Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/ufw3K-5O2lCHoNBOkaRxiG4J6Jk.roa
File:                     ufw3K-5O2lCHoNBOkaRxiG4J6Jk.roa (raw, json)
Hash identifier:          z61BfpmmC/PCSjCtOD7sJ60C3Mh5NtQajuxkafRQGVY=
Subject key identifier:   B9:FC:37:2B:EE:4E:DA:50:87:A0:D0:4E:91:A4:71:88:6E:09:E8:99
Certificate issuer:       /CN=67499595a65aab0b53768def08091e31061e9e65
Certificate serial:       0192C30F0F273EEF7AC5CB96D8A7A8320146
Authority key identifier: 67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/ufw3K-5O2lCHoNBOkaRxiG4J6Jk.roa
Signing time:             Fri 25 Oct 2024 09:43:16 +0000
ROA not before:           Fri 25 Oct 2024 09:43:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206505
IP address blocks:        46.20.100.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:c3:0f:0f:27:3e:ef:7a:c5:cb:96:d8:a7:a8:32:01:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67499595a65aab0b53768def08091e31061e9e65
        Validity
            Not Before: Oct 25 09:43:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9fc372bee4eda5087a0d04e91a471886e09e899
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:6b:99:54:62:1d:19:9a:fd:0c:f7:da:5f:ba:
                    60:77:2f:6c:ff:ca:db:9b:fc:b3:10:f4:e2:d0:0e:
                    5e:ba:21:a2:7d:fc:59:eb:ba:25:bc:69:8f:5e:22:
                    dc:a4:60:c7:8a:d6:f2:e8:bf:23:81:6e:41:12:f2:
                    99:16:45:f7:60:6c:38:2e:15:f2:ae:ac:5d:79:99:
                    e4:98:a3:41:92:e8:60:45:b0:6a:f4:ae:52:3b:f3:
                    47:3e:49:df:00:a0:ee:c6:bb:f9:84:37:84:c1:d1:
                    80:a3:04:3f:fc:69:5a:3e:13:63:71:d6:99:74:1f:
                    f9:2b:e7:42:ca:35:73:92:d9:70:83:a9:00:ba:72:
                    b0:13:13:58:52:12:75:2e:93:a8:04:7e:b1:62:af:
                    da:91:83:6e:02:94:37:eb:4e:c7:08:78:37:89:e9:
                    7d:1a:90:f6:39:80:57:89:19:2e:70:c5:ab:ce:28:
                    ed:8c:1a:38:fb:6f:14:64:05:c0:2a:b0:bc:92:3c:
                    bc:69:57:da:a1:70:86:82:46:74:0a:c0:f7:8a:fd:
                    12:d8:90:bd:29:6a:52:38:18:d4:42:1a:af:25:ba:
                    95:c1:95:25:bc:9e:ec:bc:0a:bb:ec:ba:98:45:5c:
                    9b:24:df:87:ac:e4:37:a6:5e:1f:7e:03:5c:a0:52:
                    e8:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:FC:37:2B:EE:4E:DA:50:87:A0:D0:4E:91:A4:71:88:6E:09:E8:99
            X509v3 Authority Key Identifier:
                keyid:67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/ufw3K-5O2lCHoNBOkaRxiG4J6Jk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.20.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:8a:20:9b:d6:36:98:9a:f8:4d:bc:29:98:3b:90:2c:77:09:
         90:2f:33:4d:18:7a:d9:40:07:16:e0:42:b8:1c:4a:50:1f:30:
         e8:87:71:f1:fb:55:ae:2f:78:af:9d:c2:3a:c2:f6:14:a4:7c:
         ab:56:42:1d:29:08:63:07:39:e3:19:d6:ff:0f:01:3b:0a:fa:
         14:57:f3:3d:84:00:60:66:92:81:b1:2f:ef:38:8e:89:94:58:
         2f:08:e1:a1:57:2c:a5:36:27:d3:80:ae:1a:4e:fe:a5:db:3d:
         de:22:94:94:de:34:99:1a:25:52:51:e4:be:0c:85:56:52:58:
         12:ab:ff:67:b8:25:c3:5d:bd:8e:f5:f2:e7:ab:91:34:3d:f2:
         46:fe:90:e1:1c:8b:28:45:96:52:4e:53:c0:8d:5b:37:91:7b:
         23:8d:5a:dd:72:9d:31:6a:73:c2:18:a9:22:91:b6:f3:f0:eb:
         5f:6a:4d:84:35:fe:ec:23:92:64:2f:74:f6:21:d2:7d:15:30:
         02:98:41:00:c9:c4:a1:59:97:91:81:c9:20:36:cc:5b:7b:9f:
         02:d2:3c:2d:fa:76:d6:57:55:9d:4e:f6:81:ae:95:62:b3:f9:
         5c:e4:ee:32:99:de:9e:f4:c2:f6:89:14:ca:97:3e:6a:6a:70:
         b2:e1:18:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLDDw8nPu96xcuW2KeoMgFGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NDk5NTk1YTY1YWFiMGI1Mzc2OGRlZjA4MDkxZTMxMDYx
ZTllNjUwHhcNMjQxMDI1MDk0MzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWZjMzcyYmVlNGVkYTUwODdhMGQwNGU5MWE0NzE4ODZlMDllODk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2GuZVGIdGZr9DPfaX7pgdy9s/8rb
m/yzEPTi0A5euiGiffxZ67olvGmPXiLcpGDHitby6L8jgW5BEvKZFkX3YGw4LhXy
rqxdeZnkmKNBkuhgRbBq9K5SO/NHPknfAKDuxrv5hDeEwdGAowQ//GlaPhNjcdaZ
dB/5K+dCyjVzktlwg6kAunKwExNYUhJ1LpOoBH6xYq/akYNuApQ3607HCHg3iel9
GpD2OYBXiRkucMWrzijtjBo4+28UZAXAKrC8kjy8aVfaoXCGgkZ0CsD3iv0S2JC9
KWpSOBjUQhqvJbqVwZUlvJ7svAq77LqYRVybJN+HrOQ3pl4ffgNcoFLoIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLn8NyvuTtpQh6DQTpGkcYhuCeiZMB8GA1UdIwQY
MBaAFGdJlZWmWqsLU3aN7wgJHjEGHp5lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTct
MzU1MDgwNDE2NTJkLzEvdWZ3M0stNU8ybENIb05CT2thUnhpRzRKNkprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTctMzU1MDgwNDE2NTJk
LzEvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhRkMA0G
CSqGSIb3DQEBCwUAA4IBAQAdiiCb1jaYmvhNvCmYO5AsdwmQLzNNGHrZQAcW4EK4
HEpQHzDoh3Hx+1WuL3ivncI6wvYUpHyrVkIdKQhjBznjGdb/DwE7CvoUV/M9hABg
ZpKBsS/vOI6JlFgvCOGhVyylNifTgK4aTv6l2z3eIpSU3jSZGiVSUeS+DIVWUlgS
q/9nuCXDXb2O9fLnq5E0PfJG/pDhHIsoRZZSTlPAjVs3kXsjjVrdcp0xanPCGKki
kbbz8Otfak2ENf7sI5JkL3T2IdJ9FTACmEEAycShWZeRgckgNsxbe58C0jwt+nbW
V1WdTvaBrpVis/lc5O4ymd6e9ML2iRTKlz5qanCy4Ris
-----END CERTIFICATE-----