Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/UOXK45-Ea1ODBUn3VnDZOqzQWyU.roa
File:                     UOXK45-Ea1ODBUn3VnDZOqzQWyU.roa (raw, json)
Hash identifier:          AEqtDuIC6G7+9m4niq1ZYrzwyXBDa/gzsthw6s03NE4=
Subject key identifier:   50:E5:CA:E3:9F:84:6B:53:83:05:49:F7:56:70:D9:3A:AC:D0:5B:25
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       01974508DBA1E9A23D613828BDC0B1300F05
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/UOXK45-Ea1ODBUn3VnDZOqzQWyU.roa
Signing time:             Fri 06 Jun 2025 11:38:17 +0000
ROA not before:           Fri 06 Jun 2025 11:38:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207267
IP address blocks:        45.94.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 05:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:45:08:db:a1:e9:a2:3d:61:38:28:bd:c0:b1:30:0f:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jun  6 11:38:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=50e5cae39f846b53830549f75670d93aacd05b25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:ce:54:c5:de:d1:10:7e:2e:d0:31:97:cb:b3:
                    e5:42:4a:bb:9b:1d:f1:40:a6:0f:ae:6c:b8:3b:e1:
                    d8:97:dc:4a:1b:c5:50:fa:dc:4d:4b:f7:9e:4d:60:
                    06:85:41:46:67:51:eb:1e:68:31:7a:d4:bf:00:01:
                    76:ea:cc:e8:d0:16:f0:c1:c7:21:88:ca:4f:b0:d9:
                    d5:d7:0d:0f:3a:dd:49:da:99:9e:af:66:52:28:63:
                    c6:11:d6:bd:1a:92:9f:fc:85:40:0f:2a:9c:cc:a6:
                    fc:92:95:60:7f:b9:9d:2e:f9:1f:80:ec:2c:a1:82:
                    83:f2:8e:a3:3d:e5:be:ea:9b:86:86:8a:b4:09:0c:
                    8d:42:47:15:97:2e:a5:ac:ea:24:e0:41:ea:97:cb:
                    13:41:93:ab:5f:13:0b:11:05:56:d6:96:4d:6c:bb:
                    21:d4:43:cf:18:67:ee:50:f4:c6:66:fe:c6:8f:a3:
                    98:d6:39:ac:74:9f:f7:0e:b8:82:ba:d6:75:cb:0f:
                    30:fd:33:d9:89:89:55:25:96:59:01:b1:bc:cf:84:
                    a7:4a:f2:96:4c:4c:cc:71:43:ad:49:87:3e:ac:cf:
                    bd:aa:af:7f:89:15:f7:5a:40:67:8b:4a:4c:2f:7a:
                    92:26:bd:d8:cf:02:32:01:ec:f1:5e:9d:6e:d4:09:
                    ad:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:E5:CA:E3:9F:84:6B:53:83:05:49:F7:56:70:D9:3A:AC:D0:5B:25
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/UOXK45-Ea1ODBUn3VnDZOqzQWyU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:07:f9:a3:24:98:6e:6a:78:40:46:db:3c:72:e1:57:4c:65:
         bc:1c:cf:52:91:f8:00:80:78:4e:b1:ad:28:03:60:14:10:67:
         06:0f:e6:a7:8f:3b:c8:92:98:1d:83:72:e6:61:86:9d:c5:51:
         da:e0:83:4d:d9:68:e9:33:4f:c6:62:60:ad:a8:e6:66:c7:88:
         b3:01:ba:83:93:e8:29:97:66:7a:8b:38:75:85:6a:eb:bb:87:
         49:7f:3a:2c:35:0f:e2:3f:7c:22:19:52:4d:6e:b6:c0:75:fc:
         57:5c:6f:85:1d:69:11:a6:79:07:f4:c4:85:8b:8e:44:c6:85:
         ff:76:a4:68:a2:78:2e:4d:95:5e:3e:e5:ac:e9:d1:56:29:1f:
         44:4d:d8:8e:d5:06:e0:ef:8b:4f:4a:e8:be:0c:ea:b6:8f:70:
         30:44:5d:4e:32:01:6f:c1:54:51:53:60:4f:bd:02:29:03:45:
         05:6c:6e:6a:22:f0:c7:df:20:cd:be:a5:d5:92:b2:e0:18:b1:
         b3:ba:29:38:33:c8:97:44:cc:fe:93:df:8b:04:5b:7f:c7:53:
         7b:ca:39:72:b1:79:e9:d7:f4:37:ab:d1:eb:81:95:49:55:d6:
         98:b4:a1:8a:e5:95:69:63:7c:ae:02:f2:57:24:67:b1:53:46:
         aa:ff:97:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdFCNuh6aI9YTgovcCxMA8FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwNjA2MTEzODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGU1Y2FlMzlmODQ2YjUzODMwNTQ5Zjc1NjcwZDkzYWFjZDA1YjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns5Uxd7REH4u0DGXy7PlQkq7mx3x
QKYPrmy4O+HYl9xKG8VQ+txNS/eeTWAGhUFGZ1HrHmgxetS/AAF26szo0Bbwwcch
iMpPsNnV1w0POt1J2pmer2ZSKGPGEda9GpKf/IVADyqczKb8kpVgf7mdLvkfgOws
oYKD8o6jPeW+6puGhoq0CQyNQkcVly6lrOok4EHql8sTQZOrXxMLEQVW1pZNbLsh
1EPPGGfuUPTGZv7Gj6OY1jmsdJ/3DriCutZ1yw8w/TPZiYlVJZZZAbG8z4SnSvKW
TEzMcUOtSYc+rM+9qq9/iRX3WkBni0pML3qSJr3YzwIyAezxXp1u1AmtAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFDlyuOfhGtTgwVJ91Zw2Tqs0FslMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvVU9YSzQ1LUVhMU9EQlVuM1ZuRFpPcXpRV3lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV6pMA0G
CSqGSIb3DQEBCwUAA4IBAQC7B/mjJJhuanhARts8cuFXTGW8HM9SkfgAgHhOsa0o
A2AUEGcGD+anjzvIkpgdg3LmYYadxVHa4INN2WjpM0/GYmCtqOZmx4izAbqDk+gp
l2Z6izh1hWrru4dJfzosNQ/iP3wiGVJNbrbAdfxXXG+FHWkRpnkH9MSFi45ExoX/
dqRoonguTZVePuWs6dFWKR9ETdiO1Qbg74tPSui+DOq2j3AwRF1OMgFvwVRRU2BP
vQIpA0UFbG5qIvDH3yDNvqXVkrLgGLGzuik4M8iXRMz+k9+LBFt/x1N7yjlysXnp
1/Q3q9HrgZVJVdaYtKGK5ZVpY3yuAvJXJGexU0aq/5c/
-----END CERTIFICATE-----