Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/435a3b-0b05-4571-bd2d-f03ce824c76d/1/RuUvk3CeRdJl1Yu1864RWUvP5B0.roa
File:                     RuUvk3CeRdJl1Yu1864RWUvP5B0.roa (raw, json)
Hash identifier:          Fk5PLpBmyz9tlFSHt9orXRXMuwnEaVZ/M6GAvkHFqdg=
Subject key identifier:   46:E5:2F:93:70:9E:45:D2:65:D5:8B:B5:F3:AE:11:59:4B:CF:E4:1D
Certificate issuer:       /CN=2dfa9f068edb9fc436354d1a6d9bb421bff630d5
Certificate serial:       018CC7954B19681106E50F9635B97E5F6777
Authority key identifier: 2D:FA:9F:06:8E:DB:9F:C4:36:35:4D:1A:6D:9B:B4:21:BF:F6:30:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LfqfBo7bn8Q2NU0abZu0Ib_2MNU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/435a3b-0b05-4571-bd2d-f03ce824c76d/1/RuUvk3CeRdJl1Yu1864RWUvP5B0.roa
Signing time:             Tue 02 Jan 2024 00:31:39 +0000
ROA not before:           Tue 02 Jan 2024 00:31:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59877
IP address blocks:        193.56.146.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/435a3b-0b05-4571-bd2d-f03ce824c76d/1/LfqfBo7bn8Q2NU0abZu0Ib_2MNU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/435a3b-0b05-4571-bd2d-f03ce824c76d/1/LfqfBo7bn8Q2NU0abZu0Ib_2MNU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LfqfBo7bn8Q2NU0abZu0Ib_2MNU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:4b:19:68:11:06:e5:0f:96:35:b9:7e:5f:67:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2dfa9f068edb9fc436354d1a6d9bb421bff630d5
        Validity
            Not Before: Jan  2 00:31:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=46e52f93709e45d265d58bb5f3ae11594bcfe41d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:3a:a9:61:1d:b0:29:6d:98:0c:89:29:d5:bc:
                    a7:d4:31:c2:75:ae:d9:9f:8a:0a:69:58:19:6c:ea:
                    e0:99:a2:e4:3a:a3:20:61:81:87:e3:fa:91:be:65:
                    8a:a4:3f:bc:70:0d:7b:e9:ed:23:08:a7:a1:01:af:
                    75:62:4b:a7:4b:9f:83:49:08:5b:b2:34:a8:74:fa:
                    02:5c:8f:80:f6:91:3e:9e:e8:35:6d:cf:81:30:f8:
                    6f:e2:82:4f:ec:b5:e3:30:90:e3:bd:61:bf:b5:44:
                    1f:fd:46:91:76:d5:da:bc:57:10:1e:2c:d4:48:4d:
                    be:f8:1b:41:33:4e:53:d6:30:4d:51:a8:83:10:2c:
                    61:b2:8e:c3:df:14:ca:f8:00:7e:c3:6f:12:0f:cd:
                    d0:24:82:09:cb:90:97:bd:b4:c5:67:9d:25:6f:ef:
                    50:8b:a3:44:02:f3:92:62:a7:b3:60:97:4b:d3:7d:
                    1f:66:8a:e2:15:04:4e:d1:e5:5e:c0:d2:16:bc:04:
                    4b:ab:7b:3c:cc:b2:55:e1:c1:9d:a8:4c:bc:15:e3:
                    56:02:2c:f7:c8:b8:03:4a:73:7e:88:a1:98:89:d6:
                    2e:f4:e8:f5:5e:36:33:8c:fa:6d:f2:f2:68:ee:20:
                    ef:39:af:83:58:02:82:f2:ba:bd:c6:53:02:a3:59:
                    61:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:E5:2F:93:70:9E:45:D2:65:D5:8B:B5:F3:AE:11:59:4B:CF:E4:1D
            X509v3 Authority Key Identifier:
