Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/12ac0e-5474-45d5-8def-6a414f184706/1/uEwm_GeIZvsK8Ws7rzc-EgwbhkU.roa
File:                     uEwm_GeIZvsK8Ws7rzc-EgwbhkU.roa (raw, json)
Hash identifier:          KaLv8AiZYRIpG6i+GDYbH6VWAhx7ari73CwywUqCjr0=
Subject key identifier:   B8:4C:26:FC:67:88:66:FB:0A:F1:6B:3B:AF:37:3E:12:0C:1B:86:45
Certificate issuer:       /CN=72ca1a5cff52ebe2f22b669dcc2c9027cea0b81c
Certificate serial:       018CCA2997C41850896EE01C4936A8FB63A9
Authority key identifier: 72:CA:1A:5C:FF:52:EB:E2:F2:2B:66:9D:CC:2C:90:27:CE:A0:B8:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/csoaXP9S6-LyK2adzCyQJ86guBw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/12ac0e-5474-45d5-8def-6a414f184706/1/uEwm_GeIZvsK8Ws7rzc-EgwbhkU.roa
Signing time:             Tue 02 Jan 2024 12:32:52 +0000
ROA not before:           Tue 02 Jan 2024 12:32:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2119
IP address blocks:        45.8.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/12ac0e-5474-45d5-8def-6a414f184706/1/csoaXP9S6-LyK2adzCyQJ86guBw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/12ac0e-5474-45d5-8def-6a414f184706/1/csoaXP9S6-LyK2adzCyQJ86guBw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/csoaXP9S6-LyK2adzCyQJ86guBw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:97:c4:18:50:89:6e:e0:1c:49:36:a8:fb:63:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72ca1a5cff52ebe2f22b669dcc2c9027cea0b81c
        Validity
            Not Before: Jan  2 12:32:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b84c26fc678866fb0af16b3baf373e120c1b8645
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:7b:4a:43:fb:e0:cb:1a:d7:8f:56:1f:e9:8a:
                    e8:74:7b:68:75:2f:49:48:e4:9a:19:1f:f0:53:29:
                    25:c7:da:48:5d:9a:13:5f:39:88:22:dc:6a:1d:62:
                    7c:a0:66:3d:85:70:3b:63:c7:38:63:af:e8:68:4a:
                    fb:f7:60:41:4c:b6:98:52:4d:91:63:35:c6:fc:57:
                    ae:8f:3c:6c:d0:7c:a5:e2:c6:49:3e:50:1b:48:e3:
                    13:91:1f:08:6f:b2:40:a9:52:94:c4:34:40:41:18:
                    07:9f:e8:0d:16:e3:2a:ae:f3:00:14:17:14:92:9d:
                    ab:c2:c1:6a:7f:52:78:34:8d:1a:5b:1e:8b:f0:66:
                    5f:dd:7b:ca:72:92:ae:70:ea:e3:9b:9d:cd:f5:bf:
                    0c:13:db:2f:25:d6:9f:b0:ea:60:62:87:ae:34:04:
                    9d:93:85:ef:2d:e6:2f:51:3f:a0:94:ec:1c:e1:f0:
                    33:97:43:16:af:b9:0d:a1:18:3c:67:87:76:12:0f:
                    26:32:89:2e:24:bf:f1:e1:f9:83:12:b9:b1:ae:60:
                    5b:da:03:82:e3:4a:cc:da:38:39:a1:8d:c6:91:88:
                    3b:74:af:54:46:1c:9c:4b:30:6d:b6:f5:dd:a3:77:
                    48:53:6e:89:f0:21:38:86:68:65:62:8a:88:41:4f:
                    75:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:4C:26:FC:67:88:66:FB:0A:F1:6B:3B:AF:37:3E:12:0C:1B:86:45
            X509v3 Authority Key Identifier:
                keyid:72:CA:1A:5C:FF:52:EB:E2:F2:2B:66:9D:CC:2C:90:27:CE:A0:B8:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/csoaXP9S6-LyK2adzCyQJ86guBw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/12ac0e-5474-45d5-8def-6a414f184706/1/uEwm_GeIZvsK8Ws7rzc-EgwbhkU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/12ac0e-5474-45d5-8def-6a414f184706/1/csoaXP9S6-LyK2adzCyQJ86guBw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:e6:d3:8e:42:ff:25:8c:85:11:46:10:65:d4:e6:54:ac:c8:
         b9:55:22:e2:60:d3:2f:83:ba:74:9e:10:51:e8:4f:f8:8f:2a:
         ab:54:1a:09:ff:1e:0d:b0:f8:b9:ae:86:12:a5:65:cb:5c:a5:
         df:a0:04:c8:67:8c:ab:45:ad:28:56:24:ff:58:a7:01:5f:68:
         93:b7:81:12:dc:90:1f:d7:a7:f7:f9:ca:d2:83:43:75:ee:a3:
         04:e1:50:ab:44:b3:21:ee:53:09:6c:84:b3:39:c8:05:de:03:
         9d:63:c3:4d:ff:ba:96:e4:b8:59:65:2a:48:bf:11:85:f6:24:
         82:6e:1e:57:24:99:2e:12:d7:7f:95:e6:35:06:ba:27:2e:d8:
         2d:2e:7a:9d:48:6e:5a:be:e3:9c:b2:ac:96:cd:f3:4d:dc:78:
         f4:30:a5:5d:97:99:3e:4c:62:e1:47:6a:88:09:00:33:5f:ab:
         5c:85:cc:cc:95:da:d9:03:03:37:eb:10:82:ac:6e:67:e0:b0:
         6f:07:07:a8:ab:6c:dc:e7:10:bb:9f:00:cb:93:12:ac:9d:a8:
         04:45:64:22:19:2f:bb:4e:39:0a:24:e8:af:66:78:f0:69:b6:
         bf:b2:92:67:ee:0b:0e:2a:a0:4b:15:11:e1:b4:23:2b:69:6c:
         f5:d1:0a:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKZfEGFCJbuAcSTao+2OpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyY2ExYTVjZmY1MmViZTJmMjJiNjY5ZGNjMmM5MDI3Y2Vh
MGI4MWMwHhcNMjQwMTAyMTIzMjUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODRjMjZmYzY3ODg2NmZiMGFmMTZiM2JhZjM3M2UxMjBjMWI4NjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlXtKQ/vgyxrXj1Yf6YrodHtodS9J
SOSaGR/wUyklx9pIXZoTXzmIItxqHWJ8oGY9hXA7Y8c4Y6/oaEr792BBTLaYUk2R
YzXG/Feujzxs0Hyl4sZJPlAbSOMTkR8Ib7JAqVKUxDRAQRgHn+gNFuMqrvMAFBcU
kp2rwsFqf1J4NI0aWx6L8GZf3XvKcpKucOrjm53N9b8ME9svJdafsOpgYoeuNASd
k4XvLeYvUT+glOwc4fAzl0MWr7kNoRg8Z4d2Eg8mMokuJL/x4fmDErmxrmBb2gOC
40rM2jg5oY3GkYg7dK9URhycSzBttvXdo3dIU26J8CE4hmhlYoqIQU913wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLhMJvxniGb7CvFrO683PhIMG4ZFMB8GA1UdIwQY
MBaAFHLKGlz/Uuvi8itmncwskCfOoLgcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3NvYVhQOVM2LUx5SzJhZHpDeVFKODZndUJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC8xMmFjMGUtNTQ3NC00NWQ1LThkZWYt
NmE0MTRmMTg0NzA2LzEvdUV3bV9HZUladnNLOFdzN3J6Yy1FZ3diaGtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC8xMmFjMGUtNTQ3NC00NWQ1LThkZWYtNmE0MTRmMTg0NzA2
LzEvY3NvYVhQOVM2LUx5SzJhZHpDeVFKODZndUJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQgJMA0G
CSqGSIb3DQEBCwUAA4IBAQBK5tOOQv8ljIURRhBl1OZUrMi5VSLiYNMvg7p0nhBR
6E/4jyqrVBoJ/x4NsPi5roYSpWXLXKXfoATIZ4yrRa0oViT/WKcBX2iTt4ES3JAf
16f3+crSg0N17qME4VCrRLMh7lMJbISzOcgF3gOdY8NN/7qW5LhZZSpIvxGF9iSC
bh5XJJkuEtd/leY1BronLtgtLnqdSG5avuOcsqyWzfNN3Hj0MKVdl5k+TGLhR2qI
CQAzX6tchczMldrZAwM36xCCrG5n4LBvBweoq2zc5xC7nwDLkxKsnagERWQiGS+7
TjkKJOivZnjwaba/spJn7gsOKqBLFRHhtCMraWz10QpR
-----END CERTIFICATE-----