Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/ff0036-8313-4b3d-ad7f-8d81fdc6f170/1/unv6qLOPgvZDiZXEZHlJztZQVDo.roa
File:                     unv6qLOPgvZDiZXEZHlJztZQVDo.roa (raw, json)
Hash identifier:          tyVYDmNTvj9C4vKFdlYG5M3CzsvPTaUU1ELzDarna2E=
Subject key identifier:   BA:7B:FA:A8:B3:8F:82:F6:43:89:95:C4:64:79:49:CE:D6:50:54:3A
Certificate issuer:       /CN=e1ac0322b3eab6572ece2a0ac5abf164a5bbff20
Certificate serial:       018CC8DE408C4BB50CD901D5112C9BC9B9B8
Authority key identifier: E1:AC:03:22:B3:EA:B6:57:2E:CE:2A:0A:C5:AB:F1:64:A5:BB:FF:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4awDIrPqtlcuzioKxavxZKW7_yA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/ff0036-8313-4b3d-ad7f-8d81fdc6f170/1/unv6qLOPgvZDiZXEZHlJztZQVDo.roa
Signing time:             Tue 02 Jan 2024 06:30:57 +0000
ROA not before:           Tue 02 Jan 2024 06:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50181
IP address blocks:        77.243.222.0/23 maxlen: 23
                          77.243.220.0/23 maxlen: 23
                          46.31.176.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/ff0036-8313-4b3d-ad7f-8d81fdc6f170/1/4awDIrPqtlcuzioKxavxZKW7_yA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/ff0036-8313-4b3d-ad7f-8d81fdc6f170/1/4awDIrPqtlcuzioKxavxZKW7_yA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4awDIrPqtlcuzioKxavxZKW7_yA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 21:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:40:8c:4b:b5:0c:d9:01:d5:11:2c:9b:c9:b9:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1ac0322b3eab6572ece2a0ac5abf164a5bbff20
        Validity
            Not Before: Jan  2 06:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba7bfaa8b38f82f6438995c4647949ced650543a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:dc:d1:91:94:12:e9:b3:2e:73:90:ac:73:17:
                    72:77:79:08:da:8f:18:c2:49:9b:70:21:81:2c:4a:
                    c3:8f:87:de:81:57:e4:3a:37:56:bb:61:54:3d:19:
                    4e:5b:d7:48:97:33:47:94:8c:83:7e:fb:44:a7:4c:
                    58:58:14:24:87:86:71:c5:e2:9b:b9:0f:c3:fe:30:
                    6a:c6:ca:40:72:8d:0b:86:4a:ac:be:88:16:67:74:
                    b9:f6:6d:c6:fa:0c:54:ec:0b:25:07:10:f3:87:c5:
                    11:f3:43:10:61:38:43:44:67:ec:70:a8:2a:e2:a1:
                    43:3c:bc:0d:40:87:a1:c8:41:e9:10:9a:65:b5:ff:
                    81:79:39:1a:1b:b6:e1:2f:3a:13:31:8f:2e:14:9a:
                    5f:92:67:78:ab:8d:e9:7d:a8:fd:87:44:da:23:a7:
                    df:19:15:db:c7:3b:5e:cf:ed:5b:ec:04:17:11:3f:
                    ce:8e:c5:50:2e:9d:db:52:f4:8a:d3:be:51:4d:0e:
                    28:49:79:3a:95:14:cd:39:90:4d:18:04:10:7d:81:
                    54:75:b5:1c:ba:6f:33:94:10:bc:cc:3c:cc:2a:f1:
                    be:48:83:cd:0d:6f:8f:d4:69:b8:1f:f8:14:3e:fc:
                    73:de:f5:29:61:6b:15:36:38:76:4c:11:e7:d5:bc:
                    f3:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:7B:FA:A8:B3:8F:82:F6:43:89:95:C4:64:79:49:CE:D6:50:54:3A
            X509v3 Authority Key Identifier:
