Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/YuJaPWHHQ3xs5ZlDqcF_0fc4Rl0.roa
File:                     YuJaPWHHQ3xs5ZlDqcF_0fc4Rl0.roa (raw, json)
Hash identifier:          gVvpzcD8Nr4EBN5CUQ+imfAMd9JGF2jUVVoWNZFaOEI=
Subject key identifier:   62:E2:5A:3D:61:C7:43:7C:6C:E5:99:43:A9:C1:7F:D1:F7:38:46:5D
Certificate issuer:       /CN=e2d0c49a0e97e0d5f3ced3b7b6b9f72ca0cb53d6
Certificate serial:       018CD9FCBC99D697D5E3CC11E6334A912294
Authority key identifier: E2:D0:C4:9A:0E:97:E0:D5:F3:CE:D3:B7:B6:B9:F7:2C:A0:CB:53:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4tDEmg6X4NXzztO3trn3LKDLU9Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/YuJaPWHHQ3xs5ZlDqcF_0fc4Rl0.roa
Signing time:             Fri 05 Jan 2024 14:17:48 +0000
ROA not before:           Fri 05 Jan 2024 14:17:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56876
IP address blocks:        45.137.246.0/24 maxlen: 24
                          45.137.244.0/24 maxlen: 24
                          45.137.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4tDEmg6X4NXzztO3trn3LKDLU9Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4tDEmg6X4NXzztO3trn3LKDLU9Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4tDEmg6X4NXzztO3trn3LKDLU9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d9:fc:bc:99:d6:97:d5:e3:cc:11:e6:33:4a:91:22:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2d0c49a0e97e0d5f3ced3b7b6b9f72ca0cb53d6
        Validity
            Not Before: Jan  5 14:17:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=62e25a3d61c7437c6ce59943a9c17fd1f738465d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:ad:8c:ea:03:c9:aa:33:40:54:f8:0a:ee:7b:
                    8b:5e:2f:83:3a:40:51:d2:2f:e8:79:1a:9a:04:fc:
                    48:5d:0e:46:3b:67:5d:17:ec:0f:da:7d:cf:7e:c4:
                    cc:62:99:ef:f8:4a:7f:07:cc:76:96:93:bb:e1:52:
                    75:47:f9:8d:f9:ab:2c:39:bf:33:e7:4b:30:3e:02:
                    6a:29:8c:0b:05:21:53:b6:3b:25:af:3c:1e:5b:94:
                    50:dc:c4:76:4a:64:cb:75:2c:44:b9:ac:54:ac:d7:
                    e5:33:c7:5c:c7:70:cc:40:33:3f:ce:fe:7c:2c:56:
                    1c:19:fb:08:53:94:d1:2a:4c:b3:34:6c:7c:aa:3d:
                    32:a5:43:30:59:fa:27:57:de:80:43:30:0a:3a:9f:
                    d0:54:10:fe:94:d1:07:4d:4a:34:1f:c3:bc:d1:1a:
                    77:63:13:75:58:a7:ee:00:08:4e:7d:c1:a9:7a:49:
                    8e:89:63:07:b4:6a:e7:d4:26:71:5f:9c:6c:c6:d5:
                    bb:47:a3:48:95:fb:a6:e2:da:f9:f5:98:8d:f7:c2:
                    fd:1f:df:05:35:b9:b5:02:ec:39:16:6b:a4:c6:77:
                    74:5d:9e:9d:7d:5a:21:e7:f5:35:26:e5:e0:ea:a3:
                    84:35:42:b0:57:97:bc:d9:17:08:5e:88:ad:15:69:
                    2b:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:E2:5A:3D:61:C7:43:7C:6C:E5:99:43:A9:C1:7F:D1:F7:38:46:5D
            X509v3 Authority Key Identifier:
                keyid:E2:D0:C4:9A:0E:97:E0:D5:F3:CE:D3:B7:B6:B9:F7:2C:A0:CB:53:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4tDEmg6X4NXzztO3trn3LKDLU9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/YuJaPWHHQ3xs5ZlDqcF_0fc4Rl0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4tDEmg6X4NXzztO3trn3LKDLU9Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.244.0/24
                  45.137.246.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1c:65:fb:23:20:a9:68:1b:e7:64:75:21:06:9d:10:b3:43:c7:
         71:9e:63:8e:f5:95:47:f2:3f:88:d0:a3:20:32:28:cf:eb:e5:
         f2:10:73:7c:70:c4:b2:6a:bd:ee:52:48:56:28:f4:fa:c3:0c:
         5c:b4:ab:e9:26:76:55:71:3e:ef:98:d1:1c:7c:7f:97:90:c0:
         99:c9:47:ce:0d:f3:2c:75:77:fc:97:b5:d2:47:eb:68:73:53:
         53:6b:d8:f4:3c:51:e2:1c:6b:68:7c:a6:1a:7d:99:d3:c6:31:
         cd:78:29:26:c7:51:39:06:a7:8c:2d:73:d2:0d:50:e3:35:eb:
         2f:9b:04:36:d9:86:fa:7d:b1:f7:e3:08:70:67:65:b7:3f:9e:
         72:ac:60:ca:60:83:4a:b8:73:4a:89:a4:4b:8e:5c:20:d5:a6:
         71:64:35:95:ad:b8:e9:48:e6:86:dc:ec:6b:05:dc:e4:d5:5b:
         fc:75:a9:5a:08:d9:59:7f:fe:09:1e:d6:4f:8b:33:17:11:52:
         6f:0d:e2:e9:63:49:ef:c3:6d:d6:36:db:ef:ce:71:fe:12:59:
         eb:18:5e:50:46:84:92:85:75:98:28:4b:1b:45:7c:91:43:4c:
         c1:64:ef:27:29:f3:20:65:24:8b:e9:17:04:6b:94:58:90:7e:
         56:25:81:0b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzZ/LyZ1pfV48wR5jNKkSKUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZDBjNDlhMGU5N2UwZDVmM2NlZDNiN2I2YjlmNzJjYTBj
YjUzZDYwHhcNMjQwMTA1MTQxNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmUyNWEzZDYxYzc0MzdjNmNlNTk5NDNhOWMxN2ZkMWY3Mzg0NjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsK2M6gPJqjNAVPgK7nuLXi+DOkBR
0i/oeRqaBPxIXQ5GO2ddF+wP2n3PfsTMYpnv+Ep/B8x2lpO74VJ1R/mN+assOb8z
50swPgJqKYwLBSFTtjslrzweW5RQ3MR2SmTLdSxEuaxUrNflM8dcx3DMQDM/zv58
LFYcGfsIU5TRKkyzNGx8qj0ypUMwWfonV96AQzAKOp/QVBD+lNEHTUo0H8O80Rp3
YxN1WKfuAAhOfcGpekmOiWMHtGrn1CZxX5xsxtW7R6NIlfum4tr59ZiN98L9H98F
Nbm1Auw5Fmukxnd0XZ6dfVoh5/U1JuXg6qOENUKwV5e82RcIXoitFWkrpwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGLiWj1hx0N8bOWZQ6nBf9H3OEZdMB8GA1UdIwQY
MBaAFOLQxJoOl+DV887Tt7a59yygy1PWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHRERW1nNlg0Tlh6enRPM3RybjNMS0RMVTlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC85ZjBmN2EtMTFlYi00MzgzLWJjNmEt
NDY5MGEwMDcxNDFmLzEvWXVKYVBXSEhRM3hzNVpsRHFjRl8wZmM0UmwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC85ZjBmN2EtMTFlYi00MzgzLWJjNmEtNDY5MGEwMDcxNDFm
LzEvNHRERW1nNlg0Tlh6enRPM3RybjNMS0RMVTlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYn0AwQB
LYn2MA0GCSqGSIb3DQEBCwUAA4IBAQAcZfsjIKloG+dkdSEGnRCzQ8dxnmOO9ZVH
8j+I0KMgMijP6+XyEHN8cMSyar3uUkhWKPT6wwxctKvpJnZVcT7vmNEcfH+XkMCZ
yUfODfMsdXf8l7XSR+toc1NTa9j0PFHiHGtofKYafZnTxjHNeCkmx1E5BqeMLXPS
DVDjNesvmwQ22Yb6fbH34whwZ2W3P55yrGDKYINKuHNKiaRLjlwg1aZxZDWVrbjp
SOaG3OxrBdzk1Vv8dalaCNlZf/4JHtZPizMXEVJvDeLpY0nvw23WNtvvznH+Elnr
GF5QRoSShXWYKEsbRXyRQ0zBZO8nKfMgZSSL6RcEa5RYkH5WJYEL
-----END CERTIFICATE-----