Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/ueM2nMrwkofaK_rHeqc6ltcnBzk.roa
File:                     ueM2nMrwkofaK_rHeqc6ltcnBzk.roa (raw, json)
Hash identifier:          g28AOvvhq1qb/RQhGnNDJ5iCY8UIW2It+aru1uZmD6k=
Subject key identifier:   B9:E3:36:9C:CA:F0:92:87:DA:2B:FA:C7:7A:A7:3A:96:D7:27:07:39
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       019206564049915822017AB4F31252CE2C1E
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/ueM2nMrwkofaK_rHeqc6ltcnBzk.roa
Signing time:             Wed 18 Sep 2024 18:12:48 +0000
ROA not before:           Wed 18 Sep 2024 18:12:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214279
IP address blocks:        43.240.149.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:40:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:06:56:40:49:91:58:22:01:7a:b4:f3:12:52:ce:2c:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Sep 18 18:12:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9e3369ccaf09287da2bfac77aa73a96d7270739
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:7b:23:77:ae:3c:85:cd:35:53:53:fb:c4:49:
                    3f:9f:58:fb:9d:14:6e:8a:72:b2:41:fe:43:99:91:
                    5b:b7:a0:20:67:10:3e:04:b9:70:e7:fe:0c:f8:77:
                    23:ab:94:9a:64:0d:ac:25:e0:a2:cc:23:28:2d:8a:
                    dd:0b:1d:e0:4e:9a:da:bd:23:f4:d9:fc:bc:2e:8b:
                    5e:57:06:89:60:81:56:79:e8:58:f8:1a:3d:66:1c:
                    40:b8:6a:98:15:cf:eb:a2:03:15:be:e0:11:20:93:
                    0d:d5:f8:73:e9:cc:b1:e5:77:5a:d1:bf:68:92:f0:
                    71:f0:47:39:01:08:db:fd:85:da:3b:7f:c2:7d:bd:
                    0a:cf:80:37:e2:e4:ef:0a:4e:5b:24:aa:76:8b:c8:
                    e7:50:03:fb:e6:04:15:0b:23:1e:df:95:8f:0b:f3:
                    81:a9:4c:0d:47:1e:f2:fd:48:0c:7c:e1:92:a5:e9:
                    ad:b9:ef:27:cd:f6:d3:34:cf:57:52:c5:02:f0:b9:
                    f5:09:aa:69:8e:17:64:df:2e:e8:b3:93:77:7d:be:
                    09:b6:17:bc:44:85:88:4f:34:15:7c:77:2d:95:4d:
                    ea:0b:14:91:59:00:15:57:f9:3e:c5:f6:e4:25:f3:
                    14:18:82:79:fb:d3:46:04:98:31:74:66:84:10:84:
                    ae:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:E3:36:9C:CA:F0:92:87:DA:2B:FA:C7:7A:A7:3A:96:D7:27:07:39
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/ueM2nMrwkofaK_rHeqc6ltcnBzk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.240.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:72:8a:81:9c:c7:0e:eb:65:76:c5:32:50:67:94:b7:40:74:
         f3:ef:f9:19:a2:5f:11:02:d1:b3:f1:bf:fd:70:e0:aa:53:ad:
         62:4a:12:bb:7a:f9:39:53:69:bc:2b:e7:58:7c:2e:80:5c:f1:
         9a:c7:28:7c:a5:de:1d:6c:eb:da:c6:57:c6:ef:35:74:65:d6:
         1f:03:c7:7c:b3:16:ef:65:2b:ff:fb:2e:80:54:01:43:49:05:
         13:2b:94:c1:b4:71:f8:9e:a8:7d:23:f0:52:42:59:6b:b1:e1:
         47:b9:2f:b7:ee:3d:60:43:89:d9:8f:72:fe:a0:89:48:8b:c5:
         ed:ff:93:00:db:67:aa:24:e7:b2:c1:49:c2:94:b1:a2:bb:fa:
         b7:13:58:45:f7:3a:3e:74:c3:7a:ef:09:73:14:0f:0f:b2:fd:
         0d:d8:b4:43:6a:3c:27:8a:c1:36:b8:63:99:f4:71:37:10:eb:
         ae:b2:e2:f1:c3:44:cf:8d:71:8d:f0:ed:ec:50:3c:8f:38:eb:
         42:c5:67:4c:37:f8:b9:a6:ba:63:d7:28:e2:fe:f6:13:4d:6b:
         28:74:41:a6:4d:bb:d5:90:e5:67:98:d4:c4:49:b5:84:d1:ca:
         9c:69:e7:7a:13:2c:ca:e0:36:b2:29:59:d1:dd:bd:7b:d6:0a:
         1d:7b:2f:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIGVkBJkVgiAXq08xJSziweMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjQwOTE4MTgxMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWUzMzY5Y2NhZjA5Mjg3ZGEyYmZhYzc3YWE3M2E5NmQ3MjcwNzM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmnsjd648hc01U1P7xEk/n1j7nRRu
inKyQf5DmZFbt6AgZxA+BLlw5/4M+Hcjq5SaZA2sJeCizCMoLYrdCx3gTpravSP0
2fy8LoteVwaJYIFWeehY+Bo9ZhxAuGqYFc/rogMVvuARIJMN1fhz6cyx5Xda0b9o
kvBx8Ec5AQjb/YXaO3/Cfb0Kz4A34uTvCk5bJKp2i8jnUAP75gQVCyMe35WPC/OB
qUwNRx7y/UgMfOGSpemtue8nzfbTNM9XUsUC8Ln1Cappjhdk3y7os5N3fb4Jthe8
RIWITzQVfHctlU3qCxSRWQAVV/k+xfbkJfMUGIJ5+9NGBJgxdGaEEISuIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLnjNpzK8JKH2iv6x3qnOpbXJwc5MB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvdWVNMm5Ncndrb2ZhS19ySGVxYzZsdGNuQnprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAK/CVMA0G
CSqGSIb3DQEBCwUAA4IBAQCbcoqBnMcO62V2xTJQZ5S3QHTz7/kZol8RAtGz8b/9
cOCqU61iShK7evk5U2m8K+dYfC6AXPGaxyh8pd4dbOvaxlfG7zV0ZdYfA8d8sxbv
ZSv/+y6AVAFDSQUTK5TBtHH4nqh9I/BSQllrseFHuS+37j1gQ4nZj3L+oIlIi8Xt
/5MA22eqJOeywUnClLGiu/q3E1hF9zo+dMN67wlzFA8Psv0N2LRDajwnisE2uGOZ
9HE3EOuusuLxw0TPjXGN8O3sUDyPOOtCxWdMN/i5prpj1yji/vYTTWsodEGmTbvV
kOVnmNTESbWE0cqcaed6EyzK4DayKVnR3b171godey/5
-----END CERTIFICATE-----