Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/UGwqomISx8dmkHOgLw242k5n8KA.roa
File:                     UGwqomISx8dmkHOgLw242k5n8KA.roa (raw, json)
Hash identifier:          tlHE+rLQjhfcNcIpIGb7d4iag5nMQYpNoc8BnqmbZZw=
Subject key identifier:   50:6C:2A:A2:62:12:C7:C7:66:90:73:A0:2F:0D:B8:DA:4E:67:F0:A0
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       018CC9BC6AD6BDD9634EFC7F4DB69E6B6486
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/UGwqomISx8dmkHOgLw242k5n8KA.roa
Signing time:             Tue 02 Jan 2024 10:33:37 +0000
ROA not before:           Tue 02 Jan 2024 10:33:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34820
IP address blocks:        45.158.82.0/24 maxlen: 24
                          185.225.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:6a:d6:bd:d9:63:4e:fc:7f:4d:b6:9e:6b:64:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: Jan  2 10:33:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=506c2aa26212c7c7669073a02f0db8da4e67f0a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:e7:e2:7e:a2:4c:04:82:8b:9a:ab:b9:90:ec:
                    e8:15:3f:c1:de:2f:9f:2e:51:76:0b:3a:18:9b:9b:
                    61:67:f8:6e:08:01:71:c1:16:f2:c3:f2:b1:59:da:
                    94:c8:a1:b2:43:a9:6b:6d:f7:97:ca:22:c7:16:13:
                    82:b5:87:0f:66:6e:47:c6:76:4c:64:52:c6:71:aa:
                    8a:50:ba:05:30:5a:77:ad:b4:0a:3d:6e:4d:93:0e:
                    c3:cb:24:18:bf:e2:d0:52:2c:07:8f:5d:5d:4a:d4:
                    e1:8b:36:b3:40:c1:f6:ac:ea:31:02:de:fc:73:bf:
                    53:d2:6d:9f:98:24:ce:b5:cf:41:71:e1:dd:a0:3f:
                    5d:77:d4:de:1a:85:5f:66:02:9b:3c:5a:c3:fe:a9:
                    da:86:e2:d8:dc:d2:0e:a2:67:82:da:21:a7:02:a6:
                    34:77:70:19:84:1f:20:d5:98:83:f4:c8:1b:74:bb:
                    2e:4b:7e:05:46:5d:7d:5e:46:92:67:1a:2b:84:a1:
                    3e:72:60:f7:7a:ec:ba:1d:63:f2:c2:a3:08:5f:84:
                    ab:ed:e7:46:dc:86:e8:2d:79:ff:cf:d4:6a:bc:7c:
                    9e:d5:a0:0d:dd:1f:a3:ee:a3:e9:e6:8b:d3:99:59:
                    b7:4a:f5:3d:00:2f:df:6d:e6:d2:32:4c:28:e7:c4:
                    86:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:6C:2A:A2:62:12:C7:C7:66:90:73:A0:2F:0D:B8:DA:4E:67:F0:A0
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/UGwqomISx8dmkHOgLw242k5n8KA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.82.0/24
                  185.225.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:c9:cf:b6:85:62:56:cb:3e:75:1b:94:31:ca:2a:81:62:fc:
         04:cc:db:f4:ed:a6:99:0d:89:e1:18:04:c1:f0:2b:cd:fd:1f:
         1e:c0:33:61:c6:4d:b6:d4:eb:18:5e:2f:8c:17:68:61:a8:0c:
         59:b1:a5:d6:63:5f:1b:4b:60:37:ee:db:6a:72:da:89:c1:1c:
         40:23:00:83:a8:e4:6e:ab:b9:f4:c7:fc:86:ad:19:35:cb:ac:
         07:10:28:d3:2e:61:77:10:3f:39:2c:e5:0b:65:d3:a5:74:a7:
         83:52:fe:79:a9:65:ad:bb:33:1b:d2:b9:29:43:e8:87:9e:82:
         d2:e7:03:3c:e1:19:da:89:02:ce:d7:db:94:0f:11:45:31:35:
         ac:ca:69:9e:a8:ac:b1:0d:c5:6f:c4:7c:88:ed:53:03:33:b1:
         6b:49:79:25:0b:4e:39:08:de:d7:50:ba:16:33:18:da:73:d4:
         dc:60:67:f2:b7:2c:4f:48:9c:b4:d0:00:b1:4e:22:9c:3b:8c:
         17:2d:c7:b4:85:83:e9:6a:ee:53:1f:b4:11:75:d5:09:07:f8:
         8e:38:1a:8a:be:06:58:06:3c:70:2e:fc:53:d7:e8:97:33:39:
         21:38:91:98:3a:ef:09:15:8e:f3:da:9a:11:48:ba:e4:63:61:
         7a:cd:20:85
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJvGrWvdljTvx/Tbaea2SGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjQwMTAyMTAzMzM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDZjMmFhMjYyMTJjN2M3NjY5MDczYTAyZjBkYjhkYTRlNjdmMGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiOfifqJMBIKLmqu5kOzoFT/B3i+f
LlF2CzoYm5thZ/huCAFxwRbyw/KxWdqUyKGyQ6lrbfeXyiLHFhOCtYcPZm5HxnZM
ZFLGcaqKULoFMFp3rbQKPW5Nkw7DyyQYv+LQUiwHj11dStThizazQMH2rOoxAt78
c79T0m2fmCTOtc9BceHdoD9dd9TeGoVfZgKbPFrD/qnahuLY3NIOomeC2iGnAqY0
d3AZhB8g1ZiD9MgbdLsuS34FRl19XkaSZxorhKE+cmD3euy6HWPywqMIX4Sr7edG
3IboLXn/z9RqvHye1aAN3R+j7qPp5ovTmVm3SvU9AC/fbebSMkwo58SGDwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFBsKqJiEsfHZpBzoC8NuNpOZ/CgMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEvVUd3cW9tSVN4OGRta0hPZ0x3MjQyazVuOEtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZ5SAwQA
ueHMMA0GCSqGSIb3DQEBCwUAA4IBAQCWyc+2hWJWyz51G5QxyiqBYvwEzNv07aaZ
DYnhGATB8CvN/R8ewDNhxk221OsYXi+MF2hhqAxZsaXWY18bS2A37ttqctqJwRxA
IwCDqORuq7n0x/yGrRk1y6wHECjTLmF3ED85LOULZdOldKeDUv55qWWtuzMb0rkp
Q+iHnoLS5wM84RnaiQLO19uUDxFFMTWsymmeqKyxDcVvxHyI7VMDM7FrSXklC045
CN7XULoWMxjac9TcYGfytyxPSJy00ACxTiKcO4wXLce0hYPpau5TH7QRddUJB/iO
OBqKvgZYBjxwLvxT1+iXMzkhOJGYOu8JFY7z2poRSLrkY2F6zSCF
-----END CERTIFICATE-----