Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/oUgm-V-nYZcwHzuZ--E_FNa2hzA.roa
File:                     oUgm-V-nYZcwHzuZ--E_FNa2hzA.roa (raw, json)
Hash identifier:          WRs2QuinVtJPd59ZBx7T44crFz0ah8AMob7VbuI2gCQ=
Subject key identifier:   A1:48:26:F9:5F:A7:61:97:30:1F:3B:99:FB:E1:3F:14:D6:B6:87:30
Certificate issuer:       /CN=2719412918a6627f99cce55c7aca139057b8574e
Certificate serial:       018CC3B6DCC0A2B034A4B25F283BF81A00F1
Authority key identifier: 27:19:41:29:18:A6:62:7F:99:CC:E5:5C:7A:CA:13:90:57:B8:57:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JxlBKRimYn-ZzOVcesoTkFe4V04.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/oUgm-V-nYZcwHzuZ--E_FNa2hzA.roa
Signing time:             Mon 01 Jan 2024 06:29:50 +0000
ROA not before:           Mon 01 Jan 2024 06:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        45.149.62.0/24 maxlen: 24
                          45.149.62.0/23 maxlen: 23
                          45.149.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/JxlBKRimYn-ZzOVcesoTkFe4V04.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/JxlBKRimYn-ZzOVcesoTkFe4V04.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JxlBKRimYn-ZzOVcesoTkFe4V04.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:03:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:dc:c0:a2:b0:34:a4:b2:5f:28:3b:f8:1a:00:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2719412918a6627f99cce55c7aca139057b8574e
        Validity
            Not Before: Jan  1 06:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a14826f95fa76197301f3b99fbe13f14d6b68730
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:49:90:b4:c9:4f:85:3e:43:3b:d1:fd:50:2d:
                    78:f2:9c:0b:c7:68:fa:a8:3e:23:5e:d6:a2:91:fe:
                    c3:af:89:3a:37:4c:2e:9c:83:08:8d:8d:9d:18:16:
                    2c:ef:3a:e4:71:aa:b7:ea:6b:0b:b7:26:bc:ef:79:
                    25:4e:d9:e8:60:c9:1c:73:4e:c9:c2:cb:9a:ae:5f:
                    33:3c:bd:c5:c9:e6:f4:f7:d7:d5:c0:54:d1:af:90:
                    cf:4f:fc:a3:07:29:ae:8d:1f:bf:5a:bf:aa:75:21:
                    e4:82:7e:d5:a9:07:25:3f:33:f4:74:b5:a0:c1:9e:
                    ca:3e:93:8a:ba:db:4c:ff:59:23:6a:1e:e4:31:c0:
                    f1:5c:8e:c1:36:0f:5a:7c:bb:e0:25:32:a1:59:3f:
                    f5:00:8f:7a:23:bb:22:e6:d0:0b:50:98:9b:04:2e:
                    da:c1:0f:01:ea:c7:f5:2d:e9:f2:7b:42:e9:74:28:
                    42:d2:36:5b:a3:d7:bf:b8:38:02:27:9f:20:d9:d0:
                    30:b5:5a:9c:f3:6b:06:96:41:5a:d9:9b:df:bf:f4:
                    31:65:42:ca:5a:2d:f6:37:fb:6c:d6:46:d8:71:3f:
                    0b:b5:66:59:75:9c:7f:60:cb:e7:67:96:2c:32:b2:
                    94:7c:0f:9d:06:b6:7e:0b:77:42:0d:cd:7b:07:03:
                    51:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:48:26:F9:5F:A7:61:97:30:1F:3B:99:FB:E1:3F:14:D6:B6:87:30
            X509v3 Authority Key Identifier:
