Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/uPfCG3rKdmw_ESsxus2J0PQvAYY.roa
File:                     uPfCG3rKdmw_ESsxus2J0PQvAYY.roa (raw, json)
Hash identifier:          Y6IHm1JnqtpPIYHUAQK6pMCeN6ioWtARVl2avIWApWo=
Subject key identifier:   B8:F7:C2:1B:7A:CA:76:6C:3F:11:2B:31:BA:CD:89:D0:F4:2F:01:86
Certificate issuer:       /CN=1056bcd426fd87cd6f4147e133216d03112b181b
Certificate serial:       019422FC38474713CBBEB1775A781D75E1FB
Authority key identifier: 10:56:BC:D4:26:FD:87:CD:6F:41:47:E1:33:21:6D:03:11:2B:18:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/uPfCG3rKdmw_ESsxus2J0PQvAYY.roa
Signing time:             Wed 01 Jan 2025 17:49:02 +0000
ROA not before:           Wed 01 Jan 2025 17:49:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212609
IP address blocks:        81.31.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 05:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:38:47:47:13:cb:be:b1:77:5a:78:1d:75:e1:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1056bcd426fd87cd6f4147e133216d03112b181b
        Validity
            Not Before: Jan  1 17:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b8f7c21b7aca766c3f112b31bacd89d0f42f0186
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:5c:65:a2:0b:7a:ef:3f:d9:03:02:76:b7:4f:
                    6a:ae:94:d9:87:62:a1:df:41:de:c9:d7:c9:6f:0b:
                    16:7e:ce:41:3a:e3:57:aa:c4:8e:78:63:79:a8:cc:
                    8a:ca:24:ae:2a:aa:51:6d:fd:fa:1e:f2:f2:3c:9d:
                    79:7b:55:f2:67:55:b7:c6:61:86:88:ad:6f:72:10:
                    6d:dd:c5:c4:93:36:29:c4:3d:41:ed:d4:c2:84:18:
                    3d:ed:c6:b8:91:85:f3:d5:50:9b:c6:9b:47:01:bc:
                    2c:47:59:99:1e:87:15:7e:a1:0e:05:0e:b7:99:36:
                    49:ab:c8:c1:1b:eb:10:af:7c:78:e8:0d:01:7b:29:
                    e1:b6:05:c1:25:8c:f4:61:ec:d0:d2:c5:a2:33:61:
                    78:e2:d6:a0:61:b1:35:b6:b2:f8:99:b7:79:40:b0:
                    92:33:b4:e2:cc:5e:c7:10:81:49:ce:f4:73:81:61:
                    bf:ba:37:0b:7a:cb:f1:b5:36:54:dd:b6:ae:1e:e5:
                    9e:ef:c9:5a:90:8d:08:7a:24:17:71:9e:59:c7:3d:
                    03:b9:82:da:04:02:cd:91:5a:46:5b:4b:e4:67:1b:
                    4a:c3:5f:09:5a:43:e6:6a:78:79:85:4d:37:f4:cf:
                    65:83:20:84:ce:e0:93:bc:08:b3:ff:f7:f6:1a:a7:
                    02:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:F7:C2:1B:7A:CA:76:6C:3F:11:2B:31:BA:CD:89:D0:F4:2F:01:86
            X509v3 Authority Key Identifier:
