Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/9690d0-a2ab-4b74-b104-d9e1b81dd1c7/1/uxEgO6722RBeEgu5X6GsXx4VIRo.roa
File:                     uxEgO6722RBeEgu5X6GsXx4VIRo.roa (raw, json)
Hash identifier:          I7GVXZ7BybimUbUX4yeU6uzmkOsfgRlN+ieuZThQots=
Subject key identifier:   BB:11:20:3B:AE:F6:D9:10:5E:12:0B:B9:5F:A1:AC:5F:1E:15:21:1A
Certificate issuer:       /CN=1086a7c0dea73dd0f94e2e9fe1ac9ab6701b2253
Certificate serial:       018CC7951B32DF3EFA528A4A6106D52FB1A0
Authority key identifier: 10:86:A7:C0:DE:A7:3D:D0:F9:4E:2E:9F:E1:AC:9A:B6:70:1B:22:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EIanwN6nPdD5Ti6f4ayatnAbIlM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/9690d0-a2ab-4b74-b104-d9e1b81dd1c7/1/uxEgO6722RBeEgu5X6GsXx4VIRo.roa
Signing time:             Tue 02 Jan 2024 00:31:26 +0000
ROA not before:           Tue 02 Jan 2024 00:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34934
IP address blocks:        45.152.252.0/24 maxlen: 24
                          45.152.253.0/24 maxlen: 24
                          45.152.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/9690d0-a2ab-4b74-b104-d9e1b81dd1c7/1/EIanwN6nPdD5Ti6f4ayatnAbIlM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/9690d0-a2ab-4b74-b104-d9e1b81dd1c7/1/EIanwN6nPdD5Ti6f4ayatnAbIlM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EIanwN6nPdD5Ti6f4ayatnAbIlM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:1b:32:df:3e:fa:52:8a:4a:61:06:d5:2f:b1:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1086a7c0dea73dd0f94e2e9fe1ac9ab6701b2253
        Validity
            Not Before: Jan  2 00:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb11203baef6d9105e120bb95fa1ac5f1e15211a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:c8:09:91:40:22:f3:63:60:d4:d9:0f:24:75:
                    f3:37:ce:0c:15:93:77:63:7d:2d:57:8b:12:cd:03:
                    30:cb:fb:b8:ec:1b:6a:eb:a3:88:ee:29:10:d9:80:
                    b4:24:3a:02:59:36:3b:c6:d2:f8:27:ee:fd:24:8b:
                    60:2b:ae:a0:41:f2:95:1c:3a:69:0a:d0:14:bf:a6:
                    d2:13:ac:4e:47:32:a8:bb:ca:4a:c3:a6:26:27:2b:
                    5e:06:c8:2c:72:bc:d7:b7:99:5b:ae:eb:9a:8b:dd:
                    2e:b9:23:d8:5f:df:0c:d6:50:09:f5:0d:fa:a6:49:
                    62:6b:f0:02:35:af:73:3c:c5:c4:87:24:d2:25:d3:
                    f9:53:06:11:86:d5:00:3f:93:0d:86:23:06:e7:f5:
                    8d:f8:06:af:76:54:8e:65:77:af:c9:d0:40:6c:41:
                    70:df:e2:cc:7e:a3:5d:a5:ef:14:13:b7:f2:bb:48:
                    76:be:ba:ae:a6:2f:e6:74:99:86:65:24:ff:0d:85:
                    97:99:b3:dc:aa:d4:aa:9c:f8:73:39:75:98:24:d7:
                    c0:4f:99:48:06:48:0e:7c:c7:bb:78:bc:13:09:fc:
                    94:41:e6:d2:51:55:b8:32:4d:27:03:1d:3a:5a:c1:
                    73:ae:6b:5a:1d:b7:83:a1:8c:05:7c:cb:5d:43:ef:
                    7a:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:11:20:3B:AE:F6:D9:10:5E:12:0B:B9:5F:A1:AC:5F:1E:15:21:1A
            X509v3 Authority Key Identifier:
                keyid:10:86:A7:C0:DE:A7:3D:D0:F9:4E:2E:9F:E1:AC:9A:B6:70:1B:22:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EIanwN6nPdD5Ti6f4ayatnAbIlM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/9690d0-a2ab-4b74-b104-d9e1b81dd1c7/1/uxEgO6722RBeEgu5X6GsXx4VIRo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/9690d0-a2ab-4b74-b104-d9e1b81dd1c7/1/EIanwN6nPdD5Ti6f4ayatnAbIlM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.252.0-45.152.254.255

    Signature Algorithm: sha256WithRSAEncryption
         26:da:94:64:64:b7:55:90:c0:22:a0:b1:53:2b:7f:3b:22:eb:
         7b:1e:25:1b:99:6c:3b:71:b8:2e:75:6a:91:85:e2:ed:e7:10:
         83:6b:ea:35:99:e3:04:6b:48:c4:8f:dd:74:f8:9f:fa:0e:46:
         1b:7c:1b:63:ad:65:de:52:e3:0a:cf:51:58:c6:e6:b3:1b:cf:
         b3:2a:93:c5:5b:d1:d1:cb:04:74:45:2d:7a:3c:dc:5a:42:22:
         41:e5:58:4b:86:3c:54:2a:6e:63:58:a8:ac:8c:8d:51:04:65:
         9d:7c:0d:9a:09:db:58:95:c6:0a:de:0c:8e:bd:38:20:65:fb:
         d5:fc:6d:3a:46:35:88:b3:1a:41:a1:60:5c:41:dc:9d:49:3a:
         ab:ca:e0:45:2f:f9:d2:5b:8b:dc:5a:d2:1e:dc:18:70:c6:06:
         92:c0:da:87:6f:98:25:ec:91:d8:18:fc:57:b5:ce:f3:9e:23:
         57:f9:22:e7:28:b4:da:e2:11:1a:93:a2:96:f4:3a:0a:a6:17:
         79:cc:70:16:0e:79:d9:ff:3b:16:59:d5:6c:63:fd:db:ef:f0:
         6c:7b:f6:c7:c5:93:e0:e4:a8:bf:c4:f4:b7:54:b4:63:76:59:
         ce:81:3e:ec:d8:17:c4:d9:14:78:58:71:36:4e:21:b4:99:18:
         28:cb:99:9c
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzHlRsy3z76UopKYQbVL7GgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwODZhN2MwZGVhNzNkZDBmOTRlMmU5ZmUxYWM5YWI2NzAx
YjIyNTMwHhcNMjQwMTAyMDAzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjExMjAzYmFlZjZkOTEwNWUxMjBiYjk1ZmExYWM1ZjFlMTUyMTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAocgJkUAi82Ng1NkPJHXzN84MFZN3
Y30tV4sSzQMwy/u47Btq66OI7ikQ2YC0JDoCWTY7xtL4J+79JItgK66gQfKVHDpp
CtAUv6bSE6xORzKou8pKw6YmJyteBsgscrzXt5lbruuai90uuSPYX98M1lAJ9Q36
pklia/ACNa9zPMXEhyTSJdP5UwYRhtUAP5MNhiMG5/WN+AavdlSOZXevydBAbEFw
3+LMfqNdpe8UE7fyu0h2vrqupi/mdJmGZST/DYWXmbPcqtSqnPhzOXWYJNfAT5lI
BkgOfMe7eLwTCfyUQebSUVW4Mk0nAx06WsFzrmtaHbeDoYwFfMtdQ+96wQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLsRIDuu9tkQXhILuV+hrF8eFSEaMB8GA1UdIwQY
MBaAFBCGp8Depz3Q+U4un+GsmrZwGyJTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUlhbndONm5QZEQ1VGk2ZjRheWF0bkFiSWxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi85NjkwZDAtYTJhYi00Yjc0LWIxMDQt
ZDllMWI4MWRkMWM3LzEvdXhFZ082NzIyUkJlRWd1NVg2R3NYeDRWSVJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi85NjkwZDAtYTJhYi00Yjc0LWIxMDQtZDllMWI4MWRkMWM3
LzEvRUlhbndONm5QZEQ1VGk2ZjRheWF0bkFiSWxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAItmPwD
BAAtmP4wDQYJKoZIhvcNAQELBQADggEBACbalGRkt1WQwCKgsVMrfzsi63seJRuZ
bDtxuC51apGF4u3nEINr6jWZ4wRrSMSP3XT4n/oORht8G2OtZd5S4wrPUVjG5rMb
z7Mqk8Vb0dHLBHRFLXo83FpCIkHlWEuGPFQqbmNYqKyMjVEEZZ18DZoJ21iVxgre
DI69OCBl+9X8bTpGNYizGkGhYFxB3J1JOqvK4EUv+dJbi9xa0h7cGHDGBpLA2odv
mCXskdgY/Fe1zvOeI1f5IucotNriERqTopb0OgqmF3nMcBYOedn/OxZZ1Wxj/dvv
8Gx79sfFk+DkqL/E9LdUtGN2Wc6BPuzYF8TZFHhYcTZOIbSZGCjLmZw=
-----END CERTIFICATE-----