Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/5c3a4c-9843-4bec-a162-18c0365307bf/1/UKSF_Fv3CqLh_32l4ChuUDH6Du4.roa
File:                     UKSF_Fv3CqLh_32l4ChuUDH6Du4.roa (raw, json)
Hash identifier:          rZ+qNXv0G4X7XJfTY+kMW3aMlnV651iu53nf85Uhvcs=
Subject key identifier:   50:A4:85:FC:5B:F7:0A:A2:E1:FF:7D:A5:E0:28:6E:50:31:FA:0E:EE
Certificate issuer:       /CN=7d8c74143c2273e201a675715431dfaf28fe17b2
Certificate serial:       018CC4936D2B33D6FF05518B4FC01F2CE17D
Authority key identifier: 7D:8C:74:14:3C:22:73:E2:01:A6:75:71:54:31:DF:AF:28:FE:17:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fYx0FDwic-IBpnVxVDHfryj-F7I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/5c3a4c-9843-4bec-a162-18c0365307bf/1/UKSF_Fv3CqLh_32l4ChuUDH6Du4.roa
Signing time:             Mon 01 Jan 2024 10:30:45 +0000
ROA not before:           Mon 01 Jan 2024 10:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207797
IP address blocks:        194.76.252.0/24 maxlen: 24
                          2a0f:ab40::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/5c3a4c-9843-4bec-a162-18c0365307bf/1/fYx0FDwic-IBpnVxVDHfryj-F7I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/5c3a4c-9843-4bec-a162-18c0365307bf/1/fYx0FDwic-IBpnVxVDHfryj-F7I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fYx0FDwic-IBpnVxVDHfryj-F7I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:6d:2b:33:d6:ff:05:51:8b:4f:c0:1f:2c:e1:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d8c74143c2273e201a675715431dfaf28fe17b2
        Validity
            Not Before: Jan  1 10:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=50a485fc5bf70aa2e1ff7da5e0286e5031fa0eee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:4a:28:39:79:2d:55:4f:bb:ac:bb:15:76:c1:
                    e8:4c:10:cf:0e:96:01:1e:73:b0:eb:fb:d7:43:9e:
                    0e:b8:4d:27:f3:30:89:66:60:c0:26:21:bb:00:26:
                    23:99:55:80:68:2d:82:18:77:80:21:2d:2f:a1:4f:
                    22:1d:11:e9:42:b0:52:15:b2:87:69:29:de:a8:6b:
                    8c:77:e9:c0:b8:45:2a:02:87:cc:b5:4f:de:f4:ae:
                    14:25:fe:94:5b:ab:33:d3:e4:88:a8:03:2d:1a:ef:
                    0a:f1:3b:92:15:a9:8c:9c:94:5b:c2:90:c7:4b:8d:
                    c7:ab:53:fb:53:31:74:ee:56:5c:6e:17:38:77:ea:
                    57:17:68:fa:7b:80:93:05:55:cf:6c:eb:22:0d:8f:
                    26:c5:e0:47:83:d7:d1:43:03:8e:c6:ac:ae:36:89:
                    a6:13:16:9c:d8:5f:eb:16:ac:5c:3f:4f:b4:0a:09:
                    dc:a0:d0:9d:0e:76:c9:c7:79:b5:ef:c7:fb:ee:73:
                    6d:7b:97:12:33:40:fd:ec:5d:da:28:0e:71:61:5e:
                    b7:01:85:9e:08:a6:62:82:7c:28:fc:aa:54:40:ec:
                    4f:25:c5:a7:cd:11:ed:43:02:5e:1e:66:46:15:c3:
                    23:93:78:4f:bf:d7:29:6d:1f:80:46:f5:82:b8:c2:
                    36:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:A4:85:FC:5B:F7:0A:A2:E1:FF:7D:A5:E0:28:6E:50:31:FA:0E:EE
            X509v3 Authority Key Identifier:
                keyid:7D:8C:74:14:3C:22:73:E2:01:A6:75:71:54:31:DF:AF:28:FE:17:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fYx0FDwic-IBpnVxVDHfryj-F7I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/5c3a4c-9843-4bec-a162-18c0365307bf/1/UKSF_Fv3CqLh_32l4ChuUDH6Du4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/5c3a4c-9843-4bec-a162-18c0365307bf/1/fYx0FDwic-IBpnVxVDHfryj-F7I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.76.252.0/24
                IPv6:
                  2a0f:ab40::/32

    Signature Algorithm: sha256WithRSAEncryption
         81:ae:ac:4d:ca:7b:29:81:72:0f:1f:0f:92:dc:d6:33:ce:f0:
         b4:47:7b:74:64:92:b2:f6:d6:85:ee:8f:d0:c2:c7:85:eb:a4:
         40:2f:7e:fa:da:5d:59:2f:15:c4:a4:f5:e3:c3:cb:ed:73:2e:
         75:d4:3a:f4:1a:c0:35:f6:1e:91:30:94:4d:ed:85:6c:94:46:
         83:94:33:74:89:ae:87:33:91:bf:f1:24:77:6f:fd:3c:cf:b5:
         57:4b:89:8b:e9:7a:e4:12:e2:a0:8c:1d:51:03:d7:aa:81:b1:
         9f:e8:54:45:2c:49:90:82:ed:ca:af:aa:7a:a0:c4:d9:de:52:
         74:7b:69:de:24:74:7a:8b:8a:67:eb:a7:da:b6:8d:92:d8:1b:
         e8:b9:82:82:54:67:61:26:b5:91:ff:7d:11:d6:25:eb:57:cc:
         67:82:6c:c1:fb:af:fb:fc:75:3d:c0:db:59:7e:fe:c3:02:1d:
         a5:f9:bf:f3:39:ed:8e:7d:b4:af:2f:3b:4d:db:a2:36:a3:be:
         d0:0f:51:99:65:2d:74:b0:e3:d0:57:99:31:c7:e1:87:3a:07:
         cf:ce:63:6e:08:2f:7a:62:26:ec:45:d5:ff:5c:c9:79:b7:4c:
         c6:a8:34:46:c7:d1:25:f1:37:ab:2f:3a:6b:98:b8:84:3c:93:
         82:ff:ee:a0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEk20rM9b/BVGLT8AfLOF9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkOGM3NDE0M2MyMjczZTIwMWE2NzU3MTU0MzFkZmFmMjhm
ZTE3YjIwHhcNMjQwMTAxMTAzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGE0ODVmYzViZjcwYWEyZTFmZjdkYTVlMDI4NmU1MDMxZmEwZWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUooOXktVU+7rLsVdsHoTBDPDpYB
HnOw6/vXQ54OuE0n8zCJZmDAJiG7ACYjmVWAaC2CGHeAIS0voU8iHRHpQrBSFbKH
aSneqGuMd+nAuEUqAofMtU/e9K4UJf6UW6sz0+SIqAMtGu8K8TuSFamMnJRbwpDH
S43Hq1P7UzF07lZcbhc4d+pXF2j6e4CTBVXPbOsiDY8mxeBHg9fRQwOOxqyuNomm
Exac2F/rFqxcP0+0CgncoNCdDnbJx3m178f77nNte5cSM0D97F3aKA5xYV63AYWe
CKZignwo/KpUQOxPJcWnzRHtQwJeHmZGFcMjk3hPv9cpbR+ARvWCuMI24wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFCkhfxb9wqi4f99peAoblAx+g7uMB8GA1UdIwQY
MBaAFH2MdBQ8InPiAaZ1cVQx368o/heyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZll4MEZEd2ljLUlCcG5WeFZESGZyeWotRjdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS81YzNhNGMtOTg0My00YmVjLWExNjIt
MThjMDM2NTMwN2JmLzEvVUtTRl9GdjNDcUxoXzMybDRDaHVVREg2RHU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS81YzNhNGMtOTg0My00YmVjLWExNjItMThjMDM2NTMwN2Jm
LzEvZll4MEZEd2ljLUlCcG5WeFZESGZyeWotRjdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwkz8MA0E
AgACMAcDBQAqD6tAMA0GCSqGSIb3DQEBCwUAA4IBAQCBrqxNynspgXIPHw+S3NYz
zvC0R3t0ZJKy9taF7o/QwseF66RAL3762l1ZLxXEpPXjw8vtcy511Dr0GsA19h6R
MJRN7YVslEaDlDN0ia6HM5G/8SR3b/08z7VXS4mL6XrkEuKgjB1RA9eqgbGf6FRF
LEmQgu3Kr6p6oMTZ3lJ0e2neJHR6i4pn66fato2S2BvouYKCVGdhJrWR/30R1iXr
V8xngmzB+6/7/HU9wNtZfv7DAh2l+b/zOe2OfbSvLztN26I2o77QD1GZZS10sOPQ
V5kxx+GHOgfPzmNuCC96YibsRdX/XMl5t0zGqDRGx9El8TerLzprmLiEPJOC/+6g
-----END CERTIFICATE-----