Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/UPwXH4vazEt6iiTVmgUMMqYrJso.roa
File:                     UPwXH4vazEt6iiTVmgUMMqYrJso.roa (raw, json)
Hash identifier:          52L1FtGMBgsuRPVyE6V0WBR4fy0yyi1z0u7D4leyw4Q=
Subject key identifier:   50:FC:17:1F:8B:DA:CC:4B:7A:8A:24:D5:9A:05:0C:32:A6:2B:26:CA
Certificate issuer:       /CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
Certificate serial:       018CC94E34F1E52010113F63F1DC561C4918
Authority key identifier: A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/UPwXH4vazEt6iiTVmgUMMqYrJso.roa
Signing time:             Tue 02 Jan 2024 08:33:14 +0000
ROA not before:           Tue 02 Jan 2024 08:33:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42117
IP address blocks:        159.20.8.0/21 maxlen: 21
                          95.175.160.0/19 maxlen: 19
                          77.233.96.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:34:f1:e5:20:10:11:3f:63:f1:dc:56:1c:49:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
        Validity
            Not Before: Jan  2 08:33:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=50fc171f8bdacc4b7a8a24d59a050c32a62b26ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:1c:8e:c0:bd:c7:12:f9:2d:71:86:f2:39:df:
                    45:72:da:25:c8:8d:1c:fd:27:85:4e:24:83:9c:41:
                    30:95:ad:23:dd:ac:10:f8:56:92:23:56:00:fa:4c:
                    67:70:b1:59:dd:b6:b8:92:ab:e4:bc:82:60:26:dc:
                    7e:9b:91:d8:59:76:d5:f8:1e:cd:c8:57:30:de:b6:
                    6b:bb:d6:91:60:52:48:03:ea:df:6c:1c:f0:33:76:
                    2d:6d:c1:7b:5e:89:e0:a1:52:d6:29:32:99:9a:b2:
                    92:07:ad:25:2c:66:81:1b:32:9e:84:ff:df:27:36:
                    32:03:9a:fa:27:5d:85:15:42:f2:f8:f3:71:ff:9f:
                    05:43:06:f0:92:10:82:0a:34:5f:6a:f9:97:e1:7d:
                    16:d8:5a:ac:49:f0:4d:c5:ac:1d:ba:4b:54:d4:33:
                    ef:8f:02:4a:1a:e4:23:9e:12:5e:1b:81:fa:37:e3:
                    8a:1a:e2:dd:ae:0c:04:6b:09:01:e5:91:ce:44:02:
                    b2:df:7a:1c:55:cc:3e:4a:94:27:b5:8f:53:19:6f:
                    a0:5d:dc:d8:18:18:ad:09:6b:05:08:bf:09:a0:26:
                    1b:c8:fa:61:9f:aa:11:ef:84:7b:4f:fe:58:60:94:
                    cf:47:a5:8b:8a:0a:a1:7c:98:87:72:49:61:f1:a5:
                    72:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:FC:17:1F:8B:DA:CC:4B:7A:8A:24:D5:9A:05:0C:32:A6:2B:26:CA
            X509v3 Authority Key Identifier:
                keyid:A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/UPwXH4vazEt6iiTVmgUMMqYrJso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.233.96.0/19
                  95.175.160.0/19
                  159.20.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         04:78:a6:c8:ce:af:28:d3:03:2f:4e:3c:ef:18:dc:c0:4a:e9:
         cb:fc:17:7a:97:67:d2:5d:02:56:c9:ab:04:d0:b0:1d:1a:00:
         72:c2:9b:4a:d7:c9:bd:60:73:1e:4b:09:f5:1d:52:3c:4a:2a:
         4d:e5:3f:c5:51:cc:21:05:cd:cb:bf:d0:c3:91:0a:2e:e5:ac:
         2e:17:56:ee:e9:44:9f:fa:ea:6e:ec:69:da:05:19:94:df:97:
         52:7b:5d:61:ae:cb:66:fe:cb:b0:6b:a4:8c:c9:90:6e:fb:c6:
         b4:4e:8e:cc:4e:d8:0a:69:04:31:99:de:06:a0:b6:94:fb:55:
         45:93:41:f0:77:e3:4e:51:4b:cd:8a:46:04:5c:c4:84:72:d3:
         e5:3c:47:69:98:9b:92:3a:c5:a3:f0:d8:d1:0d:c8:7d:f5:e1:
         da:d0:53:c1:f8:4f:37:c7:3a:fa:0d:28:03:7a:08:97:5a:12:
         a8:b9:5b:9f:a0:a3:64:be:48:fa:d2:ea:de:3c:9b:ec:d6:e1:
         b1:85:de:6c:39:12:df:b7:5c:61:56:6d:d4:41:44:72:0e:6b:
         80:28:c9:62:7e:b7:96:9f:2f:70:b1:fb:33:89:b8:81:16:85:
         23:a5:63:67:5a:f3:7b:51:37:0f:8f:c6:e1:b3:9e:cb:cc:26:
         14:2c:c0:ad
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJTjTx5SAQET9j8dxWHEkYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZWY1ZmJiZmNhN2E5M2NmZWU5NjVlZWI2YmRlZTZmYjQz
YzQwM2UwHhcNMjQwMTAyMDgzMzE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGZjMTcxZjhiZGFjYzRiN2E4YTI0ZDU5YTA1MGMzMmE2MmIyNmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhhyOwL3HEvktcYbyOd9FctolyI0c
/SeFTiSDnEEwla0j3awQ+FaSI1YA+kxncLFZ3ba4kqvkvIJgJtx+m5HYWXbV+B7N
yFcw3rZru9aRYFJIA+rfbBzwM3YtbcF7XongoVLWKTKZmrKSB60lLGaBGzKehP/f
JzYyA5r6J12FFULy+PNx/58FQwbwkhCCCjRfavmX4X0W2FqsSfBNxawduktU1DPv
jwJKGuQjnhJeG4H6N+OKGuLdrgwEawkB5ZHORAKy33ocVcw+SpQntY9TGW+gXdzY
GBitCWsFCL8JoCYbyPphn6oR74R7T/5YYJTPR6WLigqhfJiHcklh8aVyJwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFD8Fx+L2sxLeook1ZoFDDKmKybKMB8GA1UdIwQY
MBaAFKDvX7v8p6k8/ull7ra97m+0PEA+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2Mt
MDI5MmIwMjAxNTBhLzEvVVB3WEg0dmF6RXQ2aWlUVm1nVU1NcVlySnNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2MtMDI5MmIwMjAxNTBh
LzEvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQFTelgAwQF
X6+gAwQDnxQIMA0GCSqGSIb3DQEBCwUAA4IBAQAEeKbIzq8o0wMvTjzvGNzASunL
/Bd6l2fSXQJWyasE0LAdGgBywptK18m9YHMeSwn1HVI8SipN5T/FUcwhBc3Lv9DD
kQou5awuF1bu6USf+upu7GnaBRmU35dSe11hrstm/suwa6SMyZBu+8a0To7MTtgK
aQQxmd4GoLaU+1VFk0Hwd+NOUUvNikYEXMSEctPlPEdpmJuSOsWj8NjRDch99eHa
0FPB+E83xzr6DSgDegiXWhKouVufoKNkvkj60urePJvs1uGxhd5sORLft1xhVm3U
QURyDmuAKMlifreWny9wsfszibiBFoUjpWNnWvN7UTcPj8bhs57LzCYULMCt
-----END CERTIFICATE-----