Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/uZnv2LnHOamJti_NgFYnoYRaF6c.roa
File:                     uZnv2LnHOamJti_NgFYnoYRaF6c.roa (raw, json)
Hash identifier:          VyRVbVsG809hIE3ZF3Mv/bAol4jy6sYVk94pLGjD3vA=
Subject key identifier:   B9:99:EF:D8:B9:C7:39:A9:89:B6:2F:CD:80:56:27:A1:84:5A:17:A7
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       018E3EF6CB3740F8E98A8904A372B34693EA
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/uZnv2LnHOamJti_NgFYnoYRaF6c.roa
Signing time:             Thu 14 Mar 2024 21:55:45 +0000
ROA not before:           Thu 14 Mar 2024 21:55:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     11426
IP address blocks:        45.43.132.0/22 maxlen: 22
                          104.249.56.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:3e:f6:cb:37:40:f8:e9:8a:89:04:a3:72:b3:46:93:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Mar 14 21:55:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b999efd8b9c739a989b62fcd805627a1845a17a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:10:fc:92:70:28:28:f0:05:a3:cf:45:ea:82:
                    25:9a:0a:3e:f0:6e:e9:57:a0:84:33:09:61:e7:f9:
                    19:f3:72:bc:6c:b8:d1:a0:65:be:09:c9:90:74:3a:
                    c1:22:da:8d:e4:30:ac:55:e4:4f:43:b0:fa:05:34:
                    20:70:71:8b:1b:6c:ea:8f:32:f7:a5:f5:b4:7d:f8:
                    ee:ae:e1:f7:7e:94:d0:9c:6b:02:fc:40:1b:34:48:
                    f1:86:92:ed:93:3d:a5:49:07:db:34:b5:49:cc:88:
                    ff:e5:4e:c2:ee:f9:da:48:c9:c2:36:d8:1c:ba:0d:
                    79:26:b1:ba:ef:b1:7e:a1:db:f5:e6:2f:a8:41:5b:
                    d5:d3:14:8f:27:0c:0b:02:97:39:66:43:aa:0c:e5:
                    de:fd:75:94:04:91:98:49:d2:96:e2:ee:1e:34:98:
                    79:b9:cd:dd:69:f9:a1:5f:b9:97:ef:e7:11:aa:b7:
                    47:a5:38:1a:ae:a4:a8:59:31:d4:11:1a:dc:5a:ec:
                    ff:4c:bb:65:6e:94:0c:b6:22:fa:f6:7e:d7:9e:99:
                    dd:4d:8c:99:6e:43:76:48:8f:34:5d:cb:ef:66:48:
                    21:f4:23:ff:3a:9e:ed:ab:a2:16:48:29:96:33:c2:
                    94:11:ef:a4:83:cc:e3:31:90:23:e9:4a:bc:f1:df:
                    70:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:99:EF:D8:B9:C7:39:A9:89:B6:2F:CD:80:56:27:A1:84:5A:17:A7
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/uZnv2LnHOamJti_NgFYnoYRaF6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.43.132.0/22
                  104.249.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:a3:89:73:6e:45:41:5c:ae:86:6b:b1:bb:8e:1b:d7:65:00:
         36:68:0f:f6:ba:b0:2f:e2:de:59:e1:31:96:e6:43:a4:3b:d9:
         ed:eb:2e:87:ae:10:3e:c4:b8:7f:1c:cd:0e:a1:45:f3:85:ec:
         7a:f1:73:6e:e0:b0:ff:14:aa:72:ae:92:8d:de:c7:d9:f1:52:
         64:44:22:a7:00:03:39:ec:94:65:95:d6:ef:d3:59:57:89:94:
         75:f5:55:69:e4:e1:6c:57:c6:28:59:eb:60:66:e2:78:4d:ac:
         8c:32:f8:36:fb:0b:d7:72:50:79:27:58:2e:10:2d:75:d7:44:
         c6:89:c9:06:13:38:7b:3c:0d:e4:60:41:ad:b8:12:30:da:7b:
         86:b4:38:3f:08:be:71:5f:81:ba:d7:32:c9:ae:d2:f0:88:cc:
         b0:38:54:07:a0:61:d3:98:94:84:fa:3e:6c:10:90:a3:38:c4:
         eb:57:15:9c:a6:3e:36:1c:82:fd:a6:ee:b2:9f:6a:df:eb:61:
         2f:84:32:65:3f:c1:8c:39:1b:0d:53:c6:da:06:eb:fd:ec:ba:
         f0:07:3c:1c:e5:1c:b6:14:34:af:c8:b3:d3:0e:ea:8d:c4:36:
         96:a1:31:bc:5a:e7:39:72:5b:27:51:2c:2d:63:67:ba:2f:16:
         98:ee:8c:64
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY4+9ss3QPjpiokEo3KzRpPqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjQwMzE0MjE1NTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTk5ZWZkOGI5YzczOWE5ODliNjJmY2Q4MDU2MjdhMTg0NWExN2E3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoRD8knAoKPAFo89F6oIlmgo+8G7p
V6CEMwlh5/kZ83K8bLjRoGW+CcmQdDrBItqN5DCsVeRPQ7D6BTQgcHGLG2zqjzL3
pfW0ffjuruH3fpTQnGsC/EAbNEjxhpLtkz2lSQfbNLVJzIj/5U7C7vnaSMnCNtgc
ug15JrG677F+odv15i+oQVvV0xSPJwwLApc5ZkOqDOXe/XWUBJGYSdKW4u4eNJh5
uc3dafmhX7mX7+cRqrdHpTgarqSoWTHUERrcWuz/TLtlbpQMtiL69n7XnpndTYyZ
bkN2SI80XcvvZkgh9CP/Op7tq6IWSCmWM8KUEe+kg8zjMZAj6Uq88d9wawIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLmZ79i5xzmpibYvzYBWJ6GEWhenMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvdVpudjJMbkhPYW1KdGlfTmdGWW5vWVJhRjZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLSuEAwQC
aPk4MA0GCSqGSIb3DQEBCwUAA4IBAQAJo4lzbkVBXK6Ga7G7jhvXZQA2aA/2urAv
4t5Z4TGW5kOkO9nt6y6HrhA+xLh/HM0OoUXzhex68XNu4LD/FKpyrpKN3sfZ8VJk
RCKnAAM57JRlldbv01lXiZR19VVp5OFsV8YoWetgZuJ4TayMMvg2+wvXclB5J1gu
EC1110TGickGEzh7PA3kYEGtuBIw2nuGtDg/CL5xX4G61zLJrtLwiMywOFQHoGHT
mJSE+j5sEJCjOMTrVxWcpj42HIL9pu6yn2rf62EvhDJlP8GMORsNU8baBuv97Lrw
Bzwc5Ry2FDSvyLPTDuqNxDaWoTG8Wuc5clsnUSwtY2e6LxaY7oxk
-----END CERTIFICATE-----