Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/Uqwe8UZcjgYEN08O25f1LVrr_CA.roa
File:                     Uqwe8UZcjgYEN08O25f1LVrr_CA.roa (raw, json)
Hash identifier:          ckh/U9KJSW5QZUvCaBVHxtYs631RVK8lFNL6WdVR6WM=
Subject key identifier:   52:AC:1E:F1:46:5C:8E:06:04:37:4F:0E:DB:97:F5:2D:5A:EB:FC:20
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       018CC86FB39545E8968F603805E8EF075C20
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/Uqwe8UZcjgYEN08O25f1LVrr_CA.roa
Signing time:             Tue 02 Jan 2024 04:30:12 +0000
ROA not before:           Tue 02 Jan 2024 04:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202813
IP address blocks:        45.88.152.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:b3:95:45:e8:96:8f:60:38:05:e8:ef:07:5c:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Jan  2 04:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=52ac1ef1465c8e0604374f0edb97f52d5aebfc20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:3e:32:69:b3:c1:c2:cf:63:97:ed:14:f2:37:
                    6f:30:3b:a6:0f:7f:d5:8c:2c:b6:8c:3b:a4:8e:ca:
                    36:7d:14:8e:56:41:c0:ee:08:85:0b:55:15:f7:fd:
                    ad:b4:da:6c:b0:35:32:16:ff:13:d1:40:82:d4:32:
                    6c:8f:46:7e:88:71:64:da:18:8c:01:5d:15:94:03:
                    56:68:c0:00:e5:e7:de:42:b7:bb:8c:18:32:36:bd:
                    0a:f5:e4:29:06:db:15:24:d0:4f:9b:5d:5a:27:4c:
                    2d:ea:f0:0a:99:83:e0:7d:f0:5d:5a:3a:34:b1:6d:
                    48:d0:d6:19:20:e6:cf:f3:95:1d:40:f1:4f:9d:69:
                    79:e8:39:6d:27:7f:d4:c0:20:3d:b2:8a:36:24:e8:
                    bc:7b:cf:93:03:c4:2c:85:ae:27:15:6f:33:c4:a9:
                    ce:8b:50:b0:95:50:09:42:7b:5c:98:90:c0:ce:0c:
                    05:2b:fa:a6:5b:9c:2d:6f:b8:6d:fb:a2:d3:e6:a4:
                    86:53:0c:22:88:90:04:b4:e8:79:e4:e8:60:b2:6d:
                    33:78:8f:29:ea:c5:2e:38:db:ab:b3:75:27:f3:65:
                    5d:78:55:62:17:fc:47:08:5a:be:cc:41:88:5d:bf:
                    dc:c2:65:d8:16:10:96:b1:ae:51:93:7e:df:16:40:
                    c3:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:AC:1E:F1:46:5C:8E:06:04:37:4F:0E:DB:97:F5:2D:5A:EB:FC:20
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/Uqwe8UZcjgYEN08O25f1LVrr_CA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4e:b6:f6:78:15:f6:53:31:e5:3d:61:72:f6:6d:91:cb:e4:bf:
         29:25:eb:75:2a:7d:48:1a:fb:13:07:a2:dd:40:a3:0e:c0:ea:
         bf:2d:bf:c7:28:7f:0a:6b:82:05:c7:c1:e5:0f:0c:a9:5a:36:
         f1:ea:34:39:2f:87:48:dc:23:73:85:27:71:ca:ae:33:fc:cd:
         22:90:95:e5:20:5c:0f:d3:ac:1e:b8:fa:43:1e:12:46:28:e7:
         ef:b9:4f:bf:c1:1d:85:2c:a6:bb:c6:a8:49:40:42:b6:eb:ac:
         b7:bc:7f:c9:31:c0:9e:43:ad:23:ba:50:7c:b0:00:ad:16:e1:
         44:1b:e1:83:90:c3:e4:6b:71:fd:2f:ae:cd:40:e3:bb:0c:5d:
         3e:fc:11:f5:3c:91:5e:18:3e:1a:4e:a4:d2:a8:d5:f8:07:5c:
         2c:86:7c:ba:be:f0:7b:3c:87:11:c2:19:2e:cd:42:2b:40:68:
         16:1c:a3:a0:d2:0c:91:25:3c:67:30:a5:6a:d2:ac:d4:77:70:
         d2:72:46:c7:da:5d:97:74:4e:6c:25:bf:03:23:e3:db:39:e9:
         ec:a4:e1:49:c0:e2:d2:ec:e3:a7:20:19:75:52:87:6d:65:f1:
         6d:7a:bc:74:e5:71:a2:98:2f:2e:58:b8:9b:4d:42:17:cc:e4:
         17:5c:76:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb7OVReiWj2A4BejvB1wgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTNkM2JhMTk3ZjVjZTMwOThiZmE3NzAwYjQzODU0ZWFh
ODBlOWUwHhcNMjQwMTAyMDQzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmFjMWVmMTQ2NWM4ZTA2MDQzNzRmMGVkYjk3ZjUyZDVhZWJmYzIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmj4yabPBws9jl+0U8jdvMDumD3/V
jCy2jDukjso2fRSOVkHA7giFC1UV9/2ttNpssDUyFv8T0UCC1DJsj0Z+iHFk2hiM
AV0VlANWaMAA5efeQre7jBgyNr0K9eQpBtsVJNBPm11aJ0wt6vAKmYPgffBdWjo0
sW1I0NYZIObP85UdQPFPnWl56DltJ3/UwCA9soo2JOi8e8+TA8Qsha4nFW8zxKnO
i1CwlVAJQntcmJDAzgwFK/qmW5wtb7ht+6LT5qSGUwwiiJAEtOh55Ohgsm0zeI8p
6sUuONurs3Un82VdeFViF/xHCFq+zEGIXb/cwmXYFhCWsa5Rk37fFkDDjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFKsHvFGXI4GBDdPDtuX9S1a6/wgMB8GA1UdIwQY
MBaAFC+T07oZf1zjCYv6dwC0OFTqqA6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUt
OWU3MWRjMjRhNjgzLzEvVXF3ZThVWmNqZ1lFTjA4TzI1ZjFMVnJyX0NBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUtOWU3MWRjMjRhNjgz
LzEvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLViYMA0G
CSqGSIb3DQEBCwUAA4IBAQBOtvZ4FfZTMeU9YXL2bZHL5L8pJet1Kn1IGvsTB6Ld
QKMOwOq/Lb/HKH8Ka4IFx8HlDwypWjbx6jQ5L4dI3CNzhSdxyq4z/M0ikJXlIFwP
06weuPpDHhJGKOfvuU+/wR2FLKa7xqhJQEK266y3vH/JMcCeQ60julB8sACtFuFE
G+GDkMPka3H9L67NQOO7DF0+/BH1PJFeGD4aTqTSqNX4B1wshny6vvB7PIcRwhku
zUIrQGgWHKOg0gyRJTxnMKVq0qzUd3DSckbH2l2XdE5sJb8DI+PbOenspOFJwOLS
7OOnIBl1UodtZfFterx05XGimC8uWLibTUIXzOQXXHZI
-----END CERTIFICATE-----