Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/3c9f4a-4456-4581-b287-52d6b3e4789f/1/UCapjxyaJi5z5guHcEyumiBs9Pg.roa
File:                     UCapjxyaJi5z5guHcEyumiBs9Pg.roa (raw, json)
Hash identifier:          LIHlX4VN2XaFL14w/XwFEPN4bxUvck7ZLxdQY/Md6OU=
Subject key identifier:   50:26:A9:8F:1C:9A:26:2E:73:E6:0B:87:70:4C:AE:9A:20:6C:F4:F8
Certificate issuer:       /CN=998e9cb27f3d1abcc4cc61c3c1bbfdc72628e57b
Certificate serial:       019421440035568871A25A07C7DC4214071D
Authority key identifier: 99:8E:9C:B2:7F:3D:1A:BC:C4:CC:61:C3:C1:BB:FD:C7:26:28:E5:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mY6csn89GrzEzGHDwbv9xyYo5Xs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/3c9f4a-4456-4581-b287-52d6b3e4789f/1/UCapjxyaJi5z5guHcEyumiBs9Pg.roa
Signing time:             Wed 01 Jan 2025 09:48:12 +0000
ROA not before:           Wed 01 Jan 2025 09:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59866
IP address blocks:        185.68.134.0/23 maxlen: 23
                          185.68.134.0/24 maxlen: 24
                          185.68.135.0/24 maxlen: 24
                          2a05:1840::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/3c9f4a-4456-4581-b287-52d6b3e4789f/1/mY6csn89GrzEzGHDwbv9xyYo5Xs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/3c9f4a-4456-4581-b287-52d6b3e4789f/1/mY6csn89GrzEzGHDwbv9xyYo5Xs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mY6csn89GrzEzGHDwbv9xyYo5Xs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:00:35:56:88:71:a2:5a:07:c7:dc:42:14:07:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=998e9cb27f3d1abcc4cc61c3c1bbfdc72628e57b
        Validity
            Not Before: Jan  1 09:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5026a98f1c9a262e73e60b87704cae9a206cf4f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:3e:c5:d3:c3:80:54:5c:4e:26:0f:d0:14:f6:
                    bf:90:73:e3:e0:67:e6:ef:55:b5:23:7d:3e:d9:5d:
                    e9:a1:f0:9a:b8:b7:e5:06:2c:92:a1:19:e7:c4:25:
                    8c:c5:df:6b:c9:b2:be:b4:63:f8:cc:7c:38:a7:21:
                    e7:ec:ac:80:6a:01:d2:fe:d0:32:73:7d:f6:86:44:
                    54:3e:49:7a:05:67:91:65:53:7d:d1:0d:09:5f:c7:
                    f9:9b:df:3f:45:7d:02:ce:f7:24:70:5d:66:ba:4d:
                    64:44:50:8d:a7:3c:ff:6f:c0:45:27:2b:2d:55:5d:
                    a7:e6:cc:f4:4d:6d:38:af:0a:bd:6c:0e:21:7a:fd:
                    3f:43:b9:4a:cf:03:e8:00:ab:f7:c7:30:be:75:89:
                    9d:02:b4:80:28:28:56:5f:6a:63:86:a1:56:19:a9:
                    84:62:5b:c3:74:ca:27:18:03:3a:48:5b:0b:14:bd:
                    8a:08:8a:57:dd:0c:70:05:11:b8:e8:ac:41:bb:c5:
                    5e:3b:ba:e3:2f:90:b1:6b:16:83:13:77:f1:fe:af:
                    1f:2d:47:d4:1d:c9:ff:7c:8d:d0:77:49:40:95:dc:
                    ff:45:1c:4a:be:1f:f5:51:ae:0f:b3:c0:00:a3:e2:
                    d8:21:0b:d8:ad:d1:74:e8:5d:c8:31:2c:29:29:5c:
                    03:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:26:A9:8F:1C:9A:26:2E:73:E6:0B:87:70:4C:AE:9A:20:6C:F4:F8
            X509v3 Authority Key Identifier:
                keyid:99:8E:9C:B2:7F:3D:1A:BC:C4:CC:61:C3:C1:BB:FD:C7:26:28:E5:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mY6csn89GrzEzGHDwbv9xyYo5Xs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/3c9f4a-4456-4581-b287-52d6b3e4789f/1/UCapjxyaJi5z5guHcEyumiBs9Pg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/3c9f4a-4456-4581-b287-52d6b3e4789f/1/mY6csn89GrzEzGHDwbv9xyYo5Xs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.68.134.0/23
                IPv6:
                  2a05:1840::/29

    Signature Algorithm: sha256WithRSAEncryption
         cb:2b:7a:51:9f:e6:05:14:50:1c:de:18:30:8b:08:db:f1:51:
         59:60:65:75:1b:ca:53:d8:46:62:82:89:47:45:ac:ed:a1:03:
         5e:72:f4:e0:c3:3f:a6:7f:1c:eb:09:10:fb:47:6d:f2:fb:2d:
         5f:3b:76:61:67:4c:53:3d:03:17:4d:a6:ce:97:c8:21:58:0b:
         37:be:32:56:56:73:bb:a6:f3:61:01:e0:00:0e:fa:99:6a:50:
         d8:8e:46:6c:03:ed:f2:ca:ef:e2:ad:5a:f5:9e:27:f4:42:10:
         83:28:2e:fa:8d:09:92:99:5e:85:d7:1e:07:7b:2c:a8:bc:7b:
         ac:a5:28:62:0b:4f:a1:91:7c:a6:be:06:f1:bf:08:ee:80:48:
         c8:0d:dc:7c:9a:c5:07:ba:1c:0b:7d:63:a8:38:40:af:17:f6:
         fe:3c:c9:8d:9a:e2:6d:c8:5d:56:5f:17:6e:99:1c:2f:a8:3a:
         7a:4e:1b:16:88:80:11:06:be:cf:03:87:0d:a7:21:da:7b:bd:
         c7:fb:82:c7:f1:a6:77:38:66:52:fe:62:96:33:e2:c3:4a:23:
         ff:96:ce:79:16:43:48:2a:a0:c7:91:07:5e:b3:a1:ee:ca:9b:
         b0:7d:b3:76:d4:25:dd:74:c1:99:20:9f:37:95:07:df:0c:98:
         88:af:d3:5a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhRAA1VohxoloHx9xCFAcdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5OGU5Y2IyN2YzZDFhYmNjNGNjNjFjM2MxYmJmZGM3MjYy
OGU1N2IwHhcNMjUwMTAxMDk0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDI2YTk4ZjFjOWEyNjJlNzNlNjBiODc3MDRjYWU5YTIwNmNmNGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtz7F08OAVFxOJg/QFPa/kHPj4Gfm
71W1I30+2V3pofCauLflBiySoRnnxCWMxd9rybK+tGP4zHw4pyHn7KyAagHS/tAy
c332hkRUPkl6BWeRZVN90Q0JX8f5m98/RX0CzvckcF1muk1kRFCNpzz/b8BFJyst
VV2n5sz0TW04rwq9bA4hev0/Q7lKzwPoAKv3xzC+dYmdArSAKChWX2pjhqFWGamE
YlvDdMonGAM6SFsLFL2KCIpX3QxwBRG46KxBu8VeO7rjL5CxaxaDE3fx/q8fLUfU
Hcn/fI3Qd0lAldz/RRxKvh/1Ua4Ps8AAo+LYIQvYrdF06F3IMSwpKVwDrQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFAmqY8cmiYuc+YLh3BMrpogbPT4MB8GA1UdIwQY
MBaAFJmOnLJ/PRq8xMxhw8G7/ccmKOV7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVk2Y3NuODlHcnpFekdIRHdidjl4eVlvNVhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy8zYzlmNGEtNDQ1Ni00NTgxLWIyODct
NTJkNmIzZTQ3ODlmLzEvVUNhcGp4eWFKaTV6NWd1SGNFeXVtaUJzOVBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy8zYzlmNGEtNDQ1Ni00NTgxLWIyODctNTJkNmIzZTQ3ODlm
LzEvbVk2Y3NuODlHcnpFekdIRHdidjl4eVlvNVhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBuUSGMA0E
AgACMAcDBQMqBRhAMA0GCSqGSIb3DQEBCwUAA4IBAQDLK3pRn+YFFFAc3hgwiwjb
8VFZYGV1G8pT2EZigolHRaztoQNecvTgwz+mfxzrCRD7R23y+y1fO3ZhZ0xTPQMX
TabOl8ghWAs3vjJWVnO7pvNhAeAADvqZalDYjkZsA+3yyu/irVr1nif0QhCDKC76
jQmSmV6F1x4HeyyovHuspShiC0+hkXymvgbxvwjugEjIDdx8msUHuhwLfWOoOECv
F/b+PMmNmuJtyF1WXxdumRwvqDp6ThsWiIARBr7PA4cNpyHae73H+4LH8aZ3OGZS
/mKWM+LDSiP/ls55FkNIKqDHkQdes6HuypuwfbN21CXddMGZIJ83lQffDJiIr9Na
-----END CERTIFICATE-----