Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/YUBDFPdXXpAU3mdNFtZ7CQcrpjc.roa
File:                     YUBDFPdXXpAU3mdNFtZ7CQcrpjc.roa (raw, json)
Hash identifier:          +CkRHY+01TCKIekjQoVtsYPNLBLBhT/zGgdfFhtN1Gg=
Subject key identifier:   61:40:43:14:F7:57:5E:90:14:DE:67:4D:16:D6:7B:09:07:2B:A6:37
Certificate issuer:       /CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
Certificate serial:       018F997C343E244B1955CC84F84C8190C4C4
Authority key identifier: 8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/YUBDFPdXXpAU3mdNFtZ7CQcrpjc.roa
Signing time:             Tue 21 May 2024 04:50:04 +0000
ROA not before:           Tue 21 May 2024 04:50:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210636
IP address blocks:        45.88.184.0/24 maxlen: 24
                          45.88.185.0/24 maxlen: 24
                          45.93.150.0/24 maxlen: 24
                          45.93.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:99:7c:34:3e:24:4b:19:55:cc:84:f8:4c:81:90:c4:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
        Validity
            Not Before: May 21 04:50:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=61404314f7575e9014de674d16d67b09072ba637
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:df:42:2c:f1:88:ab:6c:d5:82:dc:0f:ed:b1:
                    d2:f7:e5:03:36:16:9f:9c:57:35:b6:ee:5d:fa:1c:
                    28:fe:27:10:7e:5e:73:3c:4d:07:77:8e:ec:bd:67:
                    7f:08:84:b9:9d:2b:47:3b:e1:01:d0:83:52:44:6b:
                    e2:72:6d:db:32:7e:33:05:33:a2:91:88:05:c7:82:
                    eb:50:88:50:c7:30:07:92:6f:b8:a4:06:49:92:9d:
                    6d:ea:6e:0e:9d:24:bc:80:23:f5:e8:88:04:e8:6d:
                    26:2c:a9:aa:08:9f:fa:b7:df:aa:06:66:85:b2:2e:
                    89:94:c3:63:32:a1:29:ef:b6:28:ae:ea:5b:45:2d:
                    ac:ea:96:84:b9:25:82:cd:a6:78:8a:8e:84:5b:b5:
                    5f:23:21:84:4f:53:e6:7e:18:0a:08:1e:25:54:7a:
                    19:80:03:77:f0:25:44:f3:cd:ba:6e:17:99:0a:bf:
                    9d:b4:67:60:b4:58:25:78:73:2a:e1:b0:4d:d5:6d:
                    5d:23:34:b0:45:9f:6f:fc:e3:ca:62:1f:05:55:7f:
                    1b:23:ca:f4:a5:69:e6:b4:7c:90:47:b4:7f:69:de:
                    ce:32:e3:5f:19:4e:08:6f:e8:6d:3e:b0:71:a4:87:
                    6c:42:7d:9a:84:0a:65:b9:9b:a9:7f:67:0a:66:f8:
                    af:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:40:43:14:F7:57:5E:90:14:DE:67:4D:16:D6:7B:09:07:2B:A6:37
            X509v3 Authority Key Identifier:
                keyid:8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/YUBDFPdXXpAU3mdNFtZ7CQcrpjc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.184.0/23
                  45.93.150.0/23

    Signature Algorithm: sha256WithRSAEncryption
         43:46:f0:be:2c:ec:f0:57:9f:de:a0:4c:3c:b0:37:3e:77:89:
         6b:ec:16:98:ab:6a:c8:42:c8:19:98:ff:f7:f2:b6:3d:40:6d:
         69:be:73:04:44:1f:a6:ba:3a:19:cc:d3:8f:a2:8f:da:37:8d:
         0f:c9:e5:8b:a2:2d:45:32:8b:6f:0d:c7:bc:26:93:bd:d2:27:
         23:ca:2c:1a:aa:dd:1b:53:1c:31:60:13:3e:f3:b0:2a:68:fa:
         94:04:d1:69:7a:c1:af:b4:75:95:dc:18:e4:66:76:b4:7e:1c:
         d7:20:eb:98:ea:7f:2a:89:59:72:57:fc:9a:02:73:b6:26:d1:
         94:a4:d4:98:e7:b4:04:12:92:3e:ea:cc:f5:08:8b:3f:fc:10:
         34:4f:d5:05:b4:13:9c:f8:05:9e:d4:44:dd:65:82:d4:bf:f5:
         a0:85:d2:cc:de:75:74:40:c6:37:28:4b:84:99:9e:3c:4d:55:
         f2:03:8a:8d:7a:1e:7a:a4:ea:53:f0:87:f4:1f:32:10:65:3c:
         ab:a6:a2:5c:ce:a8:20:e6:cd:6b:a8:8d:45:60:a0:68:65:29:
         61:10:6d:de:d4:fc:07:fd:85:3f:9b:90:2a:51:51:f5:d2:75:
         f0:33:44:34:86:4a:0a:20:8b:33:3b:18:ea:7b:30:c8:2b:0c:
         07:bf:71:6f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY+ZfDQ+JEsZVcyE+EyBkMTEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMWMxMTY1OGQyMDQxZWFmMjUwMmZlNTQwOGVkNDkzYmJk
NGYzMTgwHhcNMjQwNTIxMDQ1MDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTQwNDMxNGY3NTc1ZTkwMTRkZTY3NGQxNmQ2N2IwOTA3MmJhNjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyd9CLPGIq2zVgtwP7bHS9+UDNhaf
nFc1tu5d+hwo/icQfl5zPE0Hd47svWd/CIS5nStHO+EB0INSRGvicm3bMn4zBTOi
kYgFx4LrUIhQxzAHkm+4pAZJkp1t6m4OnSS8gCP16IgE6G0mLKmqCJ/6t9+qBmaF
si6JlMNjMqEp77YorupbRS2s6paEuSWCzaZ4io6EW7VfIyGET1PmfhgKCB4lVHoZ
gAN38CVE8826bheZCr+dtGdgtFgleHMq4bBN1W1dIzSwRZ9v/OPKYh8FVX8bI8r0
pWnmtHyQR7R/ad7OMuNfGU4Ib+htPrBxpIdsQn2ahApluZupf2cKZviv6QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGFAQxT3V16QFN5nTRbWewkHK6Y3MB8GA1UdIwQY
MBaAFI4cEWWNIEHq8lAv5UCO1JO71PMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjIt
NjMzNDhjZGJmMDI0LzEvWVVCREZQZFhYcEFVM21kTkZ0WjdDUWNycGpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjItNjMzNDhjZGJmMDI0
LzEvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLVi4AwQB
LV2WMA0GCSqGSIb3DQEBCwUAA4IBAQBDRvC+LOzwV5/eoEw8sDc+d4lr7BaYq2rI
QsgZmP/38rY9QG1pvnMERB+mujoZzNOPoo/aN40PyeWLoi1FMotvDce8JpO90icj
yiwaqt0bUxwxYBM+87AqaPqUBNFpesGvtHWV3BjkZna0fhzXIOuY6n8qiVlyV/ya
AnO2JtGUpNSY57QEEpI+6sz1CIs//BA0T9UFtBOc+AWe1ETdZYLUv/WghdLM3nV0
QMY3KEuEmZ48TVXyA4qNeh56pOpT8If0HzIQZTyrpqJczqgg5s1rqI1FYKBoZSlh
EG3e1PwH/YU/m5AqUVH10nXwM0Q0hkoKIIszOxjqezDIKwwHv3Fv
-----END CERTIFICATE-----