Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/efe6e6-0306-4769-80ab-7ebec0e27b28/1/UhGU-jCCAN3mDJnfSRcHOYjWKcE.roa
File:                     UhGU-jCCAN3mDJnfSRcHOYjWKcE.roa (raw, json)
Hash identifier:          twpt9LjUn/8KZBOdAHSOgHI4vF5kNflG4TQ8NRJP9Vs=
Subject key identifier:   52:11:94:FA:30:82:00:DD:E6:0C:99:DF:49:17:07:39:88:D6:29:C1
Certificate issuer:       /CN=c917700ddc0e728b072ad41a3d1e8b6a80aa7510
Certificate serial:       018CC49327676453136DE5DFB040E764718C
Authority key identifier: C9:17:70:0D:DC:0E:72:8B:07:2A:D4:1A:3D:1E:8B:6A:80:AA:75:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yRdwDdwOcosHKtQaPR6LaoCqdRA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/efe6e6-0306-4769-80ab-7ebec0e27b28/1/UhGU-jCCAN3mDJnfSRcHOYjWKcE.roa
Signing time:             Mon 01 Jan 2024 10:30:27 +0000
ROA not before:           Mon 01 Jan 2024 10:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59842
IP address blocks:        45.82.210.0/23 maxlen: 23
                          45.82.208.0/22 maxlen: 22
                          45.82.208.0/23 maxlen: 23
                          45.82.208.0/24 maxlen: 24
                          45.82.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/efe6e6-0306-4769-80ab-7ebec0e27b28/1/yRdwDdwOcosHKtQaPR6LaoCqdRA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/efe6e6-0306-4769-80ab-7ebec0e27b28/1/yRdwDdwOcosHKtQaPR6LaoCqdRA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yRdwDdwOcosHKtQaPR6LaoCqdRA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:27:67:64:53:13:6d:e5:df:b0:40:e7:64:71:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c917700ddc0e728b072ad41a3d1e8b6a80aa7510
        Validity
            Not Before: Jan  1 10:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=521194fa308200dde60c99df4917073988d629c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:57:b8:76:f3:18:2f:46:3e:6e:64:c2:46:6d:
                    b8:21:52:0a:15:b5:ac:ca:de:d6:55:10:7e:ed:e8:
                    3a:1a:42:77:bc:26:d9:10:46:e9:ae:a3:2a:ec:53:
                    fd:f4:97:38:24:59:ca:c8:e0:3c:03:33:b6:43:50:
                    73:5b:94:fa:a1:42:39:3b:e6:80:cf:40:14:f6:5d:
                    d9:1c:d3:29:8b:c9:8b:b8:d9:e5:01:5c:1f:60:d9:
                    3b:5f:53:35:32:f0:8b:62:58:f7:e4:08:23:ba:c9:
                    31:29:35:fc:a2:d0:79:e7:cd:2a:41:de:cd:39:71:
                    37:33:ca:47:be:da:cc:68:7c:d9:72:8f:bd:99:c2:
                    27:c0:54:25:7e:d3:6d:e3:65:3c:6c:be:a1:e7:12:
                    56:92:78:a2:63:c2:51:d9:19:12:e1:45:d1:bd:e2:
                    94:31:62:a0:46:24:45:fd:16:8d:25:6f:8d:e9:08:
                    77:a0:ec:7a:17:ba:ed:f9:1b:de:1e:bc:ea:90:30:
                    d0:d5:05:fc:90:d8:b2:6c:b7:65:54:6c:74:19:bf:
                    2f:3b:ce:dc:ce:e5:38:34:c1:9b:4f:c6:69:98:9b:
                    43:7e:ab:12:13:87:46:37:6b:cd:76:d4:de:d9:31:
                    b6:b7:81:1d:23:47:e9:a0:af:fc:98:4f:58:35:7a:
                    12:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:11:94:FA:30:82:00:DD:E6:0C:99:DF:49:17:07:39:88:D6:29:C1
