Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/7e224d-f154-4f75-a2a8-eb7ec4d7dca8/1/UGhrxCAEH6XkLmOuRn7WE3CXzA4.roa
File:                     UGhrxCAEH6XkLmOuRn7WE3CXzA4.roa (raw, json)
Hash identifier:          JLr8bfyxYcqfQAlhNGQb9Q5LFI7EgSIRwCzPsUvwVlY=
Subject key identifier:   50:68:6B:C4:20:04:1F:A5:E4:2E:63:AE:46:7E:D6:13:70:97:CC:0E
Certificate issuer:       /CN=adfd90cb35742f9e581e8cbdf0e3e123a849c830
Certificate serial:       018CC8018CFB0D8DBD08D3DE0862D019EE0E
Authority key identifier: AD:FD:90:CB:35:74:2F:9E:58:1E:8C:BD:F0:E3:E1:23:A8:49:C8:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rf2QyzV0L55YHoy98OPhI6hJyDA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/7e224d-f154-4f75-a2a8-eb7ec4d7dca8/1/UGhrxCAEH6XkLmOuRn7WE3CXzA4.roa
Signing time:             Tue 02 Jan 2024 02:29:53 +0000
ROA not before:           Tue 02 Jan 2024 02:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15830
IP address blocks:        193.26.9.0/24 maxlen: 24
                          2001:678:d24::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/7e224d-f154-4f75-a2a8-eb7ec4d7dca8/1/rf2QyzV0L55YHoy98OPhI6hJyDA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/7e224d-f154-4f75-a2a8-eb7ec4d7dca8/1/rf2QyzV0L55YHoy98OPhI6hJyDA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rf2QyzV0L55YHoy98OPhI6hJyDA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 13:03:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:8c:fb:0d:8d:bd:08:d3:de:08:62:d0:19:ee:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=adfd90cb35742f9e581e8cbdf0e3e123a849c830
        Validity
            Not Before: Jan  2 02:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=50686bc420041fa5e42e63ae467ed6137097cc0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:89:e6:69:de:b5:7f:1d:3e:85:6d:28:1e:f5:
                    46:e4:d6:30:e9:9d:80:f3:d5:dc:7f:7f:e7:9c:1f:
                    76:56:9f:76:f4:09:bc:34:49:01:c0:20:52:fd:7f:
                    91:5f:1a:19:ed:b1:01:4f:2e:a1:b3:99:3c:a5:8e:
                    f5:9a:e8:39:01:8f:07:5b:9a:8d:d9:aa:c8:94:c6:
                    33:ac:65:fd:38:35:4b:8c:f2:b4:1d:76:9c:3a:39:
                    09:1e:fa:41:9a:27:55:cd:2e:fa:b5:a3:4c:15:72:
                    52:e8:0f:bc:f2:a2:44:a5:1a:47:ee:9f:4f:6e:81:
                    99:97:ca:98:b1:55:82:4a:6a:aa:12:3c:80:59:03:
                    3f:8f:47:21:fa:3d:0a:84:ce:fc:5d:3a:da:1a:f1:
                    99:a1:1e:24:c1:85:db:1c:4d:4a:63:7f:de:49:96:
                    8e:29:dc:53:35:0b:4d:2f:01:bc:7f:b3:6c:fa:7f:
                    fe:ad:d9:52:f2:30:de:4b:2e:ba:30:8d:18:cc:42:
                    53:3b:85:11:22:e2:dc:e3:c8:f1:56:f1:71:5a:ba:
                    74:ce:21:de:dc:92:7a:8a:4e:2d:d6:71:04:c2:0d:
                    62:5b:d7:ff:37:35:32:9e:61:f4:4f:17:6a:45:d3:
                    1e:c6:e0:a9:76:d3:0f:cb:f2:72:71:e1:cf:49:83:
                    0a:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:68:6B:C4:20:04:1F:A5:E4:2E:63:AE:46:7E:D6:13:70:97:CC:0E
            X509v3 Authority Key Identifier:
