Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/09e2f7-e650-4f38-a745-c396200fe0bf/1/ugB_uFTGXBjwRsJzFReQ-CtcyJU.roa
File:                     ugB_uFTGXBjwRsJzFReQ-CtcyJU.roa (raw, json)
Hash identifier:          esV1Um+5bHkgXF4BAnY9u/OOj48iqIO/YxBKBSF2X8I=
Subject key identifier:   BA:00:7F:B8:54:C6:5C:18:F0:46:C2:73:15:17:90:F8:2B:5C:C8:95
Certificate issuer:       /CN=94aa418ae770bda8ef0516b1d1c633a67e91f38b
Certificate serial:       018CC4247819A076246461912E5E2085270D
Authority key identifier: 94:AA:41:8A:E7:70:BD:A8:EF:05:16:B1:D1:C6:33:A6:7E:91:F3:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lKpBiudwvajvBRax0cYzpn6R84s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/09e2f7-e650-4f38-a745-c396200fe0bf/1/ugB_uFTGXBjwRsJzFReQ-CtcyJU.roa
Signing time:             Mon 01 Jan 2024 08:29:33 +0000
ROA not before:           Mon 01 Jan 2024 08:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49248
IP address blocks:        91.212.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/09e2f7-e650-4f38-a745-c396200fe0bf/1/lKpBiudwvajvBRax0cYzpn6R84s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/09e2f7-e650-4f38-a745-c396200fe0bf/1/lKpBiudwvajvBRax0cYzpn6R84s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lKpBiudwvajvBRax0cYzpn6R84s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:78:19:a0:76:24:64:61:91:2e:5e:20:85:27:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94aa418ae770bda8ef0516b1d1c633a67e91f38b
        Validity
            Not Before: Jan  1 08:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba007fb854c65c18f046c273151790f82b5cc895
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:fb:fd:4c:fd:cb:72:37:35:21:76:60:99:10:
                    5c:5e:86:67:1a:76:72:6c:80:af:1c:3c:00:88:3e:
                    45:7a:11:88:f5:c0:ae:a4:6c:de:67:c0:a3:05:5f:
                    89:d1:9f:fa:ce:88:29:12:41:95:1f:dd:72:d8:69:
                    5d:dd:b7:ba:ad:95:21:4b:da:59:80:a0:8a:9b:41:
                    9e:32:10:50:85:31:82:51:b3:15:c5:ee:bc:dd:d4:
                    2e:f1:14:3f:06:1b:82:51:c7:9f:40:e5:57:f0:1a:
                    12:c3:3c:02:31:6a:b2:79:4c:a1:48:bf:a7:95:39:
                    0f:cc:56:60:fc:27:43:91:4f:3e:db:c4:55:32:be:
                    53:02:88:17:a5:38:1e:b8:f0:7e:aa:74:aa:09:f8:
                    dc:b7:60:96:bd:ea:9b:76:20:b0:7e:53:34:a9:4d:
                    cf:c9:d3:12:b7:f2:94:9c:55:39:23:4f:7d:1f:36:
                    98:b2:eb:e2:d7:06:2c:21:a3:4e:15:f2:0b:be:d4:
                    8a:71:f9:50:34:08:14:56:b6:0e:c4:8b:ca:85:49:
                    3f:81:4d:b9:57:21:c2:e3:20:43:b6:4d:d2:81:b8:
                    ce:cd:e0:ee:22:88:4e:7a:c7:32:f6:7f:83:35:61:
                    60:3a:c4:4a:16:05:94:5c:82:81:4b:ec:70:ed:d4:
                    7f:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:00:7F:B8:54:C6:5C:18:F0:46:C2:73:15:17:90:F8:2B:5C:C8:95
            X509v3 Authority Key Identifier:
                keyid:94:AA:41:8A:E7:70:BD:A8:EF:05:16:B1:D1:C6:33:A6:7E:91:F3:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lKpBiudwvajvBRax0cYzpn6R84s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/09e2f7-e650-4f38-a745-c396200fe0bf/1/ugB_uFTGXBjwRsJzFReQ-CtcyJU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/09e2f7-e650-4f38-a745-c396200fe0bf/1/lKpBiudwvajvBRax0cYzpn6R84s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:04:89:7a:e3:f2:77:62:6f:d4:7f:6c:3a:32:7c:0b:3c:f4:
         13:1c:2c:02:31:72:b7:1e:3a:71:39:cb:42:2b:9b:4d:39:e5:
         37:bb:01:63:d3:a4:3d:1c:08:67:8b:a1:79:df:8f:10:15:f8:
         9f:52:55:a9:e4:72:77:9d:45:dd:f7:97:31:11:38:9a:5b:ae:
         b9:2c:6b:d4:fe:af:fa:3d:c8:2d:3e:19:ed:e1:b9:4f:ce:bd:
         3c:f4:1e:fa:c5:83:0f:50:6a:5a:8d:d2:86:37:6c:16:85:28:
         7a:6e:c4:9d:56:27:1c:49:f4:13:98:aa:ee:b5:e1:70:95:d2:
         25:79:66:33:fc:74:0a:7f:d7:b6:6b:eb:35:6f:c1:ad:81:e0:
         76:ca:ca:9c:64:76:00:c6:f9:64:f4:3c:36:b7:09:af:34:b1:
         98:27:c8:6f:e5:1b:39:30:fd:e4:46:3a:c0:c1:94:c8:6d:41:
         9c:21:d8:9b:8c:77:68:ff:d0:74:f8:b3:fa:7b:ee:fd:7b:84:
         20:4b:9a:c6:3e:59:d9:f8:2a:ba:e5:cd:1f:aa:be:70:39:4b:
         ef:8b:66:d4:6f:02:cc:29:84:a4:7e:c4:ad:69:e7:8e:d0:cc:
         de:a0:b6:67:fa:41:22:22:6a:6f:c9:a9:44:6c:55:b9:bd:10:
         7a:3c:7c:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJHgZoHYkZGGRLl4ghScNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0YWE0MThhZTc3MGJkYThlZjA1MTZiMWQxYzYzM2E2N2U5
MWYzOGIwHhcNMjQwMTAxMDgyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTAwN2ZiODU0YzY1YzE4ZjA0NmMyNzMxNTE3OTBmODJiNWNjODk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh/v9TP3Lcjc1IXZgmRBcXoZnGnZy
bICvHDwAiD5FehGI9cCupGzeZ8CjBV+J0Z/6zogpEkGVH91y2Gld3be6rZUhS9pZ
gKCKm0GeMhBQhTGCUbMVxe683dQu8RQ/BhuCUcefQOVX8BoSwzwCMWqyeUyhSL+n
lTkPzFZg/CdDkU8+28RVMr5TAogXpTgeuPB+qnSqCfjct2CWveqbdiCwflM0qU3P
ydMSt/KUnFU5I099HzaYsuvi1wYsIaNOFfILvtSKcflQNAgUVrYOxIvKhUk/gU25
VyHC4yBDtk3SgbjOzeDuIohOescy9n+DNWFgOsRKFgWUXIKBS+xw7dR/1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLoAf7hUxlwY8EbCcxUXkPgrXMiVMB8GA1UdIwQY
MBaAFJSqQYrncL2o7wUWsdHGM6Z+kfOLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEtwQml1ZHd2YWp2QlJheDBjWXpwbjZSODRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy8wOWUyZjctZTY1MC00ZjM4LWE3NDUt
YzM5NjIwMGZlMGJmLzEvdWdCX3VGVEdYQmp3UnNKekZSZVEtQ3RjeUpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy8wOWUyZjctZTY1MC00ZjM4LWE3NDUtYzM5NjIwMGZlMGJm
LzEvbEtwQml1ZHd2YWp2QlJheDBjWXpwbjZSODRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9RmMA0G
CSqGSIb3DQEBCwUAA4IBAQCKBIl64/J3Ym/Uf2w6MnwLPPQTHCwCMXK3HjpxOctC
K5tNOeU3uwFj06Q9HAhni6F5348QFfifUlWp5HJ3nUXd95cxETiaW665LGvU/q/6
PcgtPhnt4blPzr089B76xYMPUGpajdKGN2wWhSh6bsSdViccSfQTmKruteFwldIl
eWYz/HQKf9e2a+s1b8GtgeB2ysqcZHYAxvlk9Dw2twmvNLGYJ8hv5Rs5MP3kRjrA
wZTIbUGcIdibjHdo/9B0+LP6e+79e4QgS5rGPlnZ+Cq65c0fqr5wOUvvi2bUbwLM
KYSkfsStaeeO0MzeoLZn+kEiImpvyalEbFW5vRB6PHw2
-----END CERTIFICATE-----