Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/ugaYYv5iUYZbtdfEktBZCwSxq7o.roa
File:                     ugaYYv5iUYZbtdfEktBZCwSxq7o.roa (raw, json)
Hash identifier:          phOUnqhFG/ImLdTON6+tbz2IwzR93XQjIWMWe//8vPw=
Subject key identifier:   BA:06:98:62:FE:62:51:86:5B:B5:D7:C4:92:D0:59:0B:04:B1:AB:BA
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       018CC94E45422D47BED0DA417FE487489B29
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/ugaYYv5iUYZbtdfEktBZCwSxq7o.roa
Signing time:             Tue 02 Jan 2024 08:33:19 +0000
ROA not before:           Tue 02 Jan 2024 08:33:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397525
IP address blocks:        45.145.225.0/24 maxlen: 24
                          45.145.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:45:42:2d:47:be:d0:da:41:7f:e4:87:48:9b:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 08:33:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba069862fe6251865bb5d7c492d0590b04b1abba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:bc:c0:3d:f3:d9:16:18:57:b6:9e:ff:40:d9:
                    3d:cb:da:f9:0c:8f:c5:23:8f:88:e3:dc:b4:2a:ce:
                    38:eb:a9:04:de:a4:1f:f3:a8:f7:af:ea:36:1f:b6:
                    8a:a1:84:1c:c9:60:d6:05:73:fa:cf:57:e3:5d:97:
                    e7:ff:09:86:7b:4c:e1:e7:86:d0:2a:8e:72:ed:1a:
                    c0:83:a2:61:0a:fd:d3:1e:d4:79:3e:30:c5:ef:10:
                    cf:56:4a:e5:c3:bb:e0:31:94:83:b4:4b:ed:4b:1b:
                    1a:33:a3:93:45:4d:25:97:61:2a:08:23:c3:b7:75:
                    f1:5c:6c:18:79:57:e4:53:fd:65:d7:ee:d8:9a:cc:
                    cd:f7:19:bb:b4:fb:2f:8d:fd:cf:22:60:2f:fe:d1:
                    73:9a:ee:fc:66:46:d5:37:a0:fe:1d:90:fb:91:f1:
                    8b:bf:93:f7:61:17:d6:b7:34:32:80:10:73:f8:52:
                    50:6f:ff:cb:7c:c9:31:db:ce:b5:a8:d3:3b:73:9f:
                    a8:95:68:a3:a4:e9:13:30:bd:9e:3d:f7:81:b8:87:
                    88:b0:78:a3:d5:0e:4b:dc:cb:d0:b6:4d:9b:81:63:
                    7a:47:5e:46:70:8c:3b:71:55:f3:ec:d4:24:13:31:
                    aa:20:3e:4d:38:d0:2b:46:74:be:df:f4:4f:f5:4c:
                    ef:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:06:98:62:FE:62:51:86:5B:B5:D7:C4:92:D0:59:0B:04:B1:AB:BA
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/ugaYYv5iUYZbtdfEktBZCwSxq7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.224.0/23

    Signature Algorithm: sha256WithRSAEncryption
         30:1e:7a:1f:56:bb:47:6b:51:72:4f:51:44:1d:f7:33:1d:b2:
         f1:3c:04:e7:7c:87:9a:3d:e9:55:22:a3:0a:07:51:49:ff:85:
         df:74:e8:5d:0d:fb:ce:d2:57:51:08:67:c8:ee:27:32:db:bd:
         9c:35:a6:64:8d:26:63:3e:39:f9:9e:b2:5f:97:59:7b:a1:a6:
         2d:c2:7d:62:73:b3:c0:5e:ed:9c:6f:ba:ef:c7:d7:23:27:28:
         4c:ba:7f:33:e2:ab:aa:26:7d:e4:0e:a2:9e:02:49:de:e5:fd:
         11:1b:2e:62:14:88:e6:41:39:11:6d:4f:a5:75:20:87:d3:00:
         dd:2b:2c:86:cd:61:85:fa:5b:6e:76:34:d0:c3:16:1b:4b:b1:
         96:ff:2b:02:50:ff:cc:37:83:5d:3b:1d:c0:5b:94:08:7f:fb:
         8a:51:0d:8c:66:89:86:d3:d1:c6:a5:8f:2c:de:97:81:93:6e:
         b3:ab:a0:73:18:c8:e9:52:28:eb:2b:ce:f6:52:6f:93:b4:ba:
         cb:a5:bf:05:f8:6c:2b:c7:0f:3f:98:11:3a:7b:28:6d:d0:82:
         f7:25:b9:ac:2b:07:e2:cd:95:6b:f8:75:65:74:9c:f2:a2:48:
         f6:a6:55:5f:07:e3:1e:6e:5a:57:0e:cd:2a:e9:a9:41:0c:1d:
         55:7a:34:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTkVCLUe+0NpBf+SHSJspMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwMTAyMDgzMzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTA2OTg2MmZlNjI1MTg2NWJiNWQ3YzQ5MmQwNTkwYjA0YjFhYmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7zAPfPZFhhXtp7/QNk9y9r5DI/F
I4+I49y0Ks4466kE3qQf86j3r+o2H7aKoYQcyWDWBXP6z1fjXZfn/wmGe0zh54bQ
Ko5y7RrAg6JhCv3THtR5PjDF7xDPVkrlw7vgMZSDtEvtSxsaM6OTRU0ll2EqCCPD
t3XxXGwYeVfkU/1l1+7YmszN9xm7tPsvjf3PImAv/tFzmu78ZkbVN6D+HZD7kfGL
v5P3YRfWtzQygBBz+FJQb//LfMkx2861qNM7c5+olWijpOkTML2ePfeBuIeIsHij
1Q5L3MvQtk2bgWN6R15GcIw7cVXz7NQkEzGqID5NONArRnS+3/RP9UzvbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLoGmGL+YlGGW7XXxJLQWQsEsau6MB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvdWdhWVl2NWlVWVpidGRmRWt0QlpDd1N4cTdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZHgMA0G
CSqGSIb3DQEBCwUAA4IBAQAwHnofVrtHa1FyT1FEHfczHbLxPATnfIeaPelVIqMK
B1FJ/4XfdOhdDfvO0ldRCGfI7icy272cNaZkjSZjPjn5nrJfl1l7oaYtwn1ic7PA
Xu2cb7rvx9cjJyhMun8z4quqJn3kDqKeAkne5f0RGy5iFIjmQTkRbU+ldSCH0wDd
KyyGzWGF+ltudjTQwxYbS7GW/ysCUP/MN4NdOx3AW5QIf/uKUQ2MZomG09HGpY8s
3peBk26zq6BzGMjpUijrK872Um+TtLrLpb8F+Gwrxw8/mBE6eyht0IL3JbmsKwfi
zZVr+HVldJzyokj2plVfB+MeblpXDs0q6alBDB1VejQ5
-----END CERTIFICATE-----