Z4rR6f+GbEYldZtECjD3NYAYxEh+gbbE/pQ5B
tTcgD4jeDNCHwxatR8rbAaVHJEgsgUHWfk74FCAf8LdaumHhBiw0JPTsVwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFI8EinXJOZYZMlY1ohrtSlLPeawMB8GA1UdIwQY
MBaAFHsUjbQvkOlkR71/Y+3Yp8y+6qhCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXhTTnRDLVE2V1JIdlg5ajdkaW56TDdxcUVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9mMjQ4ODUtYTRkYi00ZmExLWE3MmQt
ODZkNmMxMzA1MzU3LzEvVWp3U0tkY2s1bGhreVZqV2lHdTFLVXM5NXJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9mMjQ4ODUtYTRkYi00ZmExLWE3MmQtODZkNmMxMzA1MzU3
LzEvZXhTTnRDLVE2V1JIdlg5ajdkaW56TDdxcUVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALh7bAwQA
Lh7dMA0GCSqGSIb3DQEBCwUAA4IBAQBeGwAtR5Q2o+XqbtZiRedpBOZYxXWXW29d
UnhRg314M6JM33HnUY2zdk8CMvZX8hu4iTcF7DlzZhzTqdnVTi4Vp7wW9TPUiaDb
25yPgGeiUlYgJ5GB0GomFpFHI1r9hTrZSlTLqTv4wZn6C3mdfVX19dxFVRpvJWPs
1KLMmtrOOrvETyGxRuC6j0Gc4TqKvR5Axo/cBpp1yDiieqru1nZXNOglVc19lrA/
1iwnLSXemG+s9nkoxL3jyaHadXVoQYydui52aU5n/IxOyhl+AYZHXKCU1IXSNZ9/
kALc+W2tVqjo/FRZ6bTQFX1RiXoigzKevneaCbtN9/iB6ViCmr7j
-----END CERTIFICATE-----