Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/5655f5-0141-4f3d-a50c-b5998680d914/1/uamuqQFO1RITJ5dk81fUrUR6XPQ.roa
File:                     uamuqQFO1RITJ5dk81fUrUR6XPQ.roa (raw, json)
Hash identifier:          1C1t+rXqVF/ZLbA2JmjtUkNNdPmBmSQrsPid9bwQzME=
Subject key identifier:   B9:A9:AE:A9:01:4E:D5:12:13:27:97:64:F3:57:D4:AD:44:7A:5C:F4
Certificate issuer:       /CN=fb1fce9aa72c838496f4bdef9c1f0b8e894fc98e
Certificate serial:       0194221F83171D4D8E3D379D67C7C20CC5A5
Authority key identifier: FB:1F:CE:9A:A7:2C:83:84:96:F4:BD:EF:9C:1F:0B:8E:89:4F:C9:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-x_Omqcsg4SW9L3vnB8LjolPyY4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/5655f5-0141-4f3d-a50c-b5998680d914/1/uamuqQFO1RITJ5dk81fUrUR6XPQ.roa
Signing time:             Wed 01 Jan 2025 13:47:58 +0000
ROA not before:           Wed 01 Jan 2025 13:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9063
IP address blocks:        185.168.141.0/24 maxlen: 24
                          2a10:65c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/5655f5-0141-4f3d-a50c-b5998680d914/1/1-x_Omqcsg4SW9L3vnB8LjolPyY4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/5655f5-0141-4f3d-a50c-b5998680d914/1/1-x_Omqcsg4SW9L3vnB8LjolPyY4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-x_Omqcsg4SW9L3vnB8LjolPyY4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:83:17:1d:4d:8e:3d:37:9d:67:c7:c2:0c:c5:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb1fce9aa72c838496f4bdef9c1f0b8e894fc98e
        Validity
            Not Before: Jan  1 13:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b9a9aea9014ed51213279764f357d4ad447a5cf4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:09:92:58:5f:27:fb:5e:5b:41:d7:88:d9:ce:
                    e8:28:44:f1:91:19:e9:2e:5f:cb:88:4f:7e:f0:e7:
                    81:12:0d:82:d2:ea:4d:38:6e:fa:e9:96:a6:9e:61:
                    14:1a:e2:6d:fa:20:db:20:85:b3:99:00:de:3b:aa:
                    45:17:67:a1:91:77:d1:81:79:40:14:cc:29:17:26:
                    b3:7e:5e:c7:d3:82:20:46:0f:65:fe:c1:e6:53:f8:
                    5e:c3:87:a0:ff:4c:7f:3b:73:17:22:f2:60:41:2f:
                    b5:46:ab:c9:46:c2:6c:8e:b7:83:4e:6c:fd:78:55:
                    ef:64:c1:72:15:9d:80:a5:3e:41:a1:b5:09:78:ad:
                    3d:1f:7e:d9:3e:9f:72:02:e6:b8:9a:05:49:40:89:
                    ed:8c:56:4a:47:2c:8b:8f:e3:76:4e:47:42:7c:ea:
                    3e:91:88:59:b9:6b:7f:86:6b:dc:cc:e1:32:2f:6a:
                    ba:fc:57:96:db:9d:37:9a:55:c5:4c:89:61:86:67:
                    c8:67:63:1f:df:77:48:4d:34:e4:82:b3:55:45:34:
                    ac:66:0e:e5:b8:54:f6:9c:0d:a1:ee:e7:31:97:84:
                    3c:a6:38:20:2b:c3:42:2e:6d:62:fb:e9:7d:59:3b:
                    95:85:69:59:45:08:bd:a4:d3:8c:48:6b:16:87:35:
                    72:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:A9:AE:A9:01:4E:D5:12:13:27:97:64:F3:57:D4:AD:44:7A:5C:F4
            X509v3 Authority Key Identifier:
