Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/9f8b16-284f-4512-b3dc-015d9f1b4b50/1/umWhjBnVygAHfjm2VwBtRxyPE5k.roa
File:                     umWhjBnVygAHfjm2VwBtRxyPE5k.roa (raw, json)
Hash identifier:          1t7Zf1FqCh9m/fa6/pusUD/Ekje8+5TbQi7ETqCMtVw=
Subject key identifier:   BA:65:A1:8C:19:D5:CA:00:07:7E:39:B6:57:00:6D:47:1C:8F:13:99
Certificate issuer:       /CN=7fcad89df1bf99a36f290cc3ef0f1e7b4d027533
Certificate serial:       018CC42556A3E43EC206F3580786AE971F7F
Authority key identifier: 7F:CA:D8:9D:F1:BF:99:A3:6F:29:0C:C3:EF:0F:1E:7B:4D:02:75:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f8rYnfG_maNvKQzD7w8ee00CdTM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/9f8b16-284f-4512-b3dc-015d9f1b4b50/1/umWhjBnVygAHfjm2VwBtRxyPE5k.roa
Signing time:             Mon 01 Jan 2024 08:30:30 +0000
ROA not before:           Mon 01 Jan 2024 08:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21100
IP address blocks:        46.21.250.0/24 maxlen: 24
                          212.8.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/9f8b16-284f-4512-b3dc-015d9f1b4b50/1/f8rYnfG_maNvKQzD7w8ee00CdTM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/9f8b16-284f-4512-b3dc-015d9f1b4b50/1/f8rYnfG_maNvKQzD7w8ee00CdTM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f8rYnfG_maNvKQzD7w8ee00CdTM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:56:a3:e4:3e:c2:06:f3:58:07:86:ae:97:1f:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7fcad89df1bf99a36f290cc3ef0f1e7b4d027533
        Validity
            Not Before: Jan  1 08:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba65a18c19d5ca00077e39b657006d471c8f1399
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:47:17:fc:c3:36:17:38:c2:f2:ce:fc:3a:62:
                    e6:06:92:64:76:85:31:54:81:98:2b:57:e9:9a:15:
                    35:f8:66:17:ce:33:5d:14:dc:2c:57:42:60:58:8a:
                    1c:6e:b0:e0:c6:63:2b:e8:40:29:07:aa:0a:c5:68:
                    60:20:a4:3b:eb:9c:a6:e6:74:c8:b0:af:7e:a1:53:
                    34:99:f1:f4:8d:e2:ec:a5:c5:9e:d7:43:f4:32:4d:
                    49:81:f0:ba:7c:a9:a8:a1:d2:5f:06:83:24:85:a7:
                    df:c9:2a:72:c3:2b:53:8c:92:6c:de:d3:50:7f:17:
                    21:3f:17:fa:67:fa:2a:84:af:25:84:bb:0c:5a:c9:
                    f1:d8:68:4b:cf:9a:65:40:b9:64:00:ce:ed:38:c5:
                    1b:3e:d1:ac:32:8f:2a:48:3f:29:53:12:bc:f7:e7:
                    f4:b4:17:41:25:36:1d:e1:de:39:ed:75:59:6d:57:
                    8c:15:d6:f6:e1:1f:18:37:3d:bf:07:38:7d:27:6f:
                    29:db:54:df:03:9e:0c:75:3b:27:6a:dc:5a:90:db:
                    5c:16:9b:cf:c7:67:9c:06:10:c8:bd:64:c1:09:9a:
                    b4:ca:43:07:1a:8e:bd:8b:64:eb:e6:b8:df:5c:18:
                    d2:4a:49:5d:ed:f2:cb:c7:29:87:f3:7a:ec:3a:9e:
                    ba:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:65:A1:8C:19:D5:CA:00:07:7E:39:B6:57:00:6D:47:1C:8F:13:99
            X509v3 Authority Key Identifier:
                keyid:7F:CA:D8:9D:F1:BF:99:A3:6F:29:0C:C3:EF:0F:1E:7B:4D:02:75:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8rYnfG_maNvKQzD7w8ee00CdTM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/9f8b16-284f-4512-b3dc-015d9f1b4b50/1/umWhjBnVygAHfjm2VwBtRxyPE5k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/9f8b16-284f-4512-b3dc-015d9f1b4b50/1/f8rYnfG_maNvKQzD7w8ee00CdTM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.21.250.0/24
                  212.8.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:b5:e0:43:87:48:68:aa:34:62:4a:6c:04:fe:4e:31:02:30:
         ae:46:6d:a1:99:3c:9b:6b:0a:84:d5:61:63:17:36:8c:d1:00:
         c2:3a:35:ad:51:e9:55:8c:32:04:a6:ba:6d:dc:0e:95:40:d6:
         46:c5:0f:4b:26:e1:7b:24:5d:15:d7:1c:2d:1c:2f:fd:e2:42:
         56:d9:f6:3b:b0:39:62:a3:36:85:93:03:0a:7c:43:b9:c3:74:
         5a:c7:71:e4:c3:26:2e:02:29:46:55:15:8a:87:c5:b5:f5:f4:
         46:22:ab:41:51:e5:96:be:f1:95:91:4c:7a:29:7e:ad:a7:84:
         e7:76:72:b1:cd:23:27:8c:0c:53:69:f5:88:3e:b4:67:39:9d:
         25:84:00:3d:81:f8:fa:e7:78:79:4f:e8:d0:de:30:52:29:ba:
         26:a0:45:7f:3c:09:5e:22:79:a5:7a:86:f6:b4:b0:26:9a:9c:
         63:48:47:5e:a7:43:45:26:fb:fb:47:07:ae:42:d3:f3:45:e5:
         52:f0:52:2d:d9:17:f8:b3:af:9c:47:c4:9a:80:ce:0d:c7:f7:
         f6:7d:82:a3:98:46:62:7f:2b:69:40:15:c3:11:2c:ed:75:d5:
         87:da:df:2d:78:b7:b6:8b:a6:1f:d6:09:92:4e:d8:c0:7a:0c:
         9b:ee:55:43
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJVaj5D7CBvNYB4aulx9/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmY2FkODlkZjFiZjk5YTM2ZjI5MGNjM2VmMGYxZTdiNGQw
Mjc1MzMwHhcNMjQwMTAxMDgzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTY1YTE4YzE5ZDVjYTAwMDc3ZTM5YjY1NzAwNmQ0NzFjOGYxMzk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0cX/MM2FzjC8s78OmLmBpJkdoUx
VIGYK1fpmhU1+GYXzjNdFNwsV0JgWIocbrDgxmMr6EApB6oKxWhgIKQ765ym5nTI
sK9+oVM0mfH0jeLspcWe10P0Mk1JgfC6fKmoodJfBoMkhaffySpywytTjJJs3tNQ
fxchPxf6Z/oqhK8lhLsMWsnx2GhLz5plQLlkAM7tOMUbPtGsMo8qSD8pUxK89+f0
tBdBJTYd4d457XVZbVeMFdb24R8YNz2/Bzh9J28p21TfA54MdTsnatxakNtcFpvP
x2ecBhDIvWTBCZq0ykMHGo69i2Tr5rjfXBjSSkld7fLLxymH83rsOp66rwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLploYwZ1coAB345tlcAbUccjxOZMB8GA1UdIwQY
MBaAFH/K2J3xv5mjbykMw+8PHntNAnUzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjhyWW5mR19tYU52S1F6RDd3OGVlMDBDZFRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS85ZjhiMTYtMjg0Zi00NTEyLWIzZGMt
MDE1ZDlmMWI0YjUwLzEvdW1XaGpCblZ5Z0FIZmptMlZ3QnRSeHlQRTVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS85ZjhiMTYtMjg0Zi00NTEyLWIzZGMtMDE1ZDlmMWI0YjUw
LzEvZjhyWW5mR19tYU52S1F6RDd3OGVlMDBDZFRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALhX6AwQA
1Aj1MA0GCSqGSIb3DQEBCwUAA4IBAQCPteBDh0hoqjRiSmwE/k4xAjCuRm2hmTyb
awqE1WFjFzaM0QDCOjWtUelVjDIEprpt3A6VQNZGxQ9LJuF7JF0V1xwtHC/94kJW
2fY7sDliozaFkwMKfEO5w3Rax3HkwyYuAilGVRWKh8W19fRGIqtBUeWWvvGVkUx6
KX6tp4TndnKxzSMnjAxTafWIPrRnOZ0lhAA9gfj653h5T+jQ3jBSKbomoEV/PAle
Inmleob2tLAmmpxjSEdep0NFJvv7RweuQtPzReVS8FIt2Rf4s6+cR8SagM4Nx/f2
fYKjmEZifytpQBXDESztddWH2t8teLe2i6Yf1gmSTtjAegyb7lVD
-----END CERTIFICATE-----