Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/ebd49f-f569-4152-b0b8-5e53c23b55b0/1/UGWZytFXBSTiJgNKNCCarirukKc.roa
File:                     UGWZytFXBSTiJgNKNCCarirukKc.roa (raw, json)
Hash identifier:          3ZLhMwlpW668mhfvkUGZf0jI6WrEGECOTuhia2dkomI=
Subject key identifier:   50:65:99:CA:D1:57:05:24:E2:26:03:4A:34:20:9A:AE:2A:EE:90:A7
Certificate issuer:       /CN=ecf42776be532bd0575332855d8c42c4952ed931
Certificate serial:       018CC3B7436A0530EE6696E9CAD2D42A5B67
Authority key identifier: EC:F4:27:76:BE:53:2B:D0:57:53:32:85:5D:8C:42:C4:95:2E:D9:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7PQndr5TK9BXUzKFXYxCxJUu2TE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/ebd49f-f569-4152-b0b8-5e53c23b55b0/1/UGWZytFXBSTiJgNKNCCarirukKc.roa
Signing time:             Mon 01 Jan 2024 06:30:16 +0000
ROA not before:           Mon 01 Jan 2024 06:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        146.109.0.0/16 maxlen: 24
                          185.210.32.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/ebd49f-f569-4152-b0b8-5e53c23b55b0/1/7PQndr5TK9BXUzKFXYxCxJUu2TE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/ebd49f-f569-4152-b0b8-5e53c23b55b0/1/7PQndr5TK9BXUzKFXYxCxJUu2TE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7PQndr5TK9BXUzKFXYxCxJUu2TE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:43:6a:05:30:ee:66:96:e9:ca:d2:d4:2a:5b:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ecf42776be532bd0575332855d8c42c4952ed931
        Validity
            Not Before: Jan  1 06:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=506599cad1570524e226034a34209aae2aee90a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:c1:37:67:3b:fc:14:de:b2:75:7f:be:36:3d:
                    01:ed:56:fd:22:4e:75:17:59:35:6c:77:be:19:4e:
                    ae:8d:0d:43:0f:73:8e:38:2f:42:1d:90:d6:7a:3e:
                    94:8a:1e:a3:27:81:82:51:03:45:1f:ef:d5:8a:b1:
                    0d:fa:51:93:51:f2:ab:cb:6e:c8:0e:18:66:08:d8:
                    71:f0:32:64:ab:74:2b:33:28:bc:0b:10:50:26:e4:
                    67:14:c1:05:d0:18:f5:0c:de:5b:80:93:bf:85:5d:
                    82:c3:81:3d:6c:a6:df:8f:7d:59:20:30:39:8a:3e:
                    ac:6c:30:be:d3:5c:e7:07:f9:db:29:cd:0c:7a:f1:
                    4d:69:bf:76:30:2a:79:a2:f4:3c:0b:fe:c9:ad:9d:
                    b5:75:5e:94:2c:3a:03:64:82:0d:ca:b4:25:6d:93:
                    be:ae:11:e2:82:51:a9:e0:80:f8:14:ed:23:3e:c5:
                    3f:19:18:4c:88:98:83:8b:a3:ca:e0:4b:52:03:90:
                    13:27:c3:83:4c:2e:22:f4:f2:66:72:50:35:e0:0e:
                    f1:ae:6f:20:29:88:81:3b:61:a8:97:85:1f:14:cf:
                    42:ec:a8:af:49:d9:ae:6c:66:ea:b4:ba:de:3b:75:
                    60:d3:c3:6c:70:5e:97:66:ba:3e:5b:51:d5:f6:bc:
                    0c:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:65:99:CA:D1:57:05:24:E2:26:03:4A:34:20:9A:AE:2A:EE:90:A7
            X509v3 Authority Key Identifier:
                keyid:EC:F4:27:76:BE:53:2B:D0:57:53:32:85:5D:8C:42:C4:95:2E:D9:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7PQndr5TK9BXUzKFXYxCxJUu2TE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/ebd49f-f569-4152-b0b8-5e53c23b55b0/1/UGWZytFXBSTiJgNKNCCarirukKc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/ebd49f-f569-4152-b0b8-5e53c23b55b0/1/7PQndr5TK9BXUzKFXYxCxJUu2TE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.109.0.0/16
                  185.210.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7e:7c:49:71:a8:81:b5:a6:68:43:6c:8b:7b:bd:24:ba:36:c4:
         5a:5a:3d:15:ce:aa:a5:d3:db:60:93:3f:9e:a0:20:7d:07:38:
         05:86:63:18:c9:f5:4f:99:e1:08:a6:fd:6e:7f:8d:29:b7:ea:
         84:12:e2:03:9c:56:95:38:77:d0:d9:1b:18:78:94:a8:a4:b4:
         9e:70:00:2b:27:dd:11:b3:6d:7e:d5:f6:97:09:07:fb:2a:2b:
         cb:65:53:5c:db:15:02:42:e8:69:98:60:b4:55:3c:ec:fe:fa:
         82:aa:04:8f:1a:d9:36:fe:ec:d7:0f:b3:09:e3:ba:c1:f3:80:
         fc:8b:21:e2:12:40:3e:c7:98:47:94:a1:4a:60:66:14:64:7f:
         90:be:5b:8f:05:62:ac:eb:e2:4b:01:c7:ed:98:a6:25:93:f2:
         c0:f8:c0:a2:de:ef:47:ee:96:8e:8b:a0:1b:4c:63:d5:d9:30:
         2f:bd:d3:6d:de:55:84:6e:8a:a0:35:c9:d4:3e:ed:35:05:58:
         58:a3:de:fa:ea:d2:c2:4d:45:27:cf:5b:13:d2:0e:cd:db:d8:
         13:26:ed:3b:76:d3:ec:72:72:8d:25:76:4b:8e:0b:58:f7:6c:
         ee:ed:c0:5f:f2:7d:aa:30:84:7f:33:bf:49:26:fa:7a:3c:34:
         8a:36:5e:bf
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAYzDt0NqBTDuZpbpytLUKltnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjZjQyNzc2YmU1MzJiZDA1NzUzMzI4NTVkOGM0MmM0OTUy
ZWQ5MzEwHhcNMjQwMTAxMDYzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDY1OTljYWQxNTcwNTI0ZTIyNjAzNGEzNDIwOWFhZTJhZWU5MGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA58E3Zzv8FN6ydX++Nj0B7Vb9Ik51
F1k1bHe+GU6ujQ1DD3OOOC9CHZDWej6Uih6jJ4GCUQNFH+/VirEN+lGTUfKry27I
DhhmCNhx8DJkq3QrMyi8CxBQJuRnFMEF0Bj1DN5bgJO/hV2Cw4E9bKbfj31ZIDA5
ij6sbDC+01znB/nbKc0MevFNab92MCp5ovQ8C/7JrZ21dV6ULDoDZIINyrQlbZO+
rhHiglGp4ID4FO0jPsU/GRhMiJiDi6PK4EtSA5ATJ8ODTC4i9PJmclA14A7xrm8g
KYiBO2Gol4UfFM9C7KivSdmubGbqtLreO3Vg08NscF6XZro+W1HV9rwMIQIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFFBlmcrRVwUk4iYDSjQgmq4q7pCnMB8GA1UdIwQY
MBaAFOz0J3a+UyvQV1MyhV2MQsSVLtkxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1BRbmRyNVRLOUJYVXpLRlhZeEN4SlV1MlRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9lYmQ0OWYtZjU2OS00MTUyLWIwYjgt
NWU1M2MyM2I1NWIwLzEvVUdXWnl0RlhCU1RpSmdOS05DQ2FyaXJ1a0tjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni9lYmQ0OWYtZjU2OS00MTUyLWIwYjgtNWU1M2MyM2I1NWIw
LzEvN1BRbmRyNVRLOUJYVXpLRlhZeEN4SlV1MlRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAATALAwMAkm0DBAK5
0iAwDQYJKoZIhvcNAQELBQADggEBAH58SXGogbWmaENsi3u9JLo2xFpaPRXOqqXT
22CTP56gIH0HOAWGYxjJ9U+Z4Qim/W5/jSm36oQS4gOcVpU4d9DZGxh4lKiktJ5w
ACsn3RGzbX7V9pcJB/sqK8tlU1zbFQJC6GmYYLRVPOz++oKqBI8a2Tb+7NcPswnj
usHzgPyLIeISQD7HmEeUoUpgZhRkf5C+W48FYqzr4ksBx+2YpiWT8sD4wKLe70fu
lo6LoBtMY9XZMC+9023eVYRuiqA1ydQ+7TUFWFij3vrq0sJNRSfPWxPSDs3b2BMm
7Tt20+xyco0ldkuOC1j3bO7twF/yfaowhH8zv0km+no8NIo2Xr8=
-----END CERTIFICATE-----