Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/a4640c-e69a-4337-b1aa-4cb0679ace7f/1/ucScMPAy00ug2kPDuCwSp-mDl7I.roa
File:                     ucScMPAy00ug2kPDuCwSp-mDl7I.roa (raw, json)
Hash identifier:          yTozWRiWvB4IUcAYzXtU2EQoumQmSp9DrRVAnF5P3O4=
Subject key identifier:   B9:C4:9C:30:F0:32:D3:4B:A0:DA:43:C3:B8:2C:12:A7:E9:83:97:B2
Certificate issuer:       /CN=64c5fd1dc0c457d9ec113d23bd4935c723e9ecf4
Certificate serial:       019425FDDE6DB7F7CD739B490642723DD0C2
Authority key identifier: 64:C5:FD:1D:C0:C4:57:D9:EC:11:3D:23:BD:49:35:C7:23:E9:EC:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZMX9HcDEV9nsET0jvUk1xyPp7PQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/a4640c-e69a-4337-b1aa-4cb0679ace7f/1/ucScMPAy00ug2kPDuCwSp-mDl7I.roa
Signing time:             Thu 02 Jan 2025 07:49:41 +0000
ROA not before:           Thu 02 Jan 2025 07:49:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211465
IP address blocks:        194.42.126.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/a4640c-e69a-4337-b1aa-4cb0679ace7f/1/ZMX9HcDEV9nsET0jvUk1xyPp7PQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/a4640c-e69a-4337-b1aa-4cb0679ace7f/1/ZMX9HcDEV9nsET0jvUk1xyPp7PQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZMX9HcDEV9nsET0jvUk1xyPp7PQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 13:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:de:6d:b7:f7:cd:73:9b:49:06:42:72:3d:d0:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64c5fd1dc0c457d9ec113d23bd4935c723e9ecf4
        Validity
            Not Before: Jan  2 07:49:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b9c49c30f032d34ba0da43c3b82c12a7e98397b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:4d:03:2a:9e:35:09:3b:40:3a:b4:75:4a:30:
                    c6:57:e6:e7:87:c5:0e:34:58:b7:1e:92:63:13:56:
                    d6:ac:43:cb:88:7c:41:82:39:6a:c8:f2:94:94:a4:
                    b2:6b:7d:93:b6:b1:ad:a0:c2:1f:16:b0:f7:de:85:
                    07:65:99:e1:50:a7:17:4f:10:32:e7:ca:6e:50:81:
                    ce:5a:10:f8:c0:1f:7a:be:0d:92:bb:f5:80:1f:95:
                    1b:f9:3b:c3:7d:9c:1d:aa:cf:47:bf:21:56:b9:ac:
                    da:be:5b:6f:cf:dd:f6:56:5f:50:45:d6:cd:d3:ee:
                    78:ca:06:16:8b:d2:1d:a7:c8:40:ee:2c:66:37:18:
                    c2:94:46:e8:ef:97:7b:07:58:c9:4b:be:53:27:fb:
                    36:e0:5e:a1:5c:2f:e0:86:ce:fb:b5:60:82:09:ee:
                    3d:16:08:eb:ea:82:4a:df:f0:9f:74:b2:40:17:b9:
                    a4:9d:95:9e:c9:04:22:92:e2:d4:b4:b5:c5:48:c5:
                    71:5d:62:bc:a9:c7:13:96:22:d6:7c:92:89:c0:16:
                    7a:8f:9e:41:2d:6f:28:83:2c:0a:38:78:1a:38:54:
                    05:f8:66:7b:b8:29:97:e4:e5:c0:67:93:59:a4:78:
                    ef:5a:7c:cc:2d:4e:a2:7c:36:d1:76:8d:65:d4:a3:
                    8d:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:C4:9C:30:F0:32:D3:4B:A0:DA:43:C3:B8:2C:12:A7:E9:83:97:B2
            X509v3 Authority Key Identifier:
