Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/UY6kvxpinZlJN3Ms_lq708Kw4lI.roa
File:                     UY6kvxpinZlJN3Ms_lq708Kw4lI.roa (raw, json)
Hash identifier:          4NjqD4goziuIsDlFivyfDaqwhSS+863tH9iE7+io7TA=
Subject key identifier:   51:8E:A4:BF:1A:62:9D:99:49:37:73:2C:FE:5A:BB:D3:C2:B0:E2:52
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019420685D86C4A41A7D24BBD20E49EC479D
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/UY6kvxpinZlJN3Ms_lq708Kw4lI.roa
Signing time:             Wed 01 Jan 2025 05:48:18 +0000
ROA not before:           Wed 01 Jan 2025 05:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216068
IP address blocks:        147.45.176.0/24 maxlen: 24
                          147.45.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 04:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:5d:86:c4:a4:1a:7d:24:bb:d2:0e:49:ec:47:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  1 05:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=518ea4bf1a629d994937732cfe5abbd3c2b0e252
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:45:68:6a:ed:13:4b:eb:27:d8:3a:1f:f6:89:
                    1f:c5:e5:c0:60:23:c5:8d:4d:0b:0f:4a:65:00:1a:
                    f0:95:92:95:25:55:c1:2d:c9:b4:74:59:7a:b4:15:
                    02:69:16:a2:9c:99:a5:d8:19:5a:22:ec:92:ba:b9:
                    ed:11:c7:23:50:c2:1e:fb:8c:18:ca:49:64:f3:c2:
                    31:b9:8f:6f:d8:05:12:38:ae:18:3f:31:08:61:c1:
                    88:37:79:36:71:b0:be:1f:c9:3c:04:1b:b7:d1:28:
                    8a:6e:96:55:ff:86:6e:3d:fc:1c:26:d3:66:5a:45:
                    13:df:2c:b6:9a:d6:9f:58:d6:99:6a:32:56:6b:ab:
                    a4:61:d1:73:05:66:fd:da:65:d6:cc:9a:63:ba:d0:
                    3f:14:0b:14:ea:ca:0c:0d:d4:ac:ac:7b:6e:18:2f:
                    f6:b4:4e:db:7c:05:95:22:c5:d2:79:a2:60:10:54:
                    7f:ca:2a:84:3b:a0:16:de:d0:71:e0:40:81:70:c7:
                    9e:5e:7b:74:92:36:5f:61:b6:27:8b:1d:96:e4:6e:
                    00:ef:29:f2:a8:1d:5a:64:95:5a:07:99:56:ea:7a:
                    be:6f:1b:2c:83:e5:9d:fc:9e:ba:86:cf:47:3c:64:
                    46:87:72:74:37:27:3c:ad:8c:ed:b0:41:91:50:2a:
                    5e:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:8E:A4:BF:1A:62:9D:99:49:37:73:2C:FE:5A:BB:D3:C2:B0:E2:52
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/UY6kvxpinZlJN3Ms_lq708Kw4lI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.176.0/24
                  147.45.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:65:75:48:81:6b:e4:e6:d6:60:ca:41:2b:5d:7b:c2:e6:e1:
         83:c6:3a:e9:21:ed:18:0e:43:e0:d0:f0:11:5d:3f:f5:f9:27:
         37:3a:0b:a9:d1:1e:40:f1:a5:27:ae:14:4f:17:f6:d9:c6:53:
         cb:18:a2:ff:cc:6c:ba:38:d4:7c:9a:d2:ca:f5:f0:8c:7d:89:
         3c:5c:97:cd:f9:16:f6:5d:0e:0e:44:d6:ac:f6:36:b2:ca:ac:
         f3:cf:b2:75:e3:35:5a:e9:a8:83:0e:dd:91:11:b5:fa:60:4c:
         45:28:3a:a6:18:30:4a:a3:45:48:59:8e:11:1c:9d:77:f6:38:
         c9:66:60:dd:b9:1c:17:34:dd:0f:91:35:75:09:a1:57:87:ec:
         a7:ac:0b:19:84:4a:02:7d:95:ab:9b:eb:43:d5:fc:ea:c5:d6:
         ef:21:86:81:03:73:5d:0e:a2:89:c4:e8:1a:43:75:54:ad:d6:
         f2:3f:2e:97:c1:80:54:ee:06:c2:e5:00:7d:d5:09:c3:e3:af:
         9d:9e:b0:96:31:d5:04:55:2d:ea:a4:43:2c:38:03:7a:a7:e0:
         a3:d3:64:9e:22:9b:0f:d3:f3:1d:5b:2e:a8:76:fd:bc:87:2d:
         e5:17:9f:ee:02:8b:02:b6:86:99:78:65:ac:58:b7:29:e0:a7:
         02:14:54:6d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQgaF2GxKQafSS70g5J7EedMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUwMTAxMDU0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MThlYTRiZjFhNjI5ZDk5NDkzNzczMmNmZTVhYmJkM2MyYjBlMjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy0Voau0TS+sn2Dof9okfxeXAYCPF
jU0LD0plABrwlZKVJVXBLcm0dFl6tBUCaRainJml2BlaIuySurntEccjUMIe+4wY
yklk88IxuY9v2AUSOK4YPzEIYcGIN3k2cbC+H8k8BBu30SiKbpZV/4ZuPfwcJtNm
WkUT3yy2mtafWNaZajJWa6ukYdFzBWb92mXWzJpjutA/FAsU6soMDdSsrHtuGC/2
tE7bfAWVIsXSeaJgEFR/yiqEO6AW3tBx4ECBcMeeXnt0kjZfYbYnix2W5G4A7yny
qB1aZJVaB5lW6nq+bxssg+Wd/J66hs9HPGRGh3J0Nyc8rYztsEGRUCpe/wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFGOpL8aYp2ZSTdzLP5au9PCsOJSMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvVVk2a3Z4cGluWmxKTjNNc19scTcwOEt3NGxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAky2wAwQA
ky28MA0GCSqGSIb3DQEBCwUAA4IBAQAcZXVIgWvk5tZgykErXXvC5uGDxjrpIe0Y
DkPg0PARXT/1+Sc3Ogup0R5A8aUnrhRPF/bZxlPLGKL/zGy6ONR8mtLK9fCMfYk8
XJfN+Rb2XQ4ORNas9jayyqzzz7J14zVa6aiDDt2REbX6YExFKDqmGDBKo0VIWY4R
HJ139jjJZmDduRwXNN0PkTV1CaFXh+ynrAsZhEoCfZWrm+tD1fzqxdbvIYaBA3Nd
DqKJxOgaQ3VUrdbyPy6XwYBU7gbC5QB91QnD46+dnrCWMdUEVS3qpEMsOAN6p+Cj
02SeIpsP0/MdWy6odv28hy3lF5/uAosCtoaZeGWsWLcp4KcCFFRt
-----END CERTIFICATE-----