Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/a5a175-8092-4c63-b038-2c4406b48941/1/t-UVRaA-1trhmEw42fVggRqS2PY.roa
File:                     t-UVRaA-1trhmEw42fVggRqS2PY.roa (raw, json)
Hash identifier:          o74jw9o9fn+DPa4kjlUIGJ6L2CE7n+n6ON1dXtF89R4=
Subject key identifier:   B7:E5:15:45:A0:3E:D6:DA:E1:98:4C:38:D9:F5:60:81:1A:92:D8:F6
Certificate issuer:       /CN=e7b33e9e3c932f7a542eb021056ce94b1e8b8f0b
Certificate serial:       018D4546E96FE5D41F438ED7817463D2D9E2
Authority key identifier: E7:B3:3E:9E:3C:93:2F:7A:54:2E:B0:21:05:6C:E9:4B:1E:8B:8F:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/57M-njyTL3pULrAhBWzpSx6Ljws.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/a5a175-8092-4c63-b038-2c4406b48941/1/t-UVRaA-1trhmEw42fVggRqS2PY.roa
Signing time:             Fri 26 Jan 2024 10:18:11 +0000
ROA not before:           Fri 26 Jan 2024 10:18:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50606
IP address blocks:        109.196.32.0/20 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/a5a175-8092-4c63-b038-2c4406b48941/1/57M-njyTL3pULrAhBWzpSx6Ljws.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/a5a175-8092-4c63-b038-2c4406b48941/1/57M-njyTL3pULrAhBWzpSx6Ljws.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/57M-njyTL3pULrAhBWzpSx6Ljws.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:45:46:e9:6f:e5:d4:1f:43:8e:d7:81:74:63:d2:d9:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7b33e9e3c932f7a542eb021056ce94b1e8b8f0b
        Validity
            Not Before: Jan 26 10:18:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b7e51545a03ed6dae1984c38d9f560811a92d8f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:2c:e5:26:18:2e:81:df:d2:8d:15:f0:60:cd:
                    2f:97:3c:37:10:0b:b1:5c:cd:12:89:8e:b6:55:65:
                    fe:c4:27:78:8c:11:18:08:b6:84:42:95:20:c7:e8:
                    c6:6c:63:71:ed:24:4d:62:d2:c5:64:7b:a2:43:6d:
                    45:8e:9a:65:18:2d:ab:14:29:7f:c0:99:31:6b:a9:
                    9e:03:86:e4:1d:bc:4e:99:3d:d5:ea:49:af:69:35:
                    ac:12:1d:0f:c9:13:c9:17:c4:f8:85:dd:97:c6:ec:
                    60:0f:7e:20:4f:7a:b7:f4:25:70:8c:d6:62:8e:d1:
                    b4:12:5a:ee:2c:24:37:66:d5:b1:2e:c6:91:76:fa:
                    23:01:ec:b4:60:34:b2:71:88:70:e9:12:ba:99:e8:
                    0b:4e:20:be:69:4f:49:9e:21:12:ab:98:b0:04:54:
                    be:83:3f:7b:ee:1f:ce:e2:21:bb:4e:65:7b:b0:d9:
                    48:03:23:5c:10:d4:34:27:55:88:a8:f2:a3:09:2a:
                    67:30:2a:b5:51:19:e6:7b:6e:29:b9:74:6e:0e:3b:
                    85:ba:b6:a1:ef:b0:47:55:1b:ca:6f:68:23:e4:04:
                    46:d1:38:b6:e0:37:71:f3:26:2d:bc:a4:8f:67:17:
                    e0:38:5d:1f:f0:5c:f1:4d:06:81:09:e9:82:96:43:
                    04:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:E5:15:45:A0:3E:D6:DA:E1:98:4C:38:D9:F5:60:81:1A:92:D8:F6
            X509v3 Authority Key Identifier:
                keyid:E7:B3:3E:9E:3C:93:2F:7A:54:2E:B0:21:05:6C:E9:4B:1E:8B:8F:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/57M-njyTL3pULrAhBWzpSx6Ljws.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/a5a175-8092-4c63-b038-2c4406b48941/1/t-UVRaA-1trhmEw42fVggRqS2PY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/a5a175-8092-4c63-b038-2c4406b48941/1/57M-njyTL3pULrAhBWzpSx6Ljws.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.196.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         67:8a:64:f2:f3:83:e0:25:df:c6:f9:14:7e:ff:7a:62:cf:9d:
         01:44:e7:d2:c1:5c:45:8b:83:e5:8b:ae:0e:d9:ab:1a:c0:8c:
         f5:23:8b:3f:44:65:da:22:65:db:e7:07:73:b0:60:d2:c7:42:
         86:c0:c9:95:74:de:79:24:c7:50:c8:e3:0a:4a:8b:6d:9b:ec:
         33:f0:e3:9b:3d:ce:46:fc:73:bc:fe:7f:9c:f7:ba:3a:8b:fb:
         41:33:5e:11:7a:80:42:79:c6:35:0e:7f:d9:62:e3:22:c9:7c:
         43:23:8e:d9:49:43:0e:cf:d6:db:e6:bd:63:17:b8:55:5e:25:
         ae:03:71:07:76:18:ac:e8:ac:e8:32:10:26:f5:b8:d4:2d:76:
         ac:be:f9:96:48:54:24:9b:db:34:0f:6d:e2:9d:98:3f:c1:b3:
         a1:5e:08:73:9f:62:92:3e:90:9a:b7:1b:fe:e0:48:e0:47:20:
         89:9d:b5:36:4e:13:6c:a4:2a:d8:04:ff:44:3d:a0:15:b1:64:
         8e:69:60:c4:87:a4:24:a1:f5:48:57:a8:70:1e:b6:b6:ce:36:
         eb:1a:e1:33:cc:56:d7:7e:8d:aa:8d:33:91:21:cf:d8:38:30:
         38:a7:f8:1c:95:a3:96:4a:4a:62:2c:0e:43:cd:75:f8:2f:9c:
         d2:b2:10:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1FRulv5dQfQ47XgXRj0tniMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3YjMzZTllM2M5MzJmN2E1NDJlYjAyMTA1NmNlOTRiMWU4
YjhmMGIwHhcNMjQwMTI2MTAxODExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2U1MTU0NWEwM2VkNmRhZTE5ODRjMzhkOWY1NjA4MTFhOTJkOGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlCzlJhgugd/SjRXwYM0vlzw3EAux
XM0SiY62VWX+xCd4jBEYCLaEQpUgx+jGbGNx7SRNYtLFZHuiQ21FjpplGC2rFCl/
wJkxa6meA4bkHbxOmT3V6kmvaTWsEh0PyRPJF8T4hd2XxuxgD34gT3q39CVwjNZi
jtG0ElruLCQ3ZtWxLsaRdvojAey0YDSycYhw6RK6megLTiC+aU9JniESq5iwBFS+
gz977h/O4iG7TmV7sNlIAyNcENQ0J1WIqPKjCSpnMCq1URnme24puXRuDjuFurah
77BHVRvKb2gj5ARG0Ti24Ddx8yYtvKSPZxfgOF0f8FzxTQaBCemClkMEDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLflFUWgPtba4ZhMONn1YIEaktj2MB8GA1UdIwQY
MBaAFOezPp48ky96VC6wIQVs6Usei48LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTdNLW5qeVRMM3BVTHJBaEJXenBTeDZMandzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi9hNWExNzUtODA5Mi00YzYzLWIwMzgt
MmM0NDA2YjQ4OTQxLzEvdC1VVlJhQS0xdHJobUV3NDJmVmdnUnFTMlBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi9hNWExNzUtODA5Mi00YzYzLWIwMzgtMmM0NDA2YjQ4OTQx
LzEvNTdNLW5qeVRMM3BVTHJBaEJXenBTeDZMandzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEbcQgMA0G
CSqGSIb3DQEBCwUAA4IBAQBnimTy84PgJd/G+RR+/3piz50BROfSwVxFi4Pli64O
2asawIz1I4s/RGXaImXb5wdzsGDSx0KGwMmVdN55JMdQyOMKSottm+wz8OObPc5G
/HO8/n+c97o6i/tBM14ReoBCecY1Dn/ZYuMiyXxDI47ZSUMOz9bb5r1jF7hVXiWu
A3EHdhis6KzoMhAm9bjULXasvvmWSFQkm9s0D23inZg/wbOhXghzn2KSPpCatxv+
4EjgRyCJnbU2ThNspCrYBP9EPaAVsWSOaWDEh6QkofVIV6hwHra2zjbrGuEzzFbX
fo2qjTORIc/YODA4p/gclaOWSkpiLA5DzXX4L5zSshBO
-----END CERTIFICATE-----