Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/UWi0y91I-qFgkKybuqVY2vHIiD8.roa
File:                     UWi0y91I-qFgkKybuqVY2vHIiD8.roa (raw, json)
Hash identifier:          q0vjHCn3ediYNgX5UnJQ9n1nR0gHiIsyAHLgDENSfu0=
Subject key identifier:   51:68:B4:CB:DD:48:FA:A1:60:90:AC:9B:BA:A5:58:DA:F1:C8:88:3F
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       018EC915B70E505D81A7D82A82B39C7A4FA6
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/UWi0y91I-qFgkKybuqVY2vHIiD8.roa
Signing time:             Wed 10 Apr 2024 17:37:07 +0000
ROA not before:           Wed 10 Apr 2024 17:37:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49981
IP address blocks:        164.215.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 13:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c9:15:b7:0e:50:5d:81:a7:d8:2a:82:b3:9c:7a:4f:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Apr 10 17:37:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5168b4cbdd48faa16090ac9bbaa558daf1c8883f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:3b:3b:0c:6c:a7:68:2d:6a:a1:05:cf:46:ce:
                    3a:ee:49:73:84:68:20:60:49:fa:be:14:8c:9a:90:
                    3f:a4:c7:34:4e:2a:dd:c8:15:ef:4a:2c:7a:ed:5f:
                    6a:8f:a8:ab:d6:20:7d:28:b3:18:12:2c:10:51:cf:
                    c1:39:cb:3f:c9:52:9d:70:06:81:7a:b8:15:a1:6d:
                    8a:94:90:8f:23:de:b8:88:00:3b:b0:fd:c1:39:72:
                    25:15:e4:ad:37:83:db:8c:10:8c:1b:7d:4f:69:ed:
                    6e:8a:ad:ba:9c:a9:ae:4f:ce:33:ac:33:d5:20:8d:
                    3d:75:29:db:9d:6e:f4:c0:ca:f9:e9:ec:e0:fe:07:
                    48:fd:94:46:92:30:fe:fb:6c:f7:94:e6:86:99:9e:
                    07:d2:ee:ec:ed:ca:bf:4b:dc:0e:af:a4:b3:8c:72:
                    fc:c9:d3:a1:7f:5b:fb:81:07:c6:58:c4:54:d1:e7:
                    b7:85:e2:74:8e:ce:15:b9:6b:1e:6a:d8:a0:32:f8:
                    62:ea:ca:e4:75:bf:f6:c9:f3:11:43:ed:94:be:32:
                    71:57:58:04:1d:d9:af:0a:9b:33:42:33:48:ef:f8:
                    05:25:1f:d6:26:18:d7:78:a2:43:3b:40:fa:d7:d7:
                    a7:70:40:aa:89:b8:95:a9:ea:a0:5d:c4:e2:87:d7:
                    81:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:68:B4:CB:DD:48:FA:A1:60:90:AC:9B:BA:A5:58:DA:F1:C8:88:3F
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/UWi0y91I-qFgkKybuqVY2vHIiD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.215.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:f8:ea:38:87:9f:9d:68:92:5f:a4:3e:39:c8:31:24:5d:40:
         b6:14:32:7a:13:a7:1e:77:61:ed:b0:01:ff:6a:39:8d:fb:cb:
         64:8f:79:fb:a4:fb:9b:88:5f:f6:f4:bc:fc:8b:a3:ef:1a:7e:
         1d:12:c8:c0:c5:81:4d:fe:69:e5:66:71:50:1b:96:e1:45:68:
         81:79:9b:94:39:4f:a9:d3:b0:9c:f3:77:f3:e3:7f:38:64:47:
         13:0b:0c:bc:94:81:4f:10:18:8c:93:be:29:75:cb:cd:47:a6:
         03:48:65:a0:d7:a8:8b:9b:b5:1d:5d:61:3e:c2:09:1b:8c:b1:
         29:8e:0f:74:52:bc:5f:ee:06:d1:50:6c:7b:86:87:f7:5d:f3:
         bc:38:44:6e:91:a0:df:ab:42:ce:0f:0c:e6:b8:be:e2:f2:b3:
         ad:08:75:12:94:95:bd:63:09:fb:d5:c1:d8:a0:c9:b1:83:f2:
         00:c8:ce:46:15:96:77:05:f7:e7:23:b8:45:32:b5:50:f4:ba:
         f9:0d:c1:a2:85:be:c1:d3:db:62:ed:1e:88:64:57:f4:fd:1c:
         38:d8:78:ae:9c:96:92:22:5d:a5:1e:6c:b0:ff:52:74:8c:9b:
         45:87:3d:64:9d:80:38:b2:27:b7:35:cb:c8:70:c0:00:af:d0:
         5e:a1:87:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7JFbcOUF2Bp9gqgrOcek+mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjQwNDEwMTczNzA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTY4YjRjYmRkNDhmYWExNjA5MGFjOWJiYWE1NThkYWYxYzg4ODNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApTs7DGynaC1qoQXPRs467klzhGgg
YEn6vhSMmpA/pMc0TirdyBXvSix67V9qj6ir1iB9KLMYEiwQUc/BOcs/yVKdcAaB
ergVoW2KlJCPI964iAA7sP3BOXIlFeStN4PbjBCMG31Pae1uiq26nKmuT84zrDPV
II09dSnbnW70wMr56ezg/gdI/ZRGkjD++2z3lOaGmZ4H0u7s7cq/S9wOr6SzjHL8
ydOhf1v7gQfGWMRU0ee3heJ0js4VuWseatigMvhi6srkdb/2yfMRQ+2UvjJxV1gE
HdmvCpszQjNI7/gFJR/WJhjXeKJDO0D619encECqibiVqeqgXcTih9eBJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFFotMvdSPqhYJCsm7qlWNrxyIg/MB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvVVdpMHk5MUktcUZna0t5YnVxVlkydkhJaUQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQApNdhMA0G
CSqGSIb3DQEBCwUAA4IBAQCr+Oo4h5+daJJfpD45yDEkXUC2FDJ6E6ced2HtsAH/
ajmN+8tkj3n7pPubiF/29Lz8i6PvGn4dEsjAxYFN/mnlZnFQG5bhRWiBeZuUOU+p
07Cc83fz4384ZEcTCwy8lIFPEBiMk74pdcvNR6YDSGWg16iLm7UdXWE+wgkbjLEp
jg90Urxf7gbRUGx7hof3XfO8OERukaDfq0LODwzmuL7i8rOtCHUSlJW9Ywn71cHY
oMmxg/IAyM5GFZZ3BffnI7hFMrVQ9Lr5DcGihb7B09ti7R6IZFf0/Rw42HiunJaS
Il2lHmyw/1J0jJtFhz1knYA4sie3NcvIcMAAr9BeoYdD
-----END CERTIFICATE-----