            X509v3 Authority Key Identifier:
                keyid:C9:17:70:0D:DC:0E:72:8B:07:2A:D4:1A:3D:1E:8B:6A:80:AA:75:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yRdwDdwOcosHKtQaPR6LaoCqdRA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/efe6e6-0306-4769-80ab-7ebec0e27b28/1/UhGU-jCCAN3mDJnfSRcHOYjWKcE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/efe6e6-0306-4769-80ab-7ebec0e27b28/1/yRdwDdwOcosHKtQaPR6LaoCqdRA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         11:5b:77:34:ba:f7:b3:67:5d:97:8d:c9:9a:e0:47:1d:0c:02:
         0b:23:8c:6d:a5:43:00:fc:14:a2:7e:cc:f6:28:65:11:33:b9:
         db:e6:34:bd:36:2b:6a:ca:a8:5f:83:05:fc:c3:10:ee:5d:0a:
         25:90:35:05:6a:b6:bc:40:8e:d9:43:ed:d2:c4:c5:85:df:a6:
         ed:1a:64:c7:80:0a:6b:7b:35:a9:cc:51:59:53:1b:ec:6c:63:
         d2:4c:f5:bf:1a:36:75:eb:e2:54:04:a7:d5:ae:5f:94:3b:bd:
         c0:56:db:c2:f8:17:9a:71:4a:d5:c1:db:6e:47:67:38:bb:e6:
         88:e7:e9:41:fd:d2:f8:a2:db:98:6a:98:9d:74:75:2f:a0:07:
         1f:a6:6c:8b:1d:33:45:a1:fa:dc:03:da:27:c3:64:4f:a4:54:
         75:54:31:ef:03:47:52:61:85:85:15:01:5d:9d:2c:12:29:7a:
         80:69:81:a8:51:45:d1:93:cb:be:d6:38:8c:8d:44:07:f0:81:
         c6:02:94:e1:31:d4:a4:9c:d5:4a:64:85:07:eb:b3:13:b3:50:
         22:12:87:0b:d9:8d:1c:d5:3c:35:4f:ea:ce:60:d7:24:ea:f8:
         69:90:ee:7a:ae:18:5d:d7:b7:a7:7e:5d:f1:8d:30:8d:74:a0:
         d9:fe:e3:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkydnZFMTbeXfsEDnZHGMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5MTc3MDBkZGMwZTcyOGIwNzJhZDQxYTNkMWU4YjZhODBh
YTc1MTAwHhcNMjQwMTAxMTAzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjExOTRmYTMwODIwMGRkZTYwYzk5ZGY0OTE3MDczOTg4ZDYyOWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjle4dvMYL0Y+bmTCRm24IVIKFbWs
yt7WVRB+7eg6GkJ3vCbZEEbprqMq7FP99Jc4JFnKyOA8AzO2Q1BzW5T6oUI5O+aA
z0AU9l3ZHNMpi8mLuNnlAVwfYNk7X1M1MvCLYlj35AgjuskxKTX8otB5580qQd7N
OXE3M8pHvtrMaHzZco+9mcInwFQlftNt42U8bL6h5xJWkniiY8JR2RkS4UXRveKU
MWKgRiRF/RaNJW+N6Qh3oOx6F7rt+RveHrzqkDDQ1QX8kNiybLdlVGx0Gb8vO87c
zuU4NMGbT8ZpmJtDfqsSE4dGN2vNdtTe2TG2t4EdI0fpoK/8mE9YNXoS5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFIRlPowggDd5gyZ30kXBzmI1inBMB8GA1UdIwQY
MBaAFMkXcA3cDnKLByrUGj0ei2qAqnUQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVJkd0Rkd09jb3NIS3RRYVBSNkxhb0NxZFJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9lZmU2ZTYtMDMwNi00NzY5LTgwYWIt
N2ViZWMwZTI3YjI4LzEvVWhHVS1qQ0NBTjNtREpuZlNSY0hPWWpXS2NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9lZmU2ZTYtMDMwNi00NzY5LTgwYWItN2ViZWMwZTI3YjI4
LzEveVJkd0Rkd09jb3NIS3RRYVBSNkxhb0NxZFJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVLQMA0G
CSqGSIb3DQEBCwUAA4IBAQARW3c0uvezZ12Xjcma4EcdDAILI4xtpUMA/BSifsz2
KGURM7nb5jS9NitqyqhfgwX8wxDuXQolkDUFara8QI7ZQ+3SxMWF36btGmTHgApr
ezWpzFFZUxvsbGPSTPW/GjZ16+JUBKfVrl+UO73AVtvC+BeacUrVwdtuR2c4u+aI
5+lB/dL4otuYapiddHUvoAcfpmyLHTNFofrcA9onw2RPpFR1VDHvA0dSYYWFFQFd
nSwSKXqAaYGoUUXRk8u+1jiMjUQH8IHGApThMdSknNVKZIUH67MTs1AiEocL2Y0c
1Tw1T+rOYNck6vhpkO56rhhd17enfl3xjTCNdKDZ/uOV
-----END CERTIFICATE-----