Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/9479ca-3db5-4f62-8e23-730b17f069ab/1/UP-6C9f1n_BSP-y09n5NQ92I8j0.roa
File:                     UP-6C9f1n_BSP-y09n5NQ92I8j0.roa (raw, json)
Hash identifier:          ChSL2htqBy0bgif+t2mMM36AWR9llGl9kdf0brQVO0o=
Subject key identifier:   50:FF:BA:0B:D7:F5:9F:F0:52:3F:EC:B4:F6:7E:4D:43:DD:88:F2:3D
Certificate issuer:       /CN=3246795ad68a6badd5afcb6ba4653e9c090fc85a
Certificate serial:       018CC3496755C71179A8A19D62761CBF55D6
Authority key identifier: 32:46:79:5A:D6:8A:6B:AD:D5:AF:CB:6B:A4:65:3E:9C:09:0F:C8:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MkZ5WtaKa63Vr8trpGU-nAkPyFo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/9479ca-3db5-4f62-8e23-730b17f069ab/1/UP-6C9f1n_BSP-y09n5NQ92I8j0.roa
Signing time:             Mon 01 Jan 2024 04:30:16 +0000
ROA not before:           Mon 01 Jan 2024 04:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8426
IP address blocks:        87.236.246.0/24 maxlen: 24
                          87.236.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/9479ca-3db5-4f62-8e23-730b17f069ab/1/MkZ5WtaKa63Vr8trpGU-nAkPyFo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/9479ca-3db5-4f62-8e23-730b17f069ab/1/MkZ5WtaKa63Vr8trpGU-nAkPyFo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MkZ5WtaKa63Vr8trpGU-nAkPyFo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 19:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:67:55:c7:11:79:a8:a1:9d:62:76:1c:bf:55:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3246795ad68a6badd5afcb6ba4653e9c090fc85a
        Validity
            Not Before: Jan  1 04:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=50ffba0bd7f59ff0523fecb4f67e4d43dd88f23d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:4e:84:97:e9:2d:31:8f:90:c2:28:b5:bf:58:
                    c3:a5:6f:d7:26:4c:50:d7:be:b1:41:1a:39:e4:ca:
                    07:67:85:47:9c:b2:25:a8:3a:6f:28:15:c5:e0:b6:
                    c2:84:3f:1d:11:b9:8e:88:ea:3e:94:27:81:91:82:
                    d0:5e:3e:8f:1e:43:50:47:c1:f9:56:fe:1f:58:7c:
                    20:8a:1f:d1:2a:c9:c7:63:e8:c7:f4:54:7e:82:b4:
                    a8:d4:f7:fc:92:10:72:94:c3:75:04:3e:9d:1b:ba:
                    b0:45:7b:3e:19:eb:5d:7f:4b:ca:b8:1b:cc:35:5b:
                    1d:49:3c:28:ad:c3:4e:55:87:b7:4a:13:f5:4e:60:
                    f5:6e:ca:3b:f0:34:2b:53:ea:61:9d:a0:a7:0b:9e:
                    24:ed:46:14:85:48:ae:06:fc:70:2f:9f:c3:54:30:
                    b1:70:f9:a7:04:98:65:cc:97:6b:42:30:5a:34:0c:
                    3f:6a:fb:cd:05:be:6e:cc:ae:26:a5:0c:de:af:90:
                    96:63:89:2a:42:3a:2a:c5:8f:22:1f:7a:15:45:2f:
                    fe:27:e5:fd:c7:ca:cc:41:c0:d3:1f:df:ed:0f:a9:
                    89:c6:9a:28:c7:56:71:c2:f9:20:f2:f9:ab:79:2f:
                    24:ad:98:e9:82:bc:bc:e6:61:5f:9b:92:a4:44:ad:
                    ac:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:FF:BA:0B:D7:F5:9F:F0:52:3F:EC:B4:F6:7E:4D:43:DD:88:F2:3D
            X509v3 Authority Key Identifier:
                keyid:32:46:79:5A:D6:8A:6B:AD:D5:AF:CB:6B:A4:65:3E:9C:09:0F:C8:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MkZ5WtaKa63Vr8trpGU-nAkPyFo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/9479ca-3db5-4f62-8e23-730b17f069ab/1/UP-6C9f1n_BSP-y09n5NQ92I8j0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/9479ca-3db5-4f62-8e23-730b17f069ab/1/MkZ5WtaKa63Vr8trpGU-nAkPyFo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.236.245.0-87.236.246.255

    Signature Algorithm: sha256WithRSAEncryption
         89:27:02:d6:3c:fa:3d:98:7a:c0:16:4e:87:f2:fc:e2:28:ca:
         6a:72:d5:8c:08:d0:d4:ae:44:e7:29:0f:b4:27:d0:dd:6b:a2:
         7f:e2:c0:58:a4:93:a3:90:8e:ba:e7:df:70:db:4e:be:d8:1d:
         90:38:95:ed:a9:3a:08:10:08:4c:36:22:cf:d5:42:35:5a:90:
         ec:7a:3c:70:e4:1d:09:fe:6a:5c:64:ac:9c:e3:bf:4b:bd:38:
         68:71:b5:46:af:09:09:ae:d6:c8:3b:48:c3:cb:5b:14:d3:ea:
         2f:d8:31:99:3f:f6:b0:91:2a:c5:3c:99:62:62:4c:ca:98:ad:
         79:d1:cf:2c:b8:a2:7b:a4:c8:fe:65:86:4a:49:ad:16:5a:c8:
         a6:04:b1:f5:ec:c1:dc:60:8e:45:a9:e9:ae:bf:00:0e:76:cb:
         33:40:1a:be:ee:13:83:00:63:1d:4d:0b:e5:48:41:e0:ca:2b:
         36:45:e7:5b:12:a8:21:69:95:ba:ea:a1:7f:d9:fc:0c:a4:bd:
         d2:58:5a:ab:e8:22:3d:a1:a0:ab:a7:a1:6c:44:19:94:1a:b7:
         0e:30:e4:5f:c2:52:f8:91:7a:9e:bb:0b:bc:b0:5c:1a:8c:84:
         80:c1:7b:1a:02:97:2e:f9:10:23:63:84:d8:fc:bf:a6:f5:b5:
         b5:48:88:b6
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzDSWdVxxF5qKGdYnYcv1XWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNDY3OTVhZDY4YTZiYWRkNWFmY2I2YmE0NjUzZTljMDkw
ZmM4NWEwHhcNMjQwMTAxMDQzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGZmYmEwYmQ3ZjU5ZmYwNTIzZmVjYjRmNjdlNGQ0M2RkODhmMjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjU6El+ktMY+Qwii1v1jDpW/XJkxQ
176xQRo55MoHZ4VHnLIlqDpvKBXF4LbChD8dEbmOiOo+lCeBkYLQXj6PHkNQR8H5
Vv4fWHwgih/RKsnHY+jH9FR+grSo1Pf8khBylMN1BD6dG7qwRXs+Getdf0vKuBvM
NVsdSTworcNOVYe3ShP1TmD1bso78DQrU+phnaCnC54k7UYUhUiuBvxwL5/DVDCx
cPmnBJhlzJdrQjBaNAw/avvNBb5uzK4mpQzer5CWY4kqQjoqxY8iH3oVRS/+J+X9
x8rMQcDTH9/tD6mJxpoox1Zxwvkg8vmreS8krZjpgry85mFfm5KkRK2s4wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFD/ugvX9Z/wUj/stPZ+TUPdiPI9MB8GA1UdIwQY
MBaAFDJGeVrWimut1a/La6RlPpwJD8haMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWtaNVd0YUthNjNWcjh0cnBHVS1uQWtQeUZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC85NDc5Y2EtM2RiNS00ZjYyLThlMjMt
NzMwYjE3ZjA2OWFiLzEvVVAtNkM5ZjFuX0JTUC15MDluNU5ROTJJOGowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC85NDc5Y2EtM2RiNS00ZjYyLThlMjMtNzMwYjE3ZjA2OWFi
LzEvTWtaNVd0YUthNjNWcjh0cnBHVS1uQWtQeUZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABX7PUD
BABX7PYwDQYJKoZIhvcNAQELBQADggEBAIknAtY8+j2YesAWTofy/OIoympy1YwI
0NSuROcpD7Qn0N1ron/iwFikk6OQjrrn33DbTr7YHZA4le2pOggQCEw2Is/VQjVa
kOx6PHDkHQn+alxkrJzjv0u9OGhxtUavCQmu1sg7SMPLWxTT6i/YMZk/9rCRKsU8
mWJiTMqYrXnRzyy4onukyP5lhkpJrRZayKYEsfXswdxgjkWp6a6/AA52yzNAGr7u
E4MAYx1NC+VIQeDKKzZF51sSqCFplbrqoX/Z/AykvdJYWqvoIj2hoKunoWxEGZQa
tw4w5F/CUviRep67C7ywXBqMhIDBexoCly75ECNjhNj8v6b1tbVIiLY=
-----END CERTIFICATE-----