Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/298898-7454-402b-81e9-ee1bd344f015/1/Uno7WysVy_PMdwYBFRh5BtACAQk.roa
File:                     Uno7WysVy_PMdwYBFRh5BtACAQk.roa (raw, json)
Hash identifier:          RFeqiMGc0M9KNidZ/TI83dGJPPCzjGOUtkDY3LKbx2k=
Subject key identifier:   52:7A:3B:5B:2B:15:CB:F3:CC:77:06:01:15:18:79:06:D0:02:01:09
Certificate issuer:       /CN=1e8d205c798ed78f3c44ca0c8f2852e8bec8eaa2
Certificate serial:       0194252173B8CE1F2AA8606E310D142588D9
Authority key identifier: 1E:8D:20:5C:79:8E:D7:8F:3C:44:CA:0C:8F:28:52:E8:BE:C8:EA:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ho0gXHmO1488RMoMjyhS6L7I6qI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/298898-7454-402b-81e9-ee1bd344f015/1/Uno7WysVy_PMdwYBFRh5BtACAQk.roa
Signing time:             Thu 02 Jan 2025 03:48:56 +0000
ROA not before:           Thu 02 Jan 2025 03:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        46.143.172.0/22 maxlen: 22
                          46.143.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/298898-7454-402b-81e9-ee1bd344f015/1/Ho0gXHmO1488RMoMjyhS6L7I6qI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/298898-7454-402b-81e9-ee1bd344f015/1/Ho0gXHmO1488RMoMjyhS6L7I6qI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ho0gXHmO1488RMoMjyhS6L7I6qI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:73:b8:ce:1f:2a:a8:60:6e:31:0d:14:25:88:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e8d205c798ed78f3c44ca0c8f2852e8bec8eaa2
        Validity
            Not Before: Jan  2 03:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=527a3b5b2b15cbf3cc77060115187906d0020109
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:44:1f:a0:3b:c0:3d:5e:95:34:af:30:b5:3b:
                    60:70:9e:68:a8:71:81:a8:a0:db:cb:a2:7e:74:15:
                    37:2d:9b:ec:15:3d:7f:2d:29:08:c3:ca:58:a2:95:
                    17:63:e0:9c:5e:b3:ad:db:57:44:d9:66:db:1f:3d:
                    d7:9d:70:46:f4:61:7f:8e:fe:c9:33:08:8a:c8:55:
                    26:a2:74:ac:98:f0:7f:0d:72:ab:38:55:d2:39:fb:
                    35:8b:94:75:da:86:32:be:d0:32:7b:91:c1:68:c4:
                    17:4d:48:1c:51:68:75:2d:63:04:3d:af:b4:08:ac:
                    42:40:e3:a6:09:4a:2a:a0:f1:23:b7:27:9d:f3:e4:
                    fa:d5:ba:c8:f2:b5:39:c5:cf:14:cb:9b:90:89:c6:
                    2f:4b:80:23:0c:4a:4b:d6:bb:bf:34:25:36:12:fc:
                    70:fa:c9:17:7b:53:c6:19:14:02:a9:ad:39:3e:f8:
                    46:ae:55:e3:45:0d:cf:e6:20:4b:9e:04:9a:0c:f1:
                    ae:c0:31:38:92:18:ae:a9:33:78:c1:e7:de:e8:ad:
                    3f:1f:8d:2c:99:fa:b0:f0:13:5e:a9:cb:0f:15:06:
                    95:c1:1b:a1:ef:bb:e8:bc:2e:50:47:50:a7:d1:e0:
                    b9:1e:5b:47:3f:b5:1f:5e:6f:82:08:79:ab:f2:f7:
                    a2:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:7A:3B:5B:2B:15:CB:F3:CC:77:06:01:15:18:79:06:D0:02:01:09
            X509v3 Authority Key Identifier:
                keyid:1E:8D:20:5C:79:8E:D7:8F:3C:44:CA:0C:8F:28:52:E8:BE:C8:EA:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ho0gXHmO1488RMoMjyhS6L7I6qI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/298898-7454-402b-81e9-ee1bd344f015/1/Uno7WysVy_PMdwYBFRh5BtACAQk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/298898-7454-402b-81e9-ee1bd344f015/1/Ho0gXHmO1488RMoMjyhS6L7I6qI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.143.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         76:b7:86:85:a7:dc:85:78:72:66:78:07:1b:04:ae:f9:29:81:
         1b:29:e9:8b:18:0d:f8:9f:76:b9:71:06:81:49:89:89:9d:a0:
         93:37:61:a9:f3:3f:3b:2c:36:81:fe:48:23:e6:46:ee:a3:86:
         8c:51:2b:29:ba:16:01:25:cc:a7:03:b1:30:7f:86:df:79:cf:
         09:1a:42:75:c3:58:3e:f0:90:69:38:3b:a3:25:32:00:bb:ca:
         52:e1:92:39:bd:39:91:1e:9c:44:55:9e:03:e1:b8:b2:37:a1:
         51:47:04:42:61:90:5f:f6:20:66:6a:0a:1b:38:fc:4b:0b:1f:
         04:34:67:29:12:68:4d:c9:47:7a:9d:60:8c:0d:59:9c:bb:25:
         20:bf:d2:f2:ac:b0:98:94:91:46:fb:a0:ab:d5:65:02:a1:d2:
         8f:9b:69:55:bc:0d:66:08:f4:1b:ea:de:71:eb:72:63:c9:b6:
         02:f7:a8:61:fb:24:b0:ed:79:9b:05:78:81:65:49:0b:0f:c0:
         4b:a0:ed:72:9c:ae:42:0c:02:5f:06:19:94:11:eb:72:9d:52:
         f7:4b:a1:26:46:ef:74:c1:42:a9:ee:69:8f:48:b9:f7:f0:0e:
         e9:3f:6d:13:82:28:51:31:97:2c:06:dd:9e:10:12:43:ad:32:
         30:16:cb:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIXO4zh8qqGBuMQ0UJYjZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOGQyMDVjNzk4ZWQ3OGYzYzQ0Y2EwYzhmMjg1MmU4YmVj
OGVhYTIwHhcNMjUwMTAyMDM0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjdhM2I1YjJiMTVjYmYzY2M3NzA2MDExNTE4NzkwNmQwMDIwMTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7UQfoDvAPV6VNK8wtTtgcJ5oqHGB
qKDby6J+dBU3LZvsFT1/LSkIw8pYopUXY+CcXrOt21dE2WbbHz3XnXBG9GF/jv7J
MwiKyFUmonSsmPB/DXKrOFXSOfs1i5R12oYyvtAye5HBaMQXTUgcUWh1LWMEPa+0
CKxCQOOmCUoqoPEjtyed8+T61brI8rU5xc8Uy5uQicYvS4AjDEpL1ru/NCU2Evxw
+skXe1PGGRQCqa05PvhGrlXjRQ3P5iBLngSaDPGuwDE4khiuqTN4wefe6K0/H40s
mfqw8BNeqcsPFQaVwRuh77vovC5QR1Cn0eC5HltHP7UfXm+CCHmr8veiSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFJ6O1srFcvzzHcGARUYeQbQAgEJMB8GA1UdIwQY
MBaAFB6NIFx5jtePPETKDI8oUui+yOqiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSG8wZ1hIbU8xNDg4Uk1vTWp5aFM2TDdJNnFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yOTg4OTgtNzQ1NC00MDJiLTgxZTkt
ZWUxYmQzNDRmMDE1LzEvVW5vN1d5c1Z5X1BNZHdZQkZSaDVCdEFDQVFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yOTg4OTgtNzQ1NC00MDJiLTgxZTktZWUxYmQzNDRmMDE1
LzEvSG8wZ1hIbU8xNDg4Uk1vTWp5aFM2TDdJNnFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLo+sMA0G
CSqGSIb3DQEBCwUAA4IBAQB2t4aFp9yFeHJmeAcbBK75KYEbKemLGA34n3a5cQaB
SYmJnaCTN2Gp8z87LDaB/kgj5kbuo4aMUSspuhYBJcynA7Ewf4bfec8JGkJ1w1g+
8JBpODujJTIAu8pS4ZI5vTmRHpxEVZ4D4biyN6FRRwRCYZBf9iBmagobOPxLCx8E
NGcpEmhNyUd6nWCMDVmcuyUgv9LyrLCYlJFG+6Cr1WUCodKPm2lVvA1mCPQb6t5x
63JjybYC96hh+ySw7XmbBXiBZUkLD8BLoO1ynK5CDAJfBhmUEetynVL3S6EmRu90
wUKp7mmPSLn38A7pP20TgihRMZcsBt2eEBJDrTIwFsvN
-----END CERTIFICATE-----