                keyid:27:19:41:29:18:A6:62:7F:99:CC:E5:5C:7A:CA:13:90:57:B8:57:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JxlBKRimYn-ZzOVcesoTkFe4V04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/oUgm-V-nYZcwHzuZ--E_FNa2hzA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/JxlBKRimYn-ZzOVcesoTkFe4V04.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.62.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4c:d3:d6:db:f5:13:29:09:8d:40:e5:1c:17:14:2b:43:2a:ff:
         d4:c8:a9:f1:26:de:ab:a3:f3:9c:2f:53:95:f3:55:19:1a:0b:
         37:63:91:6f:ed:ae:e8:ac:bc:48:7d:35:d2:8a:8d:64:32:a2:
         4a:bb:a4:3f:a1:00:21:04:42:74:16:7a:fd:14:af:25:61:70:
         5a:17:7b:94:f9:86:56:a2:fe:33:3d:76:aa:a5:cd:e1:17:e8:
         7b:c0:e9:ae:5e:14:79:11:50:65:36:19:76:d3:25:b2:47:5e:
         37:34:2b:3b:e1:fd:00:06:da:78:42:9f:56:07:74:fd:eb:62:
         27:11:db:81:95:4e:49:fc:db:95:2b:93:94:05:0f:cc:92:46:
         1c:7a:af:38:2d:74:e4:d4:55:04:40:56:6e:39:c5:26:38:72:
         74:f3:85:6b:f2:61:0a:01:27:39:47:75:40:57:0d:83:e8:03:
         57:0e:40:b0:71:cd:74:a2:71:c0:47:39:ef:a6:71:a5:25:6c:
         fc:4a:30:41:50:c1:5e:1f:3c:24:aa:ec:ff:54:be:dc:c0:8a:
         fc:a0:80:33:7a:ad:ba:a9:59:dd:3e:6c:d5:98:b3:f2:8f:4c:
         ab:8c:e6:68:d2:2c:6a:98:fc:67:10:e0:db:e8:09:b2:24:11:
         d0:2b:24:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDttzAorA0pLJfKDv4GgDxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3MTk0MTI5MThhNjYyN2Y5OWNjZTU1YzdhY2ExMzkwNTdi
ODU3NGUwHhcNMjQwMTAxMDYyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTQ4MjZmOTVmYTc2MTk3MzAxZjNiOTlmYmUxM2YxNGQ2YjY4NzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgEmQtMlPhT5DO9H9UC148pwLx2j6
qD4jXtaikf7Dr4k6N0wunIMIjY2dGBYs7zrkcaq36msLtya873klTtnoYMkcc07J
wsuarl8zPL3Fyeb099fVwFTRr5DPT/yjBymujR+/Wr+qdSHkgn7VqQclPzP0dLWg
wZ7KPpOKuttM/1kjah7kMcDxXI7BNg9afLvgJTKhWT/1AI96I7si5tALUJibBC7a
wQ8B6sf1Lenye0LpdChC0jZbo9e/uDgCJ58g2dAwtVqc82sGlkFa2Zvfv/QxZULK
Wi32N/ts1kbYcT8LtWZZdZx/YMvnZ5YsMrKUfA+dBrZ+C3dCDc17BwNRdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKFIJvlfp2GXMB87mfvhPxTWtocwMB8GA1UdIwQY
MBaAFCcZQSkYpmJ/mczlXHrKE5BXuFdOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnhsQktSaW1Zbi1aek9WY2Vzb1RrRmU0VjA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9lOTJjNDktYmQ0YS00ZThkLWJiZjYt
NGUyMjM5MTdiODYwLzEvb1VnbS1WLW5ZWmN3SHp1Wi0tRV9GTmEyaHpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9lOTJjNDktYmQ0YS00ZThkLWJiZjYtNGUyMjM5MTdiODYw
LzEvSnhsQktSaW1Zbi1aek9WY2Vzb1RrRmU0VjA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZU+MA0G
CSqGSIb3DQEBCwUAA4IBAQBM09bb9RMpCY1A5RwXFCtDKv/UyKnxJt6ro/OcL1OV
81UZGgs3Y5Fv7a7orLxIfTXSio1kMqJKu6Q/oQAhBEJ0Fnr9FK8lYXBaF3uU+YZW
ov4zPXaqpc3hF+h7wOmuXhR5EVBlNhl20yWyR143NCs74f0ABtp4Qp9WB3T962In
EduBlU5J/NuVK5OUBQ/MkkYceq84LXTk1FUEQFZuOcUmOHJ084Vr8mEKASc5R3VA
Vw2D6ANXDkCwcc10onHARznvpnGlJWz8SjBBUMFeHzwkquz/VL7cwIr8oIAzeq26
qVndPmzVmLPyj0yrjOZo0ixqmPxnEODb6AmyJBHQKySM
-----END CERTIFICATE-----