Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/069008-2e4f-4323-b6a2-e8d6c2f071df/1/UNAlHA-O-KwvWrMp9touci-bq88.roa
File:                     UNAlHA-O-KwvWrMp9touci-bq88.roa (raw, json)
Hash identifier:          xn+Wfpk3QmoOTojq6v11cofrJY9/RZjquaWuqwYrGTg=
Subject key identifier:   50:D0:25:1C:0F:8E:F8:AC:2F:5A:B3:29:F6:DA:2E:72:2F:9B:AB:CF
Certificate issuer:       /CN=9fa7859dc39d4736142cf1e229c8ac4be623b903
Certificate serial:       018CC492285922960F5DB529F9D701BE635F
Authority key identifier: 9F:A7:85:9D:C3:9D:47:36:14:2C:F1:E2:29:C8:AC:4B:E6:23:B9:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n6eFncOdRzYULPHiKcisS-YjuQM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/069008-2e4f-4323-b6a2-e8d6c2f071df/1/UNAlHA-O-KwvWrMp9touci-bq88.roa
Signing time:             Mon 01 Jan 2024 10:29:22 +0000
ROA not before:           Mon 01 Jan 2024 10:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        185.1.107.0/24 maxlen: 24
                          2001:7f8:c1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/069008-2e4f-4323-b6a2-e8d6c2f071df/1/n6eFncOdRzYULPHiKcisS-YjuQM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/069008-2e4f-4323-b6a2-e8d6c2f071df/1/n6eFncOdRzYULPHiKcisS-YjuQM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n6eFncOdRzYULPHiKcisS-YjuQM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:28:59:22:96:0f:5d:b5:29:f9:d7:01:be:63:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9fa7859dc39d4736142cf1e229c8ac4be623b903
        Validity
            Not Before: Jan  1 10:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=50d0251c0f8ef8ac2f5ab329f6da2e722f9babcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:fd:80:5e:e4:1c:8e:15:b0:54:8f:71:ec:e1:
                    61:5e:00:84:24:12:a6:06:eb:35:6b:4d:ac:56:c4:
                    63:8c:cc:d9:4e:c3:6a:6c:b4:e6:cf:47:f7:92:07:
                    68:23:54:66:79:c6:1f:06:d5:88:db:6d:c1:db:3c:
                    26:da:23:47:32:ac:27:75:41:f6:7b:44:6a:34:82:
                    a9:1a:2b:c4:f3:13:4b:ca:9e:d0:8e:33:48:07:be:
                    bf:d4:aa:42:c7:65:49:a8:b6:5d:63:6b:6f:19:ff:
                    cb:f9:84:9f:dc:58:41:67:3b:27:32:a6:1d:31:43:
                    0a:c5:ed:92:9d:bf:51:76:22:dd:e0:66:b0:a9:a6:
                    e3:bd:64:ed:45:1f:27:83:88:85:eb:62:72:c1:58:
                    fb:bd:fb:5a:b8:ae:7c:68:c6:27:af:fb:f3:f8:16:
                    66:d4:f3:d2:04:85:fd:d2:4a:45:aa:82:03:9e:e9:
                    cb:28:4a:bd:10:ac:67:29:4d:64:59:00:03:a5:75:
                    28:3d:9f:15:44:b3:50:5c:cb:90:0f:9b:6a:81:fb:
                    82:b1:3f:70:d9:3d:30:d9:6c:6a:ac:5d:c3:dd:ad:
                    8a:ed:d9:88:f9:c4:a8:ef:11:d6:f4:8d:9d:7c:89:
                    00:6b:fc:76:c7:c8:a8:d4:15:23:93:b5:bc:77:19:
                    cd:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:D0:25:1C:0F:8E:F8:AC:2F:5A:B3:29:F6:DA:2E:72:2F:9B:AB:CF
            X509v3 Authority Key Identifier:
                keyid:9F:A7:85:9D:C3:9D:47:36:14:2C:F1:E2:29:C8:AC:4B:E6:23:B9:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n6eFncOdRzYULPHiKcisS-YjuQM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/069008-2e4f-4323-b6a2-e8d6c2f071df/1/UNAlHA-O-KwvWrMp9touci-bq88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/069008-2e4f-4323-b6a2-e8d6c2f071df/1/n6eFncOdRzYULPHiKcisS-YjuQM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.107.0/24
                IPv6:
                  2001:7f8:c1::/48

    Signature Algorithm: sha256WithRSAEncryption
         44:5d:bb:a6:d8:c6:64:4c:62:8e:de:79:90:d0:95:32:a3:f8:
         79:e4:99:32:ba:31:64:1e:6c:3d:38:f6:ad:dd:bb:e4:67:24:
         c6:05:46:92:0d:24:12:eb:2d:55:a8:66:72:a8:21:8f:c3:54:
         ec:8a:10:c7:80:e1:94:59:78:f6:31:ba:8e:92:17:55:aa:99:
         58:d9:7a:64:a4:99:88:5d:29:70:7a:67:fe:30:3a:4f:c5:c2:
         d7:72:f1:a9:20:32:47:b7:49:81:6b:db:3f:da:9c:12:31:26:
         bc:4c:7a:c2:1b:a1:f1:41:a9:85:bc:61:04:8d:7f:5c:b3:ba:
         4a:f6:3e:0d:02:e1:9c:6d:21:2c:bc:f0:57:3f:82:b4:38:55:
         2d:a0:b4:13:1a:e4:5d:00:06:4d:99:fc:bf:82:a9:b4:e9:25:
         01:81:21:18:48:b2:56:41:fe:93:93:cd:ba:05:f9:94:09:19:
         04:57:fb:eb:5a:a8:98:66:60:e5:0f:12:87:3b:a1:a8:9d:7e:
         27:c4:8d:ce:5b:fd:3d:14:9b:9b:d8:29:f3:d0:c8:c1:82:09:
         fe:44:6d:25:a5:55:1b:91:8b:9e:9e:3d:c6:c6:34:c3:8f:f4:
         7d:73:ae:73:da:b9:21:b3:22:8c:fe:3d:5a:d9:87:88:80:7f:
         68:2d:f7:8e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEkihZIpYPXbUp+dcBvmNfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmYTc4NTlkYzM5ZDQ3MzYxNDJjZjFlMjI5YzhhYzRiZTYy
M2I5MDMwHhcNMjQwMTAxMTAyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGQwMjUxYzBmOGVmOGFjMmY1YWIzMjlmNmRhMmU3MjJmOWJhYmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzv2AXuQcjhWwVI9x7OFhXgCEJBKm
Bus1a02sVsRjjMzZTsNqbLTmz0f3kgdoI1RmecYfBtWI223B2zwm2iNHMqwndUH2
e0RqNIKpGivE8xNLyp7QjjNIB76/1KpCx2VJqLZdY2tvGf/L+YSf3FhBZzsnMqYd
MUMKxe2Snb9RdiLd4GawqabjvWTtRR8ng4iF62JywVj7vftauK58aMYnr/vz+BZm
1PPSBIX90kpFqoIDnunLKEq9EKxnKU1kWQADpXUoPZ8VRLNQXMuQD5tqgfuCsT9w
2T0w2WxqrF3D3a2K7dmI+cSo7xHW9I2dfIkAa/x2x8io1BUjk7W8dxnNFQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFDQJRwPjvisL1qzKfbaLnIvm6vPMB8GA1UdIwQY
MBaAFJ+nhZ3DnUc2FCzx4inIrEvmI7kDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjZlRm5jT2RSellVTFBIaUtjaXNTLVlqdVFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8wNjkwMDgtMmU0Zi00MzIzLWI2YTIt
ZThkNmMyZjA3MWRmLzEvVU5BbEhBLU8tS3d2V3JNcDl0b3VjaS1icTg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8wNjkwMDgtMmU0Zi00MzIzLWI2YTItZThkNmMyZjA3MWRm
LzEvbjZlRm5jT2RSellVTFBIaUtjaXNTLVlqdVFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuQFrMA8E
AgACMAkDBwAgAQf4AMEwDQYJKoZIhvcNAQELBQADggEBAERdu6bYxmRMYo7eeZDQ
lTKj+HnkmTK6MWQebD049q3du+RnJMYFRpINJBLrLVWoZnKoIY/DVOyKEMeA4ZRZ
ePYxuo6SF1WqmVjZemSkmYhdKXB6Z/4wOk/Fwtdy8akgMke3SYFr2z/anBIxJrxM
esIbofFBqYW8YQSNf1yzukr2Pg0C4ZxtISy88Fc/grQ4VS2gtBMa5F0ABk2Z/L+C
qbTpJQGBIRhIslZB/pOTzboF+ZQJGQRX++taqJhmYOUPEoc7oaidfifEjc5b/T0U
m5vYKfPQyMGCCf5EbSWlVRuRi56ePcbGNMOP9H1zrnPauSGzIoz+PVrZh4iAf2gt
944=
-----END CERTIFICATE-----