Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/UX4ZBBFgt8ZiwDI6kfho2BNGxmM.roa
File:                     UX4ZBBFgt8ZiwDI6kfho2BNGxmM.roa (raw, json)
Hash identifier:          IBbP7d4sc8flW0MdlC3pQ15npOTGZrqebzxn9WlROW8=
Subject key identifier:   51:7E:19:04:11:60:B7:C6:62:C0:32:3A:91:F8:68:D8:13:46:C6:63
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019179182B822EDDA075FC08C916D653A7F1
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/UX4ZBBFgt8ZiwDI6kfho2BNGxmM.roa
Signing time:             Thu 22 Aug 2024 07:58:32 +0000
ROA not before:           Thu 22 Aug 2024 07:58:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44796
IP address blocks:        2a00:1728:1d::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:79:18:2b:82:2e:dd:a0:75:fc:08:c9:16:d6:53:a7:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Aug 22 07:58:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=517e19041160b7c662c0323a91f868d81346c663
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:04:94:40:4d:81:66:95:bc:57:d5:1e:2e:ca:
                    c1:39:b4:42:f4:f2:24:8d:fe:7a:55:1a:4c:9d:41:
                    ab:97:2c:e0:06:6a:4e:43:04:cf:62:10:fc:1b:4b:
                    d2:77:10:c9:c1:28:5c:6e:dd:c9:93:5f:94:f2:38:
                    8e:8b:60:e6:f6:89:01:e0:c8:8b:b5:81:c0:f0:40:
                    36:80:66:72:c5:71:bf:f1:ed:c0:05:eb:28:12:2e:
                    83:b4:44:4e:7b:c4:d8:36:5f:f8:a9:c7:5d:07:67:
                    2c:86:23:98:b7:70:a7:26:67:68:b9:3c:12:35:45:
                    4c:a2:f0:92:63:f7:7f:84:6a:13:3d:a8:55:46:5b:
                    dd:2e:a5:36:27:0b:3a:e6:ee:9d:0d:45:57:75:03:
                    e7:9f:97:f7:6e:1c:b4:35:ad:31:0f:f7:5b:f2:91:
                    18:86:07:97:e7:ba:c0:79:3c:91:1d:50:9d:18:ad:
                    16:89:36:8e:10:0c:76:dd:8d:81:da:da:fc:a7:eb:
                    99:0c:bf:a5:a5:6d:0f:75:19:65:07:b8:e8:53:d7:
                    f0:65:3a:f5:65:9c:65:5e:ca:80:95:44:ea:2f:75:
                    fe:c3:60:2c:42:c8:78:a3:f4:2b:60:c6:90:bf:7d:
                    11:46:79:5f:18:9e:c1:73:b4:53:9e:44:40:c5:62:
                    c6:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:7E:19:04:11:60:B7:C6:62:C0:32:3A:91:F8:68:D8:13:46:C6:63
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/UX4ZBBFgt8ZiwDI6kfho2BNGxmM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:1728:1d::/48

    Signature Algorithm: sha256WithRSAEncryption
         a2:2c:1f:29:b3:f6:53:3c:5c:00:7d:9b:06:a3:d9:0d:fd:f8:
         d0:1e:73:a5:58:53:a2:2f:e2:85:8c:b7:69:ba:1e:b6:c5:aa:
         f8:a6:98:f1:9d:85:3a:41:4c:ca:de:40:a7:a3:64:80:95:b6:
         3b:1d:b8:75:1f:51:32:63:7d:20:8a:72:d5:c1:2e:fa:4d:aa:
         63:3b:5b:55:b5:92:e5:6c:63:84:52:d3:26:af:a2:f4:2d:3d:
         91:27:1d:d4:fb:2f:db:29:7f:2e:8e:bd:a9:05:f1:0c:89:94:
         0d:4e:f2:c2:d9:a3:4e:65:11:ad:18:00:61:0b:53:fd:cd:c2:
         2f:a3:bd:e5:6d:5f:cf:9b:f4:73:b6:9b:c8:4a:2e:86:5d:b7:
         a3:c6:64:3b:67:de:b6:bb:81:17:a0:a2:40:cc:2a:57:13:e3:
         66:04:fd:fc:2a:61:f2:55:61:51:1e:7c:10:50:c2:16:ab:5e:
         e9:12:58:ba:ae:40:65:70:07:01:8f:d7:6c:6b:2e:c2:60:35:
         00:e7:01:85:50:e8:fc:62:7f:54:4c:cd:f1:6e:5c:26:d9:82:
         a3:fc:c8:c4:12:4d:9a:d1:3c:68:c9:d2:6e:5c:c9:b6:1e:9c:
         37:9c:0c:24:f2:37:92:3c:c8:40:9c:72:ed:06:4d:5e:1f:0b:
         8c:02:65:42
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZF5GCuCLt2gdfwIyRbWU6fxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwODIyMDc1ODMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTdlMTkwNDExNjBiN2M2NjJjMDMyM2E5MWY4NjhkODEzNDZjNjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlwSUQE2BZpW8V9UeLsrBObRC9PIk
jf56VRpMnUGrlyzgBmpOQwTPYhD8G0vSdxDJwShcbt3Jk1+U8jiOi2Dm9okB4MiL
tYHA8EA2gGZyxXG/8e3ABesoEi6DtEROe8TYNl/4qcddB2cshiOYt3CnJmdouTwS
NUVMovCSY/d/hGoTPahVRlvdLqU2Jws65u6dDUVXdQPnn5f3bhy0Na0xD/db8pEY
hgeX57rAeTyRHVCdGK0WiTaOEAx23Y2B2tr8p+uZDL+lpW0PdRllB7joU9fwZTr1
ZZxlXsqAlUTqL3X+w2AsQsh4o/QrYMaQv30RRnlfGJ7Bc7RTnkRAxWLGewIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFF+GQQRYLfGYsAyOpH4aNgTRsZjMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvVVg0WkJCRmd0OFppd0RJNmtmaG8yQk5HeG1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgAXKAAd
MA0GCSqGSIb3DQEBCwUAA4IBAQCiLB8ps/ZTPFwAfZsGo9kN/fjQHnOlWFOiL+KF
jLdpuh62xar4ppjxnYU6QUzK3kCno2SAlbY7Hbh1H1EyY30ginLVwS76TapjO1tV
tZLlbGOEUtMmr6L0LT2RJx3U+y/bKX8ujr2pBfEMiZQNTvLC2aNOZRGtGABhC1P9
zcIvo73lbV/Pm/RztpvISi6GXbejxmQ7Z962u4EXoKJAzCpXE+NmBP38KmHyVWFR
HnwQUMIWq17pEli6rkBlcAcBj9dsay7CYDUA5wGFUOj8Yn9UTM3xblwm2YKj/MjE
Ek2a0TxoydJuXMm2Hpw3nAwk8jeSPMhAnHLtBk1eHwuMAmVC
-----END CERTIFICATE-----