Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/UXYonc7G8gysd739v5zcgeFy3IU.roa
File:                     UXYonc7G8gysd739v5zcgeFy3IU.roa (raw, json)
Hash identifier:          19ssWOGLt9//Lqz+CEeG7VpmXLNJmbHo6fZlXcNJ9Tw=
Subject key identifier:   51:76:28:9D:CE:C6:F2:0C:AC:77:BD:FD:BF:9C:DC:81:E1:72:DC:85
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018FC44C8F71425AFFBD3615699B466D1DB2
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/UXYonc7G8gysd739v5zcgeFy3IU.roa
Signing time:             Wed 29 May 2024 12:21:42 +0000
ROA not before:           Wed 29 May 2024 12:21:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35664
IP address blocks:        46.102.108.0/24 maxlen: 24
                          94.176.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:c4:4c:8f:71:42:5a:ff:bd:36:15:69:9b:46:6d:1d:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: May 29 12:21:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5176289dcec6f20cac77bdfdbf9cdc81e172dc85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:13:a2:fe:f2:b4:ef:df:15:b6:a6:e8:1b:5a:
                    aa:57:3e:a3:7c:7a:2f:e4:e4:f7:83:bb:02:1c:97:
                    63:2c:c9:29:62:08:a2:d3:d1:0d:53:e3:f8:4d:e0:
                    e8:99:db:b8:f8:30:d9:ae:b2:4a:77:c4:38:a0:e9:
                    a1:15:08:db:22:6a:33:d5:49:a9:75:f8:5f:74:be:
                    16:a9:43:97:1b:10:5c:15:2a:4b:b3:33:a4:e9:d0:
                    d7:10:a3:e1:eb:96:ea:db:0b:cb:d7:30:dc:e1:3a:
                    a6:5e:de:08:e7:37:86:4b:b8:f9:ef:be:f2:70:e3:
                    c0:a9:e5:75:7e:0a:74:51:85:fb:16:02:13:00:ba:
                    3f:28:04:f3:1b:13:ad:5f:ff:e1:96:0c:72:75:41:
                    7a:f9:bb:19:dd:b8:32:24:df:74:03:4b:92:f2:a7:
                    12:1d:3b:c4:04:a7:1f:e2:d5:84:98:03:eb:b6:fa:
                    51:f2:ac:ad:8b:f8:f7:0c:f1:6f:5b:1d:fd:ac:86:
                    67:a7:92:51:59:9e:8d:86:de:03:c1:cb:6a:c7:cb:
                    7f:22:5a:72:08:82:ce:df:44:5e:85:a0:45:73:d7:
                    c5:d4:40:65:c2:57:91:55:4d:d0:ca:36:c7:76:0f:
                    32:ac:78:f6:f1:de:41:02:df:08:bb:2f:ac:ac:8a:
                    4f:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:76:28:9D:CE:C6:F2:0C:AC:77:BD:FD:BF:9C:DC:81:E1:72:DC:85
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/UXYonc7G8gysd739v5zcgeFy3IU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.102.108.0/24
                  94.176.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:a9:de:c0:d8:8d:0b:17:ba:b3:74:7b:6d:13:9e:25:72:70:
         e4:f8:da:78:e7:f0:f7:b3:9d:86:d3:66:6b:09:c9:c3:36:d3:
         1d:5b:0f:07:b6:d2:41:3a:45:65:65:c6:b0:d8:dd:35:e0:03:
         a7:6a:7a:5b:a1:6e:8c:8b:b2:9a:ad:f1:82:17:fa:d3:31:df:
         d4:1b:6c:ae:72:7c:5a:97:63:37:cd:64:44:00:bb:e3:20:99:
         35:67:2e:31:d0:cc:51:82:dd:c6:e9:a5:b9:76:76:f9:27:0d:
         6e:55:2f:11:a1:64:2c:56:33:4c:2a:8c:61:3c:9f:4a:7a:ca:
         a7:57:30:92:d5:1a:c3:74:90:8a:ff:5b:a4:cf:89:c7:26:56:
         15:a0:24:dc:25:59:30:d4:c3:20:0f:02:2f:7c:7c:27:22:1a:
         ca:45:42:51:60:5e:74:7e:14:05:2e:a1:0b:17:f6:b2:18:52:
         1e:dd:60:6a:3f:c8:d8:d6:57:58:c4:c1:9b:25:84:9c:5b:74:
         3c:af:db:24:9e:38:26:a6:8d:ab:82:61:ba:49:39:43:f4:5e:
         dd:6a:77:36:b6:4f:09:5e:6c:29:d6:7b:c4:69:39:4d:d1:9a:
         47:77:41:8c:0d:52:78:a5:93:45:d1:98:7f:04:d8:13:b9:ae:
         4a:e5:52:9f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY/ETI9xQlr/vTYVaZtGbR2yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwNTI5MTIyMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTc2Mjg5ZGNlYzZmMjBjYWM3N2JkZmRiZjljZGM4MWUxNzJkYzg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0hOi/vK0798VtqboG1qqVz6jfHov
5OT3g7sCHJdjLMkpYgii09ENU+P4TeDomdu4+DDZrrJKd8Q4oOmhFQjbImoz1Ump
dfhfdL4WqUOXGxBcFSpLszOk6dDXEKPh65bq2wvL1zDc4TqmXt4I5zeGS7j5777y
cOPAqeV1fgp0UYX7FgITALo/KATzGxOtX//hlgxydUF6+bsZ3bgyJN90A0uS8qcS
HTvEBKcf4tWEmAPrtvpR8qyti/j3DPFvWx39rIZnp5JRWZ6Nht4Dwctqx8t/Ilpy
CILO30RehaBFc9fF1EBlwleRVU3QyjbHdg8yrHj28d5BAt8Iuy+srIpPjQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFF2KJ3OxvIMrHe9/b+c3IHhctyFMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL1VYWW9uYzdHOGd5c2Q3Mzl2NXpjZ2VGeTNJVS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAAuZmwD
BABesAUwDQYJKoZIhvcNAQELBQADggEBACSp3sDYjQsXurN0e20TniVycOT42njn
8PeznYbTZmsJycM20x1bDwe20kE6RWVlxrDY3TXgA6dqeluhboyLspqt8YIX+tMx
39QbbK5yfFqXYzfNZEQAu+MgmTVnLjHQzFGC3cbppbl2dvknDW5VLxGhZCxWM0wq
jGE8n0p6yqdXMJLVGsN0kIr/W6TPiccmVhWgJNwlWTDUwyAPAi98fCciGspFQlFg
XnR+FAUuoQsX9rIYUh7dYGo/yNjWV1jEwZslhJxbdDyv2ySeOCamjauCYbpJOUP0
Xt1qdza2TwlebCnWe8RpOU3Rmkd3QYwNUnilk0XRmH8E2BO5rkrlUp8=
-----END CERTIFICATE-----