Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/f5931e-0f84-40bd-ad0a-671a1f0af059/1/UkRSdnS4cTXAFtbEZejFt3HCqh8.roa
File:                     UkRSdnS4cTXAFtbEZejFt3HCqh8.roa (raw, json)
Hash identifier:          iqEBUy5uc6t7WibD5Z4vjErJzQXYcBCAeluCb/ziu8Y=
Subject key identifier:   52:44:52:76:74:B8:71:35:C0:16:D6:C4:65:E8:C5:B7:71:C2:AA:1F
Certificate issuer:       /CN=a206dfffab1d518c132f6d56d8d4a31d9059f4bf
Certificate serial:       018CC26D706DAC3747F6F70F184EC866F713
Authority key identifier: A2:06:DF:FF:AB:1D:51:8C:13:2F:6D:56:D8:D4:A3:1D:90:59:F4:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ogbf_6sdUYwTL21W2NSjHZBZ9L8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/f5931e-0f84-40bd-ad0a-671a1f0af059/1/UkRSdnS4cTXAFtbEZejFt3HCqh8.roa
Signing time:             Mon 01 Jan 2024 00:30:01 +0000
ROA not before:           Mon 01 Jan 2024 00:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210363
IP address blocks:        212.46.49.0/24 maxlen: 24
                          2a0c:5e80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/f5931e-0f84-40bd-ad0a-671a1f0af059/1/ogbf_6sdUYwTL21W2NSjHZBZ9L8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/f5931e-0f84-40bd-ad0a-671a1f0af059/1/ogbf_6sdUYwTL21W2NSjHZBZ9L8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ogbf_6sdUYwTL21W2NSjHZBZ9L8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:70:6d:ac:37:47:f6:f7:0f:18:4e:c8:66:f7:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a206dfffab1d518c132f6d56d8d4a31d9059f4bf
        Validity
            Not Before: Jan  1 00:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5244527674b87135c016d6c465e8c5b771c2aa1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:a9:20:c6:c9:ba:49:06:ed:ad:8c:06:80:c8:
                    b9:9e:1b:36:d9:76:4b:27:66:3e:51:e2:3c:8e:fb:
                    8b:95:93:85:1e:55:7b:79:0f:c0:c5:9a:24:07:2d:
                    71:f4:5b:b1:38:9c:d2:20:80:72:fd:98:7b:9a:fa:
                    ed:51:42:9c:c7:4b:47:db:25:60:86:6a:8e:63:9f:
                    dc:e6:e4:d2:1b:a4:84:30:01:4a:b7:7a:e5:8c:45:
                    bb:86:ca:bf:0f:e6:20:61:1c:10:5a:aa:01:3b:d7:
                    65:4c:5d:7b:9f:5d:0c:6c:72:3f:aa:2a:fb:64:dc:
                    85:32:aa:81:2f:dc:e3:fc:4b:b7:e2:79:ff:d2:ab:
                    6e:99:f2:8b:44:64:8e:7a:00:62:08:2f:dc:70:9b:
                    11:4e:be:dc:98:bc:75:6e:ec:ae:f1:37:a0:1a:e2:
                    3d:18:0a:c9:a6:97:ba:34:a9:77:1e:78:ca:23:97:
                    cf:53:6c:db:71:58:fb:59:93:31:8f:02:e0:ce:b1:
                    e9:a1:ca:8e:15:76:38:8f:01:a1:be:e7:91:a1:a2:
                    36:c2:3e:fa:09:a0:7f:0b:96:8d:c0:46:07:f8:be:
                    1e:d8:b0:47:f9:e9:15:ae:6c:23:78:79:9a:b5:68:
                    13:4f:57:c9:57:ac:64:c9:2d:fb:6f:8e:9f:d7:0c:
                    5f:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:44:52:76:74:B8:71:35:C0:16:D6:C4:65:E8:C5:B7:71:C2:AA:1F
            X509v3 Authority Key Identifier:
                keyid:A2:06:DF:FF:AB:1D:51:8C:13:2F:6D:56:D8:D4:A3:1D:90:59:F4:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ogbf_6sdUYwTL21W2NSjHZBZ9L8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/f5931e-0f84-40bd-ad0a-671a1f0af059/1/UkRSdnS4cTXAFtbEZejFt3HCqh8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/f5931e-0f84-40bd-ad0a-671a1f0af059/1/ogbf_6sdUYwTL21W2NSjHZBZ9L8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.46.49.0/24
                IPv6:
                  2a0c:5e80::/29

    Signature Algorithm: sha256WithRSAEncryption
         70:37:ac:eb:e0:b9:68:2d:54:14:68:45:55:d9:f5:ec:0e:50:
         77:c9:ca:85:87:4b:1d:ee:17:18:a6:42:dc:e3:4f:3e:30:b8:
         52:1c:42:76:b0:4d:74:fb:e4:fc:9b:f0:4e:ac:81:67:fb:9b:
         b4:52:4a:48:90:ca:08:cc:27:d4:ce:81:c9:d5:57:7f:04:a0:
         1c:ce:82:eb:f8:bd:7e:bb:97:33:0d:24:70:10:1f:2a:1a:3a:
         43:f7:74:64:c8:f3:6a:fb:ae:9d:9b:a5:8c:59:44:4d:57:61:
         4a:21:b8:35:99:b5:4f:f9:95:42:88:87:80:02:8e:af:a2:7d:
         d2:2f:a2:aa:bb:1f:27:49:9f:f8:1b:f1:c8:07:ac:9e:09:cf:
         6d:24:64:64:8c:0f:4a:3a:f6:b8:53:09:70:2c:6f:e7:fb:6b:
         93:ab:2d:76:20:8f:ad:91:8b:8a:ae:a2:aa:bd:01:5f:98:8a:
         c5:b5:9c:4b:14:f6:dd:7d:7a:7f:d9:29:8f:07:70:d0:c9:08:
         0e:41:7a:93:7b:cb:e8:e5:ee:f6:ec:e4:12:03:3b:61:da:74:
         61:d2:dc:8c:ad:d8:f6:cf:25:0c:86:ac:09:ef:06:94:8f:a8:
         f5:19:57:6c:09:cb:66:8f:58:59:96:b3:5c:25:57:8b:ab:0e:
         24:ea:81:3d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzCbXBtrDdH9vcPGE7IZvcTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyMDZkZmZmYWIxZDUxOGMxMzJmNmQ1NmQ4ZDRhMzFkOTA1
OWY0YmYwHhcNMjQwMTAxMDAzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjQ0NTI3Njc0Yjg3MTM1YzAxNmQ2YzQ2NWU4YzViNzcxYzJhYTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjakgxsm6SQbtrYwGgMi5nhs22XZL
J2Y+UeI8jvuLlZOFHlV7eQ/AxZokBy1x9FuxOJzSIIBy/Zh7mvrtUUKcx0tH2yVg
hmqOY5/c5uTSG6SEMAFKt3rljEW7hsq/D+YgYRwQWqoBO9dlTF17n10MbHI/qir7
ZNyFMqqBL9zj/Eu34nn/0qtumfKLRGSOegBiCC/ccJsRTr7cmLx1buyu8TegGuI9
GArJppe6NKl3HnjKI5fPU2zbcVj7WZMxjwLgzrHpocqOFXY4jwGhvueRoaI2wj76
CaB/C5aNwEYH+L4e2LBH+ekVrmwjeHmatWgTT1fJV6xkyS37b46f1wxfaQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFJEUnZ0uHE1wBbWxGXoxbdxwqofMB8GA1UdIwQY
MBaAFKIG3/+rHVGMEy9tVtjUox2QWfS/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2diZl82c2RVWXdUTDIxVzJOU2pIWkJaOUw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9mNTkzMWUtMGY4NC00MGJkLWFkMGEt
NjcxYTFmMGFmMDU5LzEvVWtSU2RuUzRjVFhBRnRiRVplakZ0M0hDcWg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9mNTkzMWUtMGY4NC00MGJkLWFkMGEtNjcxYTFmMGFmMDU5
LzEvb2diZl82c2RVWXdUTDIxVzJOU2pIWkJaOUw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA1C4xMA0E
AgACMAcDBQMqDF6AMA0GCSqGSIb3DQEBCwUAA4IBAQBwN6zr4LloLVQUaEVV2fXs
DlB3ycqFh0sd7hcYpkLc408+MLhSHEJ2sE10++T8m/BOrIFn+5u0UkpIkMoIzCfU
zoHJ1Vd/BKAczoLr+L1+u5czDSRwEB8qGjpD93RkyPNq+66dm6WMWURNV2FKIbg1
mbVP+ZVCiIeAAo6von3SL6Kqux8nSZ/4G/HIB6yeCc9tJGRkjA9KOva4UwlwLG/n
+2uTqy12II+tkYuKrqKqvQFfmIrFtZxLFPbdfXp/2SmPB3DQyQgOQXqTe8vo5e72
7OQSAzth2nRh0tyMrdj2zyUMhqwJ7waUj6j1GVdsCctmj1hZlrNcJVeLqw4k6oE9
-----END CERTIFICATE-----