Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/RUCZCCJ6SA2kVf11N_rIhN-E82w.roa
File:                     RUCZCCJ6SA2kVf11N_rIhN-E82w.roa (raw, json)
Hash identifier:          ZlDIyq9sS+xRGEdQhcQoz/ChPf3UE5OoHMGzaAgnlVk=
Subject key identifier:   45:40:99:08:22:7A:48:0D:A4:55:FD:75:37:FA:C8:84:DF:84:F3:6C
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       018E976E332E843D032FA83309B93A29207C
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/RUCZCCJ6SA2kVf11N_rIhN-E82w.roa
Signing time:             Mon 01 Apr 2024 02:12:45 +0000
ROA not before:           Mon 01 Apr 2024 02:12:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     142019
IP address blocks:        46.249.104.0/24 maxlen: 24
                          46.249.105.0/24 maxlen: 24
                          46.249.106.0/24 maxlen: 24
                          46.249.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:97:6e:33:2e:84:3d:03:2f:a8:33:09:b9:3a:29:20:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Apr  1 02:12:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45409908227a480da455fd7537fac884df84f36c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:af:07:16:9a:8c:83:e1:eb:f4:87:b4:25:40:
                    6f:40:fb:68:6e:03:70:16:bf:08:49:ff:ac:01:36:
                    09:c9:f7:d8:1e:c3:3a:c7:51:ab:2a:d0:ca:37:4d:
                    99:86:8c:2e:27:3d:49:ac:96:c6:a1:cd:a9:15:8f:
                    d2:9b:75:ad:45:04:db:f7:8d:db:b7:2a:50:8f:f6:
                    ba:f6:3f:e7:65:30:fd:82:26:df:d8:b5:2a:4d:da:
                    44:2c:53:fa:cb:20:69:24:8e:e0:37:42:ba:a4:6f:
                    bb:f6:f9:ee:65:77:fd:97:62:db:a9:06:3e:ba:2f:
                    f9:19:48:72:be:57:30:dd:94:e6:11:c3:ac:cf:35:
                    21:9e:09:78:25:da:8c:34:bf:de:6e:aa:49:61:f7:
                    64:dd:e5:7f:f0:e9:7d:97:b3:f2:90:a7:dd:49:0b:
                    4c:0d:2d:ae:c6:ea:3f:bd:58:f2:a4:bb:3e:f7:62:
                    5a:6a:1d:ba:e4:11:d1:47:80:83:de:05:9c:92:3a:
                    55:90:9f:7e:b8:c6:46:0b:cc:29:32:e9:91:9c:ea:
                    ec:22:76:6d:e6:9b:44:74:7d:e1:12:0a:64:6a:e7:
                    f7:e1:6f:53:52:77:83:b8:20:5b:77:8d:92:1f:3e:
                    f7:35:03:2a:82:93:20:82:02:58:e1:5f:5e:10:26:
                    db:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:40:99:08:22:7A:48:0D:A4:55:FD:75:37:FA:C8:84:DF:84:F3:6C
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/RUCZCCJ6SA2kVf11N_rIhN-E82w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.249.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         be:47:71:c0:a9:e9:14:98:66:8e:8a:26:62:2c:ea:52:a6:7e:
         1c:c8:a2:50:40:7a:64:3f:d5:29:87:27:62:cb:c1:5e:f8:59:
         e6:15:eb:0a:e1:b3:70:38:65:32:e1:e9:de:63:3b:64:cd:dc:
         d8:f2:39:47:21:83:5c:aa:d1:cd:82:1e:da:4b:4c:6c:b1:fd:
         5c:6c:c9:73:8c:1b:e5:9e:b5:6a:1f:00:b7:ed:18:e0:9b:a7:
         f2:eb:5c:09:01:4b:64:2c:c8:0c:7b:b8:65:77:40:26:28:f3:
         db:17:f8:b1:29:e0:4a:2d:7f:7b:b0:d2:d1:5d:76:06:d4:d0:
         3a:64:2a:1a:76:2f:f4:51:d4:d3:cd:1b:c7:8c:51:80:bf:09:
         54:12:34:26:94:1f:d7:1d:e1:5b:06:2a:4e:17:7c:10:b8:c4:
         6c:a5:65:35:d0:81:9c:1e:6b:80:81:e4:86:5b:35:10:ab:fa:
         56:d0:93:7b:d3:bf:d0:f0:e4:a9:b5:c7:2e:6a:b3:ec:65:6f:
         d6:0c:6a:d0:79:ac:23:da:1a:1c:2e:de:4f:e7:cd:90:56:24:
         06:19:c4:b8:70:79:47:4e:de:13:94:69:e5:32:67:a0:20:d5:
         c4:4d:1a:7d:28:d9:45:f2:39:3f:c7:01:f7:80:27:24:0b:ba:
         56:3b:0e:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6XbjMuhD0DL6gzCbk6KSB8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQwNDAxMDIxMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTQwOTkwODIyN2E0ODBkYTQ1NWZkNzUzN2ZhYzg4NGRmODRmMzZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlq8HFpqMg+Hr9Ie0JUBvQPtobgNw
Fr8ISf+sATYJyffYHsM6x1GrKtDKN02ZhowuJz1JrJbGoc2pFY/Sm3WtRQTb943b
typQj/a69j/nZTD9gibf2LUqTdpELFP6yyBpJI7gN0K6pG+79vnuZXf9l2LbqQY+
ui/5GUhyvlcw3ZTmEcOszzUhngl4JdqMNL/ebqpJYfdk3eV/8Ol9l7PykKfdSQtM
DS2uxuo/vVjypLs+92Jaah265BHRR4CD3gWckjpVkJ9+uMZGC8wpMumRnOrsInZt
5ptEdH3hEgpkauf34W9TUneDuCBbd42SHz73NQMqgpMgggJY4V9eECbbxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEVAmQgiekgNpFX9dTf6yITfhPNsMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvUlVDWkNDSjZTQTJrVmYxMU5fckloTi1FODJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLvloMA0G
CSqGSIb3DQEBCwUAA4IBAQC+R3HAqekUmGaOiiZiLOpSpn4cyKJQQHpkP9Uphydi
y8Fe+FnmFesK4bNwOGUy4eneYztkzdzY8jlHIYNcqtHNgh7aS0xssf1cbMlzjBvl
nrVqHwC37Rjgm6fy61wJAUtkLMgMe7hld0AmKPPbF/ixKeBKLX97sNLRXXYG1NA6
ZCoadi/0UdTTzRvHjFGAvwlUEjQmlB/XHeFbBipOF3wQuMRspWU10IGcHmuAgeSG
WzUQq/pW0JN707/Q8OSptccuarPsZW/WDGrQeawj2hocLt5P582QViQGGcS4cHlH
Tt4TlGnlMmegINXETRp9KNlF8jk/xwH3gCckC7pWOw6L
-----END CERTIFICATE-----