Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/uumQQQ1viq_-gfcaqAufH6g_C7w.roa
File:                     uumQQQ1viq_-gfcaqAufH6g_C7w.roa (raw, json)
Hash identifier:          AM9mJlfYhSa7Wcw8Wx9nTWnnL8T0GQwXceLp5ft6/NA=
Subject key identifier:   BA:E9:90:41:0D:6F:8A:AF:FE:81:F7:1A:A8:0B:9F:1F:A8:3F:0B:BC
Certificate issuer:       /CN=21e86ff9973c93abe6398f031966c29d75a3ba86
Certificate serial:       019420D65E3E24510EB08A18E2FA9CFEF2AA
Authority key identifier: 21:E8:6F:F9:97:3C:93:AB:E6:39:8F:03:19:66:C2:9D:75:A3:BA:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/uumQQQ1viq_-gfcaqAufH6g_C7w.roa
Signing time:             Wed 01 Jan 2025 07:48:27 +0000
ROA not before:           Wed 01 Jan 2025 07:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     55163
IP address blocks:        144.2.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:5e:3e:24:51:0e:b0:8a:18:e2:fa:9c:fe:f2:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21e86ff9973c93abe6398f031966c29d75a3ba86
        Validity
            Not Before: Jan  1 07:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bae990410d6f8aaffe81f71aa80b9f1fa83f0bbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:0a:d6:13:87:e9:61:cf:d4:0f:c3:f7:3e:09:
                    ed:5b:59:f0:17:a2:f4:ca:76:8b:4e:f0:b4:ba:33:
                    98:f6:74:7f:c8:fd:c5:bf:a6:ef:94:31:69:5f:eb:
                    26:01:1d:79:7d:b2:00:b4:8a:6e:6f:cf:9d:5d:ab:
                    34:5e:20:ce:73:2c:42:1b:c1:1d:bc:32:85:84:0d:
                    f9:72:88:93:10:31:9e:37:ca:67:32:22:82:9c:7c:
                    e3:46:d6:b4:e2:60:84:9d:32:ef:75:42:f9:0c:bf:
                    57:eb:b6:6b:75:28:70:63:b8:61:7a:92:b2:4f:73:
                    59:89:df:fd:c4:2c:25:5c:e7:61:cd:5a:a8:d4:64:
                    31:b3:28:39:fe:03:c2:d0:36:b5:4e:c2:cc:94:ca:
                    15:78:d8:1c:54:f5:41:fa:5f:7b:35:1d:63:71:7c:
                    ae:65:c8:c2:95:9f:c3:ba:25:10:19:b4:f2:74:17:
                    b2:77:1d:a5:e0:80:48:f7:26:06:da:40:15:38:68:
                    d6:02:7a:98:8b:22:4d:e2:c2:b4:9b:fd:f7:cf:64:
                    19:fb:2f:b8:86:2d:14:6a:5f:50:dd:fb:5c:33:31:
                    6f:25:36:26:0e:54:06:9e:0d:d7:6d:f6:14:e3:cf:
                    7d:08:db:17:fd:69:96:0d:41:49:c0:b2:98:4e:d9:
                    e9:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:E9:90:41:0D:6F:8A:AF:FE:81:F7:1A:A8:0B:9F:1F:A8:3F:0B:BC
            X509v3 Authority Key Identifier:
                keyid:21:E8:6F:F9:97:3C:93:AB:E6:39:8F:03:19:66:C2:9D:75:A3:BA:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/uumQQQ1viq_-gfcaqAufH6g_C7w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.2.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:01:a7:6c:0f:c1:56:61:08:05:9d:6a:48:62:d2:3c:d6:50:
         f9:a2:e6:a4:a8:de:c0:b1:97:c3:f7:6f:f3:67:b1:93:97:d0:
         8f:0f:f0:1f:24:45:27:6a:57:aa:47:a9:c9:15:0b:45:1b:d9:
         ac:f0:2b:8a:36:c7:7b:5a:ea:f5:0e:68:9e:a5:53:e4:ad:5e:
         bd:43:b1:e6:76:78:77:a8:07:e7:e6:c5:64:c5:c5:37:85:b3:
         93:4a:89:43:d6:f5:79:74:8f:85:4c:2d:fe:91:50:06:4d:f6:
         95:6b:75:59:a5:a4:46:5a:b7:af:2b:c1:fe:db:49:5a:3b:90:
         9a:0d:69:74:00:cc:40:da:5f:0a:82:9b:04:d4:92:d0:aa:8b:
         32:f2:66:c6:05:7b:09:53:89:4d:3e:4d:7c:cc:15:90:4f:01:
         bf:f0:b9:24:0e:2d:b2:2a:a6:4b:e2:cd:b7:13:0c:5b:7e:b6:
         c2:4e:64:73:6d:a8:03:8b:b8:1c:50:94:d0:ca:d2:89:b4:58:
         2b:e5:59:a2:f6:29:d6:e6:8b:6a:30:67:54:cc:8e:c4:a5:15:
         a5:df:63:2c:97:93:28:62:b4:da:92:a6:60:af:68:60:64:e2:
         99:ae:c7:b7:2a:af:5d:b7:53:03:87:bc:18:25:e5:f1:61:fc:
         34:e1:49:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1l4+JFEOsIoY4vqc/vKqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxZTg2ZmY5OTczYzkzYWJlNjM5OGYwMzE5NjZjMjlkNzVh
M2JhODYwHhcNMjUwMTAxMDc0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWU5OTA0MTBkNmY4YWFmZmU4MWY3MWFhODBiOWYxZmE4M2YwYmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ArWE4fpYc/UD8P3PgntW1nwF6L0
ynaLTvC0ujOY9nR/yP3Fv6bvlDFpX+smAR15fbIAtIpub8+dXas0XiDOcyxCG8Ed
vDKFhA35coiTEDGeN8pnMiKCnHzjRta04mCEnTLvdUL5DL9X67ZrdShwY7hhepKy
T3NZid/9xCwlXOdhzVqo1GQxsyg5/gPC0Da1TsLMlMoVeNgcVPVB+l97NR1jcXyu
ZcjClZ/DuiUQGbTydBeydx2l4IBI9yYG2kAVOGjWAnqYiyJN4sK0m/33z2QZ+y+4
hi0Ual9Q3ftcMzFvJTYmDlQGng3XbfYU4899CNsX/WmWDUFJwLKYTtnp2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLrpkEENb4qv/oH3GqgLnx+oPwu8MB8GA1UdIwQY
MBaAFCHob/mXPJOr5jmPAxlmwp11o7qGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWVodi1aYzhrNnZtT1k4REdXYkNuWFdqdW9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8yZjZkZDAtYjc2Zi00N2Q1LWE0YWIt
MzJmZWViNTY2ZWU2LzEvdXVtUVFRMXZpcV8tZ2ZjYXFBdWZINmdfQzd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8yZjZkZDAtYjc2Zi00N2Q1LWE0YWItMzJmZWViNTY2ZWU2
LzEvSWVodi1aYzhrNnZtT1k4REdXYkNuWFdqdW9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkAISMA0G
CSqGSIb3DQEBCwUAA4IBAQB8AadsD8FWYQgFnWpIYtI81lD5ouakqN7AsZfD92/z
Z7GTl9CPD/AfJEUnaleqR6nJFQtFG9ms8CuKNsd7Wur1DmiepVPkrV69Q7Hmdnh3
qAfn5sVkxcU3hbOTSolD1vV5dI+FTC3+kVAGTfaVa3VZpaRGWrevK8H+20laO5Ca
DWl0AMxA2l8KgpsE1JLQqosy8mbGBXsJU4lNPk18zBWQTwG/8LkkDi2yKqZL4s23
EwxbfrbCTmRzbagDi7gcUJTQytKJtFgr5Vmi9inW5otqMGdUzI7EpRWl32Msl5Mo
YrTakqZgr2hgZOKZrse3Kq9dt1MDh7wYJeXxYfw04UlL
-----END CERTIFICATE-----