Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/3b6fb4-52e8-44e2-abe8-2c2fbad2f011/1/UhGLWw9byN03BlZkyAHc4WRmejQ.roa
File:                     UhGLWw9byN03BlZkyAHc4WRmejQ.roa (raw, json)
Hash identifier:          g1vZ/sw3uS7SVgeIzPtoS0HQe5nMGZuki05JOzlu6yY=
Subject key identifier:   52:11:8B:5B:0F:5B:C8:DD:37:06:56:64:C8:01:DC:E1:64:66:7A:34
Certificate issuer:       /CN=43aeb8ff55bd46500b27db9cf1dec256276b2b6a
Certificate serial:       0193640B6ACFC9F7D93731A0BD2F8CA3F33E
Authority key identifier: 43:AE:B8:FF:55:BD:46:50:0B:27:DB:9C:F1:DE:C2:56:27:6B:2B:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q664_1W9RlALJ9uc8d7CVidrK2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/3b6fb4-52e8-44e2-abe8-2c2fbad2f011/1/UhGLWw9byN03BlZkyAHc4WRmejQ.roa
Signing time:             Mon 25 Nov 2024 15:58:09 +0000
ROA not before:           Mon 25 Nov 2024 15:58:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41960
IP address blocks:        185.246.30.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/3b6fb4-52e8-44e2-abe8-2c2fbad2f011/1/Q664_1W9RlALJ9uc8d7CVidrK2o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/3b6fb4-52e8-44e2-abe8-2c2fbad2f011/1/Q664_1W9RlALJ9uc8d7CVidrK2o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q664_1W9RlALJ9uc8d7CVidrK2o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:64:0b:6a:cf:c9:f7:d9:37:31:a0:bd:2f:8c:a3:f3:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43aeb8ff55bd46500b27db9cf1dec256276b2b6a
        Validity
            Not Before: Nov 25 15:58:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=52118b5b0f5bc8dd37065664c801dce164667a34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:01:49:42:6f:e7:54:51:5d:c7:2b:98:3b:b0:
                    a1:58:ee:2e:27:df:d5:07:49:f6:f6:f0:86:c7:0e:
                    6a:dd:b7:af:66:b1:81:1c:c6:24:89:56:3f:a8:c3:
                    91:07:f0:b8:6d:32:43:67:15:93:37:f5:1a:af:f5:
                    b0:61:e8:ed:c5:15:9f:3f:4b:46:61:88:6b:b0:ab:
                    d5:2b:0e:85:82:68:f5:b5:ab:28:74:a8:b6:93:33:
                    8c:cf:b2:d6:d9:48:0e:ca:ad:10:92:34:b1:58:80:
                    39:0d:b9:99:e0:f5:ea:c7:57:f3:a2:4e:89:af:12:
                    75:77:31:cd:ef:e2:98:74:94:cd:53:96:f3:5d:ab:
                    30:b6:39:09:fb:16:9a:2f:04:6a:98:e6:66:f0:2a:
                    70:38:9e:f9:07:9c:16:58:f2:ff:df:0d:67:8f:80:
                    a1:21:94:74:da:fa:6e:d0:99:f1:07:12:7b:5b:3f:
                    f1:02:bd:8f:36:67:c6:58:85:89:8b:3f:a4:47:0b:
                    fe:c7:45:b7:8a:1e:c2:e1:19:86:29:49:6b:3f:9d:
                    b4:cd:01:d8:db:88:59:79:fd:1f:d5:cf:40:d3:f0:
                    c6:16:26:08:c1:62:a2:98:86:77:75:57:ab:bd:be:
                    07:cc:a4:f3:80:49:2f:93:29:36:b7:fd:a8:06:ef:
                    ef:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:11:8B:5B:0F:5B:C8:DD:37:06:56:64:C8:01:DC:E1:64:66:7A:34
            X509v3 Authority Key Identifier:
                keyid:43:AE:B8:FF:55:BD:46:50:0B:27:DB:9C:F1:DE:C2:56:27:6B:2B:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q664_1W9RlALJ9uc8d7CVidrK2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/3b6fb4-52e8-44e2-abe8-2c2fbad2f011/1/UhGLWw9byN03BlZkyAHc4WRmejQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/3b6fb4-52e8-44e2-abe8-2c2fbad2f011/1/Q664_1W9RlALJ9uc8d7CVidrK2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.246.30.0/23

    Signature Algorithm: sha256WithRSAEncryption
         46:fe:93:63:04:02:0d:66:34:4d:8b:41:26:93:ee:3e:6c:1c:
         b8:32:1b:16:5f:4c:a8:b3:5c:52:f3:3a:27:82:46:d4:a9:20:
         83:0b:3d:fd:d5:5d:41:a2:0b:31:38:97:16:04:67:9a:8d:62:
         d2:9a:b7:1e:69:2a:b5:34:1e:f1:0d:10:5c:70:b5:10:b1:c0:
         4f:69:78:dd:2c:dc:d1:8c:30:99:54:aa:30:e8:24:c3:a7:74:
         21:3f:31:7b:d8:a2:55:a9:39:76:83:61:bc:06:f9:34:44:e6:
         1d:fd:86:dc:ea:23:42:63:e5:6e:f0:d6:15:88:50:a3:18:9c:
         78:a7:b7:29:eb:11:27:1b:99:3d:eb:5c:91:82:7d:3a:f4:93:
         3a:c6:91:3e:53:91:a0:28:9a:90:8c:fa:e6:1e:71:45:4b:28:
         0f:e2:b0:cc:8f:cf:5b:4c:b3:5f:41:58:86:96:7c:22:f2:b9:
         73:0b:d5:c9:43:23:c0:da:39:0a:a7:f6:87:30:37:30:5a:73:
         b3:a2:3f:35:06:85:96:0f:cf:cb:3b:fd:df:13:88:63:d3:8e:
         22:08:62:6a:0e:ca:bb:74:53:02:0b:82:d7:d5:7f:24:b0:9a:
         ce:47:79:26:36:6b:bf:60:08:32:61:b8:f7:d7:f1:15:03:ab:
         0d:79:37:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNkC2rPyffZNzGgvS+Mo/M+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzYWViOGZmNTViZDQ2NTAwYjI3ZGI5Y2YxZGVjMjU2Mjc2
YjJiNmEwHhcNMjQxMTI1MTU1ODA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjExOGI1YjBmNWJjOGRkMzcwNjU2NjRjODAxZGNlMTY0NjY3YTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0gFJQm/nVFFdxyuYO7ChWO4uJ9/V
B0n29vCGxw5q3bevZrGBHMYkiVY/qMORB/C4bTJDZxWTN/Uar/WwYejtxRWfP0tG
YYhrsKvVKw6Fgmj1tasodKi2kzOMz7LW2UgOyq0QkjSxWIA5DbmZ4PXqx1fzok6J
rxJ1dzHN7+KYdJTNU5bzXaswtjkJ+xaaLwRqmOZm8CpwOJ75B5wWWPL/3w1nj4Ch
IZR02vpu0JnxBxJ7Wz/xAr2PNmfGWIWJiz+kRwv+x0W3ih7C4RmGKUlrP520zQHY
24hZef0f1c9A0/DGFiYIwWKimIZ3dVervb4HzKTzgEkvkyk2t/2oBu/vvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFIRi1sPW8jdNwZWZMgB3OFkZno0MB8GA1UdIwQY
MBaAFEOuuP9VvUZQCyfbnPHewlYnaytqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTY2NF8xVzlSbEFMSjl1YzhkN0NWaWRySzJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS8zYjZmYjQtNTJlOC00NGUyLWFiZTgt
MmMyZmJhZDJmMDExLzEvVWhHTFd3OWJ5TjAzQmxaa3lBSGM0V1JtZWpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS8zYjZmYjQtNTJlOC00NGUyLWFiZTgtMmMyZmJhZDJmMDEx
LzEvUTY2NF8xVzlSbEFMSjl1YzhkN0NWaWRySzJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBufYeMA0G
CSqGSIb3DQEBCwUAA4IBAQBG/pNjBAINZjRNi0Emk+4+bBy4MhsWX0yos1xS8zon
gkbUqSCDCz391V1BogsxOJcWBGeajWLSmrceaSq1NB7xDRBccLUQscBPaXjdLNzR
jDCZVKow6CTDp3QhPzF72KJVqTl2g2G8Bvk0ROYd/Ybc6iNCY+Vu8NYViFCjGJx4
p7cp6xEnG5k961yRgn069JM6xpE+U5GgKJqQjPrmHnFFSygP4rDMj89bTLNfQViG
lnwi8rlzC9XJQyPA2jkKp/aHMDcwWnOzoj81BoWWD8/LO/3fE4hj044iCGJqDsq7
dFMCC4LX1X8ksJrOR3kmNmu/YAgyYbj31/EVA6sNeTe4
-----END CERTIFICATE-----