Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/6d9ab5-d1ae-449d-a7e9-1f5f94ce35ee/1/uHZHF5SOv4mkngsLmM1WfhLopNs.roa
File:                     uHZHF5SOv4mkngsLmM1WfhLopNs.roa (raw, json)
Hash identifier:          Q1s3JFP8soFsbAN/fVoJyypTC6P4T7Uxyscx7k+6muI=
Subject key identifier:   B8:76:47:17:94:8E:BF:89:A4:9E:0B:0B:98:CD:56:7E:12:E8:A4:DB
Certificate issuer:       /CN=e1085b6248bd72076ab421ffa0e3bfef93565e9d
Certificate serial:       018CC7256ECBC9197C8D30D31536FF4A8F2A
Authority key identifier: E1:08:5B:62:48:BD:72:07:6A:B4:21:FF:A0:E3:BF:EF:93:56:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4QhbYki9cgdqtCH_oOO_75NWXp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/6d9ab5-d1ae-449d-a7e9-1f5f94ce35ee/1/uHZHF5SOv4mkngsLmM1WfhLopNs.roa
Signing time:             Mon 01 Jan 2024 22:29:28 +0000
ROA not before:           Mon 01 Jan 2024 22:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60131
IP address blocks:        185.52.176.0/22 maxlen: 22
                          46.23.80.0/20 maxlen: 20
                          2a03:6000::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/6d9ab5-d1ae-449d-a7e9-1f5f94ce35ee/1/4QhbYki9cgdqtCH_oOO_75NWXp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/6d9ab5-d1ae-449d-a7e9-1f5f94ce35ee/1/4QhbYki9cgdqtCH_oOO_75NWXp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4QhbYki9cgdqtCH_oOO_75NWXp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:6e:cb:c9:19:7c:8d:30:d3:15:36:ff:4a:8f:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1085b6248bd72076ab421ffa0e3bfef93565e9d
        Validity
            Not Before: Jan  1 22:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b8764717948ebf89a49e0b0b98cd567e12e8a4db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:01:99:04:06:d6:9a:d1:c0:0e:8a:c1:a1:4f:
                    53:13:3f:c3:1b:72:67:37:36:5f:05:ab:1a:de:24:
                    56:b9:6c:6f:74:84:06:e9:07:ca:f5:56:21:a3:d6:
                    29:00:47:c9:d3:37:bf:72:61:30:c7:ac:66:43:32:
                    3b:9d:9b:3f:93:b6:66:42:b2:5b:f2:a8:ae:84:0d:
                    b6:ec:b7:b0:53:99:ef:e4:cb:16:2d:3b:20:e7:28:
                    0f:62:d1:f0:c2:2a:3e:23:18:df:0e:d8:41:71:ff:
                    8d:1c:e9:de:08:2b:fd:12:77:24:68:40:af:70:76:
                    8d:9b:a9:11:88:a7:ad:00:14:86:09:c1:85:a8:93:
                    ec:c0:26:8a:be:72:73:0d:fe:db:50:4b:53:f3:f1:
                    98:65:d2:9f:6b:8f:46:10:58:71:78:9e:2e:a5:ee:
                    f3:01:10:7a:f1:59:42:96:07:e1:53:39:17:4f:f9:
                    90:00:8e:82:ef:05:23:6d:30:30:d4:5e:5b:96:f0:
                    f0:a5:27:4e:ec:40:08:d8:2f:4d:75:f1:6d:17:ad:
                    e3:35:80:2b:fb:68:ee:60:74:d7:20:10:7a:b1:91:
                    58:13:35:d7:8a:47:98:67:a5:c2:f9:59:92:27:e9:
                    0a:13:44:52:cf:a9:18:84:61:80:16:36:29:81:16:
                    6e:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:76:47:17:94:8E:BF:89:A4:9E:0B:0B:98:CD:56:7E:12:E8:A4:DB
            X509v3 Authority Key Identifier:
                keyid:E1:08:5B:62:48:BD:72:07:6A:B4:21:FF:A0:E3:BF:EF:93:56:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4QhbYki9cgdqtCH_oOO_75NWXp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/6d9ab5-d1ae-449d-a7e9-1f5f94ce35ee/1/uHZHF5SOv4mkngsLmM1WfhLopNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/6d9ab5-d1ae-449d-a7e9-1f5f94ce35ee/1/4QhbYki9cgdqtCH_oOO_75NWXp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.23.80.0/20
                  185.52.176.0/22
                IPv6:
                  2a03:6000::/29

    Signature Algorithm: sha256WithRSAEncryption
         95:a2:73:da:42:64:85:a8:ef:c3:68:23:e6:98:3c:dd:08:d8:
         5c:97:a0:6d:18:1d:9b:4e:19:72:a7:3d:a4:76:88:15:9d:2d:
         eb:36:d3:29:bc:9e:64:f5:7b:f9:28:45:bf:58:88:39:a8:34:
         78:04:b3:a1:ae:f8:a5:b6:45:d9:7b:7d:86:fa:15:bf:86:5d:
         f8:cc:c8:33:c5:0e:69:0b:5e:60:67:5b:81:7c:42:a1:19:9b:
         83:37:b7:a7:d4:c5:64:42:8d:b7:76:07:c6:94:e5:7f:60:8c:
         b8:67:64:71:bb:d6:3a:d6:71:5e:87:e8:b4:2d:bf:90:30:26:
         95:9b:da:83:af:01:8c:d2:ea:fc:14:cb:4b:56:56:4f:cc:76:
         fa:11:f9:26:fb:3b:6f:59:2f:74:32:61:1c:9e:2f:5e:98:f6:
         d6:d4:1e:1f:30:8e:ff:b5:98:14:f6:27:2a:6b:9f:84:0c:37:
         47:b5:3f:fd:2d:21:17:05:c5:0e:c6:0c:c7:6a:aa:c3:fd:27:
         52:22:9c:7d:e3:6f:e2:1f:bd:cf:db:10:38:04:94:28:61:a2:
         6f:c0:ef:23:93:be:fb:a0:8d:66:ab:a4:c0:9a:60:f3:56:c7:
         5c:5a:c3:f8:a6:c0:9d:98:c6:a3:99:47:7c:e0:0f:b1:79:d2:
         7e:60:b4:63
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzHJW7LyRl8jTDTFTb/So8qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxMDg1YjYyNDhiZDcyMDc2YWI0MjFmZmEwZTNiZmVmOTM1
NjVlOWQwHhcNMjQwMTAxMjIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODc2NDcxNzk0OGViZjg5YTQ5ZTBiMGI5OGNkNTY3ZTEyZThhNGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiQGZBAbWmtHADorBoU9TEz/DG3Jn
NzZfBasa3iRWuWxvdIQG6QfK9VYho9YpAEfJ0ze/cmEwx6xmQzI7nZs/k7ZmQrJb
8qiuhA227LewU5nv5MsWLTsg5ygPYtHwwio+IxjfDthBcf+NHOneCCv9EnckaECv
cHaNm6kRiKetABSGCcGFqJPswCaKvnJzDf7bUEtT8/GYZdKfa49GEFhxeJ4upe7z
ARB68VlClgfhUzkXT/mQAI6C7wUjbTAw1F5blvDwpSdO7EAI2C9NdfFtF63jNYAr
+2juYHTXIBB6sZFYEzXXikeYZ6XC+VmSJ+kKE0RSz6kYhGGAFjYpgRZunQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLh2RxeUjr+JpJ4LC5jNVn4S6KTbMB8GA1UdIwQY
MBaAFOEIW2JIvXIHarQh/6Djv++TVl6dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFFoYllraTljZ2RxdENIX29PT183NU5XWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy82ZDlhYjUtZDFhZS00NDlkLWE3ZTkt
MWY1Zjk0Y2UzNWVlLzEvdUhaSEY1U092NG1rbmdzTG1NMVdmaExvcE5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy82ZDlhYjUtZDFhZS00NDlkLWE3ZTktMWY1Zjk0Y2UzNWVl
LzEvNFFoYllraTljZ2RxdENIX29PT183NU5XWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQELhdQAwQC
uTSwMA0EAgACMAcDBQMqA2AAMA0GCSqGSIb3DQEBCwUAA4IBAQCVonPaQmSFqO/D
aCPmmDzdCNhcl6BtGB2bThlypz2kdogVnS3rNtMpvJ5k9Xv5KEW/WIg5qDR4BLOh
rviltkXZe32G+hW/hl34zMgzxQ5pC15gZ1uBfEKhGZuDN7en1MVkQo23dgfGlOV/
YIy4Z2Rxu9Y61nFeh+i0Lb+QMCaVm9qDrwGM0ur8FMtLVlZPzHb6Efkm+ztvWS90
MmEcni9emPbW1B4fMI7/tZgU9icqa5+EDDdHtT/9LSEXBcUOxgzHaqrD/SdSIpx9
42/iH73P2xA4BJQoYaJvwO8jk777oI1mq6TAmmDzVsdcWsP4psCdmMajmUd84A+x
edJ+YLRj
-----END CERTIFICATE-----