Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/194c8e-e1b6-4aae-b5b2-7981fde6bf39/1/UHS09csqaObC-HbVNwndlkv1gO8.roa
File:                     UHS09csqaObC-HbVNwndlkv1gO8.roa (raw, json)
Hash identifier:          /dPYGgjMrAFfOP70CGZLnObwIo0lBJ7s0x+VishlSv0=
Subject key identifier:   50:74:B4:F5:CB:2A:68:E6:C2:F8:76:D5:37:09:DD:96:4B:F5:80:EF
Certificate issuer:       /CN=304a791dc74f2377232fbb07b6ae71240ab9555f
Certificate serial:       018D35240F6C11C2878C3833317998280C7F
Authority key identifier: 30:4A:79:1D:C7:4F:23:77:23:2F:BB:07:B6:AE:71:24:0A:B9:55:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MEp5HcdPI3cjL7sHtq5xJAq5VV8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/194c8e-e1b6-4aae-b5b2-7981fde6bf39/1/UHS09csqaObC-HbVNwndlkv1gO8.roa
Signing time:             Tue 23 Jan 2024 07:06:11 +0000
ROA not before:           Tue 23 Jan 2024 07:06:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12905
IP address blocks:        62.176.160.0/19 maxlen: 19
                          185.250.244.0/22 maxlen: 22
                          2a06:6bc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/194c8e-e1b6-4aae-b5b2-7981fde6bf39/1/MEp5HcdPI3cjL7sHtq5xJAq5VV8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/194c8e-e1b6-4aae-b5b2-7981fde6bf39/1/MEp5HcdPI3cjL7sHtq5xJAq5VV8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MEp5HcdPI3cjL7sHtq5xJAq5VV8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:35:24:0f:6c:11:c2:87:8c:38:33:31:79:98:28:0c:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=304a791dc74f2377232fbb07b6ae71240ab9555f
        Validity
            Not Before: Jan 23 07:06:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5074b4f5cb2a68e6c2f876d53709dd964bf580ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:e3:09:e5:10:3f:b9:9c:42:e5:c2:47:86:0e:
                    cf:63:f0:d6:da:17:59:56:8e:04:a2:2f:a0:fa:b5:
                    2d:99:54:b1:c8:43:26:a2:19:03:bc:8d:b5:a8:28:
                    70:58:71:cf:0a:11:25:1e:4c:53:79:a6:82:ca:b9:
                    47:5b:98:3c:98:0f:b4:b1:60:ed:ed:fd:38:56:3f:
                    dd:09:1e:a1:08:b0:21:d0:bf:1c:d1:e4:30:4d:4f:
                    35:db:98:b0:61:80:0c:46:dc:3e:f1:44:1f:1b:7a:
                    7f:ec:d4:cd:2d:b2:73:21:a0:da:1a:7f:32:7f:e4:
                    32:e3:27:e8:65:08:53:f6:d0:34:48:bf:f7:25:7b:
                    c7:df:b5:59:95:af:52:47:9c:3c:35:fc:6e:ff:61:
                    a5:42:e7:1c:fb:d0:ab:e3:57:5c:b3:31:ae:a1:8e:
                    1f:f4:04:56:ca:80:0c:63:7e:ce:58:1c:6d:bd:f5:
                    3c:4d:28:4f:91:0c:60:ae:64:15:e6:6a:ad:8b:67:
                    34:e8:bc:fd:4e:83:5e:e3:d1:50:4e:58:c7:e6:1a:
                    25:2b:c6:b5:9b:3d:8e:a5:bf:d5:05:33:18:70:64:
                    9c:0b:ff:08:11:8d:17:cb:30:4e:96:26:4d:dc:82:
                    e5:a8:8a:e6:60:27:7c:9e:16:ba:00:ee:0e:cc:0c:
                    21:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:74:B4:F5:CB:2A:68:E6:C2:F8:76:D5:37:09:DD:96:4B:F5:80:EF
            X509v3 Authority Key Identifier:
                keyid:30:4A:79:1D:C7:4F:23:77:23:2F:BB:07:B6:AE:71:24:0A:B9:55:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MEp5HcdPI3cjL7sHtq5xJAq5VV8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/194c8e-e1b6-4aae-b5b2-7981fde6bf39/1/UHS09csqaObC-HbVNwndlkv1gO8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/194c8e-e1b6-4aae-b5b2-7981fde6bf39/1/MEp5HcdPI3cjL7sHtq5xJAq5VV8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.176.160.0/19
                  185.250.244.0/22
                IPv6:
                  2a06:6bc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         a5:75:a7:6c:92:15:7a:e7:04:a5:89:86:c9:28:a3:a3:3a:f2:
         c9:13:b2:12:dd:66:f8:5e:6f:ae:df:e7:0a:0b:ec:b5:20:8b:
         64:e5:3b:9e:cb:aa:78:46:ed:bf:01:b0:01:1c:ff:9b:b4:77:
         53:97:36:c5:85:d5:ac:8c:06:a7:77:c9:b3:65:2a:5c:88:be:
         ab:16:67:68:01:a0:c2:a3:56:4d:6b:98:33:2b:54:6b:db:e0:
         b0:0b:c6:a3:91:08:01:eb:8f:67:25:99:9e:6b:61:89:b7:56:
         b6:21:0e:d0:20:8b:79:ec:28:f6:13:49:90:11:8e:fb:8a:a9:
         a5:82:14:3e:9d:35:47:2b:a4:06:68:8d:3f:04:06:ee:f6:5d:
         c7:0f:00:b9:3a:5c:09:22:b5:ac:06:5f:14:57:2d:b2:f2:d2:
         d6:ce:73:8b:79:5f:19:ae:23:5c:b4:18:33:f8:67:ce:c4:2a:
         f3:9b:7b:3d:95:be:9b:63:20:2e:67:e7:19:4d:a8:73:e8:00:
         eb:90:0e:8c:74:91:a4:57:7f:d2:3c:7c:f3:30:93:ff:e2:75:
         8c:44:57:fe:3b:67:d6:39:bf:ee:60:df:a2:06:99:a9:35:53:
         d0:51:e8:5d:ef:5d:df:84:83:fb:c6:12:fd:08:68:28:e9:4a:
         81:c0:f0:26
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAY01JA9sEcKHjDgzMXmYKAx/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwNGE3OTFkYzc0ZjIzNzcyMzJmYmIwN2I2YWU3MTI0MGFi
OTU1NWYwHhcNMjQwMTIzMDcwNjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDc0YjRmNWNiMmE2OGU2YzJmODc2ZDUzNzA5ZGQ5NjRiZjU4MGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqeMJ5RA/uZxC5cJHhg7PY/DW2hdZ
Vo4Eoi+g+rUtmVSxyEMmohkDvI21qChwWHHPChElHkxTeaaCyrlHW5g8mA+0sWDt
7f04Vj/dCR6hCLAh0L8c0eQwTU8125iwYYAMRtw+8UQfG3p/7NTNLbJzIaDaGn8y
f+Qy4yfoZQhT9tA0SL/3JXvH37VZla9SR5w8Nfxu/2GlQucc+9Cr41dcszGuoY4f
9ARWyoAMY37OWBxtvfU8TShPkQxgrmQV5mqti2c06Lz9ToNe49FQTljH5holK8a1
mz2Opb/VBTMYcGScC/8IEY0XyzBOliZN3ILlqIrmYCd8nha6AO4OzAwhlwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFB0tPXLKmjmwvh21TcJ3ZZL9YDvMB8GA1UdIwQY
MBaAFDBKeR3HTyN3Iy+7B7aucSQKuVVfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUVwNUhjZFBJM2NqTDdzSHRxNXhKQXE1VlY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8xOTRjOGUtZTFiNi00YWFlLWI1YjIt
Nzk4MWZkZTZiZjM5LzEvVUhTMDljc3FhT2JDLUhiVk53bmRsa3YxZ084LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8xOTRjOGUtZTFiNi00YWFlLWI1YjItNzk4MWZkZTZiZjM5
LzEvTUVwNUhjZFBJM2NqTDdzSHRxNXhKQXE1VlY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQFPrCgAwQC
ufr0MA0EAgACMAcDBQMqBmvAMA0GCSqGSIb3DQEBCwUAA4IBAQCldadskhV65wSl
iYbJKKOjOvLJE7IS3Wb4Xm+u3+cKC+y1IItk5Tuey6p4Ru2/AbABHP+btHdTlzbF
hdWsjAand8mzZSpciL6rFmdoAaDCo1ZNa5gzK1Rr2+CwC8ajkQgB649nJZmea2GJ
t1a2IQ7QIIt57Cj2E0mQEY77iqmlghQ+nTVHK6QGaI0/BAbu9l3HDwC5OlwJIrWs
Bl8UVy2y8tLWznOLeV8ZriNctBgz+GfOxCrzm3s9lb6bYyAuZ+cZTahz6ADrkA6M
dJGkV3/SPHzzMJP/4nWMRFf+O2fWOb/uYN+iBpmpNVPQUehd713fhIP7xhL9CGgo
6UqBwPAm
-----END CERTIFICATE-----