Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/ce88a2-eb87-42a5-916d-b56bb0647868/1/1UVKiNRMJ_HImWl4v8Xm_ov2alc.roa
File:                     1UVKiNRMJ_HImWl4v8Xm_ov2alc.roa (raw, json)
Hash identifier:          5flJUckS677lE7riT489EDvVCL32yj3m5+tviIp0Aik=
Subject key identifier:   D5:45:4A:88:D4:4C:27:F1:C8:99:69:78:BF:C5:E6:FE:8B:F6:6A:57
Certificate issuer:       /CN=a61a8f667a3dddbd4a352318d8f0606c46e9f063
Certificate serial:       019421B1EBF284A28152CA6FC3E6F68A2576
Authority key identifier: A6:1A:8F:66:7A:3D:DD:BD:4A:35:23:18:D8:F0:60:6C:46:E9:F0:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/phqPZno93b1KNSMY2PBgbEbp8GM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/ce88a2-eb87-42a5-916d-b56bb0647868/1/1UVKiNRMJ_HImWl4v8Xm_ov2alc.roa
Signing time:             Wed 01 Jan 2025 11:48:15 +0000
ROA not before:           Wed 01 Jan 2025 11:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34373
IP address blocks:        185.64.120.0/22 maxlen: 24
                          2a03:1460::/32 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/ce88a2-eb87-42a5-916d-b56bb0647868/1/phqPZno93b1KNSMY2PBgbEbp8GM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/ce88a2-eb87-42a5-916d-b56bb0647868/1/phqPZno93b1KNSMY2PBgbEbp8GM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/phqPZno93b1KNSMY2PBgbEbp8GM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:eb:f2:84:a2:81:52:ca:6f:c3:e6:f6:8a:25:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a61a8f667a3dddbd4a352318d8f0606c46e9f063
        Validity
            Not Before: Jan  1 11:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d5454a88d44c27f1c8996978bfc5e6fe8bf66a57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:da:0c:b3:3f:52:52:cd:0a:47:dd:8e:69:3a:
                    41:74:54:7b:1e:1c:a4:a9:e8:47:11:38:97:7d:b0:
                    11:f9:bb:b9:d9:4f:43:d2:b5:5f:86:56:54:12:1f:
                    4b:38:5b:d5:24:bc:a7:29:7e:73:b0:83:95:9e:d3:
                    5e:fb:0f:92:4f:b8:47:61:eb:5f:d7:8d:17:84:3b:
                    85:c4:cf:f3:b9:64:04:12:5a:64:18:92:97:90:08:
                    24:ca:d5:3d:c4:73:ad:1e:84:8e:75:62:2c:43:6c:
                    b7:c1:60:95:59:30:00:5f:9e:57:4c:98:2e:b3:08:
                    cb:bb:7a:ee:4f:c9:54:7f:d3:cb:a9:44:1b:cf:06:
                    82:bf:53:e6:ef:f1:f8:57:08:41:7c:2a:0d:20:6a:
                    22:09:62:c6:81:a4:83:09:09:49:2b:79:b6:00:0d:
                    48:28:c2:5c:5b:42:43:e3:23:a9:24:0a:07:1c:33:
                    16:0d:b3:f7:4b:7e:c9:3b:14:33:ff:c9:4c:67:24:
                    36:de:b0:91:54:bb:36:b9:a3:26:a6:60:ad:5a:55:
                    da:f2:95:b0:27:e5:57:e7:31:e7:a9:ab:c1:33:07:
                    9b:50:1a:28:08:31:b4:f4:fa:77:6c:26:d2:59:4e:
                    e4:0f:31:3a:b2:44:75:5c:51:e9:7d:96:33:3c:f3:
                    43:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:45:4A:88:D4:4C:27:F1:C8:99:69:78:BF:C5:E6:FE:8B:F6:6A:57
            X509v3 Authority Key Identifier:
                keyid:A6:1A:8F:66:7A:3D:DD:BD:4A:35:23:18:D8:F0:60:6C:46:E9:F0:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/phqPZno93b1KNSMY2PBgbEbp8GM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/ce88a2-eb87-42a5-916d-b56bb0647868/1/1UVKiNRMJ_HImWl4v8Xm_ov2alc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/ce88a2-eb87-42a5-916d-b56bb0647868/1/phqPZno93b1KNSMY2PBgbEbp8GM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.64.120.0/22
                IPv6:
                  2a03:1460::/32

    Signature Algorithm: sha256WithRSAEncryption
         0e:70:74:12:15:85:b8:fd:b5:c2:f0:40:d3:90:88:3a:e6:de:
         ff:a8:51:7e:7d:93:ba:99:62:93:e5:27:ed:45:c6:67:09:79:
         0c:07:1d:bb:50:07:d6:28:ba:e0:a1:be:4e:2f:e5:90:35:9b:
         9f:66:8c:7f:97:81:6c:75:b7:82:90:a0:1a:0a:18:5d:18:43:
         b1:24:68:dc:41:bc:f9:86:02:e8:ed:c3:83:2a:f5:9c:d1:9d:
         7e:e9:2a:6a:ad:f4:9a:63:bc:f2:d4:68:83:a5:fe:c5:ef:ab:
         a3:24:20:b6:59:49:be:41:b1:94:43:95:40:c2:47:74:4a:02:
         14:cc:f0:ea:0e:c3:93:16:26:09:c3:56:a2:71:e5:bb:58:97:
         c7:48:d4:3d:fc:50:16:2e:6d:8e:77:0d:9b:3d:f5:ac:6d:aa:
         f8:62:ec:3a:8a:ea:fd:38:50:e5:6f:36:51:c5:bc:51:f8:77:
         ae:ed:3e:ce:fc:15:2c:98:9a:d7:0d:a7:20:ba:d4:72:7b:a6:
         ba:c7:2e:28:47:d1:6f:de:6d:b3:1f:a0:c7:0f:53:03:bc:2c:
         9c:16:d3:dd:8f:04:b1:c4:1a:86:37:17:6d:80:ac:9d:35:07:
         48:d6:91:f9:0a:19:63:df:dd:7e:2d:d9:8d:ce:3c:3b:40:3f:
         19:01:61:69
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhsevyhKKBUspvw+b2iiV2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MWE4ZjY2N2EzZGRkYmQ0YTM1MjMxOGQ4ZjA2MDZjNDZl
OWYwNjMwHhcNMjUwMTAxMTE0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTQ1NGE4OGQ0NGMyN2YxYzg5OTY5NzhiZmM1ZTZmZThiZjY2YTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuNoMsz9SUs0KR92OaTpBdFR7Hhyk
qehHETiXfbAR+bu52U9D0rVfhlZUEh9LOFvVJLynKX5zsIOVntNe+w+ST7hHYetf
140XhDuFxM/zuWQEElpkGJKXkAgkytU9xHOtHoSOdWIsQ2y3wWCVWTAAX55XTJgu
swjLu3ruT8lUf9PLqUQbzwaCv1Pm7/H4VwhBfCoNIGoiCWLGgaSDCQlJK3m2AA1I
KMJcW0JD4yOpJAoHHDMWDbP3S37JOxQz/8lMZyQ23rCRVLs2uaMmpmCtWlXa8pWw
J+VX5zHnqavBMwebUBooCDG09Pp3bCbSWU7kDzE6skR1XFHpfZYzPPNDgQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNVFSojUTCfxyJlpeL/F5v6L9mpXMB8GA1UdIwQY
MBaAFKYaj2Z6Pd29SjUjGNjwYGxG6fBjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGhxUFpubzkzYjFLTlNNWTJQQmdiRWJwOEdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9jZTg4YTItZWI4Ny00MmE1LTkxNmQt
YjU2YmIwNjQ3ODY4LzEvMVVWS2lOUk1KX0hJbVdsNHY4WG1fb3YyYWxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9jZTg4YTItZWI4Ny00MmE1LTkxNmQtYjU2YmIwNjQ3ODY4
LzEvcGhxUFpubzkzYjFLTlNNWTJQQmdiRWJwOEdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuUB4MA0E
AgACMAcDBQAqAxRgMA0GCSqGSIb3DQEBCwUAA4IBAQAOcHQSFYW4/bXC8EDTkIg6
5t7/qFF+fZO6mWKT5SftRcZnCXkMBx27UAfWKLrgob5OL+WQNZufZox/l4FsdbeC
kKAaChhdGEOxJGjcQbz5hgLo7cODKvWc0Z1+6SpqrfSaY7zy1GiDpf7F76ujJCC2
WUm+QbGUQ5VAwkd0SgIUzPDqDsOTFiYJw1aiceW7WJfHSNQ9/FAWLm2Odw2bPfWs
bar4Yuw6iur9OFDlbzZRxbxR+Heu7T7O/BUsmJrXDacgutRye6a6xy4oR9Fv3m2z
H6DHD1MDvCycFtPdjwSxxBqGNxdtgKydNQdI1pH5Chlj391+LdmNzjw7QD8ZAWFp
-----END CERTIFICATE-----