Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/2f3229-a130-4dc8-a47b-2dc26dc4bc11/1/UO_6YUjbJfEkU2ivNSNyS77RLOg.roa
File:                     UO_6YUjbJfEkU2ivNSNyS77RLOg.roa (raw, json)
Hash identifier:          0pN4nG5TSztMks0KxYDwKOVwK3SK+LsM2YDTRX5sjwA=
Subject key identifier:   50:EF:FA:61:48:DB:25:F1:24:53:68:AF:35:23:72:4B:BE:D1:2C:E8
Certificate issuer:       /CN=9f63cff2446ececbebe0124636980b47e0b20fa6
Certificate serial:       018CC801414D0813B1E83AFA6FD470267F88
Authority key identifier: 9F:63:CF:F2:44:6E:CE:CB:EB:E0:12:46:36:98:0B:47:E0:B2:0F:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n2PP8kRuzsvr4BJGNpgLR-CyD6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/2f3229-a130-4dc8-a47b-2dc26dc4bc11/1/UO_6YUjbJfEkU2ivNSNyS77RLOg.roa
Signing time:             Tue 02 Jan 2024 02:29:34 +0000
ROA not before:           Tue 02 Jan 2024 02:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49835
IP address blocks:        167.160.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/2f3229-a130-4dc8-a47b-2dc26dc4bc11/1/n2PP8kRuzsvr4BJGNpgLR-CyD6Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/2f3229-a130-4dc8-a47b-2dc26dc4bc11/1/n2PP8kRuzsvr4BJGNpgLR-CyD6Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n2PP8kRuzsvr4BJGNpgLR-CyD6Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:41:4d:08:13:b1:e8:3a:fa:6f:d4:70:26:7f:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f63cff2446ececbebe0124636980b47e0b20fa6
        Validity
            Not Before: Jan  2 02:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=50effa6148db25f1245368af3523724bbed12ce8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:ca:09:97:6f:a8:9a:97:57:ae:9a:46:c0:aa:
                    2f:48:47:d5:88:e2:74:fe:9f:dd:77:f6:6e:d8:36:
                    a2:6d:e3:33:54:c3:0d:ba:29:68:77:9b:df:55:81:
                    df:0e:3b:e5:f7:20:e6:0a:58:ce:36:88:60:94:cb:
                    3b:85:f6:a2:c4:1b:ff:d5:74:6b:c2:30:09:6b:54:
                    96:6b:a0:6a:15:be:af:d7:ec:39:d9:5d:da:5e:9d:
                    0f:3f:8e:49:06:69:4c:57:4f:7c:25:f9:b5:61:f6:
                    07:83:c5:86:84:34:4e:d0:a6:e1:e2:b1:ee:a9:ca:
                    83:52:ec:1e:b0:81:2c:9a:05:18:41:8a:86:a0:3e:
                    fd:b2:e6:5c:84:e8:49:92:38:a7:f8:47:50:fc:6f:
                    63:77:14:53:56:f8:cd:b0:d0:57:7c:3b:a9:a9:19:
                    eb:f6:42:f9:a5:1a:55:e3:9d:e9:38:c4:00:70:53:
                    c7:36:0f:13:bc:68:f1:b7:0a:39:06:64:d4:05:60:
                    e6:5e:97:42:1b:5d:5f:d9:d8:3b:8c:c3:17:bb:0b:
                    ae:ab:26:86:64:51:c2:a9:76:3f:80:9f:c6:3d:20:
                    86:da:82:1b:5f:9b:be:a6:69:e8:02:6d:66:54:99:
                    b8:63:fe:41:9d:ba:0d:be:7b:a5:dd:56:46:3d:8d:
                    ea:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:EF:FA:61:48:DB:25:F1:24:53:68:AF:35:23:72:4B:BE:D1:2C:E8
            X509v3 Authority Key Identifier:
                keyid:9F:63:CF:F2:44:6E:CE:CB:EB:E0:12:46:36:98:0B:47:E0:B2:0F:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n2PP8kRuzsvr4BJGNpgLR-CyD6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/2f3229-a130-4dc8-a47b-2dc26dc4bc11/1/UO_6YUjbJfEkU2ivNSNyS77RLOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/2f3229-a130-4dc8-a47b-2dc26dc4bc11/1/n2PP8kRuzsvr4BJGNpgLR-CyD6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.160.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:45:43:fc:c5:b6:2b:02:67:3d:e6:ce:7f:1e:ee:aa:e9:1e:
         e6:fe:a3:1c:1a:35:3e:17:a8:a0:ce:24:83:8c:fe:bd:76:e6:
         76:40:e7:0f:87:fd:37:b8:32:1c:73:50:a0:db:ad:44:30:a5:
         dd:c8:b0:88:4c:a6:af:74:23:25:89:55:38:a5:4f:e0:bf:0d:
         0d:de:96:32:a5:25:7f:a0:ee:cf:8c:bc:b5:50:7d:5d:2f:23:
         e9:f2:25:a6:e3:d2:cc:0c:fa:44:23:b5:84:36:29:e5:b9:d7:
         a3:2f:11:2f:dd:7d:1d:0d:70:e7:e1:e5:e2:88:0d:85:24:88:
         a9:1b:02:84:e1:1e:a2:5b:69:3c:65:bb:1d:f2:5e:cf:32:a0:
         2c:a6:9c:ef:82:90:02:89:97:b7:87:f0:0e:77:f4:a2:bd:46:
         d3:c1:b0:4d:37:19:c0:ec:6d:b7:4c:b4:0a:94:4c:ad:a6:cb:
         f0:00:7f:d7:14:5a:a0:78:25:a2:48:4e:74:e9:ba:ab:0a:23:
         89:1c:52:d7:af:47:01:4d:ab:d8:e1:97:14:7a:18:dd:cc:5e:
         01:5c:f1:6a:53:84:b4:68:a4:aa:e8:f3:01:6a:47:14:24:96:
         50:47:32:94:00:79:23:be:60:b7:65:75:ad:75:fe:ec:b1:fd:
         27:62:39:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAUFNCBOx6Dr6b9RwJn+IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmNjNjZmYyNDQ2ZWNlY2JlYmUwMTI0NjM2OTgwYjQ3ZTBi
MjBmYTYwHhcNMjQwMTAyMDIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGVmZmE2MTQ4ZGIyNWYxMjQ1MzY4YWYzNTIzNzI0YmJlZDEyY2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiMoJl2+ompdXrppGwKovSEfViOJ0
/p/dd/Zu2DaibeMzVMMNuilod5vfVYHfDjvl9yDmCljONohglMs7hfaixBv/1XRr
wjAJa1SWa6BqFb6v1+w52V3aXp0PP45JBmlMV098Jfm1YfYHg8WGhDRO0Kbh4rHu
qcqDUuwesIEsmgUYQYqGoD79suZchOhJkjin+EdQ/G9jdxRTVvjNsNBXfDupqRnr
9kL5pRpV453pOMQAcFPHNg8TvGjxtwo5BmTUBWDmXpdCG11f2dg7jMMXuwuuqyaG
ZFHCqXY/gJ/GPSCG2oIbX5u+pmnoAm1mVJm4Y/5BnboNvnul3VZGPY3qzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFDv+mFI2yXxJFNorzUjcku+0SzoMB8GA1UdIwQY
MBaAFJ9jz/JEbs7L6+ASRjaYC0fgsg+mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjJQUDhrUnV6c3ZyNEJKR05wZ0xSLUN5RDZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi8yZjMyMjktYTEzMC00ZGM4LWE0N2It
MmRjMjZkYzRiYzExLzEvVU9fNllVamJKZkVrVTJpdk5TTnlTNzdSTE9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi8yZjMyMjktYTEzMC00ZGM4LWE0N2ItMmRjMjZkYzRiYzEx
LzEvbjJQUDhrUnV6c3ZyNEJKR05wZ0xSLUN5RDZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAp6APMA0G
CSqGSIb3DQEBCwUAA4IBAQCoRUP8xbYrAmc95s5/Hu6q6R7m/qMcGjU+F6igziSD
jP69duZ2QOcPh/03uDIcc1Cg261EMKXdyLCITKavdCMliVU4pU/gvw0N3pYypSV/
oO7PjLy1UH1dLyPp8iWm49LMDPpEI7WENinludejLxEv3X0dDXDn4eXiiA2FJIip
GwKE4R6iW2k8Zbsd8l7PMqAsppzvgpACiZe3h/AOd/SivUbTwbBNNxnA7G23TLQK
lEytpsvwAH/XFFqgeCWiSE506bqrCiOJHFLXr0cBTavY4ZcUehjdzF4BXPFqU4S0
aKSq6PMBakcUJJZQRzKUAHkjvmC3ZXWtdf7ssf0nYjmk
-----END CERTIFICATE-----