                keyid:AD:FD:90:CB:35:74:2F:9E:58:1E:8C:BD:F0:E3:E1:23:A8:49:C8:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rf2QyzV0L55YHoy98OPhI6hJyDA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/7e224d-f154-4f75-a2a8-eb7ec4d7dca8/1/UGhrxCAEH6XkLmOuRn7WE3CXzA4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/7e224d-f154-4f75-a2a8-eb7ec4d7dca8/1/rf2QyzV0L55YHoy98OPhI6hJyDA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.26.9.0/24
                IPv6:
                  2001:678:d24::/48

    Signature Algorithm: sha256WithRSAEncryption
         36:35:1e:8a:a0:b8:cb:d6:b4:49:02:4b:2a:0b:f7:4c:84:38:
         c4:2f:58:38:c8:1f:e8:8d:2b:a7:38:bf:74:0a:1c:da:b8:ca:
         48:06:98:dc:56:18:cc:9a:83:04:b6:49:7e:8a:16:a0:db:6d:
         cd:fa:c8:e8:c0:62:cf:b5:32:ca:f4:41:30:3c:6e:a0:2a:35:
         de:15:6d:57:6d:32:91:61:22:ad:2f:9a:e8:1d:80:32:bd:4a:
         f7:e5:15:a3:50:e2:3d:61:6b:35:3b:90:ae:3b:18:d6:15:ae:
         92:4c:c3:7a:2a:b1:b7:91:10:b5:ef:a4:49:bf:38:9c:cc:24:
         ea:79:83:06:5b:bd:80:25:84:c7:8b:ee:a6:27:a6:cf:b4:65:
         bd:6e:27:c1:06:40:d5:84:bb:1d:d3:a1:a7:02:d5:55:49:7e:
         60:84:3f:c6:11:38:44:a0:82:1c:d5:4f:50:83:02:b1:28:35:
         1a:ca:80:37:f9:fe:77:e7:eb:10:b5:e2:4b:8f:dd:d0:7b:b0:
         99:c8:98:0c:db:97:fe:89:f0:c3:92:04:4f:fa:d3:bb:22:95:
         e2:5b:d2:a4:49:4c:08:f5:2b:b3:3a:8a:2b:1b:27:fc:f5:d0:
         71:1b:19:f1:81:a4:5b:4c:7e:cf:a5:04:d9:72:dc:fb:ba:20:
         7c:d3:ad:4e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIAYz7DY29CNPeCGLQGe4OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZmQ5MGNiMzU3NDJmOWU1ODFlOGNiZGYwZTNlMTIzYTg0
OWM4MzAwHhcNMjQwMTAyMDIyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDY4NmJjNDIwMDQxZmE1ZTQyZTYzYWU0NjdlZDYxMzcwOTdjYzBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0onmad61fx0+hW0oHvVG5NYw6Z2A
89Xcf3/nnB92Vp929Am8NEkBwCBS/X+RXxoZ7bEBTy6hs5k8pY71mug5AY8HW5qN
2arIlMYzrGX9ODVLjPK0HXacOjkJHvpBmidVzS76taNMFXJS6A+88qJEpRpH7p9P
boGZl8qYsVWCSmqqEjyAWQM/j0ch+j0KhM78XTraGvGZoR4kwYXbHE1KY3/eSZaO
KdxTNQtNLwG8f7Ns+n/+rdlS8jDeSy66MI0YzEJTO4URIuLc48jxVvFxWrp0ziHe
3JJ6ik4t1nEEwg1iW9f/NzUynmH0TxdqRdMexuCpdtMPy/JyceHPSYMKDwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFBoa8QgBB+l5C5jrkZ+1hNwl8wOMB8GA1UdIwQY
MBaAFK39kMs1dC+eWB6MvfDj4SOoScgwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmYyUXl6VjBMNTVZSG95OThPUGhJNmhKeURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi83ZTIyNGQtZjE1NC00Zjc1LWEyYTgt
ZWI3ZWM0ZDdkY2E4LzEvVUdocnhDQUVINlhrTG1PdVJuN1dFM0NYekE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi83ZTIyNGQtZjE1NC00Zjc1LWEyYTgtZWI3ZWM0ZDdkY2E4
LzEvcmYyUXl6VjBMNTVZSG95OThPUGhJNmhKeURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwRoJMA8E
AgACMAkDBwAgAQZ4DSQwDQYJKoZIhvcNAQELBQADggEBADY1HoqguMvWtEkCSyoL
90yEOMQvWDjIH+iNK6c4v3QKHNq4ykgGmNxWGMyagwS2SX6KFqDbbc36yOjAYs+1
Msr0QTA8bqAqNd4VbVdtMpFhIq0vmugdgDK9SvflFaNQ4j1hazU7kK47GNYVrpJM
w3oqsbeRELXvpEm/OJzMJOp5gwZbvYAlhMeL7qYnps+0Zb1uJ8EGQNWEux3ToacC
1VVJfmCEP8YROESgghzVT1CDArEoNRrKgDf5/nfn6xC14kuP3dB7sJnImAzbl/6J
8MOSBE/607sileJb0qRJTAj1K7M6iisbJ/z10HEbGfGBpFtMfs+lBNly3Pu6IHzT
rU4=
-----END CERTIFICATE-----