                keyid:64:C5:FD:1D:C0:C4:57:D9:EC:11:3D:23:BD:49:35:C7:23:E9:EC:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZMX9HcDEV9nsET0jvUk1xyPp7PQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/a4640c-e69a-4337-b1aa-4cb0679ace7f/1/ucScMPAy00ug2kPDuCwSp-mDl7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/a4640c-e69a-4337-b1aa-4cb0679ace7f/1/ZMX9HcDEV9nsET0jvUk1xyPp7PQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.42.126.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ad:9e:c2:cc:2a:6d:3f:c0:52:56:6a:34:25:b9:23:6a:3b:7f:
         90:c8:db:77:5f:6b:ac:31:49:45:e7:28:ac:47:fb:b1:aa:9d:
         a5:c3:58:6a:1f:28:ac:c6:63:b4:57:e2:6d:3c:49:f6:f6:6c:
         1f:74:1b:ee:6e:54:42:fb:2b:9c:c5:7b:88:9c:06:b9:0e:97:
         e2:f8:16:0e:55:43:28:8d:b1:c5:4e:6d:c6:5d:bb:f0:12:db:
         95:44:f0:1d:e3:91:2f:b9:de:bf:38:fb:25:f9:18:63:35:17:
         08:b3:cd:ba:5d:47:ac:96:45:2f:20:65:00:4b:53:7c:f6:4a:
         5d:63:fc:bf:54:1f:db:14:ab:f0:d8:21:6c:18:1b:ee:8b:75:
         fc:d6:1a:0e:65:01:be:70:90:12:a1:dc:22:84:27:1c:cb:37:
         50:b2:37:85:3b:74:d2:74:c9:33:6e:57:0a:11:43:4e:21:c9:
         0f:2b:02:e9:e1:e7:fc:91:a1:94:26:79:66:07:8a:0b:f5:fa:
         7c:91:72:67:37:df:04:76:ed:2b:63:f1:29:54:28:2a:b0:e2:
         cd:93:dc:28:80:50:ac:f2:7c:76:df:68:24:3f:cc:92:9d:e0:
         7f:e1:39:f4:f7:1a:b7:d8:0b:c9:17:cc:b5:69:7b:ad:0c:d7:
         8f:49:19:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/d5tt/fNc5tJBkJyPdDCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0YzVmZDFkYzBjNDU3ZDllYzExM2QyM2JkNDkzNWM3MjNl
OWVjZjQwHhcNMjUwMTAyMDc0OTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWM0OWMzMGYwMzJkMzRiYTBkYTQzYzNiODJjMTJhN2U5ODM5N2IyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm00DKp41CTtAOrR1SjDGV+bnh8UO
NFi3HpJjE1bWrEPLiHxBgjlqyPKUlKSya32TtrGtoMIfFrD33oUHZZnhUKcXTxAy
58puUIHOWhD4wB96vg2Su/WAH5Ub+TvDfZwdqs9HvyFWuazavltvz932Vl9QRdbN
0+54ygYWi9Idp8hA7ixmNxjClEbo75d7B1jJS75TJ/s24F6hXC/ghs77tWCCCe49
Fgjr6oJK3/CfdLJAF7mknZWeyQQikuLUtLXFSMVxXWK8qccTliLWfJKJwBZ6j55B
LW8ogywKOHgaOFQF+GZ7uCmX5OXAZ5NZpHjvWnzMLU6ifDbRdo1l1KONyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLnEnDDwMtNLoNpDw7gsEqfpg5eyMB8GA1UdIwQY
MBaAFGTF/R3AxFfZ7BE9I71JNccj6ez0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWk1YOUhjREVWOW5zRVQwanZVazF4eVBwN1BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi9hNDY0MGMtZTY5YS00MzM3LWIxYWEt
NGNiMDY3OWFjZTdmLzEvdWNTY01QQXkwMHVnMmtQRHVDd1NwLW1EbDdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi9hNDY0MGMtZTY5YS00MzM3LWIxYWEtNGNiMDY3OWFjZTdm
LzEvWk1YOUhjREVWOW5zRVQwanZVazF4eVBwN1BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwip+MA0G
CSqGSIb3DQEBCwUAA4IBAQCtnsLMKm0/wFJWajQluSNqO3+QyNt3X2usMUlF5yis
R/uxqp2lw1hqHyisxmO0V+JtPEn29mwfdBvublRC+yucxXuInAa5Dpfi+BYOVUMo
jbHFTm3GXbvwEtuVRPAd45Evud6/OPsl+RhjNRcIs826XUeslkUvIGUAS1N89kpd
Y/y/VB/bFKvw2CFsGBvui3X81hoOZQG+cJASodwihCccyzdQsjeFO3TSdMkzblcK
EUNOIckPKwLp4ef8kaGUJnlmB4oL9fp8kXJnN98Edu0rY/EpVCgqsOLNk9wogFCs
8nx232gkP8ySneB/4Tn09xq32AvJF8y1aXutDNePSRlT
-----END CERTIFICATE-----