Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/3dbfeb-b2e2-4816-9ba9-a5cd81b5e00b/1/ug3YEI2JcAs7KyRkCFHKuJydM5g.roa
File:                     ug3YEI2JcAs7KyRkCFHKuJydM5g.roa (raw, json)
Hash identifier:          AMXLKOtb4A80zG8lsXgsgr8+AM+4BVm7idovhVs46Bg=
Subject key identifier:   BA:0D:D8:10:8D:89:70:0B:3B:2B:24:64:08:51:CA:B8:9C:9D:33:98
Certificate issuer:       /CN=d695cb86586cbfd2462afa052c96a25c162830a8
Certificate serial:       018CC5DCBC03DD798A48FCF55B912FFE86EC
Authority key identifier: D6:95:CB:86:58:6C:BF:D2:46:2A:FA:05:2C:96:A2:5C:16:28:30:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1pXLhlhsv9JGKvoFLJaiXBYoMKg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/3dbfeb-b2e2-4816-9ba9-a5cd81b5e00b/1/ug3YEI2JcAs7KyRkCFHKuJydM5g.roa
Signing time:             Mon 01 Jan 2024 16:30:26 +0000
ROA not before:           Mon 01 Jan 2024 16:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49624
IP address blocks:        188.93.170.0/23 maxlen: 23
                          2001:7f8:4c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/3dbfeb-b2e2-4816-9ba9-a5cd81b5e00b/1/1pXLhlhsv9JGKvoFLJaiXBYoMKg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/3dbfeb-b2e2-4816-9ba9-a5cd81b5e00b/1/1pXLhlhsv9JGKvoFLJaiXBYoMKg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1pXLhlhsv9JGKvoFLJaiXBYoMKg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 03:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:bc:03:dd:79:8a:48:fc:f5:5b:91:2f:fe:86:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d695cb86586cbfd2462afa052c96a25c162830a8
        Validity
            Not Before: Jan  1 16:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba0dd8108d89700b3b2b24640851cab89c9d3398
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:bf:b7:f3:26:2a:93:15:aa:1e:e8:2e:bd:7c:
                    ee:58:33:96:d3:43:ca:69:d5:c7:1a:dd:09:71:ee:
                    03:ad:62:08:4a:eb:91:31:4c:5b:7c:1c:b5:9d:b0:
                    b6:b2:56:52:0b:ed:4c:91:54:65:95:ad:06:a1:d7:
                    63:fb:d7:c4:5f:f5:fb:4d:80:9a:df:a8:07:86:cc:
                    65:d1:39:75:00:9c:63:cb:6a:bd:82:c3:59:32:ce:
                    66:d6:dc:d5:aa:b7:15:71:ec:29:9b:87:55:4d:6e:
                    e2:03:16:b0:9d:ef:af:31:8c:c3:25:b0:aa:1d:78:
                    27:f9:68:ca:2f:8e:7d:77:0d:38:8e:8d:26:10:10:
                    6e:0a:40:ef:fd:99:c4:c4:82:11:8b:a2:be:11:1a:
                    79:c0:c1:71:c2:81:a6:3e:1c:d9:78:50:7f:e5:2f:
                    5f:bc:f9:cc:4b:ba:20:77:02:64:2d:b1:5e:51:36:
                    8c:93:ba:38:d9:2a:93:e1:08:87:cf:10:a3:11:ab:
                    35:e8:4c:42:f8:47:7e:e6:b0:2a:13:3a:a6:d8:b2:
                    90:54:ad:b3:04:6a:ec:da:d6:ce:13:f4:6a:70:a9:
                    0c:f4:0b:fa:53:50:40:cd:73:7c:53:a3:28:cb:88:
                    bd:81:90:c6:54:c6:13:3b:42:f3:5e:c5:0e:20:48:
                    e0:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:0D:D8:10:8D:89:70:0B:3B:2B:24:64:08:51:CA:B8:9C:9D:33:98
            X509v3 Authority Key Identifier:
                keyid:D6:95:CB:86:58:6C:BF:D2:46:2A:FA:05:2C:96:A2:5C:16:28:30:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1pXLhlhsv9JGKvoFLJaiXBYoMKg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/3dbfeb-b2e2-4816-9ba9-a5cd81b5e00b/1/ug3YEI2JcAs7KyRkCFHKuJydM5g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/3dbfeb-b2e2-4816-9ba9-a5cd81b5e00b/1/1pXLhlhsv9JGKvoFLJaiXBYoMKg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.93.170.0/23
                IPv6:
                  2001:7f8:4c::/48

    Signature Algorithm: sha256WithRSAEncryption
         62:97:2d:86:69:a3:56:cd:d4:cc:a1:50:e3:f9:5c:41:3a:b6:
         c0:2e:46:b1:92:05:ec:23:4f:ea:81:e2:5a:61:45:31:6c:68:
         64:e2:20:40:48:47:6c:f4:9c:85:18:9b:c9:bf:83:66:0a:20:
         34:f0:be:dd:df:31:f3:94:2c:72:ff:2a:2e:95:66:39:b8:d8:
         58:a0:49:c3:c0:70:cd:d9:00:17:f5:1b:08:ca:bf:ee:bc:03:
         d0:ae:e7:20:2b:44:3d:6b:a3:80:d3:d5:c6:8c:ff:fb:3f:5c:
         e3:04:5c:18:48:87:81:bb:95:8b:10:f4:77:24:26:a0:cd:99:
         57:1d:18:cf:7d:21:c3:ac:8f:ea:ad:c9:08:a1:ef:56:40:fd:
         ba:bc:95:97:5d:17:cb:e7:9a:ae:bb:a1:35:5e:f0:2e:c2:46:
         cb:24:20:94:4b:80:e8:fa:55:bf:f5:cb:22:10:d1:13:2c:79:
         fc:31:58:74:f9:2c:ef:37:6a:8b:f3:55:bc:b7:aa:ee:27:f0:
         d8:c1:42:c6:9d:9f:47:c1:08:5e:07:83:8b:ce:5d:07:e4:54:
         d0:d3:b0:b9:59:da:88:20:df:a4:d7:f3:eb:89:6d:26:a0:e1:
         11:ff:dc:6b:8a:1d:ea:33:d7:fb:66:03:16:19:e2:87:00:3a:
         2e:9c:4f:b0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzF3LwD3XmKSPz1W5Ev/obsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2OTVjYjg2NTg2Y2JmZDI0NjJhZmEwNTJjOTZhMjVjMTYy
ODMwYTgwHhcNMjQwMTAxMTYzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTBkZDgxMDhkODk3MDBiM2IyYjI0NjQwODUxY2FiODljOWQzMzk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs7+38yYqkxWqHuguvXzuWDOW00PK
adXHGt0Jce4DrWIISuuRMUxbfBy1nbC2slZSC+1MkVRlla0Goddj+9fEX/X7TYCa
36gHhsxl0Tl1AJxjy2q9gsNZMs5m1tzVqrcVcewpm4dVTW7iAxawne+vMYzDJbCq
HXgn+WjKL459dw04jo0mEBBuCkDv/ZnExIIRi6K+ERp5wMFxwoGmPhzZeFB/5S9f
vPnMS7ogdwJkLbFeUTaMk7o42SqT4QiHzxCjEas16ExC+Ed+5rAqEzqm2LKQVK2z
BGrs2tbOE/RqcKkM9Av6U1BAzXN8U6Moy4i9gZDGVMYTO0LzXsUOIEjguQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLoN2BCNiXALOyskZAhRyricnTOYMB8GA1UdIwQY
MBaAFNaVy4ZYbL/SRir6BSyWolwWKDCoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXBYTGhsaHN2OUpHS3ZvRkxKYWlYQllvTUtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8zZGJmZWItYjJlMi00ODE2LTliYTkt
YTVjZDgxYjVlMDBiLzEvdWczWUVJMkpjQXM3S3lSa0NGSEt1SnlkTTVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8zZGJmZWItYjJlMi00ODE2LTliYTktYTVjZDgxYjVlMDBi
LzEvMXBYTGhsaHN2OUpHS3ZvRkxKYWlYQllvTUtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBvF2qMA8E
AgACMAkDBwAgAQf4AEwwDQYJKoZIhvcNAQELBQADggEBAGKXLYZpo1bN1MyhUOP5
XEE6tsAuRrGSBewjT+qB4lphRTFsaGTiIEBIR2z0nIUYm8m/g2YKIDTwvt3fMfOU
LHL/Ki6VZjm42FigScPAcM3ZABf1GwjKv+68A9Cu5yArRD1ro4DT1caM//s/XOME
XBhIh4G7lYsQ9HckJqDNmVcdGM99IcOsj+qtyQih71ZA/bq8lZddF8vnmq67oTVe
8C7CRsskIJRLgOj6Vb/1yyIQ0RMsefwxWHT5LO83aovzVby3qu4n8NjBQsadn0fB
CF4Hg4vOXQfkVNDTsLlZ2ogg36TX8+uJbSag4RH/3GuKHeoz1/tmAxYZ4ocAOi6c
T7A=
-----END CERTIFICATE-----