Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/12ac0e-5474-45d5-8def-6a414f184706/1/Uex3x3CWB9WPAXdRNKBIFJzJsn0.roa
File:                     Uex3x3CWB9WPAXdRNKBIFJzJsn0.roa (raw, json)
Hash identifier:          2qFFx/ZZv0i+OiRQdPCciM9T0PW45kAKmFf1AT14lvA=
Subject key identifier:   51:EC:77:C7:70:96:07:D5:8F:01:77:51:34:A0:48:14:9C:C9:B2:7D
Certificate issuer:       /CN=72ca1a5cff52ebe2f22b669dcc2c9027cea0b81c
Certificate serial:       019422FB6579512CB643BA54DFEAFD1D03C8
Authority key identifier: 72:CA:1A:5C:FF:52:EB:E2:F2:2B:66:9D:CC:2C:90:27:CE:A0:B8:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/csoaXP9S6-LyK2adzCyQJ86guBw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/12ac0e-5474-45d5-8def-6a414f184706/1/Uex3x3CWB9WPAXdRNKBIFJzJsn0.roa
Signing time:             Wed 01 Jan 2025 17:48:08 +0000
ROA not before:           Wed 01 Jan 2025 17:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8434
IP address blocks:        45.8.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/12ac0e-5474-45d5-8def-6a414f184706/1/csoaXP9S6-LyK2adzCyQJ86guBw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/12ac0e-5474-45d5-8def-6a414f184706/1/csoaXP9S6-LyK2adzCyQJ86guBw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/csoaXP9S6-LyK2adzCyQJ86guBw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:65:79:51:2c:b6:43:ba:54:df:ea:fd:1d:03:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72ca1a5cff52ebe2f22b669dcc2c9027cea0b81c
        Validity
            Not Before: Jan  1 17:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=51ec77c7709607d58f01775134a048149cc9b27d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:27:c2:50:f7:18:a1:80:d0:4f:98:f2:79:e7:
                    8e:bb:0a:65:38:36:91:32:d0:45:b9:d5:e6:06:c7:
                    51:d6:af:29:fc:74:d6:68:01:66:8f:6f:ce:3a:77:
                    de:ea:f1:d0:11:fc:51:64:5c:15:20:d0:da:59:ba:
                    40:d1:4e:cb:2e:63:79:1f:87:c5:3d:ea:6e:22:29:
                    20:87:d9:5f:ca:93:f5:2f:f7:86:76:83:a0:1d:a9:
                    62:e4:cf:ef:1b:42:e7:55:b7:df:22:f7:b2:21:30:
                    a8:73:37:76:0c:82:43:c4:e5:0f:a1:a5:41:10:07:
                    e2:c7:69:a4:1e:3e:d4:7a:97:bc:77:c9:3a:b4:39:
                    6a:09:51:b3:5c:75:e2:ce:71:c8:d2:42:d4:1c:71:
                    28:f6:9a:8a:26:8d:3e:04:bf:c6:31:fc:da:44:bc:
                    92:1e:2a:de:ab:85:2d:4d:1d:11:56:1e:dd:ed:eb:
                    ed:29:f2:94:9c:22:17:31:ea:e9:a1:f5:7f:3a:7f:
                    0b:c6:b3:8d:73:b3:e8:95:c9:2d:32:fe:a9:a2:bd:
                    34:d4:f2:4a:9d:b2:78:25:4a:fb:97:a7:f2:5c:f9:
                    13:69:d1:39:82:23:c2:c2:99:a7:8b:3b:9f:9a:9c:
                    47:32:e2:a5:b5:5d:6b:a7:b1:f2:07:93:be:e0:27:
                    18:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:EC:77:C7:70:96:07:D5:8F:01:77:51:34:A0:48:14:9C:C9:B2:7D
            X509v3 Authority Key Identifier:
                keyid:72:CA:1A:5C:FF:52:EB:E2:F2:2B:66:9D:CC:2C:90:27:CE:A0:B8:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/csoaXP9S6-LyK2adzCyQJ86guBw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/12ac0e-5474-45d5-8def-6a414f184706/1/Uex3x3CWB9WPAXdRNKBIFJzJsn0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/12ac0e-5474-45d5-8def-6a414f184706/1/csoaXP9S6-LyK2adzCyQJ86guBw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:a6:85:2b:5c:45:b8:31:1e:3e:68:30:25:41:a2:ea:52:d4:
         97:1d:9e:e2:4a:46:9a:db:f7:61:80:1c:91:b8:ec:14:3d:68:
         7c:1d:c9:3a:c6:7b:80:3d:f0:36:86:b7:10:63:be:01:10:5b:
         04:ae:dc:c1:e1:b3:a9:17:4d:d4:80:38:70:62:ea:d0:97:4f:
         3f:2d:e8:06:b8:73:89:fb:34:c7:b6:2c:e9:b3:b2:3e:5b:b9:
         f2:3a:ca:9e:c3:07:1f:c2:f3:10:55:f7:3f:9c:0e:1b:47:25:
         e4:b0:d8:48:38:6c:9c:48:d0:47:a3:b1:72:ee:ec:bc:a7:84:
         47:44:e8:f9:b4:86:43:52:f0:36:8d:a5:d5:08:b6:5a:4f:8c:
         1c:33:54:9e:5e:fb:4a:44:57:f5:ad:bd:91:db:58:81:65:85:
         e2:12:a1:0f:36:52:49:e2:11:e1:21:d3:3f:9f:73:5c:16:06:
         e7:da:3d:9b:5b:bd:f3:94:f6:d4:40:bd:79:0c:be:9d:32:39:
         b6:30:18:49:65:42:27:80:aa:a0:72:71:85:95:dd:bc:25:25:
         28:52:88:22:99:1a:24:14:74:a0:0f:63:7d:24:d7:d0:7a:41:
         db:fa:43:4d:62:d0:92:da:20:a5:07:94:91:95:84:a8:28:2b:
         42:2e:3d:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+2V5USy2Q7pU3+r9HQPIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyY2ExYTVjZmY1MmViZTJmMjJiNjY5ZGNjMmM5MDI3Y2Vh
MGI4MWMwHhcNMjUwMTAxMTc0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWVjNzdjNzcwOTYwN2Q1OGYwMTc3NTEzNGEwNDgxNDljYzliMjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyifCUPcYoYDQT5jyeeeOuwplODaR
MtBFudXmBsdR1q8p/HTWaAFmj2/OOnfe6vHQEfxRZFwVINDaWbpA0U7LLmN5H4fF
PepuIikgh9lfypP1L/eGdoOgHali5M/vG0LnVbffIveyITCoczd2DIJDxOUPoaVB
EAfix2mkHj7Uepe8d8k6tDlqCVGzXHXiznHI0kLUHHEo9pqKJo0+BL/GMfzaRLyS
Hireq4UtTR0RVh7d7evtKfKUnCIXMerpofV/On8LxrONc7PolcktMv6por001PJK
nbJ4JUr7l6fyXPkTadE5giPCwpmnizufmpxHMuKltV1rp7HyB5O+4CcYowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFHsd8dwlgfVjwF3UTSgSBScybJ9MB8GA1UdIwQY
MBaAFHLKGlz/Uuvi8itmncwskCfOoLgcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3NvYVhQOVM2LUx5SzJhZHpDeVFKODZndUJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC8xMmFjMGUtNTQ3NC00NWQ1LThkZWYt
NmE0MTRmMTg0NzA2LzEvVWV4M3gzQ1dCOVdQQVhkUk5LQklGSnpKc24wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC8xMmFjMGUtNTQ3NC00NWQ1LThkZWYtNmE0MTRmMTg0NzA2
LzEvY3NvYVhQOVM2LUx5SzJhZHpDeVFKODZndUJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQgJMA0G
CSqGSIb3DQEBCwUAA4IBAQCYpoUrXEW4MR4+aDAlQaLqUtSXHZ7iSkaa2/dhgByR
uOwUPWh8Hck6xnuAPfA2hrcQY74BEFsErtzB4bOpF03UgDhwYurQl08/LegGuHOJ
+zTHtizps7I+W7nyOsqewwcfwvMQVfc/nA4bRyXksNhIOGycSNBHo7Fy7uy8p4RH
ROj5tIZDUvA2jaXVCLZaT4wcM1SeXvtKRFf1rb2R21iBZYXiEqEPNlJJ4hHhIdM/
n3NcFgbn2j2bW73zlPbUQL15DL6dMjm2MBhJZUIngKqgcnGFld28JSUoUogimRok
FHSgD2N9JNfQekHb+kNNYtCS2iClB5SRlYSoKCtCLj1g
-----END CERTIFICATE-----