Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/upsXCpuow-YEApIUQ44j__fptQU.roa
File:                     upsXCpuow-YEApIUQ44j__fptQU.roa (raw, json)
Hash identifier:          sudoLJ9tmS2PTwhCXU0HybPGVg6gfPcVI5ZB0d5E8F4=
Subject key identifier:   BA:9B:17:0A:9B:A8:C3:E6:04:02:92:14:43:8E:23:FF:F7:E9:B5:05
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       018D8F9EF423E74FD8BAF4B7598AE36E6365
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/upsXCpuow-YEApIUQ44j__fptQU.roa
Signing time:             Fri 09 Feb 2024 20:46:15 +0000
ROA not before:           Fri 09 Feb 2024 20:46:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200017
IP address blocks:        87.237.167.0/24 maxlen: 24
                          89.251.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:8f:9e:f4:23:e7:4f:d8:ba:f4:b7:59:8a:e3:6e:63:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Feb  9 20:46:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba9b170a9ba8c3e604029214438e23fff7e9b505
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:d6:0e:da:e1:9c:5a:e7:51:ee:c6:60:f4:24:
                    25:36:f8:e6:4a:59:ef:ab:0f:92:91:4a:89:f2:f6:
                    1b:9c:3c:2b:46:e9:c7:66:2a:aa:10:b8:86:1e:b1:
                    6d:26:4c:50:bf:5a:ff:c6:d2:38:a8:5c:3d:62:2a:
                    5c:7e:32:3d:33:4b:62:b8:e6:e4:ca:70:b0:d5:4a:
                    99:67:ec:02:6d:ac:6f:b3:b1:db:63:8a:57:fd:8b:
                    27:a1:3b:c6:6a:c6:47:cd:cb:b1:5a:6c:87:c8:d6:
                    62:16:62:b6:b4:aa:fa:c3:45:36:40:d4:90:82:6f:
                    e5:83:e5:b9:ee:93:4b:36:42:81:77:bb:22:a0:37:
                    ac:83:7e:58:5f:4e:42:9c:c9:d1:af:cd:ed:d8:a4:
                    a0:f0:42:ab:0e:de:2e:81:fa:d5:df:06:c1:57:62:
                    8d:d5:4b:b6:43:bc:13:7b:75:4e:c5:3f:30:89:e3:
                    8d:c7:5b:a1:0a:8e:cb:31:83:c7:ea:68:72:f3:eb:
                    dc:5d:91:1f:3a:8c:38:79:fb:79:ce:27:b3:53:41:
                    14:d7:cb:e9:5c:3e:82:a7:a8:1a:db:c6:9f:d1:69:
                    6a:ee:e6:17:5c:10:6a:99:5c:f4:a1:2e:dd:6b:d0:
                    f5:4e:c6:51:2d:96:bc:9f:c9:ed:7e:f6:6a:d0:a0:
                    c6:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:9B:17:0A:9B:A8:C3:E6:04:02:92:14:43:8E:23:FF:F7:E9:B5:05
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/upsXCpuow-YEApIUQ44j__fptQU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.237.167.0/24
                  89.251.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:33:2c:c3:42:68:d3:82:4d:29:d5:33:4b:56:f9:d9:fc:9d:
         3f:09:48:8c:1c:cf:7a:8a:4b:36:34:6d:bf:ee:9f:b7:dd:f4:
         40:3e:af:d2:54:cc:1e:6a:38:43:30:65:70:b9:7e:6e:38:f4:
         d9:82:2e:96:f8:4e:23:c2:66:68:92:0c:e1:81:3f:42:5b:01:
         6b:99:88:78:85:dc:b6:28:e5:98:6c:34:42:43:fe:e3:3b:65:
         bb:a4:fe:cc:04:d3:b9:9a:02:e3:06:07:80:0c:aa:3c:bc:d7:
         17:15:a3:af:c4:12:6f:2f:12:3f:75:c1:10:ac:28:6a:a9:c9:
         a9:27:9d:49:13:04:3e:ea:2d:5b:e3:20:15:50:2e:0c:3c:53:
         44:96:41:c5:49:9f:7f:ec:d4:1a:82:23:b6:96:8e:47:56:ee:
         43:32:43:4d:d4:f3:78:d6:c8:2e:5d:1a:d1:5b:76:96:69:bc:
         4a:88:81:43:c0:f8:65:4f:e6:4c:cf:92:cc:40:f9:b6:35:61:
         62:c2:e8:71:0c:01:e2:25:ea:75:13:a2:78:5a:6e:30:55:4e:
         4c:27:4a:f0:1d:af:db:0c:e4:f0:a6:40:40:15:50:bd:cf:1a:
         cc:3d:41:20:80:09:7a:44:a6:65:93:1f:42:b9:4d:44:c3:54:
         c3:e1:1d:2a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY2PnvQj50/YuvS3WYrjbmNlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjQwMjA5MjA0NjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTliMTcwYTliYThjM2U2MDQwMjkyMTQ0MzhlMjNmZmY3ZTliNTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuNYO2uGcWudR7sZg9CQlNvjmSlnv
qw+SkUqJ8vYbnDwrRunHZiqqELiGHrFtJkxQv1r/xtI4qFw9YipcfjI9M0tiuObk
ynCw1UqZZ+wCbaxvs7HbY4pX/YsnoTvGasZHzcuxWmyHyNZiFmK2tKr6w0U2QNSQ
gm/lg+W57pNLNkKBd7sioDesg35YX05CnMnRr83t2KSg8EKrDt4ugfrV3wbBV2KN
1Uu2Q7wTe3VOxT8wieONx1uhCo7LMYPH6mhy8+vcXZEfOow4eft5ziezU0EU18vp
XD6Cp6ga28af0Wlq7uYXXBBqmVz0oS7da9D1TsZRLZa8n8ntfvZq0KDGRwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLqbFwqbqMPmBAKSFEOOI//36bUFMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvdXBzWENwdW93LVlFQXBJVVE0NGpfX2ZwdFFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV+2nAwQA
WfseMA0GCSqGSIb3DQEBCwUAA4IBAQB3MyzDQmjTgk0p1TNLVvnZ/J0/CUiMHM96
iks2NG2/7p+33fRAPq/SVMweajhDMGVwuX5uOPTZgi6W+E4jwmZokgzhgT9CWwFr
mYh4hdy2KOWYbDRCQ/7jO2W7pP7MBNO5mgLjBgeADKo8vNcXFaOvxBJvLxI/dcEQ
rChqqcmpJ51JEwQ+6i1b4yAVUC4MPFNElkHFSZ9/7NQagiO2lo5HVu5DMkNN1PN4
1sguXRrRW3aWabxKiIFDwPhlT+ZMz5LMQPm2NWFiwuhxDAHiJep1E6J4Wm4wVU5M
J0rwHa/bDOTwpkBAFVC9zxrMPUEggAl6RKZlkx9CuU1Ew1TD4R0q
-----END CERTIFICATE-----