Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/UdGuE2Gyay0X3Zt4q22vWPkwoSY.roa
File:                     UdGuE2Gyay0X3Zt4q22vWPkwoSY.roa (raw, json)
Hash identifier:          nlcyfBPqkJaOzfcIWqCIaFS2zyTBpHfF2/864QcqW28=
Subject key identifier:   51:D1:AE:13:61:B2:6B:2D:17:DD:9B:78:AB:6D:AF:58:F9:30:A1:26
Certificate issuer:       /CN=f8651b1194f12e98e70d3da78efe4dd2467cd423
Certificate serial:       0194266B919C89ED2BAF4FE1D304EA7D09F1
Authority key identifier: F8:65:1B:11:94:F1:2E:98:E7:0D:3D:A7:8E:FE:4D:D2:46:7C:D4:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/UdGuE2Gyay0X3Zt4q22vWPkwoSY.roa
Signing time:             Thu 02 Jan 2025 09:49:31 +0000
ROA not before:           Thu 02 Jan 2025 09:49:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     26383
IP address blocks:        45.143.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:91:9c:89:ed:2b:af:4f:e1:d3:04:ea:7d:09:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8651b1194f12e98e70d3da78efe4dd2467cd423
        Validity
            Not Before: Jan  2 09:49:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=51d1ae1361b26b2d17dd9b78ab6daf58f930a126
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:1a:7a:a1:04:d9:c0:f6:49:30:58:7c:24:f7:
                    c2:dc:cb:0e:97:48:28:cc:c1:1b:4e:bd:74:eb:1c:
                    cb:82:56:2d:65:a3:be:d1:dc:ba:09:b1:18:01:eb:
                    de:90:58:9d:be:90:9d:ee:21:23:af:ec:66:84:30:
                    6f:28:06:3e:b3:a6:79:39:3c:47:00:49:17:ea:83:
                    fc:17:ad:6f:5e:85:a6:a1:c2:7b:67:e9:7c:31:d5:
                    ab:c5:9f:c4:b1:20:01:97:6e:f7:2e:bb:ec:9a:81:
                    7c:f2:66:36:24:53:19:4d:90:10:91:84:2b:a7:14:
                    f2:97:95:ae:1d:0c:78:88:1d:03:a4:50:34:cb:b5:
                    fb:f3:aa:23:b6:20:7f:8e:6b:26:6a:c6:e3:af:c5:
                    e7:6c:0e:69:84:86:90:c7:bc:e8:8e:1a:ed:d1:0a:
                    b5:79:4c:f8:f7:73:ca:e8:a4:21:d4:fa:05:e2:4b:
                    f1:86:b0:78:21:f9:af:7a:f9:d7:f4:b9:55:d7:8f:
                    f6:21:5c:55:7c:dd:ad:b2:91:25:86:98:e6:b1:54:
                    45:e0:c7:fd:cc:e9:eb:e8:29:0d:b2:6b:ef:90:3b:
                    04:62:9e:d6:80:ff:ba:ea:32:37:1e:02:5d:36:6c:
                    20:a9:50:5c:b0:10:78:eb:21:77:38:42:c9:60:ee:
                    e2:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:D1:AE:13:61:B2:6B:2D:17:DD:9B:78:AB:6D:AF:58:F9:30:A1:26
            X509v3 Authority Key Identifier:
                keyid:F8:65:1B:11:94:F1:2E:98:E7:0D:3D:A7:8E:FE:4D:D2:46:7C:D4:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/UdGuE2Gyay0X3Zt4q22vWPkwoSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:fd:87:47:5f:96:cf:f5:51:a8:57:60:21:20:15:aa:56:4e:
         6e:f5:42:60:87:a7:e3:d1:a9:3e:41:0a:82:70:dd:a7:5a:36:
         22:76:09:71:e5:5c:a2:01:47:26:d8:c0:65:f0:c7:d1:68:bb:
         63:f1:20:4f:0f:5f:a5:80:10:4b:4b:cf:da:8f:f8:52:f9:16:
         9d:a8:ca:84:c3:be:8b:1e:0f:66:ce:f8:3f:f5:91:9d:86:89:
         25:f6:33:ee:b0:93:de:01:7c:e2:bc:82:ae:8a:e9:8d:35:ce:
         63:2a:dd:99:dc:1a:c2:19:ca:bf:41:9c:af:98:87:47:81:2e:
         4e:34:bc:e1:3b:10:a9:a8:fb:c7:70:e8:1e:78:67:63:7f:53:
         c7:5f:2d:9a:6f:a4:6b:24:9c:7f:fb:e8:90:db:4f:f0:fa:bf:
         85:62:19:4e:90:2c:a5:06:0d:f1:ea:5d:3e:84:d5:9d:57:f5:
         b5:d5:d8:a9:77:8e:a9:d6:b0:e3:b1:f9:ca:53:38:55:0d:d2:
         74:68:4e:aa:9c:6f:77:7e:25:8c:fb:0c:26:bc:44:ea:a6:bf:
         04:f3:bf:b5:7b:a9:13:ff:e0:b1:d3:bb:cd:ce:e9:3f:2b:b4:
         d4:9a:37:7a:e4:ba:f6:c0:45:48:4f:c9:d5:21:b4:3b:2c:a9:
         4d:2e:53:5a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQma5Gcie0rr0/h0wTqfQnxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4NjUxYjExOTRmMTJlOThlNzBkM2RhNzhlZmU0ZGQyNDY3
Y2Q0MjMwHhcNMjUwMTAyMDk0OTMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWQxYWUxMzYxYjI2YjJkMTdkZDliNzhhYjZkYWY1OGY5MzBhMTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBp6oQTZwPZJMFh8JPfC3MsOl0go
zMEbTr106xzLglYtZaO+0dy6CbEYAevekFidvpCd7iEjr+xmhDBvKAY+s6Z5OTxH
AEkX6oP8F61vXoWmocJ7Z+l8MdWrxZ/EsSABl273LrvsmoF88mY2JFMZTZAQkYQr
pxTyl5WuHQx4iB0DpFA0y7X786ojtiB/jmsmasbjr8XnbA5phIaQx7zojhrt0Qq1
eUz493PK6KQh1PoF4kvxhrB4IfmvevnX9LlV14/2IVxVfN2tspElhpjmsVRF4Mf9
zOnr6CkNsmvvkDsEYp7WgP+66jI3HgJdNmwgqVBcsBB46yF3OELJYO7i/wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFHRrhNhsmstF92beKttr1j5MKEmMB8GA1UdIwQY
MBaAFPhlGxGU8S6Y5w09p47+TdJGfNQjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1HVWJFWlR4THBqbkRUMm5qdjVOMGtaODFDTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGUvODIyNDAwLTMyNDgtNDcwMi1iMjli
LWExYjdjZWVmYTE2Yy8xL1VkR3VFMkd5YXkwWDNadDRxMjJ2V1Brd29TWS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGUvODIyNDAwLTMyNDgtNDcwMi1iMjliLWExYjdjZWVmYTE2
Yy8xLzEtR1ViRVpUeExwam5EVDJuanY1TjBrWjgxQ00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtjwUw
DQYJKoZIhvcNAQELBQADggEBADf9h0dfls/1UahXYCEgFapWTm71QmCHp+PRqT5B
CoJw3adaNiJ2CXHlXKIBRybYwGXwx9Fou2PxIE8PX6WAEEtLz9qP+FL5Fp2oyoTD
voseD2bO+D/1kZ2GiSX2M+6wk94BfOK8gq6K6Y01zmMq3ZncGsIZyr9BnK+Yh0eB
Lk40vOE7EKmo+8dw6B54Z2N/U8dfLZpvpGsknH/76JDbT/D6v4ViGU6QLKUGDfHq
XT6E1Z1X9bXV2Kl3jqnWsOOx+cpTOFUN0nRoTqqcb3d+JYz7DCa8ROqmvwTzv7V7
qRP/4LHTu83O6T8rtNSaN3rkuvbARUhPydUhtDssqU0uU1o=
-----END CERTIFICATE-----