Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/18e0f5-4e14-431a-b793-1217729af1c8/1/UCTdayC5INIYa0Xj82fPfOriPJY.roa
File:                     UCTdayC5INIYa0Xj82fPfOriPJY.roa (raw, json)
Hash identifier:          y9f2sxjBTFmmLnAgRs1+sLdB5kF9tUhHN+l7AdOnV08=
Subject key identifier:   50:24:DD:6B:20:B9:20:D2:18:6B:45:E3:F3:67:CF:7C:EA:E2:3C:96
Certificate issuer:       /CN=4a0973c1f443ec4a8387aad7aca75d07b6faa9da
Certificate serial:       018CC26D3CB49FBB8D03C9149BC5C990EB02
Authority key identifier: 4A:09:73:C1:F4:43:EC:4A:83:87:AA:D7:AC:A7:5D:07:B6:FA:A9:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SglzwfRD7EqDh6rXrKddB7b6qdo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/18e0f5-4e14-431a-b793-1217729af1c8/1/UCTdayC5INIYa0Xj82fPfOriPJY.roa
Signing time:             Mon 01 Jan 2024 00:29:48 +0000
ROA not before:           Mon 01 Jan 2024 00:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204457
IP address blocks:        185.248.12.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/18e0f5-4e14-431a-b793-1217729af1c8/1/SglzwfRD7EqDh6rXrKddB7b6qdo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/18e0f5-4e14-431a-b793-1217729af1c8/1/SglzwfRD7EqDh6rXrKddB7b6qdo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SglzwfRD7EqDh6rXrKddB7b6qdo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:3c:b4:9f:bb:8d:03:c9:14:9b:c5:c9:90:eb:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a0973c1f443ec4a8387aad7aca75d07b6faa9da
        Validity
            Not Before: Jan  1 00:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5024dd6b20b920d2186b45e3f367cf7ceae23c96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:0a:11:84:01:0f:37:60:0b:6c:b3:96:83:73:
                    e8:de:72:60:aa:ca:15:e2:6e:85:0d:42:f0:59:85:
                    15:32:fe:c3:a2:0c:1e:9e:55:f1:18:14:31:69:f2:
                    9b:bd:9a:7c:ee:56:35:cd:7c:f5:5e:75:82:06:e4:
                    57:32:42:d6:a2:d4:77:27:4e:bf:b6:1d:bf:47:91:
                    32:30:6b:0b:70:04:55:cf:32:ab:dd:12:64:2f:84:
                    e7:a6:54:fd:05:82:b6:73:d1:73:a7:03:87:7b:bb:
                    6a:b4:63:12:f9:ad:db:87:c0:32:13:ca:76:77:83:
                    9a:88:d2:ff:b4:49:00:44:1d:49:3b:c5:03:61:57:
                    e1:a9:65:1a:65:e4:64:fd:ee:f8:17:02:e1:36:fe:
                    e0:a4:a7:31:33:7b:92:ce:ab:9b:4d:35:d2:5f:b9:
                    d4:81:af:57:98:74:14:73:bf:6b:95:90:81:af:f9:
                    b2:54:1c:6b:1d:e4:74:82:4d:d3:a2:09:10:e1:c8:
                    35:81:e3:e7:63:66:fa:1d:4d:e0:03:cc:fd:01:a6:
                    90:56:7c:04:46:d3:a2:6b:c7:eb:ad:5f:83:aa:34:
                    28:56:b8:17:89:88:78:c0:02:68:68:14:84:81:12:
                    b9:cb:c9:8c:c9:2a:0d:14:8e:bd:90:71:f9:07:62:
                    8a:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:24:DD:6B:20:B9:20:D2:18:6B:45:E3:F3:67:CF:7C:EA:E2:3C:96
            X509v3 Authority Key Identifier:
                keyid:4A:09:73:C1:F4:43:EC:4A:83:87:AA:D7:AC:A7:5D:07:B6:FA:A9:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SglzwfRD7EqDh6rXrKddB7b6qdo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/18e0f5-4e14-431a-b793-1217729af1c8/1/UCTdayC5INIYa0Xj82fPfOriPJY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/18e0f5-4e14-431a-b793-1217729af1c8/1/SglzwfRD7EqDh6rXrKddB7b6qdo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.248.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         43:35:f1:2e:be:6c:f2:a4:2e:e2:c1:b3:f2:bf:f8:d1:87:3e:
         3c:a4:80:c0:ee:37:30:ad:ff:d0:d7:f6:b6:63:1a:6f:4a:fc:
         c0:25:a5:90:f9:c1:15:1d:ff:50:c7:3d:69:a1:b5:19:d6:d0:
         96:bf:cc:03:63:3e:d3:37:79:21:67:f4:aa:f4:15:d0:3f:18:
         93:2f:ad:61:60:54:00:82:07:dc:04:03:53:1c:a7:1f:3b:43:
         66:b2:24:e9:45:70:80:4d:94:eb:39:68:fb:d7:6c:a7:93:28:
         f3:e5:bf:30:b9:39:15:18:a6:48:3e:b2:45:77:c7:e4:20:1c:
         b5:bf:fa:8a:b1:d4:41:b2:12:fc:9b:c6:82:29:4a:6a:c7:50:
         f9:bf:01:46:03:8e:65:4b:34:12:8b:dc:da:0a:d3:ae:31:8a:
         ee:7c:62:79:87:25:63:d1:39:e4:ab:3d:8e:cd:ca:cd:22:02:
         92:cd:e3:92:c2:2a:5c:8a:be:f9:de:0c:80:13:63:7f:b4:b0:
         9c:a9:fc:a5:86:72:c2:09:a0:6a:20:e0:ff:23:02:6d:ec:21:
         1f:fa:89:0f:79:11:f1:84:c2:76:30:15:62:58:3b:1e:cc:74:
         b5:bb:d7:cc:58:dd:1c:e3:ed:ca:47:3a:10:a1:9f:bf:fb:78:
         b4:e6:6c:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbTy0n7uNA8kUm8XJkOsCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhMDk3M2MxZjQ0M2VjNGE4Mzg3YWFkN2FjYTc1ZDA3YjZm
YWE5ZGEwHhcNMjQwMTAxMDAyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDI0ZGQ2YjIwYjkyMGQyMTg2YjQ1ZTNmMzY3Y2Y3Y2VhZTIzYzk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAggoRhAEPN2ALbLOWg3Po3nJgqsoV
4m6FDULwWYUVMv7DogwenlXxGBQxafKbvZp87lY1zXz1XnWCBuRXMkLWotR3J06/
th2/R5EyMGsLcARVzzKr3RJkL4TnplT9BYK2c9FzpwOHe7tqtGMS+a3bh8AyE8p2
d4OaiNL/tEkARB1JO8UDYVfhqWUaZeRk/e74FwLhNv7gpKcxM3uSzqubTTXSX7nU
ga9XmHQUc79rlZCBr/myVBxrHeR0gk3TogkQ4cg1gePnY2b6HU3gA8z9AaaQVnwE
RtOia8frrV+DqjQoVrgXiYh4wAJoaBSEgRK5y8mMySoNFI69kHH5B2KKRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFAk3WsguSDSGGtF4/Nnz3zq4jyWMB8GA1UdIwQY
MBaAFEoJc8H0Q+xKg4eq16ynXQe2+qnaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2dsendmUkQ3RXFEaDZyWHJLZGRCN2I2cWRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS8xOGUwZjUtNGUxNC00MzFhLWI3OTMt
MTIxNzcyOWFmMWM4LzEvVUNUZGF5QzVJTklZYTBYajgyZlBmT3JpUEpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS8xOGUwZjUtNGUxNC00MzFhLWI3OTMtMTIxNzcyOWFmMWM4
LzEvU2dsendmUkQ3RXFEaDZyWHJLZGRCN2I2cWRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufgMMA0G
CSqGSIb3DQEBCwUAA4IBAQBDNfEuvmzypC7iwbPyv/jRhz48pIDA7jcwrf/Q1/a2
YxpvSvzAJaWQ+cEVHf9Qxz1pobUZ1tCWv8wDYz7TN3khZ/Sq9BXQPxiTL61hYFQA
ggfcBANTHKcfO0NmsiTpRXCATZTrOWj712ynkyjz5b8wuTkVGKZIPrJFd8fkIBy1
v/qKsdRBshL8m8aCKUpqx1D5vwFGA45lSzQSi9zaCtOuMYrufGJ5hyVj0Tnkqz2O
zcrNIgKSzeOSwipcir753gyAE2N/tLCcqfylhnLCCaBqIOD/IwJt7CEf+okPeRHx
hMJ2MBViWDsezHS1u9fMWN0c4+3KRzoQoZ+/+3i05mzu
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:15:20 2024 by rpki-client on console-fra.rpki-client.org