Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/UkLKM15tmjgBY5QWaoqfz0_8jkI.roa
File:                     UkLKM15tmjgBY5QWaoqfz0_8jkI.roa (raw, json)
Hash identifier:          8usx/pzxgiN7xwyYIJpHpe9QYcM1xrfYkkGGJbMr7E8=
Subject key identifier:   52:42:CA:33:5E:6D:9A:38:01:63:94:16:6A:8A:9F:CF:4F:FC:8E:42
Certificate issuer:       /CN=4cf8ffc088591e4f243baafa21b4298bfb366026
Certificate serial:       01942827922EDB0B92162A5D44804C4709B6
Authority key identifier: 4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/UkLKM15tmjgBY5QWaoqfz0_8jkI.roa
Signing time:             Thu 02 Jan 2025 17:54:29 +0000
ROA not before:           Thu 02 Jan 2025 17:54:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205661
IP address blocks:        62.96.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:92:2e:db:0b:92:16:2a:5d:44:80:4c:47:09:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cf8ffc088591e4f243baafa21b4298bfb366026
        Validity
            Not Before: Jan  2 17:54:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5242ca335e6d9a38016394166a8a9fcf4ffc8e42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:e1:dc:ac:98:b2:73:69:ed:6b:26:a4:a0:d8:
                    d2:55:bc:68:27:89:3a:1b:bf:68:8c:a9:d1:03:63:
                    de:1b:93:6d:1b:be:40:18:35:1e:ad:fe:07:2e:b6:
                    9c:95:08:3a:86:3f:15:aa:bf:ed:64:fa:e0:fe:2f:
                    13:d0:2e:1b:c1:f9:87:d9:95:85:26:e9:a9:34:a2:
                    24:31:6a:ba:a5:8c:28:69:d9:55:f0:0d:a6:97:a8:
                    36:ff:ad:ed:fb:65:3e:5a:e4:8f:1b:da:59:b2:51:
                    0d:be:61:52:96:9e:44:86:f1:f5:f7:a7:55:39:8a:
                    9e:68:f5:18:fa:c8:be:6f:a7:53:37:74:22:26:e7:
                    23:ec:3b:ef:88:6a:76:77:84:ee:2e:cf:46:58:6f:
                    31:00:02:55:ce:d0:87:9f:30:c7:2a:69:55:0a:cb:
                    eb:c0:f0:d6:8d:33:4c:e2:76:c4:d4:10:cf:ca:ee:
                    a7:63:26:2c:28:d2:8c:fd:72:d7:67:17:38:d6:62:
                    d2:f5:5c:45:b5:84:ce:20:a3:83:3e:07:17:09:4d:
                    96:14:4d:33:fa:5e:20:2d:92:aa:d1:44:96:d3:b2:
                    25:99:51:06:a3:1d:17:86:12:18:56:bb:2a:c2:f7:
                    c9:14:c0:d8:09:63:bb:35:34:a3:15:7d:2a:3e:6b:
                    7b:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:42:CA:33:5E:6D:9A:38:01:63:94:16:6A:8A:9F:CF:4F:FC:8E:42
            X509v3 Authority Key Identifier:
                keyid:4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/UkLKM15tmjgBY5QWaoqfz0_8jkI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.96.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:33:1d:89:0f:a8:12:e2:28:4a:3b:f9:44:75:bd:0f:0d:44:
         e8:d6:5d:09:b8:94:dc:c7:b4:37:eb:77:38:fc:94:0f:f6:ed:
         74:49:b5:a8:a4:b5:ea:6c:f5:15:58:25:e5:9c:7d:36:86:47:
         37:b2:f9:37:c6:ec:61:18:17:61:46:2e:e2:d7:f0:48:62:5b:
         c2:45:96:0c:68:b6:97:bb:9f:84:f9:56:06:b6:44:e8:45:26:
         a4:9c:8c:5a:a9:73:5d:72:ae:da:11:3f:c3:69:c5:23:72:98:
         44:31:57:cc:ea:40:b9:5c:7c:ab:26:6b:11:61:51:53:55:a9:
         cd:c4:ef:0c:d8:0f:df:27:39:77:66:0a:92:8b:7a:00:87:c9:
         33:98:55:7b:8c:a9:6a:0c:56:0d:aa:16:30:49:3a:89:0d:2e:
         43:6a:be:52:91:de:52:de:44:a1:1f:92:da:34:97:5c:63:15:
         58:8b:b2:0e:35:7c:f5:a0:95:ef:56:2e:e5:26:b2:d1:1d:ee:
         f4:09:1b:96:60:0e:d6:cf:d9:14:b3:7b:b9:fd:8b:bf:bf:13:
         f4:f2:85:a7:18:f8:43:06:d4:33:56:3e:3b:cf:7e:b2:c1:c2:
         65:f6:39:fa:6d:6a:34:59:59:4f:9f:c7:fb:72:6e:04:05:f8:
         b8:4d:c2:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJ5Iu2wuSFipdRIBMRwm2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZjhmZmMwODg1OTFlNGYyNDNiYWFmYTIxYjQyOThiZmIz
NjYwMjYwHhcNMjUwMTAyMTc1NDI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjQyY2EzMzVlNmQ5YTM4MDE2Mzk0MTY2YThhOWZjZjRmZmM4ZTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0uHcrJiyc2ntayakoNjSVbxoJ4k6
G79ojKnRA2PeG5NtG75AGDUerf4HLraclQg6hj8Vqr/tZPrg/i8T0C4bwfmH2ZWF
JumpNKIkMWq6pYwoadlV8A2ml6g2/63t+2U+WuSPG9pZslENvmFSlp5EhvH196dV
OYqeaPUY+si+b6dTN3QiJucj7DvviGp2d4TuLs9GWG8xAAJVztCHnzDHKmlVCsvr
wPDWjTNM4nbE1BDPyu6nYyYsKNKM/XLXZxc41mLS9VxFtYTOIKODPgcXCU2WFE0z
+l4gLZKq0USW07IlmVEGox0XhhIYVrsqwvfJFMDYCWO7NTSjFX0qPmt7owIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFJCyjNebZo4AWOUFmqKn89P/I5CMB8GA1UdIwQY
MBaAFEz4/8CIWR5PJDuq+iG0KYv7NmAmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMt
YjNiNzhiMGI2NmVhLzEvVWtMS00xNXRtamdCWTVRV2FvcWZ6MF84amtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMtYjNiNzhiMGI2NmVh
LzEvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPmAXMA0G
CSqGSIb3DQEBCwUAA4IBAQAQMx2JD6gS4ihKO/lEdb0PDUTo1l0JuJTcx7Q363c4
/JQP9u10SbWopLXqbPUVWCXlnH02hkc3svk3xuxhGBdhRi7i1/BIYlvCRZYMaLaX
u5+E+VYGtkToRSaknIxaqXNdcq7aET/DacUjcphEMVfM6kC5XHyrJmsRYVFTVanN
xO8M2A/fJzl3ZgqSi3oAh8kzmFV7jKlqDFYNqhYwSTqJDS5Dar5Skd5S3kShH5La
NJdcYxVYi7IONXz1oJXvVi7lJrLRHe70CRuWYA7Wz9kUs3u5/Yu/vxP08oWnGPhD
BtQzVj47z36ywcJl9jn6bWo0WVlPn8f7cm4EBfi4TcKh
-----END CERTIFICATE-----