Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/UtHocKHTpoQl5JYVkSv7OXFh4CM.roa
File:                     UtHocKHTpoQl5JYVkSv7OXFh4CM.roa (raw, json)
Hash identifier:          WI9ocXyUe8YIoTEcjXQXcAwYoIQucUj45Y71F/uEN60=
Subject key identifier:   52:D1:E8:70:A1:D3:A6:84:25:E4:96:15:91:2B:FB:39:71:61:E0:23
Certificate issuer:       /CN=0bf543e23e29fb03748d0939726f30fe9affa19e
Certificate serial:       018F9AB37A64CDF533DFDE71A0B925A779D2
Authority key identifier: 0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/UtHocKHTpoQl5JYVkSv7OXFh4CM.roa
Signing time:             Tue 21 May 2024 10:30:04 +0000
ROA not before:           Tue 21 May 2024 10:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49824
IP address blocks:        45.12.24.0/24 maxlen: 24
                          45.12.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 21:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:9a:b3:7a:64:cd:f5:33:df:de:71:a0:b9:25:a7:79:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bf543e23e29fb03748d0939726f30fe9affa19e
        Validity
            Not Before: May 21 10:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=52d1e870a1d3a68425e49615912bfb397161e023
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:67:09:81:f6:d8:80:e5:10:41:3b:c2:4c:bf:
                    69:5e:de:a5:44:07:f7:8a:b7:03:e3:a7:3e:cf:c5:
                    40:c7:ac:7f:e2:80:d4:6f:38:d8:3e:6f:12:d1:c6:
                    cc:2a:89:ad:ed:66:0a:b3:7d:9f:21:6c:98:6e:45:
                    0c:33:68:fa:d7:fb:88:f2:2e:86:91:a2:bd:cc:21:
                    98:cd:f5:5b:2c:ff:8a:93:10:40:04:a0:26:d4:b4:
                    15:9e:bb:18:14:08:6f:7f:99:8d:ee:e1:7f:aa:dc:
                    7b:a5:dc:51:c3:44:8f:f5:36:5b:c1:e8:6b:97:a7:
                    89:67:a7:ff:c1:04:2b:b7:5f:d5:ed:46:a0:3f:33:
                    bf:61:b4:1b:94:48:d6:5f:02:de:d6:85:03:ae:2e:
                    8b:38:dd:f4:0d:d3:bb:97:bb:69:c2:2a:be:d6:ab:
                    44:4b:e2:69:05:9e:bf:2d:af:c9:3b:4e:71:ec:25:
                    32:32:2d:1e:e5:3d:e7:49:b2:ec:32:ca:43:d3:05:
                    d0:b0:60:bc:34:5b:da:e6:e3:e5:4e:98:38:3c:2a:
                    cf:21:2a:94:90:61:ac:6e:4d:52:ab:76:f8:44:72:
                    9a:d1:d2:f4:c9:6c:b2:fd:cb:c4:84:4c:da:5d:4c:
                    89:63:bd:77:dd:30:0f:3d:30:e4:b3:61:aa:6f:2d:
                    9c:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:D1:E8:70:A1:D3:A6:84:25:E4:96:15:91:2B:FB:39:71:61:E0:23
            X509v3 Authority Key Identifier:
                keyid:0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/UtHocKHTpoQl5JYVkSv7OXFh4CM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.24.0/24
                  45.12.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:6b:4a:b5:0f:0e:cf:fc:24:6a:87:7f:ac:de:6e:51:bf:a2:
         c6:84:c7:49:7b:34:ae:f5:a9:9e:aa:83:ac:02:83:fb:a3:85:
         e0:ea:c9:ea:89:52:45:48:be:50:c0:84:ab:35:be:f3:c3:09:
         18:38:ff:eb:bf:39:02:db:a5:b7:7c:8d:b2:6b:9f:29:6e:ba:
         f8:f2:69:20:b9:0f:ae:e8:db:9d:b0:c2:f3:1a:4c:24:6c:19:
         34:10:a8:0a:6d:c4:3c:79:72:ad:0a:c4:87:71:03:07:f6:43:
         82:d4:f0:3e:c4:75:99:88:3c:fc:6a:86:a9:06:74:ec:b4:e6:
         1b:b8:85:a9:ab:e0:e1:79:18:54:70:97:65:54:84:58:06:58:
         f6:8a:b3:5a:37:fb:14:b6:35:ef:12:7e:8d:c8:76:91:a6:73:
         00:2c:74:6f:8f:fc:41:06:96:cf:ec:17:9f:56:e7:e3:62:c8:
         96:f6:ee:08:df:e2:41:1c:89:27:e8:f8:d1:23:5c:ec:ce:4c:
         73:58:ad:0c:14:cc:7e:e9:fe:63:70:78:d6:da:36:a9:8c:0d:
         02:3e:ec:02:f6:cb:00:4a:bf:fc:c9:33:2e:17:b1:2d:3f:da:
         ef:20:8c:b2:46:77:e7:7d:c1:c6:04:9f:ae:fc:99:58:e0:6a:
         bf:7d:d9:9d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY+as3pkzfUz395xoLklp3nSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiZjU0M2UyM2UyOWZiMDM3NDhkMDkzOTcyNmYzMGZlOWFm
ZmExOWUwHhcNMjQwNTIxMTAzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmQxZTg3MGExZDNhNjg0MjVlNDk2MTU5MTJiZmIzOTcxNjFlMDIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyWcJgfbYgOUQQTvCTL9pXt6lRAf3
ircD46c+z8VAx6x/4oDUbzjYPm8S0cbMKomt7WYKs32fIWyYbkUMM2j61/uI8i6G
kaK9zCGYzfVbLP+KkxBABKAm1LQVnrsYFAhvf5mN7uF/qtx7pdxRw0SP9TZbwehr
l6eJZ6f/wQQrt1/V7UagPzO/YbQblEjWXwLe1oUDri6LON30DdO7l7tpwiq+1qtE
S+JpBZ6/La/JO05x7CUyMi0e5T3nSbLsMspD0wXQsGC8NFva5uPlTpg4PCrPISqU
kGGsbk1Sq3b4RHKa0dL0yWyy/cvEhEzaXUyJY7133TAPPTDks2Gqby2cIwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFLR6HCh06aEJeSWFZEr+zlxYeAjMB8GA1UdIwQY
MBaAFAv1Q+I+KfsDdI0JOXJvMP6a/6GeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMt
YTM1ZmM0MzhkNGNhLzEvVXRIb2NLSFRwb1FsNUpZVmtTdjdPWEZoNENNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMtYTM1ZmM0MzhkNGNh
LzEvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQwYAwQA
LQwaMA0GCSqGSIb3DQEBCwUAA4IBAQBNa0q1Dw7P/CRqh3+s3m5Rv6LGhMdJezSu
9ameqoOsAoP7o4Xg6snqiVJFSL5QwISrNb7zwwkYOP/rvzkC26W3fI2ya58pbrr4
8mkguQ+u6NudsMLzGkwkbBk0EKgKbcQ8eXKtCsSHcQMH9kOC1PA+xHWZiDz8aoap
BnTstOYbuIWpq+DheRhUcJdlVIRYBlj2irNaN/sUtjXvEn6NyHaRpnMALHRvj/xB
BpbP7BefVufjYsiW9u4I3+JBHIkn6PjRI1zszkxzWK0MFMx+6f5jcHjW2japjA0C
PuwC9ssASr/8yTMuF7EtP9rvIIyyRnfnfcHGBJ+u/JlY4Gq/fdmd
-----END CERTIFICATE-----