Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/Ug4yPWHwXqmOvkKRaFqWSrALbFE.roa
File:                     Ug4yPWHwXqmOvkKRaFqWSrALbFE.roa (raw, json)
Hash identifier:          z3OHqSu+1nCFIktQdqRIirne0J5TzIIRzIWVVAl62Kk=
Subject key identifier:   52:0E:32:3D:61:F0:5E:A9:8E:BE:42:91:68:5A:96:4A:B0:0B:6C:51
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       018E5B0346ADC597480A587F249490D8D595
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/Ug4yPWHwXqmOvkKRaFqWSrALbFE.roa
Signing time:             Wed 20 Mar 2024 08:38:45 +0000
ROA not before:           Wed 20 Mar 2024 08:38:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50321
IP address blocks:        88.151.192.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:5b:03:46:ad:c5:97:48:0a:58:7f:24:94:90:d8:d5:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Mar 20 08:38:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=520e323d61f05ea98ebe4291685a964ab00b6c51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:65:55:79:ab:bf:57:4c:04:d1:82:43:a1:cd:
                    26:6e:fb:02:63:52:30:22:19:19:68:46:c9:a2:1b:
                    cf:4d:f1:20:e0:fe:90:96:65:22:e9:4f:8c:71:30:
                    8b:24:f9:78:86:73:83:69:c0:10:7c:e8:cd:39:6d:
                    fc:8d:b8:c4:c3:15:22:85:7c:aa:f4:22:21:c4:2c:
                    63:f0:7f:b4:3d:dd:fc:bc:c1:51:fa:49:b1:d6:a5:
                    b2:96:fb:01:c3:15:6f:f2:88:e7:60:17:50:30:02:
                    75:0b:53:5b:4f:f1:65:fe:0a:09:f3:2b:32:60:23:
                    a2:39:87:a1:37:44:a7:ab:bc:0a:aa:82:dc:52:4c:
                    a4:06:fa:d6:48:22:a0:d6:e6:72:c9:5e:99:94:d1:
                    ec:a6:d7:c0:a2:83:a3:c9:00:5f:65:66:05:87:b2:
                    a8:16:b7:d1:56:68:a9:61:50:b0:e3:bd:74:b5:d4:
                    dd:0d:d5:94:bb:a6:da:d5:47:8e:04:4b:e0:f8:34:
                    17:02:b5:c8:61:4e:1c:1f:d8:18:98:d5:36:c9:f6:
                    8a:35:32:7f:5d:4f:9a:8c:c7:62:14:0e:fd:80:69:
                    72:87:51:2a:e4:77:cf:b7:e0:13:5b:33:2d:b2:f8:
                    7a:63:6e:fa:0c:2b:6e:e4:60:50:49:3d:fa:92:7d:
                    20:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:0E:32:3D:61:F0:5E:A9:8E:BE:42:91:68:5A:96:4A:B0:0B:6C:51
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/Ug4yPWHwXqmOvkKRaFqWSrALbFE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.151.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:fd:3a:90:c5:c9:02:e7:d2:b1:ac:2e:23:c6:00:b9:bd:03:
         30:75:87:c7:81:33:af:09:b4:8b:64:c4:fd:94:9f:aa:ec:d5:
         3c:cb:3d:40:c5:3b:65:ad:30:be:d4:b2:54:dc:1d:f0:5a:7f:
         6f:97:6f:7b:31:ef:e9:2d:74:cf:8d:e2:10:f7:38:ea:e2:25:
         f9:eb:ee:23:a8:df:36:f8:50:e1:0b:a2:db:db:c5:c3:ed:31:
         ad:b9:1f:cf:db:ef:cc:e7:8d:53:02:f0:ac:41:d1:68:7c:83:
         19:00:8d:b1:7a:42:26:5f:e7:67:58:63:35:09:7e:67:21:55:
         ab:ad:b6:37:5c:fb:ce:eb:f9:4c:59:91:d9:5f:ce:eb:46:48:
         5f:5e:8c:4b:69:3a:f8:38:86:db:2a:18:d8:37:0f:b1:22:b7:
         b8:87:c8:49:5c:4c:40:13:89:93:fc:e9:a1:54:ad:0b:3b:55:
         15:09:b5:10:8f:7e:b3:62:61:19:8b:50:b2:7c:43:90:7d:7a:
         06:6e:c9:02:be:d5:18:3d:84:b9:7a:b0:1b:a3:84:f0:1b:b9:
         87:7b:e2:13:31:83:96:1d:a6:62:6c:25:65:36:7e:cd:53:d7:
         35:93:0a:eb:0b:65:86:c4:96:36:24:79:e8:04:3c:62:14:72:
         2f:9e:8c:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5bA0atxZdIClh/JJSQ2NWVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjQwMzIwMDgzODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjBlMzIzZDYxZjA1ZWE5OGViZTQyOTE2ODVhOTY0YWIwMGI2YzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2VVeau/V0wE0YJDoc0mbvsCY1Iw
IhkZaEbJohvPTfEg4P6QlmUi6U+McTCLJPl4hnODacAQfOjNOW38jbjEwxUihXyq
9CIhxCxj8H+0Pd38vMFR+kmx1qWylvsBwxVv8ojnYBdQMAJ1C1NbT/Fl/goJ8ysy
YCOiOYehN0Snq7wKqoLcUkykBvrWSCKg1uZyyV6ZlNHsptfAooOjyQBfZWYFh7Ko
FrfRVmipYVCw4710tdTdDdWUu6ba1UeOBEvg+DQXArXIYU4cH9gYmNU2yfaKNTJ/
XU+ajMdiFA79gGlyh1Eq5HfPt+ATWzMtsvh6Y276DCtu5GBQST36kn0ghwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFIOMj1h8F6pjr5CkWhalkqwC2xRMB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvVWc0eVBXSHdYcW1PdmtLUmFGcVdTckFMYkZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWJfAMA0G
CSqGSIb3DQEBCwUAA4IBAQDC/TqQxckC59KxrC4jxgC5vQMwdYfHgTOvCbSLZMT9
lJ+q7NU8yz1AxTtlrTC+1LJU3B3wWn9vl297Me/pLXTPjeIQ9zjq4iX56+4jqN82
+FDhC6Lb28XD7TGtuR/P2+/M541TAvCsQdFofIMZAI2xekImX+dnWGM1CX5nIVWr
rbY3XPvO6/lMWZHZX87rRkhfXoxLaTr4OIbbKhjYNw+xIre4h8hJXExAE4mT/Omh
VK0LO1UVCbUQj36zYmEZi1CyfEOQfXoGbskCvtUYPYS5erAbo4TwG7mHe+ITMYOW
HaZibCVlNn7NU9c1kwrrC2WGxJY2JHnoBDxiFHIvnoxF
-----END CERTIFICATE-----