Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/a2a3a4-ab75-49d4-a941-353f9812b1db/1/UgsRDxhywXk4MfHIBdl-QkLshrM.roa
File:                     UgsRDxhywXk4MfHIBdl-QkLshrM.roa (raw, json)
Hash identifier:          1EO7MNWgD2gUJxeDOkY3VOfENiI716cNX952Luzw2hs=
Subject key identifier:   52:0B:11:0F:18:72:C1:79:38:31:F1:C8:05:D9:7E:42:42:EC:86:B3
Certificate issuer:       /CN=8794395ac822dfe01165216c7781ffd61db28d5b
Certificate serial:       019336802C838639DCE7CC5DFA9203EEA6F9
Authority key identifier: 87:94:39:5A:C8:22:DF:E0:11:65:21:6C:77:81:FF:D6:1D:B2:8D:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h5Q5Wsgi3-ARZSFsd4H_1h2yjVs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/a2a3a4-ab75-49d4-a941-353f9812b1db/1/UgsRDxhywXk4MfHIBdl-QkLshrM.roa
Signing time:             Sat 16 Nov 2024 19:43:09 +0000
ROA not before:           Sat 16 Nov 2024 19:43:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49824
IP address blocks:        185.46.143.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/a2a3a4-ab75-49d4-a941-353f9812b1db/1/h5Q5Wsgi3-ARZSFsd4H_1h2yjVs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/a2a3a4-ab75-49d4-a941-353f9812b1db/1/h5Q5Wsgi3-ARZSFsd4H_1h2yjVs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h5Q5Wsgi3-ARZSFsd4H_1h2yjVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 19:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:36:80:2c:83:86:39:dc:e7:cc:5d:fa:92:03:ee:a6:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8794395ac822dfe01165216c7781ffd61db28d5b
        Validity
            Not Before: Nov 16 19:43:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=520b110f1872c1793831f1c805d97e4242ec86b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:a0:22:5e:97:08:6a:90:f8:91:10:56:2d:ba:
                    99:80:b5:ec:a7:27:8d:e0:5d:ca:98:44:9a:06:aa:
                    b0:8e:55:ea:61:c7:45:2b:aa:8a:2c:f2:f3:f7:8f:
                    71:ed:00:a5:27:5a:ea:a2:57:16:69:69:da:cf:88:
                    f2:fe:30:a1:a7:3c:a0:82:bf:d7:97:e4:d3:4c:29:
                    a1:eb:cc:90:63:47:ed:66:fb:8a:61:73:da:4f:28:
                    08:93:b4:51:1d:a4:ca:7f:dd:bb:bf:72:4b:13:8c:
                    ce:e1:bd:c4:35:5e:3b:6a:10:dc:70:df:98:d3:73:
                    3e:28:9e:39:65:10:ea:be:d6:99:84:eb:70:aa:4b:
                    50:f7:c1:9d:d5:c8:bb:d2:60:be:b5:50:f5:f9:e5:
                    46:8e:c1:49:60:8c:35:c3:a8:97:8f:b7:d0:f8:ab:
                    b3:f4:70:4d:a9:a3:d2:a6:e0:7f:98:a3:85:6e:cd:
                    fd:d8:49:1d:8b:4a:c3:53:b1:19:7b:30:a9:ed:66:
                    78:25:2a:ee:5f:18:3c:26:2b:3c:b9:9e:bb:fe:5d:
                    a4:57:ca:72:27:88:42:e5:0b:a7:d9:c9:18:42:28:
                    41:99:b5:6c:9b:f6:d0:5e:60:47:8d:d6:b4:77:4a:
                    cc:c2:e6:50:fe:6f:a8:9e:14:69:72:55:61:e9:8b:
                    6e:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:0B:11:0F:18:72:C1:79:38:31:F1:C8:05:D9:7E:42:42:EC:86:B3
            X509v3 Authority Key Identifier:
                keyid:87:94:39:5A:C8:22:DF:E0:11:65:21:6C:77:81:FF:D6:1D:B2:8D:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h5Q5Wsgi3-ARZSFsd4H_1h2yjVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/a2a3a4-ab75-49d4-a941-353f9812b1db/1/UgsRDxhywXk4MfHIBdl-QkLshrM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/a2a3a4-ab75-49d4-a941-353f9812b1db/1/h5Q5Wsgi3-ARZSFsd4H_1h2yjVs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.46.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:4b:c7:2a:56:de:3e:d7:a5:c7:a5:7c:7a:b5:29:cf:27:d8:
         6d:b2:50:90:7c:88:8b:32:85:87:b2:17:a4:83:ff:3f:c3:87:
         33:7c:5d:1d:6e:a6:e5:97:77:30:d6:e8:75:dd:c9:7f:54:cc:
         ed:b8:93:84:ca:53:be:a6:ac:f7:1d:5d:ff:e2:ed:b5:0d:00:
         9e:e9:29:c7:b7:0a:30:a2:23:de:fe:a3:91:ac:aa:66:22:ef:
         07:5b:f6:78:50:2c:33:01:56:14:a1:63:ab:f8:c4:26:f0:af:
         e6:84:31:50:93:f1:3c:07:b8:af:c4:04:7a:60:8a:ea:f1:58:
         a4:99:1f:a2:59:bf:04:a9:b8:37:56:ff:56:c7:27:b5:0b:33:
         40:18:eb:a6:fd:f3:81:74:b0:c7:35:3e:0e:32:7f:24:71:3a:
         69:3b:02:78:76:73:0d:db:53:f8:b2:e6:63:a8:42:8f:2f:eb:
         8f:06:7f:d6:fa:14:fe:24:8d:ff:43:e1:1f:ba:df:c8:d1:60:
         81:aa:38:a1:22:7e:6d:e2:81:cb:82:51:f0:b5:ee:35:e9:5b:
         4e:81:f0:a6:ce:5e:86:e4:b2:55:f6:35:e4:04:f9:28:c3:1e:
         94:ef:a0:1f:38:b0:60:45:b2:b1:82:59:ed:a8:d8:cd:29:b9:
         cb:ea:1c:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZM2gCyDhjnc58xd+pID7qb5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3OTQzOTVhYzgyMmRmZTAxMTY1MjE2Yzc3ODFmZmQ2MWRi
MjhkNWIwHhcNMjQxMTE2MTk0MzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjBiMTEwZjE4NzJjMTc5MzgzMWYxYzgwNWQ5N2U0MjQyZWM4NmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxaAiXpcIapD4kRBWLbqZgLXspyeN
4F3KmESaBqqwjlXqYcdFK6qKLPLz949x7QClJ1rqolcWaWnaz4jy/jChpzyggr/X
l+TTTCmh68yQY0ftZvuKYXPaTygIk7RRHaTKf927v3JLE4zO4b3ENV47ahDccN+Y
03M+KJ45ZRDqvtaZhOtwqktQ98Gd1ci70mC+tVD1+eVGjsFJYIw1w6iXj7fQ+Kuz
9HBNqaPSpuB/mKOFbs392Ekdi0rDU7EZezCp7WZ4JSruXxg8Jis8uZ67/l2kV8py
J4hC5Qun2ckYQihBmbVsm/bQXmBHjda0d0rMwuZQ/m+onhRpclVh6Ytu1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFILEQ8YcsF5ODHxyAXZfkJC7IazMB8GA1UdIwQY
MBaAFIeUOVrIIt/gEWUhbHeB/9Ydso1bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDVRNVdzZ2kzLUFSWlNGc2Q0SF8xaDJ5alZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9hMmEzYTQtYWI3NS00OWQ0LWE5NDEt
MzUzZjk4MTJiMWRiLzEvVWdzUkR4aHl3WGs0TWZISUJkbC1Ra0xzaHJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9hMmEzYTQtYWI3NS00OWQ0LWE5NDEtMzUzZjk4MTJiMWRi
LzEvaDVRNVdzZ2kzLUFSWlNGc2Q0SF8xaDJ5alZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuS6PMA0G
CSqGSIb3DQEBCwUAA4IBAQAYS8cqVt4+16XHpXx6tSnPJ9htslCQfIiLMoWHshek
g/8/w4czfF0dbqbll3cw1uh13cl/VMztuJOEylO+pqz3HV3/4u21DQCe6SnHtwow
oiPe/qORrKpmIu8HW/Z4UCwzAVYUoWOr+MQm8K/mhDFQk/E8B7ivxAR6YIrq8Vik
mR+iWb8Eqbg3Vv9Wxye1CzNAGOum/fOBdLDHNT4OMn8kcTppOwJ4dnMN21P4suZj
qEKPL+uPBn/W+hT+JI3/Q+Efut/I0WCBqjihIn5t4oHLglHwte416VtOgfCmzl6G
5LJV9jXkBPkowx6U76AfOLBgRbKxglntqNjNKbnL6hw1
-----END CERTIFICATE-----