Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/045222-5ace-4e7e-95b2-a2e880fd5850/1/RUUozLRKgnpm2jc2d48gox8j53M.roa
File:                     RUUozLRKgnpm2jc2d48gox8j53M.roa (raw, json)
Hash identifier:          1Eyuu6B0TqC0wSh/LxwlNvKgvtM0na/BFiExXuncREo=
Subject key identifier:   45:45:28:CC:B4:4A:82:7A:66:DA:37:36:77:8F:20:A3:1F:23:E7:73
Certificate issuer:       /CN=17ffee25052c0aabf6cb371e3f2e076f44fc1c3c
Certificate serial:       018CC94C34A414691C8180E2479BB5B7D8E9
Authority key identifier: 17:FF:EE:25:05:2C:0A:AB:F6:CB:37:1E:3F:2E:07:6F:44:FC:1C:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F__uJQUsCqv2yzcePy4Hb0T8HDw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/045222-5ace-4e7e-95b2-a2e880fd5850/1/RUUozLRKgnpm2jc2d48gox8j53M.roa
Signing time:             Tue 02 Jan 2024 08:31:03 +0000
ROA not before:           Tue 02 Jan 2024 08:31:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199513
IP address blocks:        194.102.62.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/045222-5ace-4e7e-95b2-a2e880fd5850/1/F__uJQUsCqv2yzcePy4Hb0T8HDw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/045222-5ace-4e7e-95b2-a2e880fd5850/1/F__uJQUsCqv2yzcePy4Hb0T8HDw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F__uJQUsCqv2yzcePy4Hb0T8HDw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 20:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:34:a4:14:69:1c:81:80:e2:47:9b:b5:b7:d8:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17ffee25052c0aabf6cb371e3f2e076f44fc1c3c
        Validity
            Not Before: Jan  2 08:31:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=454528ccb44a827a66da3736778f20a31f23e773
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:88:25:59:87:dc:41:7d:16:56:46:c9:d0:49:
                    ba:b8:fb:82:d5:83:90:28:d0:72:3e:54:3d:b2:1d:
                    b5:a1:10:4f:d1:fd:38:da:82:42:a6:0e:c4:96:d8:
                    3b:81:2a:69:59:6d:78:39:e7:5a:6a:68:d7:26:f3:
                    dc:0b:16:fb:78:09:90:e7:5d:f8:86:81:3b:8a:91:
                    9c:37:7c:b9:9c:a2:c5:1c:c3:4b:2a:7c:e9:3a:47:
                    cd:88:bb:54:9e:15:aa:a4:64:d1:cd:c9:bb:a3:ae:
                    29:7d:87:e3:a8:24:47:41:ce:bc:10:df:b7:92:d1:
                    af:ad:c4:e7:ae:cd:c3:ff:b6:3a:78:68:d8:18:2b:
                    8a:f8:7b:2c:72:db:4e:0d:48:ab:e2:54:b6:6f:3d:
                    f8:e0:1d:c9:10:e4:98:d8:01:01:74:5c:ff:e2:55:
                    0f:e3:7b:b8:a5:3b:91:4d:85:9a:6e:06:f7:dc:30:
                    f7:d9:d4:12:dc:60:2e:fa:2d:d2:30:31:da:50:73:
                    81:a6:58:a1:4c:d0:64:21:84:4e:ea:0c:1d:85:5d:
                    aa:ff:70:88:4a:79:6f:3b:ae:11:3d:69:ed:ad:ee:
                    42:a7:47:e5:b1:26:28:4c:50:81:d2:43:3f:ee:94:
                    4a:9b:35:ab:af:b5:4c:c1:90:bd:a6:cd:57:0e:eb:
                    2f:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:45:28:CC:B4:4A:82:7A:66:DA:37:36:77:8F:20:A3:1F:23:E7:73
            X509v3 Authority Key Identifier:
                keyid:17:FF:EE:25:05:2C:0A:AB:F6:CB:37:1E:3F:2E:07:6F:44:FC:1C:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F__uJQUsCqv2yzcePy4Hb0T8HDw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/045222-5ace-4e7e-95b2-a2e880fd5850/1/RUUozLRKgnpm2jc2d48gox8j53M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/045222-5ace-4e7e-95b2-a2e880fd5850/1/F__uJQUsCqv2yzcePy4Hb0T8HDw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.102.62.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0e:df:e3:c0:6c:8d:e6:68:ce:2e:85:65:8c:24:a4:0a:b3:82:
         37:cb:b5:92:15:14:ec:6e:1a:42:c3:e0:40:02:49:37:9e:cc:
         92:95:a3:cc:41:50:27:91:00:22:48:6f:ca:b3:ab:ca:a1:e2:
         34:a7:37:09:ee:0e:ef:a0:8d:25:dc:0e:b4:7f:b9:c8:7e:b8:
         39:43:7a:21:fb:82:b1:cc:3b:66:83:24:69:71:26:b0:17:20:
         2f:bc:1e:16:44:8d:2a:eb:cf:d1:e5:97:bf:52:0a:10:33:74:
         b1:30:2e:a7:36:22:fc:6d:00:56:68:1f:17:9e:b1:0b:5f:00:
         de:63:1c:a6:00:dc:be:ee:18:8e:8b:8c:fd:e8:ad:71:2c:82:
         ce:5e:2d:be:71:03:f6:d5:f7:71:a7:96:83:70:91:55:72:85:
         4d:95:16:78:b6:87:d7:4f:d8:aa:3e:9a:f5:d3:48:8c:1c:16:
         ba:0d:f9:11:e4:af:ef:df:b3:89:ab:76:1b:cf:bc:d5:30:20:
         03:b5:8d:32:06:61:82:f6:c6:3c:4c:d1:23:ce:04:7f:e2:ca:
         ae:87:b9:6e:a2:a4:73:c6:12:72:c8:e0:e1:b0:80:fc:87:74:
         0b:15:c7:aa:1b:b7:71:47:03:d9:6a:4d:82:88:a9:64:bd:d9:
         23:03:8e:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTDSkFGkcgYDiR5u1t9jpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZmZlZTI1MDUyYzBhYWJmNmNiMzcxZTNmMmUwNzZmNDRm
YzFjM2MwHhcNMjQwMTAyMDgzMTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTQ1MjhjY2I0NGE4MjdhNjZkYTM3MzY3NzhmMjBhMzFmMjNlNzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4glWYfcQX0WVkbJ0Em6uPuC1YOQ
KNByPlQ9sh21oRBP0f042oJCpg7Eltg7gSppWW14OedaamjXJvPcCxb7eAmQ5134
hoE7ipGcN3y5nKLFHMNLKnzpOkfNiLtUnhWqpGTRzcm7o64pfYfjqCRHQc68EN+3
ktGvrcTnrs3D/7Y6eGjYGCuK+HsscttODUir4lS2bz344B3JEOSY2AEBdFz/4lUP
43u4pTuRTYWabgb33DD32dQS3GAu+i3SMDHaUHOBplihTNBkIYRO6gwdhV2q/3CI
SnlvO64RPWntre5Cp0flsSYoTFCB0kM/7pRKmzWrr7VMwZC9ps1XDusvUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEVFKMy0SoJ6Zto3NnePIKMfI+dzMB8GA1UdIwQY
MBaAFBf/7iUFLAqr9ss3Hj8uB29E/Bw8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRl9fdUpRVXNDcXYyeXpjZVB5NEhiMFQ4SER3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8wNDUyMjItNWFjZS00ZTdlLTk1YjIt
YTJlODgwZmQ1ODUwLzEvUlVVb3pMUktnbnBtMmpjMmQ0OGdveDhqNTNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8wNDUyMjItNWFjZS00ZTdlLTk1YjItYTJlODgwZmQ1ODUw
LzEvRl9fdUpRVXNDcXYyeXpjZVB5NEhiMFQ4SER3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwmY+MA0G
CSqGSIb3DQEBCwUAA4IBAQAO3+PAbI3maM4uhWWMJKQKs4I3y7WSFRTsbhpCw+BA
Akk3nsySlaPMQVAnkQAiSG/Ks6vKoeI0pzcJ7g7voI0l3A60f7nIfrg5Q3oh+4Kx
zDtmgyRpcSawFyAvvB4WRI0q68/R5Ze/UgoQM3SxMC6nNiL8bQBWaB8XnrELXwDe
YxymANy+7hiOi4z96K1xLILOXi2+cQP21fdxp5aDcJFVcoVNlRZ4tofXT9iqPpr1
00iMHBa6DfkR5K/v37OJq3Ybz7zVMCADtY0yBmGC9sY8TNEjzgR/4squh7luoqRz
xhJyyODhsID8h3QLFceqG7dxRwPZak2CiKlkvdkjA44v
-----END CERTIFICATE-----