Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/ufGHHZxjbc3dyClA4kTzp3FYXm8.roa
File:                     ufGHHZxjbc3dyClA4kTzp3FYXm8.roa (raw, json)
Hash identifier:          jP9+CVsOXbs4kfW/yjl9wXNS906L5TNpJk0cXzyd/Vc=
Subject key identifier:   B9:F1:87:1D:9C:63:6D:CD:DD:C8:29:40:E2:44:F3:A7:71:58:5E:6F
Certificate issuer:       /CN=e754c347d68d15493de71bb962f0a567e134d603
Certificate serial:       018CC42558D3F864016BA08CE867082496B6
Authority key identifier: E7:54:C3:47:D6:8D:15:49:3D:E7:1B:B9:62:F0:A5:67:E1:34:D6:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/ufGHHZxjbc3dyClA4kTzp3FYXm8.roa
Signing time:             Mon 01 Jan 2024 08:30:31 +0000
ROA not before:           Mon 01 Jan 2024 08:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20860
IP address blocks:        162.220.244.0/24 maxlen: 24
                          162.220.245.0/24 maxlen: 24
                          107.181.136.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/51TDR9aNFUk95xu5YvClZ-E01gM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/51TDR9aNFUk95xu5YvClZ-E01gM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:58:d3:f8:64:01:6b:a0:8c:e8:67:08:24:96:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e754c347d68d15493de71bb962f0a567e134d603
        Validity
            Not Before: Jan  1 08:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9f1871d9c636dcdddc82940e244f3a771585e6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:22:69:dc:53:50:c9:4f:2c:d2:94:db:f5:53:
                    05:40:d9:cc:cf:d6:84:61:83:98:c8:a8:23:c0:ca:
                    1e:e9:b4:97:2f:06:1b:6e:97:f7:90:38:dc:83:96:
                    2a:97:9d:e7:3f:2d:3a:73:56:7b:fb:d7:8d:0a:be:
                    f0:97:a9:80:f6:82:d8:80:c6:19:a9:09:66:45:54:
                    7a:22:e3:73:9e:be:5d:d7:e9:09:7b:70:a7:73:38:
                    34:bc:3a:94:97:e2:7b:ae:b7:aa:4a:eb:71:e9:42:
                    c6:ae:ca:3d:58:64:56:5f:50:1b:29:59:26:32:6b:
                    04:a4:9d:5c:55:17:ea:65:21:34:e6:66:5b:c3:63:
                    74:da:b5:99:1e:f6:0b:41:ca:9d:c7:15:ae:fa:8e:
                    51:ad:ae:b8:8a:0f:a9:4e:f4:9f:25:82:c1:22:7f:
                    97:f5:4d:db:4e:ae:e2:16:e5:dc:58:58:7a:39:66:
                    2e:80:1e:9f:3a:d7:86:16:65:4f:93:7e:35:9c:6f:
                    47:67:3b:98:0f:fd:3c:44:e4:68:4a:90:17:46:c2:
                    ef:51:1b:66:70:04:db:b2:22:22:6c:1f:f9:03:0c:
                    90:07:08:82:32:8e:47:c9:10:75:0c:d3:24:c3:0b:
                    e8:90:df:1b:03:a4:03:74:ff:43:82:ca:23:fd:08:
                    cb:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:F1:87:1D:9C:63:6D:CD:DD:C8:29:40:E2:44:F3:A7:71:58:5E:6F
            X509v3 Authority Key Identifier:
                keyid:E7:54:C3:47:D6:8D:15:49:3D:E7:1B:B9:62:F0:A5:67:E1:34:D6:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/ufGHHZxjbc3dyClA4kTzp3FYXm8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/51TDR9aNFUk95xu5YvClZ-E01gM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.181.136.0/24
                  162.220.244.0/23

    Signature Algorithm: sha256WithRSAEncryption
         91:8b:05:f4:fb:cd:94:50:a3:8c:39:57:7f:aa:28:ee:e3:46:
         89:46:4d:7b:6b:c9:84:3d:ca:df:96:53:02:4d:06:23:c4:79:
         bf:ca:af:37:c3:c7:d0:d9:2e:20:fd:56:cc:e2:a6:e9:fc:d9:
         cf:d6:32:71:61:28:d3:44:3b:5b:24:97:a3:2b:87:ef:22:d3:
         0e:62:c5:f3:ce:32:01:83:32:38:01:b5:35:f7:02:6b:5e:34:
         30:91:0c:53:70:7a:2d:af:d0:09:6e:80:e5:0b:06:a0:64:80:
         cf:7f:f5:81:6d:13:0f:1e:17:09:63:88:a5:bf:c9:b2:c9:a4:
         d6:03:e4:88:79:5f:72:24:c9:4f:35:77:ac:47:a5:b7:97:de:
         ae:f4:7e:29:3a:9f:cc:44:e6:58:4c:2b:00:46:87:b3:47:3e:
         2f:a5:a4:1c:eb:3e:d0:9d:9c:b3:99:24:03:4a:cc:ee:32:48:
         dc:36:17:c1:b9:3a:f0:4a:b2:f0:bb:89:2d:d9:5b:1f:0f:f5:
         8e:60:df:83:6e:4b:51:3a:56:fe:22:98:4b:66:25:03:cd:4a:
         bd:b9:27:7a:7b:2b:d9:4f:46:45:ab:c1:46:0a:22:ff:a1:9b:
         0e:75:84:bf:ab:30:4b:c8:b5:cb:2a:f4:02:92:61:0c:01:32:
         54:cd:57:a6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJVjT+GQBa6CM6GcIJJa2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NTRjMzQ3ZDY4ZDE1NDkzZGU3MWJiOTYyZjBhNTY3ZTEz
NGQ2MDMwHhcNMjQwMTAxMDgzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWYxODcxZDljNjM2ZGNkZGRjODI5NDBlMjQ0ZjNhNzcxNTg1ZTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoyJp3FNQyU8s0pTb9VMFQNnMz9aE
YYOYyKgjwMoe6bSXLwYbbpf3kDjcg5Yql53nPy06c1Z7+9eNCr7wl6mA9oLYgMYZ
qQlmRVR6IuNznr5d1+kJe3Cnczg0vDqUl+J7rreqSutx6ULGrso9WGRWX1AbKVkm
MmsEpJ1cVRfqZSE05mZbw2N02rWZHvYLQcqdxxWu+o5Rra64ig+pTvSfJYLBIn+X
9U3bTq7iFuXcWFh6OWYugB6fOteGFmVPk341nG9HZzuYD/08RORoSpAXRsLvURtm
cATbsiIibB/5AwyQBwiCMo5HyRB1DNMkwwvokN8bA6QDdP9Dgsoj/QjL3QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLnxhx2cY23N3cgpQOJE86dxWF5vMB8GA1UdIwQY
MBaAFOdUw0fWjRVJPecbuWLwpWfhNNYDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTFURFI5YU5GVWs5NXh1NVl2Q2xaLUUwMWdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80NmRiM2EtYTU3My00ZjI4LWI0M2It
MzdiNjJkMjIzOTI0LzEvdWZHSEhaeGpiYzNkeUNsQTRrVHpwM0ZZWG04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80NmRiM2EtYTU3My00ZjI4LWI0M2ItMzdiNjJkMjIzOTI0
LzEvNTFURFI5YU5GVWs5NXh1NVl2Q2xaLUUwMWdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAa7WIAwQB
otz0MA0GCSqGSIb3DQEBCwUAA4IBAQCRiwX0+82UUKOMOVd/qiju40aJRk17a8mE
PcrfllMCTQYjxHm/yq83w8fQ2S4g/VbM4qbp/NnP1jJxYSjTRDtbJJejK4fvItMO
YsXzzjIBgzI4AbU19wJrXjQwkQxTcHotr9AJboDlCwagZIDPf/WBbRMPHhcJY4il
v8myyaTWA+SIeV9yJMlPNXesR6W3l96u9H4pOp/MROZYTCsARoezRz4vpaQc6z7Q
nZyzmSQDSszuMkjcNhfBuTrwSrLwu4kt2VsfD/WOYN+DbktROlb+IphLZiUDzUq9
uSd6eyvZT0ZFq8FGCiL/oZsOdYS/qzBLyLXLKvQCkmEMATJUzVem
-----END CERTIFICATE-----