Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/b71d9f-f1da-400a-b485-04dbc9ac1444/1/UudUGmqFX--EJKTTwQXGsxGAu54.roa
File:                     UudUGmqFX--EJKTTwQXGsxGAu54.roa (raw, json)
Hash identifier:          WYjh4nO/nFTnAXEu84RQtjop+KWheNqhr9plV/LRr78=
Subject key identifier:   52:E7:54:1A:6A:85:5F:EF:84:24:A4:D3:C1:05:C6:B3:11:80:BB:9E
Certificate issuer:       /CN=ae8ed33b70be6cc20c89fbbac77a59ca3b4c0934
Certificate serial:       018CCA2B377708AE84576C5D2119E7792077
Authority key identifier: AE:8E:D3:3B:70:BE:6C:C2:0C:89:FB:BA:C7:7A:59:CA:3B:4C:09:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ro7TO3C-bMIMifu6x3pZyjtMCTQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/b71d9f-f1da-400a-b485-04dbc9ac1444/1/UudUGmqFX--EJKTTwQXGsxGAu54.roa
Signing time:             Tue 02 Jan 2024 12:34:39 +0000
ROA not before:           Tue 02 Jan 2024 12:34:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43108
IP address blocks:        178.213.48.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/b71d9f-f1da-400a-b485-04dbc9ac1444/1/ro7TO3C-bMIMifu6x3pZyjtMCTQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/b71d9f-f1da-400a-b485-04dbc9ac1444/1/ro7TO3C-bMIMifu6x3pZyjtMCTQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ro7TO3C-bMIMifu6x3pZyjtMCTQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:37:77:08:ae:84:57:6c:5d:21:19:e7:79:20:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae8ed33b70be6cc20c89fbbac77a59ca3b4c0934
        Validity
            Not Before: Jan  2 12:34:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=52e7541a6a855fef8424a4d3c105c6b31180bb9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:21:8c:98:97:df:48:48:e2:92:45:a4:4c:93:
                    e8:7a:bf:0c:24:5e:34:94:53:7d:cc:62:96:e9:0f:
                    7d:4b:e4:89:87:89:6a:7e:9a:6e:5f:4e:83:72:64:
                    a6:52:f5:e1:13:83:80:b6:ef:1f:f9:14:23:7c:77:
                    eb:21:3c:e4:93:43:24:47:93:d8:81:ba:2f:22:85:
                    b8:56:80:0d:04:5f:0a:a6:85:7d:ba:34:5d:aa:24:
                    7a:37:4c:67:67:be:5f:5a:31:8d:76:5a:68:4c:0d:
                    45:e4:9d:de:5c:c1:cf:85:5b:84:23:66:34:65:a2:
                    3e:8e:5e:ed:f9:a4:6f:9f:4a:7e:82:88:b7:db:9b:
                    97:87:46:95:a7:66:66:70:ea:e1:e0:e5:4e:83:9f:
                    3c:fb:6f:a4:72:55:2f:14:9f:d3:97:61:7b:29:d5:
                    13:2c:32:7a:58:95:bb:26:26:c1:5d:f1:64:28:0f:
                    7b:3a:09:ff:26:71:8a:21:78:87:c4:06:0a:ec:5d:
                    cc:4f:ae:53:85:22:83:11:62:15:ca:02:3f:a6:cf:
                    8e:fc:6b:00:ee:26:d5:0b:7f:71:24:2a:66:4e:a2:
                    b9:e4:e8:68:a4:6d:49:44:9c:49:a1:ba:f2:c6:72:
                    e1:9b:b6:5c:c7:0b:76:41:57:b9:dc:ea:e6:3b:dc:
                    4b:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:E7:54:1A:6A:85:5F:EF:84:24:A4:D3:C1:05:C6:B3:11:80:BB:9E
            X509v3 Authority Key Identifier:
                keyid:AE:8E:D3:3B:70:BE:6C:C2:0C:89:FB:BA:C7:7A:59:CA:3B:4C:09:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ro7TO3C-bMIMifu6x3pZyjtMCTQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/b71d9f-f1da-400a-b485-04dbc9ac1444/1/UudUGmqFX--EJKTTwQXGsxGAu54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/b71d9f-f1da-400a-b485-04dbc9ac1444/1/ro7TO3C-bMIMifu6x3pZyjtMCTQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.213.48.0/21

    Signature Algorithm: sha256WithRSAEncryption
         42:d3:17:a2:b3:1c:a7:f5:35:06:76:98:78:a6:74:54:c9:3a:
         be:e2:6f:94:d6:e2:a3:de:ba:51:c0:0b:1e:5d:09:94:db:61:
         60:d4:d7:f4:56:3e:52:8f:9a:43:9a:f6:ca:7e:27:25:88:15:
         23:26:fc:32:04:d9:44:f8:e1:79:00:58:3f:ba:20:22:90:73:
         22:64:40:cf:62:40:8f:59:94:e6:e5:72:44:f8:7d:78:18:17:
         bd:88:79:13:65:42:12:3a:50:b1:ff:60:33:62:6e:94:43:27:
         cd:3b:46:c5:22:6d:3e:b7:20:f9:dd:d3:0f:cf:de:37:46:b3:
         c6:05:94:5d:b2:91:9b:5e:94:f6:b1:d3:3d:01:6e:e1:30:04:
         a5:61:89:03:c5:f3:f3:c5:51:2b:63:45:46:0f:72:71:d0:08:
         9e:3e:3a:a2:8b:e4:d0:7f:85:d9:79:61:63:51:4e:64:e7:64:
         1c:4d:5c:b4:a5:80:9f:d0:e0:67:e0:41:27:0f:2c:99:41:73:
         f0:ef:7d:2a:64:d7:08:d9:a3:3c:15:72:f1:dd:e6:e5:93:34:
         39:1c:a7:26:3c:19:1a:12:15:31:64:ba:78:4b:5d:dc:84:d2:
         ba:2a:ce:ae:ac:7f:32:80:c5:e8:da:e2:42:27:14:08:35:f6:
         a8:18:46:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKzd3CK6EV2xdIRnneSB3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlOGVkMzNiNzBiZTZjYzIwYzg5ZmJiYWM3N2E1OWNhM2I0
YzA5MzQwHhcNMjQwMTAyMTIzNDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmU3NTQxYTZhODU1ZmVmODQyNGE0ZDNjMTA1YzZiMzExODBiYjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwyGMmJffSEjikkWkTJPoer8MJF40
lFN9zGKW6Q99S+SJh4lqfppuX06DcmSmUvXhE4OAtu8f+RQjfHfrITzkk0MkR5PY
gbovIoW4VoANBF8KpoV9ujRdqiR6N0xnZ75fWjGNdlpoTA1F5J3eXMHPhVuEI2Y0
ZaI+jl7t+aRvn0p+goi325uXh0aVp2ZmcOrh4OVOg588+2+kclUvFJ/Tl2F7KdUT
LDJ6WJW7JibBXfFkKA97Ogn/JnGKIXiHxAYK7F3MT65ThSKDEWIVygI/ps+O/GsA
7ibVC39xJCpmTqK55OhopG1JRJxJobryxnLhm7Zcxwt2QVe53OrmO9xLowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFLnVBpqhV/vhCSk08EFxrMRgLueMB8GA1UdIwQY
MBaAFK6O0ztwvmzCDIn7usd6Wco7TAk0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcm83VE8zQy1iTUlNaWZ1NngzcFp5anRNQ1RRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy9iNzFkOWYtZjFkYS00MDBhLWI0ODUt
MDRkYmM5YWMxNDQ0LzEvVXVkVUdtcUZYLS1FSktUVHdRWEdzeEdBdTU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy9iNzFkOWYtZjFkYS00MDBhLWI0ODUtMDRkYmM5YWMxNDQ0
LzEvcm83VE8zQy1iTUlNaWZ1NngzcFp5anRNQ1RRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDstUwMA0G
CSqGSIb3DQEBCwUAA4IBAQBC0xeisxyn9TUGdph4pnRUyTq+4m+U1uKj3rpRwAse
XQmU22Fg1Nf0Vj5Sj5pDmvbKficliBUjJvwyBNlE+OF5AFg/uiAikHMiZEDPYkCP
WZTm5XJE+H14GBe9iHkTZUISOlCx/2AzYm6UQyfNO0bFIm0+tyD53dMPz943RrPG
BZRdspGbXpT2sdM9AW7hMASlYYkDxfPzxVErY0VGD3Jx0AiePjqii+TQf4XZeWFj
UU5k52QcTVy0pYCf0OBn4EEnDyyZQXPw730qZNcI2aM8FXLx3eblkzQ5HKcmPBka
EhUxZLp4S13chNK6Ks6urH8ygMXo2uJCJxQINfaoGEaP
-----END CERTIFICATE-----