Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/ccf777-9465-4a2e-8112-71d8b8850853/1/u-uD5eJkyZwHdvCGzRD30UcsPdQ.roa
File:                     u-uD5eJkyZwHdvCGzRD30UcsPdQ.roa (raw, json)
Hash identifier:          972IpaBLO7W9fM3TeJorAGTATEI6lVsjC4rz1G6aPgA=
Subject key identifier:   BB:EB:83:E5:E2:64:C9:9C:07:76:F0:86:CD:10:F7:D1:47:2C:3D:D4
Certificate issuer:       /CN=69fdfe8249f943aabad1881fca5836613a6a67bc
Certificate serial:       019421B1AAEB9407C27303D5D91343F91092
Authority key identifier: 69:FD:FE:82:49:F9:43:AA:BA:D1:88:1F:CA:58:36:61:3A:6A:67:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/af3-gkn5Q6q60Ygfylg2YTpqZ7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/ccf777-9465-4a2e-8112-71d8b8850853/1/u-uD5eJkyZwHdvCGzRD30UcsPdQ.roa
Signing time:             Wed 01 Jan 2025 11:47:59 +0000
ROA not before:           Wed 01 Jan 2025 11:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39242
IP address blocks:        185.159.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/ccf777-9465-4a2e-8112-71d8b8850853/1/af3-gkn5Q6q60Ygfylg2YTpqZ7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/ccf777-9465-4a2e-8112-71d8b8850853/1/af3-gkn5Q6q60Ygfylg2YTpqZ7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/af3-gkn5Q6q60Ygfylg2YTpqZ7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Apr 2025 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:aa:eb:94:07:c2:73:03:d5:d9:13:43:f9:10:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69fdfe8249f943aabad1881fca5836613a6a67bc
        Validity
            Not Before: Jan  1 11:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bbeb83e5e264c99c0776f086cd10f7d1472c3dd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:b7:12:8e:d9:dd:83:52:1d:7f:7a:f4:9a:41:
                    5d:fd:23:61:34:0e:9f:fe:6a:36:c1:7e:1d:9f:05:
                    12:dd:77:84:d7:a9:1d:89:b3:09:ad:e4:41:16:a6:
                    d9:a1:f0:e5:e8:6e:23:d3:7f:55:5d:88:0d:02:c9:
                    6a:19:b4:78:91:d0:7a:3c:59:61:e8:3d:72:49:c5:
                    9a:d6:55:7d:25:b3:3e:e0:d5:9a:3f:f5:ff:80:ab:
                    a8:c9:87:58:b9:32:fc:2a:02:1c:9c:33:85:85:8b:
                    e0:40:d2:0a:41:d0:ce:a2:f4:80:fa:18:aa:7c:aa:
                    09:02:14:16:6e:d3:82:44:9c:93:b2:a4:34:ef:86:
                    7b:ad:ba:04:d7:26:24:72:28:32:fd:b2:b1:9b:75:
                    37:bd:63:97:5a:f7:03:be:95:2f:7e:0d:d8:51:e3:
                    60:77:6b:cc:ad:6b:c8:7f:64:d1:95:f3:6e:d6:6c:
                    bd:32:09:1c:6d:91:0f:16:5d:ca:7a:d7:a7:8c:e8:
                    9c:8a:3e:07:37:05:1e:0d:09:7d:dc:1b:82:8c:a0:
                    45:01:a0:aa:98:1b:c7:e8:e1:9c:eb:29:d4:bc:65:
                    dd:83:fd:ba:08:99:6a:50:b6:21:29:dc:8e:56:ce:
                    9a:c8:50:02:cb:92:d8:81:43:5e:4e:ad:3f:3a:dc:
                    bb:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:EB:83:E5:E2:64:C9:9C:07:76:F0:86:CD:10:F7:D1:47:2C:3D:D4
            X509v3 Authority Key Identifier:
                keyid:69:FD:FE:82:49:F9:43:AA:BA:D1:88:1F:CA:58:36:61:3A:6A:67:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/af3-gkn5Q6q60Ygfylg2YTpqZ7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/ccf777-9465-4a2e-8112-71d8b8850853/1/u-uD5eJkyZwHdvCGzRD30UcsPdQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/ccf777-9465-4a2e-8112-71d8b8850853/1/af3-gkn5Q6q60Ygfylg2YTpqZ7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.159.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:71:77:c9:48:6f:0a:0d:73:42:ec:7b:be:0c:95:62:be:99:
         7d:9c:08:1b:42:f7:12:fe:cd:d3:6d:92:d6:38:4d:13:5b:e4:
         e4:54:20:f8:b8:b8:0d:72:4f:ca:c0:e6:94:f5:ee:9b:fd:12:
         a8:76:8e:dc:0c:7d:c5:39:07:82:21:f3:a5:b4:20:4b:5f:4e:
         5e:86:2b:29:48:08:07:79:d5:a2:39:b5:b4:4e:27:a7:17:90:
         e4:97:b4:cb:33:a8:44:9a:34:02:7c:60:83:6c:a1:e5:c8:cc:
         f4:0a:1f:ba:c9:5d:85:da:66:7b:2a:b8:84:86:21:3a:5d:2c:
         5d:52:80:6d:19:0a:84:c7:2e:93:c2:37:33:77:48:90:66:62:
         d8:c6:f0:ef:3a:df:f4:00:73:63:0a:e6:29:4c:67:50:af:b3:
         5d:25:4e:97:06:ae:24:1e:07:e7:a3:34:57:9c:75:cc:4e:8c:
         2c:9c:4e:4c:84:4d:8d:0e:12:cd:e2:1e:33:ec:d0:29:9a:98:
         4f:45:6d:55:42:15:69:33:89:1e:1e:b0:41:ad:e5:76:73:e9:
         b5:40:e3:f9:d2:02:ed:41:7e:4c:f0:e4:c8:3f:32:97:2c:0c:
         02:10:08:ba:c0:f5:c9:07:a8:c0:c6:78:2a:3a:75:0c:4e:70:
         ef:56:91:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsarrlAfCcwPV2RND+RCSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ZmRmZTgyNDlmOTQzYWFiYWQxODgxZmNhNTgzNjYxM2E2
YTY3YmMwHhcNMjUwMTAxMTE0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmViODNlNWUyNjRjOTljMDc3NmYwODZjZDEwZjdkMTQ3MmMzZGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbcSjtndg1Idf3r0mkFd/SNhNA6f
/mo2wX4dnwUS3XeE16kdibMJreRBFqbZofDl6G4j039VXYgNAslqGbR4kdB6PFlh
6D1yScWa1lV9JbM+4NWaP/X/gKuoyYdYuTL8KgIcnDOFhYvgQNIKQdDOovSA+hiq
fKoJAhQWbtOCRJyTsqQ074Z7rboE1yYkcigy/bKxm3U3vWOXWvcDvpUvfg3YUeNg
d2vMrWvIf2TRlfNu1my9MgkcbZEPFl3KetenjOicij4HNwUeDQl93BuCjKBFAaCq
mBvH6OGc6ynUvGXdg/26CJlqULYhKdyOVs6ayFACy5LYgUNeTq0/Oty7ewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLvrg+XiZMmcB3bwhs0Q99FHLD3UMB8GA1UdIwQY
MBaAFGn9/oJJ+UOqutGIH8pYNmE6ame8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWYzLWdrbjVRNnE2MFlnZnlsZzJZVHBxWjd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9jY2Y3NzctOTQ2NS00YTJlLTgxMTIt
NzFkOGI4ODUwODUzLzEvdS11RDVlSmt5WndIZHZDR3pSRDMwVWNzUGRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9jY2Y3NzctOTQ2NS00YTJlLTgxMTItNzFkOGI4ODUwODUz
LzEvYWYzLWdrbjVRNnE2MFlnZnlsZzJZVHBxWjd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZ/sMA0G
CSqGSIb3DQEBCwUAA4IBAQBgcXfJSG8KDXNC7Hu+DJVivpl9nAgbQvcS/s3TbZLW
OE0TW+TkVCD4uLgNck/KwOaU9e6b/RKodo7cDH3FOQeCIfOltCBLX05ehispSAgH
edWiObW0TienF5Dkl7TLM6hEmjQCfGCDbKHlyMz0Ch+6yV2F2mZ7KriEhiE6XSxd
UoBtGQqExy6Twjczd0iQZmLYxvDvOt/0AHNjCuYpTGdQr7NdJU6XBq4kHgfnozRX
nHXMTowsnE5MhE2NDhLN4h4z7NApmphPRW1VQhVpM4keHrBBreV2c+m1QOP50gLt
QX5M8OTIPzKXLAwCEAi6wPXJB6jAxngqOnUMTnDvVpF7
-----END CERTIFICATE-----