Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/a2f87b-4811-4fe1-b15d-f889ca161c01/1/UpAIYdHVaETBz-8k_UNZLyJboys.roa
File:                     UpAIYdHVaETBz-8k_UNZLyJboys.roa (raw, json)
Hash identifier:          8yu2yU2ku+dGcf+5j/6HmRic82BIbu6UDbd0YfwKONo=
Subject key identifier:   52:90:08:61:D1:D5:68:44:C1:CF:EF:24:FD:43:59:2F:22:5B:A3:2B
Certificate issuer:       /CN=49c403d43b5f38fca2119cd1409a92763edefe71
Certificate serial:       018F06917B06EA162CABB91C6FCED4398306
Authority key identifier: 49:C4:03:D4:3B:5F:38:FC:A2:11:9C:D1:40:9A:92:76:3E:DE:FE:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ScQD1DtfOPyiEZzRQJqSdj7e_nE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/a2f87b-4811-4fe1-b15d-f889ca161c01/1/UpAIYdHVaETBz-8k_UNZLyJboys.roa
Signing time:             Mon 22 Apr 2024 16:09:08 +0000
ROA not before:           Mon 22 Apr 2024 16:09:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     273218
IP address blocks:        185.75.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/a2f87b-4811-4fe1-b15d-f889ca161c01/1/ScQD1DtfOPyiEZzRQJqSdj7e_nE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/a2f87b-4811-4fe1-b15d-f889ca161c01/1/ScQD1DtfOPyiEZzRQJqSdj7e_nE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ScQD1DtfOPyiEZzRQJqSdj7e_nE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:06:91:7b:06:ea:16:2c:ab:b9:1c:6f:ce:d4:39:83:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49c403d43b5f38fca2119cd1409a92763edefe71
        Validity
            Not Before: Apr 22 16:09:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=52900861d1d56844c1cfef24fd43592f225ba32b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:fe:d0:25:76:5f:a0:6f:3d:5b:b9:15:32:d1:
                    ed:a1:06:15:e5:c7:16:42:46:a4:4a:38:0f:42:b5:
                    7b:da:3d:a7:fa:00:56:fe:de:b0:72:92:db:0c:ad:
                    16:2d:fe:a5:bc:4f:65:91:ac:f3:27:d8:78:a5:ee:
                    17:2a:28:ed:0d:b0:bf:73:99:5a:01:26:d9:5c:4a:
                    91:27:06:8e:75:25:31:e8:13:f8:d5:11:a0:96:6c:
                    db:60:4d:74:76:95:f3:56:4d:c9:ff:49:ae:9b:0e:
                    1b:c0:a5:a3:9f:a6:e8:1c:10:00:a3:94:5d:3e:36:
                    07:b6:d9:bb:f3:bd:7f:e1:41:1e:75:93:37:8f:41:
                    14:f4:0b:ef:a1:ea:11:56:ba:bf:2c:d6:41:fb:ff:
                    65:65:ff:6d:19:a4:bc:98:e9:19:cf:18:74:ab:78:
                    70:22:36:6e:d0:0b:f7:c0:dc:1e:a7:2e:b3:90:e3:
                    43:47:e5:e1:63:2a:6c:37:a1:a1:e3:3a:41:bb:7b:
                    a1:8f:b0:cb:e8:fe:44:1a:14:b7:02:12:98:b1:a9:
                    c8:3b:cc:0a:50:2f:b9:b0:85:41:f8:47:09:64:3b:
                    aa:81:ba:47:e3:93:03:19:bb:06:e4:75:a5:4c:5b:
                    57:b7:4b:6e:95:62:59:54:00:46:4e:e0:51:81:b8:
                    71:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:90:08:61:D1:D5:68:44:C1:CF:EF:24:FD:43:59:2F:22:5B:A3:2B
            X509v3 Authority Key Identifier:
                keyid:49:C4:03:D4:3B:5F:38:FC:A2:11:9C:D1:40:9A:92:76:3E:DE:FE:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ScQD1DtfOPyiEZzRQJqSdj7e_nE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/a2f87b-4811-4fe1-b15d-f889ca161c01/1/UpAIYdHVaETBz-8k_UNZLyJboys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/a2f87b-4811-4fe1-b15d-f889ca161c01/1/ScQD1DtfOPyiEZzRQJqSdj7e_nE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.75.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:68:46:aa:53:13:35:5e:cc:47:a9:25:ed:f5:d6:13:d4:70:
         a0:35:30:e7:1b:eb:2e:08:3f:d3:be:99:8b:e3:23:34:ab:07:
         90:72:73:ef:8d:1e:c6:ac:a5:75:4b:a6:42:78:5d:bc:65:5d:
         6f:7a:d3:fe:62:9a:32:27:fe:15:c2:36:a0:91:da:df:1e:0f:
         a9:ed:b4:29:1d:ee:62:3a:ff:77:26:ea:b9:28:1c:0f:c7:1f:
         34:9f:ef:4e:99:3f:61:ab:7e:50:16:16:e4:50:63:b5:8a:a6:
         17:a4:d4:1e:19:c5:23:94:11:da:0e:b5:d2:f9:83:9d:6f:ca:
         a1:35:31:07:49:b0:db:5a:68:55:37:d3:6e:16:2b:ac:dc:84:
         1b:75:3c:b5:90:b0:b5:b5:73:34:88:0a:00:8e:32:2f:40:15:
         c2:f6:24:72:63:76:5d:cf:9b:3a:c9:24:2c:4d:e6:a7:66:fc:
         89:91:a7:d2:f4:84:76:f2:23:3e:3b:e8:87:b0:8a:32:f4:d4:
         25:ce:f6:ce:0b:20:d2:7d:54:25:84:68:f4:ae:eb:6d:92:5a:
         14:1b:80:76:2a:1f:fc:8c:a1:81:2b:96:63:85:35:86:a3:8d:
         5d:49:e8:ff:70:66:5c:54:51:0c:d2:41:48:50:7d:9f:1c:a6:
         c0:c4:c2:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8GkXsG6hYsq7kcb87UOYMGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5YzQwM2Q0M2I1ZjM4ZmNhMjExOWNkMTQwOWE5Mjc2M2Vk
ZWZlNzEwHhcNMjQwNDIyMTYwOTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjkwMDg2MWQxZDU2ODQ0YzFjZmVmMjRmZDQzNTkyZjIyNWJhMzJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkP7QJXZfoG89W7kVMtHtoQYV5ccW
QkakSjgPQrV72j2n+gBW/t6wcpLbDK0WLf6lvE9lkazzJ9h4pe4XKijtDbC/c5la
ASbZXEqRJwaOdSUx6BP41RGglmzbYE10dpXzVk3J/0mumw4bwKWjn6boHBAAo5Rd
PjYHttm7871/4UEedZM3j0EU9AvvoeoRVrq/LNZB+/9lZf9tGaS8mOkZzxh0q3hw
IjZu0Av3wNwepy6zkONDR+XhYypsN6Gh4zpBu3uhj7DL6P5EGhS3AhKYsanIO8wK
UC+5sIVB+EcJZDuqgbpH45MDGbsG5HWlTFtXt0tulWJZVABGTuBRgbhxvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFKQCGHR1WhEwc/vJP1DWS8iW6MrMB8GA1UdIwQY
MBaAFEnEA9Q7Xzj8ohGc0UCaknY+3v5xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2NRRDFEdGZPUHlpRVp6UlFKcVNkajdlX25FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9hMmY4N2ItNDgxMS00ZmUxLWIxNWQt
Zjg4OWNhMTYxYzAxLzEvVXBBSVlkSFZhRVRCei04a19VTlpMeUpib3lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9hMmY4N2ItNDgxMS00ZmUxLWIxNWQtZjg4OWNhMTYxYzAx
LzEvU2NRRDFEdGZPUHlpRVp6UlFKcVNkajdlX25FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUsMMA0G
CSqGSIb3DQEBCwUAA4IBAQBhaEaqUxM1XsxHqSXt9dYT1HCgNTDnG+suCD/TvpmL
4yM0qweQcnPvjR7GrKV1S6ZCeF28ZV1vetP+YpoyJ/4VwjagkdrfHg+p7bQpHe5i
Ov93Juq5KBwPxx80n+9OmT9hq35QFhbkUGO1iqYXpNQeGcUjlBHaDrXS+YOdb8qh
NTEHSbDbWmhVN9NuFius3IQbdTy1kLC1tXM0iAoAjjIvQBXC9iRyY3Zdz5s6ySQs
TeanZvyJkafS9IR28iM+O+iHsIoy9NQlzvbOCyDSfVQlhGj0ruttkloUG4B2Kh/8
jKGBK5ZjhTWGo41dSej/cGZcVFEM0kFIUH2fHKbAxML4
-----END CERTIFICATE-----