                keyid:E1:AC:03:22:B3:EA:B6:57:2E:CE:2A:0A:C5:AB:F1:64:A5:BB:FF:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4awDIrPqtlcuzioKxavxZKW7_yA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/ff0036-8313-4b3d-ad7f-8d81fdc6f170/1/unv6qLOPgvZDiZXEZHlJztZQVDo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/ff0036-8313-4b3d-ad7f-8d81fdc6f170/1/4awDIrPqtlcuzioKxavxZKW7_yA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.31.176.0/23
                  77.243.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4c:cc:17:10:49:d4:5c:c4:88:3d:71:00:85:5a:f1:b1:20:a6:
         02:28:ec:c3:b0:2a:8d:26:42:cf:a8:10:31:0a:e1:98:ef:aa:
         b3:3a:e8:29:71:dd:c7:dd:e1:33:11:1a:52:36:e1:cd:af:dc:
         2a:fe:c8:6b:1d:1b:f5:d8:c4:44:40:3f:66:fc:4c:31:48:d3:
         c2:42:e5:05:ab:90:de:5e:75:6b:46:a7:20:fc:c9:f0:01:5b:
         18:78:a5:11:c4:93:51:49:f1:9c:08:6a:7d:1e:00:c3:d6:c2:
         c7:66:d3:5c:d6:45:67:6a:5d:e0:66:05:2f:b3:77:51:61:d0:
         c9:73:a9:6d:88:a1:29:55:9e:a5:28:fe:2c:fd:58:fc:34:31:
         9b:e3:76:99:2c:7b:81:91:04:cf:d4:42:2a:99:e0:f3:4c:29:
         42:57:cf:e4:64:59:70:02:e6:97:54:ea:b3:08:e3:05:fc:3c:
         07:80:8b:9b:ec:78:aa:1e:40:56:8b:e1:79:d3:49:2d:63:08:
         17:87:b9:87:14:4d:30:ea:2f:52:73:eb:9b:9e:93:6f:49:f2:
         be:d9:d6:2f:32:b0:2f:18:62:a5:f3:ba:49:b3:7e:d9:c2:e8:
         08:7c:64:52:18:48:2d:46:2f:35:3d:69:89:67:f2:c8:31:a0:
         ae:3a:d8:de
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3kCMS7UM2QHVESybybm4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxYWMwMzIyYjNlYWI2NTcyZWNlMmEwYWM1YWJmMTY0YTVi
YmZmMjAwHhcNMjQwMTAyMDYzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTdiZmFhOGIzOGY4MmY2NDM4OTk1YzQ2NDc5NDljZWQ2NTA1NDNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk9zRkZQS6bMuc5Cscxdyd3kI2o8Y
wkmbcCGBLErDj4fegVfkOjdWu2FUPRlOW9dIlzNHlIyDfvtEp0xYWBQkh4ZxxeKb
uQ/D/jBqxspAco0LhkqsvogWZ3S59m3G+gxU7AslBxDzh8UR80MQYThDRGfscKgq
4qFDPLwNQIehyEHpEJpltf+BeTkaG7bhLzoTMY8uFJpfkmd4q43pfaj9h0TaI6ff
GRXbxztez+1b7AQXET/OjsVQLp3bUvSK075RTQ4oSXk6lRTNOZBNGAQQfYFUdbUc
um8zlBC8zDzMKvG+SIPNDW+P1Gm4H/gUPvxz3vUpYWsVNjh2TBHn1bzzjQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLp7+qizj4L2Q4mVxGR5Sc7WUFQ6MB8GA1UdIwQY
MBaAFOGsAyKz6rZXLs4qCsWr8WSlu/8gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGF3RElyUHF0bGN1emlvS3hhdnhaS1c3X3lBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9mZjAwMzYtODMxMy00YjNkLWFkN2Yt
OGQ4MWZkYzZmMTcwLzEvdW52NnFMT1BndlpEaVpYRVpIbEp6dFpRVkRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9mZjAwMzYtODMxMy00YjNkLWFkN2YtOGQ4MWZkYzZmMTcw
LzEvNGF3RElyUHF0bGN1emlvS3hhdnhaS1c3X3lBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLh+wAwQC
TfPcMA0GCSqGSIb3DQEBCwUAA4IBAQBMzBcQSdRcxIg9cQCFWvGxIKYCKOzDsCqN
JkLPqBAxCuGY76qzOugpcd3H3eEzERpSNuHNr9wq/shrHRv12MREQD9m/EwxSNPC
QuUFq5DeXnVrRqcg/MnwAVsYeKURxJNRSfGcCGp9HgDD1sLHZtNc1kVnal3gZgUv
s3dRYdDJc6ltiKEpVZ6lKP4s/Vj8NDGb43aZLHuBkQTP1EIqmeDzTClCV8/kZFlw
AuaXVOqzCOMF/DwHgIub7HiqHkBWi+F500ktYwgXh7mHFE0w6i9Sc+ubnpNvSfK+
2dYvMrAvGGKl87pJs37ZwugIfGRSGEgtRi81PWmJZ/LIMaCuOtje
-----END CERTIFICATE-----