Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/bf7bbb-6b12-474c-93bc-7c73059278ef/1/uJcxOoPayTtpIImr51o6Grvnwh4.roa
File:                     uJcxOoPayTtpIImr51o6Grvnwh4.roa (raw, json)
Hash identifier:          HgfbCb24sxq0O5vUUAY2XVFtTmqaW+l9dpOtt2vq4Fs=
Subject key identifier:   B8:97:31:3A:83:DA:C9:3B:69:20:89:AB:E7:5A:3A:1A:BB:E7:C2:1E
Certificate issuer:       /CN=7d4fbe5594707fdcf94025ea15571a68c24da9ab
Certificate serial:       0194236A35BFD0C1B9682CF75B104B7B8D44
Authority key identifier: 7D:4F:BE:55:94:70:7F:DC:F9:40:25:EA:15:57:1A:68:C2:4D:A9:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fU--VZRwf9z5QCXqFVcaaMJNqas.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/bf7bbb-6b12-474c-93bc-7c73059278ef/1/uJcxOoPayTtpIImr51o6Grvnwh4.roa
Signing time:             Wed 01 Jan 2025 19:49:10 +0000
ROA not before:           Wed 01 Jan 2025 19:49:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197782
IP address blocks:        195.160.168.0/23 maxlen: 23
                          2001:67c:275c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/bf7bbb-6b12-474c-93bc-7c73059278ef/1/fU--VZRwf9z5QCXqFVcaaMJNqas.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/bf7bbb-6b12-474c-93bc-7c73059278ef/1/fU--VZRwf9z5QCXqFVcaaMJNqas.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fU--VZRwf9z5QCXqFVcaaMJNqas.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 02:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:35:bf:d0:c1:b9:68:2c:f7:5b:10:4b:7b:8d:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d4fbe5594707fdcf94025ea15571a68c24da9ab
        Validity
            Not Before: Jan  1 19:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b897313a83dac93b692089abe75a3a1abbe7c21e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:53:2a:a7:2c:e7:5c:54:30:48:d3:7a:6f:6a:
                    54:23:ff:1c:5f:9b:0f:04:bc:86:c1:a8:55:87:d4:
                    8b:c1:af:49:0e:80:5d:ac:e7:c0:28:5d:ed:54:2a:
                    88:1b:d8:bc:82:78:fc:be:e0:11:b0:67:db:41:0f:
                    d6:33:44:ed:c3:5d:10:37:e8:60:7b:c7:27:18:f0:
                    d5:35:52:68:ab:1b:40:9a:6e:c3:7d:a2:43:00:0d:
                    61:43:d7:f0:f0:e5:01:45:58:5f:ce:b8:be:e8:e5:
                    f6:0c:17:7d:5e:52:54:e6:4f:ff:5d:b1:75:87:00:
                    c4:91:a2:60:91:79:23:1d:57:0f:2b:99:fa:0a:2c:
                    f9:6d:53:7b:ba:26:71:fc:c8:48:3f:3e:e4:7b:4c:
                    7c:b5:35:b4:19:eb:51:05:6a:e5:f3:7c:7f:0c:04:
                    c0:51:dd:47:c7:c5:89:e6:4e:0b:f1:5b:4c:70:47:
                    58:f1:5c:c8:58:06:ea:67:75:ca:0f:5e:75:11:91:
                    74:8a:b1:64:fa:30:84:32:c9:6e:6a:26:6f:82:cd:
                    5f:33:45:b4:0b:eb:25:53:df:da:ef:27:da:e4:32:
                    1b:57:f7:32:17:ef:d9:77:f3:10:0f:bb:24:ab:9c:
                    3b:8c:d0:c9:8e:ed:70:1c:35:9e:88:c7:f0:a9:a8:
                    dc:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:97:31:3A:83:DA:C9:3B:69:20:89:AB:E7:5A:3A:1A:BB:E7:C2:1E
            X509v3 Authority Key Identifier:
                keyid:7D:4F:BE:55:94:70:7F:DC:F9:40:25:EA:15:57:1A:68:C2:4D:A9:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fU--VZRwf9z5QCXqFVcaaMJNqas.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/bf7bbb-6b12-474c-93bc-7c73059278ef/1/uJcxOoPayTtpIImr51o6Grvnwh4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/bf7bbb-6b12-474c-93bc-7c73059278ef/1/fU--VZRwf9z5QCXqFVcaaMJNqas.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.160.168.0/23
                IPv6:
                  2001:67c:275c::/48

    Signature Algorithm: sha256WithRSAEncryption
         9c:78:bb:85:85:3d:57:e4:3e:ac:26:0f:4b:77:a4:b1:c2:33:
         b9:be:4d:1b:6a:31:82:44:5b:17:21:ad:39:92:64:a7:6c:d9:
         bd:ea:ca:df:c8:e8:d8:0f:a8:56:0c:af:05:b4:d8:50:26:78:
         66:8a:b8:bb:eb:ad:13:51:ab:1b:dc:11:aa:cd:e6:ca:cf:07:
         38:88:92:2a:8a:ca:d5:f4:58:59:11:1c:de:b4:26:bf:67:1a:
         2e:6b:88:ed:c5:a9:0f:40:44:1d:34:a5:2d:3c:19:3b:07:c4:
         d3:ad:88:32:0d:7d:3c:da:f2:30:7a:14:b5:83:b1:4d:4d:f1:
         5f:df:03:f5:3b:c6:be:0c:88:53:49:d1:36:5d:57:f8:cb:ab:
         e1:1d:00:3e:f8:80:74:28:06:e3:39:15:e2:a5:d3:5c:6b:d0:
         15:c3:7a:57:fd:e0:88:63:ee:f2:40:85:3a:b8:c1:89:6f:74:
         3a:9d:5e:f5:b6:d6:7d:fd:13:5f:b6:9c:a9:ae:fc:75:61:40:
         14:e9:f7:8d:19:51:21:ea:12:34:5e:12:3f:b7:e5:4a:12:63:
         8a:22:4b:90:4c:af:c2:d4:66:19:ae:41:44:7e:63:db:58:2d:
         75:61:34:ee:e4:77:6b:15:ea:22:2e:11:af:91:c2:35:67:52:
         2d:43:7a:af
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQjajW/0MG5aCz3WxBLe41EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNGZiZTU1OTQ3MDdmZGNmOTQwMjVlYTE1NTcxYTY4YzI0
ZGE5YWIwHhcNMjUwMTAxMTk0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODk3MzEzYTgzZGFjOTNiNjkyMDg5YWJlNzVhM2ExYWJiZTdjMjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhFMqpyznXFQwSNN6b2pUI/8cX5sP
BLyGwahVh9SLwa9JDoBdrOfAKF3tVCqIG9i8gnj8vuARsGfbQQ/WM0Ttw10QN+hg
e8cnGPDVNVJoqxtAmm7DfaJDAA1hQ9fw8OUBRVhfzri+6OX2DBd9XlJU5k//XbF1
hwDEkaJgkXkjHVcPK5n6Ciz5bVN7uiZx/MhIPz7ke0x8tTW0GetRBWrl83x/DATA
Ud1Hx8WJ5k4L8VtMcEdY8VzIWAbqZ3XKD151EZF0irFk+jCEMsluaiZvgs1fM0W0
C+slU9/a7yfa5DIbV/cyF+/Zd/MQD7skq5w7jNDJju1wHDWeiMfwqajcrQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLiXMTqD2sk7aSCJq+daOhq758IeMB8GA1UdIwQY
MBaAFH1PvlWUcH/c+UAl6hVXGmjCTamrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlUtLVZaUndmOXo1UUNYcUZWY2FhTUpOcWFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9iZjdiYmItNmIxMi00NzRjLTkzYmMt
N2M3MzA1OTI3OGVmLzEvdUpjeE9vUGF5VHRwSUltcjUxbzZHcnZud2g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9iZjdiYmItNmIxMi00NzRjLTkzYmMtN2M3MzA1OTI3OGVm
LzEvZlUtLVZaUndmOXo1UUNYcUZWY2FhTUpOcWFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBw6CoMA8E
AgACMAkDBwAgAQZ8J1wwDQYJKoZIhvcNAQELBQADggEBAJx4u4WFPVfkPqwmD0t3
pLHCM7m+TRtqMYJEWxchrTmSZKds2b3qyt/I6NgPqFYMrwW02FAmeGaKuLvrrRNR
qxvcEarN5srPBziIkiqKytX0WFkRHN60Jr9nGi5riO3FqQ9ARB00pS08GTsHxNOt
iDINfTza8jB6FLWDsU1N8V/fA/U7xr4MiFNJ0TZdV/jLq+EdAD74gHQoBuM5FeKl
01xr0BXDelf94Ihj7vJAhTq4wYlvdDqdXvW21n39E1+2nKmu/HVhQBTp940ZUSHq
EjReEj+35UoSY4oiS5BMr8LUZhmuQUR+Y9tYLXVhNO7kd2sV6iIuEa+RwjVnUi1D
eq8=
-----END CERTIFICATE-----