                keyid:FB:1F:CE:9A:A7:2C:83:84:96:F4:BD:EF:9C:1F:0B:8E:89:4F:C9:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-x_Omqcsg4SW9L3vnB8LjolPyY4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/5655f5-0141-4f3d-a50c-b5998680d914/1/uamuqQFO1RITJ5dk81fUrUR6XPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/5655f5-0141-4f3d-a50c-b5998680d914/1/1-x_Omqcsg4SW9L3vnB8LjolPyY4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.141.0/24
                IPv6:
                  2a10:65c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         82:7b:2a:6e:b1:25:1d:9e:a7:01:53:82:27:5a:13:4f:50:32:
         44:11:1f:c5:45:e5:82:eb:d4:d7:37:57:f5:e0:64:c4:58:16:
         c8:ad:64:5a:2a:0d:e7:0f:dd:60:60:f5:65:be:c0:f9:3d:9b:
         03:a7:93:82:5f:75:ad:9e:f5:7f:eb:8c:9c:d2:99:b4:6b:81:
         b3:0b:ef:2c:6a:f4:46:77:8d:fd:e1:81:4e:72:77:03:5a:49:
         a2:f8:2e:f1:b4:db:b5:7e:60:7b:22:88:8d:00:00:65:53:00:
         9a:4b:c1:4b:24:5e:50:81:7f:fc:79:fc:70:b1:85:19:74:88:
         3b:f5:4d:a3:bd:4b:93:57:a4:09:26:3a:9e:2f:86:95:8d:ef:
         6c:ba:3f:9b:72:e9:80:87:fd:26:77:99:a2:79:91:70:55:7e:
         f6:59:7f:e6:86:c1:fa:30:70:86:9c:ff:6a:fb:25:2d:7e:8e:
         1b:af:6a:a4:13:59:61:d8:df:b0:83:7c:57:5a:77:a0:2c:a1:
         1d:af:56:2e:4a:1f:85:f0:5d:34:37:e8:c1:b5:2e:e6:01:9d:
         45:d8:96:9a:d6:46:01:44:cc:90:c6:82:f4:ec:13:13:a9:9b:
         96:41:99:13:35:6b:e4:5f:9e:62:d0:42:57:8f:70:b5:8a:b4:
         7d:3e:29:b7
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQiH4MXHU2OPTedZ8fCDMWlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiMWZjZTlhYTcyYzgzODQ5NmY0YmRlZjljMWYwYjhlODk0
ZmM5OGUwHhcNMjUwMTAxMTM0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWE5YWVhOTAxNGVkNTEyMTMyNzk3NjRmMzU3ZDRhZDQ0N2E1Y2Y0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2QmSWF8n+15bQdeI2c7oKETxkRnp
Ll/LiE9+8OeBEg2C0upNOG766ZamnmEUGuJt+iDbIIWzmQDeO6pFF2ehkXfRgXlA
FMwpFyazfl7H04IgRg9l/sHmU/hew4eg/0x/O3MXIvJgQS+1RqvJRsJsjreDTmz9
eFXvZMFyFZ2ApT5BobUJeK09H37ZPp9yAua4mgVJQIntjFZKRyyLj+N2TkdCfOo+
kYhZuWt/hmvczOEyL2q6/FeW2503mlXFTIlhhmfIZ2Mf33dITTTkgrNVRTSsZg7l
uFT2nA2h7ucxl4Q8pjggK8NCLm1i++l9WTuVhWlZRQi9pNOMSGsWhzVyxwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLmprqkBTtUSEyeXZPNX1K1Eelz0MB8GA1UdIwQY
MBaAFPsfzpqnLIOElvS975wfC46JT8mOMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS14X09tcWNzZzRTVzlMM3ZuQjhMam9sUHlZNC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTQvNTY1NWY1LTAxNDEtNGYzZC1hNTBj
LWI1OTk4NjgwZDkxNC8xL3VhbXVxUUZPMVJJVEo1ZGs4MWZVclVSNlhQUS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTQvNTY1NWY1LTAxNDEtNGYzZC1hNTBjLWI1OTk4NjgwZDkx
NC8xLzEteF9PbXFjc2c0U1c5TDN2bkI4TGpvbFB5WTQuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBAC5qI0w
DQQCAAIwBwMFAyoQZcAwDQYJKoZIhvcNAQELBQADggEBAIJ7Km6xJR2epwFTgida
E09QMkQRH8VF5YLr1Nc3V/XgZMRYFsitZFoqDecP3WBg9WW+wPk9mwOnk4Jfda2e
9X/rjJzSmbRrgbML7yxq9EZ3jf3hgU5ydwNaSaL4LvG027V+YHsiiI0AAGVTAJpL
wUskXlCBf/x5/HCxhRl0iDv1TaO9S5NXpAkmOp4vhpWN72y6P5ty6YCH/SZ3maJ5
kXBVfvZZf+aGwfowcIac/2r7JS1+jhuvaqQTWWHY37CDfFdad6AsoR2vVi5KH4Xw
XTQ36MG1LuYBnUXYlprWRgFEzJDGgvTsExOpm5ZBmRM1a+RfnmLQQlePcLWKtH0+
Kbc=
-----END CERTIFICATE-----