Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/0846e2-337d-4f13-9fd3-651c939f30d6/1/uGBPF4acr18v0HJIv2tWyBJgxLk.roa
File:                     uGBPF4acr18v0HJIv2tWyBJgxLk.roa (raw, json)
Hash identifier:          z493XN3EeZQUQkSfFHeE59XtoHgJr+bwK51ivIMNDd4=
Subject key identifier:   B8:60:4F:17:86:9C:AF:5F:2F:D0:72:48:BF:6B:56:C8:12:60:C4:B9
Certificate issuer:       /CN=786d64eae4a29c665dc065d53e3c60d3c3190d73
Certificate serial:       018CC9B88A83DBC86DBB7D98870A20A603C5
Authority key identifier: 78:6D:64:EA:E4:A2:9C:66:5D:C0:65:D5:3E:3C:60:D3:C3:19:0D:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eG1k6uSinGZdwGXVPjxg08MZDXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/0846e2-337d-4f13-9fd3-651c939f30d6/1/uGBPF4acr18v0HJIv2tWyBJgxLk.roa
Signing time:             Tue 02 Jan 2024 10:29:23 +0000
ROA not before:           Tue 02 Jan 2024 10:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8893
IP address blocks:        194.246.72.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/0846e2-337d-4f13-9fd3-651c939f30d6/1/eG1k6uSinGZdwGXVPjxg08MZDXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/0846e2-337d-4f13-9fd3-651c939f30d6/1/eG1k6uSinGZdwGXVPjxg08MZDXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eG1k6uSinGZdwGXVPjxg08MZDXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 07:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:b8:8a:83:db:c8:6d:bb:7d:98:87:0a:20:a6:03:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=786d64eae4a29c665dc065d53e3c60d3c3190d73
        Validity
            Not Before: Jan  2 10:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b8604f17869caf5f2fd07248bf6b56c81260c4b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:bf:e3:3c:ec:ea:7c:3a:1b:7e:bb:e7:4a:af:
                    2e:c0:2f:12:e9:16:4f:b2:9b:7a:bc:43:ee:59:da:
                    32:33:c7:88:db:88:c1:36:aa:d3:06:ca:d2:bb:95:
                    ea:b5:26:b5:a5:d7:62:61:b6:fd:5e:af:72:2c:76:
                    6e:48:32:50:5c:74:bf:fd:21:32:ed:4d:78:2a:03:
                    63:e6:a1:d6:3a:a8:bd:7c:b3:06:c0:e1:a9:96:9b:
                    df:f7:62:06:dc:ce:e8:67:4a:9f:5e:a1:4a:af:74:
                    58:51:d8:b0:0f:68:a3:9b:6d:a2:42:02:07:47:f6:
                    ec:e9:9c:76:98:99:d2:45:73:09:7f:f2:17:1b:53:
                    61:35:b6:a4:aa:4a:30:69:d4:37:ea:ae:67:0e:ba:
                    93:7c:43:db:30:c1:91:53:7f:2c:ca:f1:09:4e:29:
                    28:5d:2f:79:4f:24:c3:2f:bf:a7:64:44:2a:dd:81:
                    4a:70:3d:56:ca:f7:46:4c:3d:19:f8:0f:c2:f1:63:
                    3d:22:7e:ac:af:3b:db:3b:c7:5a:3e:95:fd:83:73:
                    09:ab:14:3d:8f:b7:2e:2f:3d:cb:18:ab:61:aa:94:
                    28:44:40:07:41:94:5a:23:f2:89:49:61:ee:72:15:
                    42:c1:10:c4:a8:9d:b1:63:d9:e6:53:78:81:59:34:
                    83:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:60:4F:17:86:9C:AF:5F:2F:D0:72:48:BF:6B:56:C8:12:60:C4:B9
            X509v3 Authority Key Identifier:
                keyid:78:6D:64:EA:E4:A2:9C:66:5D:C0:65:D5:3E:3C:60:D3:C3:19:0D:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eG1k6uSinGZdwGXVPjxg08MZDXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/0846e2-337d-4f13-9fd3-651c939f30d6/1/uGBPF4acr18v0HJIv2tWyBJgxLk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/0846e2-337d-4f13-9fd3-651c939f30d6/1/eG1k6uSinGZdwGXVPjxg08MZDXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.246.72.0/23

    Signature Algorithm: sha256WithRSAEncryption
         38:a1:25:5d:8f:57:27:d5:99:5e:f0:ad:a6:b1:ac:6c:fd:48:
         df:fd:96:25:2e:ba:9b:9b:3b:1f:5a:d2:b3:e4:00:34:71:3a:
         f5:15:3b:c0:55:0b:e7:16:75:8f:7e:6b:c5:20:f3:bc:c2:2c:
         9a:02:65:08:f0:b5:d9:bf:fe:eb:3c:17:c2:81:47:7a:1e:15:
         5a:cf:6b:e2:9d:60:e1:23:1d:3f:fe:f7:b6:bd:6a:d5:96:a8:
         29:c0:fb:6e:92:53:b5:7f:8c:57:84:89:4b:22:7a:f2:f2:9c:
         a0:68:f5:0d:55:10:31:7b:cb:74:b7:a5:03:42:c4:a4:62:40:
         bf:9e:7a:89:bc:ca:81:77:cf:52:2b:a3:38:cd:63:c3:6f:29:
         42:00:d7:c2:33:34:eb:36:6d:db:3c:8d:56:6c:20:38:f4:ca:
         48:1e:89:b3:5f:1b:b3:78:1a:18:db:aa:21:d8:c3:23:e0:f8:
         f2:1d:d4:21:6e:da:ea:97:74:c6:e1:19:f8:68:bf:41:aa:0b:
         1a:f1:b2:69:c1:ef:c4:d7:a0:4f:c2:42:a0:01:9f:7d:99:61:
         d7:f8:36:1e:cd:5e:46:36:f1:22:34:73:d6:dd:8a:73:5c:d1:
         fc:0b:3f:9f:e8:e2:49:48:20:7e:b8:98:1f:4a:85:b7:d8:a9:
         11:e5:d6:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJuIqD28htu32YhwogpgPFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4NmQ2NGVhZTRhMjljNjY1ZGMwNjVkNTNlM2M2MGQzYzMx
OTBkNzMwHhcNMjQwMTAyMTAyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODYwNGYxNzg2OWNhZjVmMmZkMDcyNDhiZjZiNTZjODEyNjBjNGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7/jPOzqfDobfrvnSq8uwC8S6RZP
spt6vEPuWdoyM8eI24jBNqrTBsrSu5XqtSa1pddiYbb9Xq9yLHZuSDJQXHS//SEy
7U14KgNj5qHWOqi9fLMGwOGplpvf92IG3M7oZ0qfXqFKr3RYUdiwD2ijm22iQgIH
R/bs6Zx2mJnSRXMJf/IXG1NhNbakqkowadQ36q5nDrqTfEPbMMGRU38syvEJTiko
XS95TyTDL7+nZEQq3YFKcD1WyvdGTD0Z+A/C8WM9In6srzvbO8daPpX9g3MJqxQ9
j7cuLz3LGKthqpQoREAHQZRaI/KJSWHuchVCwRDEqJ2xY9nmU3iBWTSDqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLhgTxeGnK9fL9BySL9rVsgSYMS5MB8GA1UdIwQY
MBaAFHhtZOrkopxmXcBl1T48YNPDGQ1zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUcxazZ1U2luR1pkd0dYVlBqeGcwOE1aRFhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8wODQ2ZTItMzM3ZC00ZjEzLTlmZDMt
NjUxYzkzOWYzMGQ2LzEvdUdCUEY0YWNyMTh2MEhKSXYydFd5QkpneExrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8wODQ2ZTItMzM3ZC00ZjEzLTlmZDMtNjUxYzkzOWYzMGQ2
LzEvZUcxazZ1U2luR1pkd0dYVlBqeGcwOE1aRFhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwvZIMA0G
CSqGSIb3DQEBCwUAA4IBAQA4oSVdj1cn1Zle8K2msaxs/Ujf/ZYlLrqbmzsfWtKz
5AA0cTr1FTvAVQvnFnWPfmvFIPO8wiyaAmUI8LXZv/7rPBfCgUd6HhVaz2vinWDh
Ix0//ve2vWrVlqgpwPtuklO1f4xXhIlLInry8pygaPUNVRAxe8t0t6UDQsSkYkC/
nnqJvMqBd89SK6M4zWPDbylCANfCMzTrNm3bPI1WbCA49MpIHomzXxuzeBoY26oh
2MMj4PjyHdQhbtrql3TG4Rn4aL9Bqgsa8bJpwe/E16BPwkKgAZ99mWHX+DYezV5G
NvEiNHPW3YpzXNH8Cz+f6OJJSCB+uJgfSoW32KkR5dbd
-----END CERTIFICATE-----