                keyid:10:56:BC:D4:26:FD:87:CD:6F:41:47:E1:33:21:6D:03:11:2B:18:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/uPfCG3rKdmw_ESsxus2J0PQvAYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.31.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:59:97:f5:c9:2b:17:d5:26:39:f3:fe:27:95:d1:64:ad:75:
         47:67:77:22:cd:c0:52:a6:2f:ce:83:d7:53:e9:0b:35:da:df:
         56:4f:34:ad:c8:68:4a:22:1a:78:1c:51:a4:29:5d:ab:0a:71:
         39:ed:ce:99:70:8b:36:55:c9:ad:48:34:c1:07:14:44:af:d7:
         96:9b:f4:ac:e7:8e:d3:04:ef:82:8c:3b:da:f4:ce:4c:e0:d9:
         a2:ef:ac:be:0e:62:9d:27:e7:f6:c8:42:a0:71:d6:ce:03:c5:
         23:11:df:5c:d0:d7:20:d4:35:58:15:60:e6:a2:d4:32:70:19:
         be:c0:8f:1d:5b:45:64:8c:f9:80:cc:12:13:35:8b:3b:56:df:
         89:79:2a:c2:44:26:53:74:3f:67:4f:1a:db:d4:b1:36:69:65:
         fa:1d:ae:dd:72:16:fc:1a:31:2d:85:07:82:20:95:c7:c3:6a:
         94:ae:be:ba:d2:d7:0f:61:99:01:c6:c0:2f:40:c4:d8:4b:10:
         60:a4:03:81:b6:08:10:43:99:7a:b0:ea:c4:ed:3f:6f:e3:ec:
         67:76:85:bf:ba:46:75:8d:d1:ec:07:fb:06:39:c9:58:ca:48:
         c6:90:4c:2c:54:09:fd:14:aa:b4:df:28:ab:b8:26:ca:e2:ae:
         85:b6:a3:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/DhHRxPLvrF3WngddeH7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNTZiY2Q0MjZmZDg3Y2Q2ZjQxNDdlMTMzMjE2ZDAzMTEy
YjE4MWIwHhcNMjUwMTAxMTc0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGY3YzIxYjdhY2E3NjZjM2YxMTJiMzFiYWNkODlkMGY0MmYwMTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz1xlogt67z/ZAwJ2t09qrpTZh2Kh
30HeydfJbwsWfs5BOuNXqsSOeGN5qMyKyiSuKqpRbf36HvLyPJ15e1XyZ1W3xmGG
iK1vchBt3cXEkzYpxD1B7dTChBg97ca4kYXz1VCbxptHAbwsR1mZHocVfqEOBQ63
mTZJq8jBG+sQr3x46A0BeynhtgXBJYz0YezQ0sWiM2F44tagYbE1trL4mbd5QLCS
M7TizF7HEIFJzvRzgWG/ujcLesvxtTZU3bauHuWe78lakI0IeiQXcZ5Zxz0DuYLa
BALNkVpGW0vkZxtKw18JWkPmanh5hU039M9lgyCEzuCTvAiz//f2GqcC5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLj3wht6ynZsPxErMbrNidD0LwGGMB8GA1UdIwQY
MBaAFBBWvNQm/YfNb0FH4TMhbQMRKxgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUZhODFDYjloODF2UVVmaE15RnRBeEVyR0JzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNmY0ZTQtNjhiYi00NDk2LTkwYzct
YWE4NTllMTkyYjE2LzEvdVBmQ0czcktkbXdfRVNzeHVzMkowUFF2QVlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNmY0ZTQtNjhiYi00NDk2LTkwYzctYWE4NTllMTkyYjE2
LzEvRUZhODFDYjloODF2UVVmaE15RnRBeEVyR0JzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUR/rMA0G
CSqGSIb3DQEBCwUAA4IBAQCdWZf1ySsX1SY58/4nldFkrXVHZ3cizcBSpi/Og9dT
6Qs12t9WTzStyGhKIhp4HFGkKV2rCnE57c6ZcIs2VcmtSDTBBxREr9eWm/Ss547T
BO+CjDva9M5M4Nmi76y+DmKdJ+f2yEKgcdbOA8UjEd9c0Ncg1DVYFWDmotQycBm+
wI8dW0VkjPmAzBITNYs7Vt+JeSrCRCZTdD9nTxrb1LE2aWX6Ha7dchb8GjEthQeC
IJXHw2qUrr660tcPYZkBxsAvQMTYSxBgpAOBtggQQ5l6sOrE7T9v4+xndoW/ukZ1
jdHsB/sGOclYykjGkEwsVAn9FKq03yiruCbK4q6FtqP4
-----END CERTIFICATE-----