Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/440219-bbc3-4186-b1a6-afa917bdf7d1/1/Ugt2iyA_J2iylWXK_vCpMRgEu9E.roa
File:                     Ugt2iyA_J2iylWXK_vCpMRgEu9E.roa (raw, json)
Hash identifier:          QNYzJ3/4DGChtcvDDxyvU6qfzq62rCbmDDzGUC4/FKA=
Subject key identifier:   52:0B:76:8B:20:3F:27:68:B2:95:65:CA:FE:F0:A9:31:18:04:BB:D1
Certificate issuer:       /CN=c5849232e3943bf257c9dcaeab0ef92d30a4cfad
Certificate serial:       018D9011651A25D16A54906F1D111D94F9E5
Authority key identifier: C5:84:92:32:E3:94:3B:F2:57:C9:DC:AE:AB:0E:F9:2D:30:A4:CF:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xYSSMuOUO_JXydyuqw75LTCkz60.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/440219-bbc3-4186-b1a6-afa917bdf7d1/1/Ugt2iyA_J2iylWXK_vCpMRgEu9E.roa
Signing time:             Fri 09 Feb 2024 22:51:15 +0000
ROA not before:           Fri 09 Feb 2024 22:51:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        2a0f:ff40:c0f3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/440219-bbc3-4186-b1a6-afa917bdf7d1/1/xYSSMuOUO_JXydyuqw75LTCkz60.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/440219-bbc3-4186-b1a6-afa917bdf7d1/1/xYSSMuOUO_JXydyuqw75LTCkz60.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xYSSMuOUO_JXydyuqw75LTCkz60.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:90:11:65:1a:25:d1:6a:54:90:6f:1d:11:1d:94:f9:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5849232e3943bf257c9dcaeab0ef92d30a4cfad
        Validity
            Not Before: Feb  9 22:51:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=520b768b203f2768b29565cafef0a9311804bbd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:6c:8c:68:ed:af:a8:2d:e7:dc:e0:52:b6:00:
                    c5:ec:ca:de:fe:59:6f:f7:ce:d7:99:31:e8:95:f3:
                    51:b2:44:90:b0:3c:f0:c9:f1:82:24:a1:d0:7a:e0:
                    93:95:5b:18:ca:e4:d8:4a:ce:91:41:b7:73:54:38:
                    fe:95:51:b3:02:d7:b3:a4:2f:2e:26:c4:54:0c:b9:
                    61:13:aa:aa:b3:68:fa:bb:57:3f:6c:dc:6b:f0:f1:
                    3a:ce:00:48:c8:df:53:ba:04:98:a5:dc:6c:b9:08:
                    b9:4d:2a:2d:df:01:71:06:3d:0b:fa:dd:15:08:2b:
                    76:b0:ef:2a:f4:c4:91:e0:af:f7:ba:ba:ae:26:25:
                    4f:66:70:60:fe:d7:6d:c5:6c:29:c5:57:a7:5c:d7:
                    85:88:5b:19:95:39:a2:d8:db:56:c9:a1:f5:b1:19:
                    41:fb:af:b9:53:9a:83:67:c7:3c:f5:b2:a3:a5:e4:
                    bc:68:c1:e9:ac:5b:27:cd:cc:92:46:9b:d8:b3:9e:
                    47:06:ac:6a:31:c2:25:7f:38:ce:c5:e5:6b:0d:b3:
                    20:bc:c3:82:15:4d:e0:7b:ae:d4:b2:70:62:fe:88:
                    34:4b:5f:f6:40:48:43:bf:2d:cf:49:5d:e1:b6:03:
                    0a:af:fb:64:18:5c:68:eb:96:09:4d:b7:c3:11:6f:
                    b3:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:0B:76:8B:20:3F:27:68:B2:95:65:CA:FE:F0:A9:31:18:04:BB:D1
            X509v3 Authority Key Identifier:
                keyid:C5:84:92:32:E3:94:3B:F2:57:C9:DC:AE:AB:0E:F9:2D:30:A4:CF:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xYSSMuOUO_JXydyuqw75LTCkz60.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/440219-bbc3-4186-b1a6-afa917bdf7d1/1/Ugt2iyA_J2iylWXK_vCpMRgEu9E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/440219-bbc3-4186-b1a6-afa917bdf7d1/1/xYSSMuOUO_JXydyuqw75LTCkz60.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:ff40:c0f3::/48

    Signature Algorithm: sha256WithRSAEncryption
         0d:3d:37:68:62:ed:39:01:15:aa:23:94:90:06:53:9b:12:6b:
         00:12:07:0b:e8:8d:dc:a0:ff:aa:0c:30:11:8a:9e:68:d0:ee:
         94:ad:1a:67:40:94:ab:4f:cb:8b:fb:0d:10:95:1e:88:a7:5b:
         7b:d6:4a:57:f9:20:b1:3d:fe:dc:80:ec:21:22:5b:63:bb:68:
         3d:ea:9d:ae:cd:cc:fd:8c:10:56:c1:ec:bc:04:df:2a:38:79:
         02:56:86:0d:8e:1b:23:22:e3:af:68:a6:f8:5c:de:98:56:72:
         35:54:54:52:37:db:fb:9e:70:2f:ff:13:9d:3a:1a:10:d8:69:
         99:d1:64:e6:89:db:71:1e:26:20:35:04:f1:b1:48:21:27:63:
         0d:43:c7:10:f1:08:55:52:a9:2e:07:58:85:de:9b:d9:d4:61:
         3b:c7:e1:2f:ad:38:91:04:e3:d2:70:e9:60:78:57:e7:ef:aa:
         ad:8f:0f:76:0f:be:89:60:c8:e3:01:69:a8:a4:23:39:96:d0:
         9f:66:8c:ba:e6:53:5e:1a:61:53:d9:28:00:85:81:9b:7c:09:
         f1:2a:d0:5e:53:38:71:52:91:28:1a:e2:b2:18:1a:54:72:da:
         5a:2c:4f:02:c5:82:b4:e5:04:b7:8b:f1:86:31:61:6e:26:a7:
         bf:09:e7:78
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2QEWUaJdFqVJBvHREdlPnlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1ODQ5MjMyZTM5NDNiZjI1N2M5ZGNhZWFiMGVmOTJkMzBh
NGNmYWQwHhcNMjQwMjA5MjI1MTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjBiNzY4YjIwM2YyNzY4YjI5NTY1Y2FmZWYwYTkzMTE4MDRiYmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkGyMaO2vqC3n3OBStgDF7Mre/llv
987XmTHolfNRskSQsDzwyfGCJKHQeuCTlVsYyuTYSs6RQbdzVDj+lVGzAtezpC8u
JsRUDLlhE6qqs2j6u1c/bNxr8PE6zgBIyN9TugSYpdxsuQi5TSot3wFxBj0L+t0V
CCt2sO8q9MSR4K/3urquJiVPZnBg/tdtxWwpxVenXNeFiFsZlTmi2NtWyaH1sRlB
+6+5U5qDZ8c89bKjpeS8aMHprFsnzcySRpvYs55HBqxqMcIlfzjOxeVrDbMgvMOC
FU3ge67UsnBi/og0S1/2QEhDvy3PSV3htgMKr/tkGFxo65YJTbfDEW+zRQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFILdosgPydospVlyv7wqTEYBLvRMB8GA1UdIwQY
MBaAFMWEkjLjlDvyV8ncrqsO+S0wpM+tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFlTU011T1VPX0pYeWR5dXF3NzVMVENrejYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS80NDAyMTktYmJjMy00MTg2LWIxYTYt
YWZhOTE3YmRmN2QxLzEvVWd0Mml5QV9KMml5bFdYS192Q3BNUmdFdTlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS80NDAyMTktYmJjMy00MTg2LWIxYTYtYWZhOTE3YmRmN2Qx
LzEveFlTU011T1VPX0pYeWR5dXF3NzVMVENrejYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg//QMDz
MA0GCSqGSIb3DQEBCwUAA4IBAQANPTdoYu05ARWqI5SQBlObEmsAEgcL6I3coP+q
DDARip5o0O6UrRpnQJSrT8uL+w0QlR6Ip1t71kpX+SCxPf7cgOwhIltju2g96p2u
zcz9jBBWwey8BN8qOHkCVoYNjhsjIuOvaKb4XN6YVnI1VFRSN9v7nnAv/xOdOhoQ
2GmZ0WTmidtxHiYgNQTxsUghJ2MNQ8cQ8QhVUqkuB1iF3pvZ1GE7x+EvrTiRBOPS
cOlgeFfn76qtjw92D76JYMjjAWmopCM5ltCfZoy65lNeGmFT2SgAhYGbfAnxKtBe
UzhxUpEoGuKyGBpUctpaLE8CxYK05QS3i/GGMWFuJqe/Ced4
-----END CERTIFICATE-----