                keyid:2D:FA:9F:06:8E:DB:9F:C4:36:35:4D:1A:6D:9B:B4:21:BF:F6:30:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LfqfBo7bn8Q2NU0abZu0Ib_2MNU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/435a3b-0b05-4571-bd2d-f03ce824c76d/1/RuUvk3CeRdJl1Yu1864RWUvP5B0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/435a3b-0b05-4571-bd2d-f03ce824c76d/1/LfqfBo7bn8Q2NU0abZu0Ib_2MNU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.56.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:00:6b:3d:33:27:10:60:8d:7f:5e:99:c8:02:25:17:eb:36:
         76:3c:da:58:b5:59:e2:a6:fa:7e:a6:c2:6c:c7:85:10:eb:9d:
         92:5d:1d:fd:c8:75:70:82:c8:cc:2e:a5:62:a4:f1:e2:88:2b:
         8e:a5:54:a9:be:83:70:11:04:dd:21:05:d6:fb:42:04:6f:36:
         9a:28:7a:d5:de:93:6b:47:9c:3b:c8:18:44:aa:9d:62:6b:24:
         8c:3b:61:f2:a9:cc:4c:65:d5:0f:d6:ae:d4:82:e6:28:1d:f4:
         5b:95:f0:d8:a0:9b:70:e4:7e:04:77:3e:c9:88:86:39:89:55:
         50:2c:11:b7:82:b9:23:64:b4:e3:b0:8b:99:f4:2e:6e:5b:05:
         b5:0b:36:b6:c2:6f:92:e3:fb:fd:28:3d:19:18:5e:ea:ee:d9:
         0f:33:88:cb:25:49:b4:eb:59:d2:4f:57:04:43:02:08:64:e0:
         e4:0b:40:0f:aa:b6:cd:8e:c8:a9:ab:26:6e:08:e5:10:49:56:
         e4:e7:86:1c:a6:62:71:ce:a2:f9:9d:1e:74:41:b5:0e:02:e3:
         4b:06:15:4c:62:19:9a:96:23:ba:52:93:32:2e:5b:ee:c3:e4:
         3c:ab:20:ea:03:f1:69:9d:cc:f3:30:6e:4e:10:05:00:da:08:
         d2:ad:90:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlUsZaBEG5Q+WNbl+X2d3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkZmE5ZjA2OGVkYjlmYzQzNjM1NGQxYTZkOWJiNDIxYmZm
NjMwZDUwHhcNMjQwMTAyMDAzMTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmU1MmY5MzcwOWU0NWQyNjVkNThiYjVmM2FlMTE1OTRiY2ZlNDFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxjqpYR2wKW2YDIkp1byn1DHCda7Z
n4oKaVgZbOrgmaLkOqMgYYGH4/qRvmWKpD+8cA176e0jCKehAa91YkunS5+DSQhb
sjSodPoCXI+A9pE+nug1bc+BMPhv4oJP7LXjMJDjvWG/tUQf/UaRdtXavFcQHizU
SE2++BtBM05T1jBNUaiDECxhso7D3xTK+AB+w28SD83QJIIJy5CXvbTFZ50lb+9Q
i6NEAvOSYqezYJdL030fZoriFQRO0eVewNIWvARLq3s8zLJV4cGdqEy8FeNWAiz3
yLgDSnN+iKGYidYu9Oj1XjYzjPpt8vJo7iDvOa+DWAKC8rq9xlMCo1lhtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEblL5NwnkXSZdWLtfOuEVlLz+QdMB8GA1UdIwQY
MBaAFC36nwaO25/ENjVNGm2btCG/9jDVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGZxZkJvN2JuOFEyTlUwYWJadTBJYl8yTU5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy80MzVhM2ItMGIwNS00NTcxLWJkMmQt
ZjAzY2U4MjRjNzZkLzEvUnVVdmszQ2VSZEpsMVl1MTg2NFJXVXZQNUIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy80MzVhM2ItMGIwNS00NTcxLWJkMmQtZjAzY2U4MjRjNzZk
LzEvTGZxZkJvN2JuOFEyTlUwYWJadTBJYl8yTU5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTiSMA0G
CSqGSIb3DQEBCwUAA4IBAQB/AGs9MycQYI1/XpnIAiUX6zZ2PNpYtVnipvp+psJs
x4UQ652SXR39yHVwgsjMLqVipPHiiCuOpVSpvoNwEQTdIQXW+0IEbzaaKHrV3pNr
R5w7yBhEqp1iaySMO2HyqcxMZdUP1q7UguYoHfRblfDYoJtw5H4Edz7JiIY5iVVQ
LBG3grkjZLTjsIuZ9C5uWwW1Cza2wm+S4/v9KD0ZGF7q7tkPM4jLJUm061nST1cE
QwIIZODkC0APqrbNjsipqyZuCOUQSVbk54YcpmJxzqL5nR50QbUOAuNLBhVMYhma
liO6UpMyLlvuw+Q8qyDqA/FpnczzMG5OEAUA2gjSrZAi
-----END CERTIFICATE-----