Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/badedf-d0e9-45a9-af75-10edb541e6ff/1/HdR6Ah0Qe32r7472JEBtQ7R-uic.roa
File:                     HdR6Ah0Qe32r7472JEBtQ7R-uic.roa (raw, json)
Hash identifier:          9q8qH00PICKWGR7GNHvqSbuGck7QEOPOmn1zpnijT28=
Subject key identifier:   1D:D4:7A:02:1D:10:7B:7D:AB:EF:8E:F6:24:40:6D:43:B4:7E:BA:27
Certificate issuer:       /CN=306c0866dc25208e6c07d4a21d7d8050b508d6a2
Certificate serial:       019428230864D0C1D55214F9EC05D13156E4
Authority key identifier: 30:6C:08:66:DC:25:20:8E:6C:07:D4:A2:1D:7D:80:50:B5:08:D6:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MGwIZtwlII5sB9SiHX2AULUI1qI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/badedf-d0e9-45a9-af75-10edb541e6ff/1/HdR6Ah0Qe32r7472JEBtQ7R-uic.roa
Signing time:             Thu 02 Jan 2025 17:49:31 +0000
ROA not before:           Thu 02 Jan 2025 17:49:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43350
IP address blocks:        185.56.80.0/24 maxlen: 24
                          2a06:e80::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/badedf-d0e9-45a9-af75-10edb541e6ff/1/MGwIZtwlII5sB9SiHX2AULUI1qI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/badedf-d0e9-45a9-af75-10edb541e6ff/1/MGwIZtwlII5sB9SiHX2AULUI1qI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MGwIZtwlII5sB9SiHX2AULUI1qI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 08:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:08:64:d0:c1:d5:52:14:f9:ec:05:d1:31:56:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=306c0866dc25208e6c07d4a21d7d8050b508d6a2
        Validity
            Not Before: Jan  2 17:49:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1dd47a021d107b7dabef8ef624406d43b47eba27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:ab:a3:d4:43:4f:b3:e1:f5:8f:7a:5d:10:f9:
                    fb:f8:38:d2:fd:2c:4a:f5:2e:ae:56:a2:98:2e:56:
                    af:7e:d4:89:b1:7d:41:91:60:3e:9d:98:4b:c9:59:
                    95:f2:34:d2:42:9b:5f:5f:8c:80:c7:37:d6:9e:d0:
                    b8:77:41:58:35:29:8a:a1:05:4b:93:29:cd:85:0a:
                    4c:bb:fd:05:bc:47:b3:9c:e2:90:c5:37:57:84:0b:
                    fa:1e:5f:c7:fa:71:58:2f:24:90:96:ba:0a:a4:81:
                    e5:e3:52:03:f4:8d:4f:7b:35:b3:7f:bf:7f:ec:ac:
                    98:64:e3:fe:9b:20:ed:2f:07:80:08:79:a1:14:7c:
                    dd:16:db:48:10:4c:ae:36:ee:21:86:d1:e0:ac:28:
                    2f:b2:f8:f0:e5:a0:b4:7e:8a:d3:ba:d6:d9:47:5c:
                    04:5b:99:5f:cd:b8:6a:3f:e5:e8:f0:6f:06:ea:47:
                    eb:3f:24:ce:62:1a:fe:a0:87:c5:60:e3:2d:fb:aa:
                    78:8b:cd:b6:d7:ce:e5:e5:9e:36:d3:49:23:90:3d:
                    a6:8a:cd:0a:02:72:67:ac:ec:7a:ba:f9:13:3c:39:
                    bb:fb:16:11:1e:16:a1:75:da:af:c3:c9:cc:23:92:
                    ad:4d:c4:18:14:96:c6:a5:fd:ce:8d:6b:8e:cb:e2:
                    88:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:D4:7A:02:1D:10:7B:7D:AB:EF:8E:F6:24:40:6D:43:B4:7E:BA:27
            X509v3 Authority Key Identifier:
                keyid:30:6C:08:66:DC:25:20:8E:6C:07:D4:A2:1D:7D:80:50:B5:08:D6:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MGwIZtwlII5sB9SiHX2AULUI1qI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/badedf-d0e9-45a9-af75-10edb541e6ff/1/HdR6Ah0Qe32r7472JEBtQ7R-uic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/badedf-d0e9-45a9-af75-10edb541e6ff/1/MGwIZtwlII5sB9SiHX2AULUI1qI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.56.80.0/24
                IPv6:
                  2a06:e80::/36

    Signature Algorithm: sha256WithRSAEncryption
         31:c5:07:8b:28:48:de:d9:c3:af:ac:61:90:11:d8:79:7a:8f:
         63:6f:33:82:44:34:a3:de:8b:6a:cb:df:06:a2:58:71:db:06:
         6f:dc:dd:25:fe:db:d0:b9:2b:48:75:ad:68:f1:e4:49:d5:17:
         4c:9a:9c:c8:da:35:0c:7b:b8:24:33:9b:cf:f3:c8:04:98:98:
         1e:fa:23:f0:f9:31:45:59:5f:83:25:8c:43:2f:04:32:84:ea:
         b1:50:f4:6a:c3:b0:29:4d:b6:66:aa:4a:d5:04:08:f8:42:61:
         8d:89:c5:c3:bb:5e:dd:85:49:12:bc:14:0d:dd:23:8d:98:00:
         39:c0:4f:e2:67:62:9c:59:c9:c8:4c:10:80:99:1a:31:c1:75:
         f7:0f:84:7d:7c:eb:12:be:07:b4:03:da:b1:54:46:2b:5e:8e:
         a1:9b:1a:6e:bd:38:a0:ba:ef:60:e1:59:de:ad:70:e9:31:c6:
         73:32:26:6e:63:20:b4:40:5e:d7:c5:ba:47:e7:d1:b5:3e:3f:
         32:da:ad:03:1e:9b:cd:7f:44:38:bf:64:fc:77:3d:c0:89:10:
         23:dc:fa:39:ad:ff:b8:ff:32:46:ae:fe:09:40:67:24:94:7e:
         f0:22:b4:75:0d:9c:c3:db:29:51:bd:4d:9c:d0:ce:03:53:5a:
         8e:74:50:82
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQoIwhk0MHVUhT57AXRMVbkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwNmMwODY2ZGMyNTIwOGU2YzA3ZDRhMjFkN2Q4MDUwYjUw
OGQ2YTIwHhcNMjUwMTAyMTc0OTMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGQ0N2EwMjFkMTA3YjdkYWJlZjhlZjYyNDQwNmQ0M2I0N2ViYTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArauj1ENPs+H1j3pdEPn7+DjS/SxK
9S6uVqKYLlavftSJsX1BkWA+nZhLyVmV8jTSQptfX4yAxzfWntC4d0FYNSmKoQVL
kynNhQpMu/0FvEeznOKQxTdXhAv6Hl/H+nFYLySQlroKpIHl41ID9I1PezWzf79/
7KyYZOP+myDtLweACHmhFHzdFttIEEyuNu4hhtHgrCgvsvjw5aC0forTutbZR1wE
W5lfzbhqP+Xo8G8G6kfrPyTOYhr+oIfFYOMt+6p4i822187l5Z4200kjkD2mis0K
AnJnrOx6uvkTPDm7+xYRHhahddqvw8nMI5KtTcQYFJbGpf3OjWuOy+KI5wIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFB3UegIdEHt9q++O9iRAbUO0fronMB8GA1UdIwQY
MBaAFDBsCGbcJSCObAfUoh19gFC1CNaiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUd3SVp0d2xJSTVzQjlTaUhYMkFVTFVJMXFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC9iYWRlZGYtZDBlOS00NWE5LWFmNzUt
MTBlZGI1NDFlNmZmLzEvSGRSNkFoMFFlMzJyNzQ3MkpFQnRRN1ItdWljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC9iYWRlZGYtZDBlOS00NWE5LWFmNzUtMTBlZGI1NDFlNmZm
LzEvTUd3SVp0d2xJSTVzQjlTaUhYMkFVTFVJMXFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAuThQMA4E
AgACMAgDBgQqBg6AADANBgkqhkiG9w0BAQsFAAOCAQEAMcUHiyhI3tnDr6xhkBHY
eXqPY28zgkQ0o96LasvfBqJYcdsGb9zdJf7b0LkrSHWtaPHkSdUXTJqcyNo1DHu4
JDObz/PIBJiYHvoj8PkxRVlfgyWMQy8EMoTqsVD0asOwKU22ZqpK1QQI+EJhjYnF
w7te3YVJErwUDd0jjZgAOcBP4mdinFnJyEwQgJkaMcF19w+EfXzrEr4HtAPasVRG
K16OoZsabr04oLrvYOFZ3q1w6THGczImbmMgtEBe18W6R+fRtT4/MtqtAx6bzX9E
OL9k/Hc9wIkQI9z6Oa3/uP8yRq7+CUBnJJR+8CK0dQ2cw9spUb1NnNDOA1NajnRQ
gg==
-----END CERTIFICATE-----