Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/uHD-h9FmLgU32ws-Nbosrezu3bk.roa
File:                     uHD-h9FmLgU32ws-Nbosrezu3bk.roa (raw, json)
Hash identifier:          ephIY/3DZE+Gk8BWoupjjYeYs72kO3nX1xyq1AcX7o8=
Subject key identifier:   B8:70:FE:87:D1:66:2E:05:37:DB:0B:3E:35:BA:2C:AD:EC:EE:DD:B9
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       018CC79524E6FC7231FFECF6D63503DE888E
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/uHD-h9FmLgU32ws-Nbosrezu3bk.roa
Signing time:             Tue 02 Jan 2024 00:31:29 +0000
ROA not before:           Tue 02 Jan 2024 00:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59731
IP address blocks:        45.132.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 14:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:24:e6:fc:72:31:ff:ec:f6:d6:35:03:de:88:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 00:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b870fe87d1662e0537db0b3e35ba2cadeceeddb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:bf:2d:d8:0c:a2:9b:97:02:8f:64:6d:0c:d5:
                    65:91:cb:5d:c7:cc:ce:ea:c2:98:58:21:f1:b6:8b:
                    a1:ce:7c:66:5e:f2:dc:a4:77:e2:9c:aa:4f:30:71:
                    4b:81:f9:87:fb:6b:62:9c:c2:28:f2:18:a7:60:4e:
                    43:17:27:4d:9e:fb:ba:12:4d:42:01:60:15:55:72:
                    d8:90:a9:64:a6:78:31:f9:a3:d6:2f:a5:e9:23:11:
                    96:cb:18:9d:04:f9:33:6b:16:24:9f:81:3c:56:b2:
                    60:f1:5f:00:b1:d9:49:59:1a:5b:89:73:40:ad:a0:
                    6c:64:dc:cb:64:38:d9:3c:7d:67:0c:8f:c0:d5:70:
                    81:c8:fc:4b:99:2f:e9:e2:e6:35:03:c9:59:0d:0b:
                    b8:e6:0d:7c:ac:dc:3e:89:af:cb:30:53:10:b0:c4:
                    93:d2:22:dc:27:95:36:09:32:61:b6:fe:3c:b9:f3:
                    9f:a4:1b:46:4a:81:0c:7f:88:5b:9b:c7:45:77:1c:
                    bf:07:a9:3b:f8:08:5c:c6:04:f5:79:b0:f1:4c:0a:
                    e8:0b:31:29:5f:96:3a:39:34:eb:a5:1f:39:3c:1f:
                    51:fb:e4:69:ea:a1:70:b5:14:85:81:ae:40:e6:22:
                    e0:1d:43:8c:22:aa:96:7d:f5:31:3c:d8:da:58:15:
                    60:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:70:FE:87:D1:66:2E:05:37:DB:0B:3E:35:BA:2C:AD:EC:EE:DD:B9
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/uHD-h9FmLgU32ws-Nbosrezu3bk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:ca:27:c0:41:c0:27:58:bd:bc:a2:12:38:d5:aa:3d:23:3c:
         45:ca:69:33:38:4d:e0:bd:49:75:f6:ac:a0:6d:31:fe:dd:a4:
         b1:18:44:ed:55:0b:cc:45:3a:63:14:33:44:ef:d4:bd:31:54:
         35:15:39:84:77:ae:92:b9:04:aa:fc:67:e7:97:bf:0a:2e:94:
         0e:d9:9c:cc:2f:d7:16:d0:fc:d1:26:47:66:5a:3a:67:18:29:
         da:95:9c:48:ce:16:ee:18:7c:cd:c3:3e:f0:d7:5c:bc:99:4b:
         94:65:b8:7f:61:d9:e5:11:26:ea:ad:98:16:d0:31:af:99:4a:
         b2:7b:73:61:93:e7:b2:f4:c4:a3:4c:c1:64:b8:47:e7:9c:06:
         68:4a:ef:94:93:5e:e5:cf:3a:18:96:79:94:df:d0:3e:59:57:
         da:eb:af:56:07:df:be:24:f1:2c:23:fb:1d:96:8f:fc:a1:47:
         b7:b4:10:9f:08:b3:01:d5:18:d0:40:1b:ce:70:7b:c3:81:ba:
         3a:2b:d2:72:46:bd:40:e6:d2:74:5d:ec:b8:aa:02:72:ac:74:
         78:ab:4d:6b:c9:24:3a:69:b8:be:8a:92:33:a6:42:56:ab:2d:
         26:fc:b4:4b:b6:5e:85:08:df:63:4a:57:5c:06:7a:38:77:d0:
         65:65:13:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlSTm/HIx/+z21jUD3oiOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjQwMTAyMDAzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODcwZmU4N2QxNjYyZTA1MzdkYjBiM2UzNWJhMmNhZGVjZWVkZGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b8t2Ayim5cCj2RtDNVlkctdx8zO
6sKYWCHxtouhznxmXvLcpHfinKpPMHFLgfmH+2tinMIo8hinYE5DFydNnvu6Ek1C
AWAVVXLYkKlkpngx+aPWL6XpIxGWyxidBPkzaxYkn4E8VrJg8V8AsdlJWRpbiXNA
raBsZNzLZDjZPH1nDI/A1XCByPxLmS/p4uY1A8lZDQu45g18rNw+ia/LMFMQsMST
0iLcJ5U2CTJhtv48ufOfpBtGSoEMf4hbm8dFdxy/B6k7+AhcxgT1ebDxTAroCzEp
X5Y6OTTrpR85PB9R++Rp6qFwtRSFga5A5iLgHUOMIqqWffUxPNjaWBVgywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLhw/ofRZi4FN9sLPjW6LK3s7t25MB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvdUhELWg5Rm1MZ1UzMndzLU5ib3NyZXp1M2JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYTOMA0G
CSqGSIb3DQEBCwUAA4IBAQBSyifAQcAnWL28ohI41ao9IzxFymkzOE3gvUl19qyg
bTH+3aSxGETtVQvMRTpjFDNE79S9MVQ1FTmEd66SuQSq/Gfnl78KLpQO2ZzML9cW
0PzRJkdmWjpnGCnalZxIzhbuGHzNwz7w11y8mUuUZbh/YdnlESbqrZgW0DGvmUqy
e3Nhk+ey9MSjTMFkuEfnnAZoSu+Uk17lzzoYlnmU39A+WVfa669WB9++JPEsI/sd
lo/8oUe3tBCfCLMB1RjQQBvOcHvDgbo6K9JyRr1A5tJ0Xey4qgJyrHR4q01rySQ6
abi+ipIzpkJWqy0m/LRLtl6FCN9jSldcBno4d9BlZRPa
-----END CERTIFICATE-----