Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/668345-f5bc-4a3f-b6ff-10df49f65616/1/Uk_aanYMRxowJq16GMNyhbsFOEw.roa
File:                     Uk_aanYMRxowJq16GMNyhbsFOEw.roa (raw, json)
Hash identifier:          creuRsSl8nSakc/hCQHakSFNIaRZLii8X1gMM9BUYWY=
Subject key identifier:   52:4F:DA:6A:76:0C:47:1A:30:26:AD:7A:18:C3:72:85:BB:05:38:4C
Certificate issuer:       /CN=a2f974efb50e729c9e015a8bc2b6c2b0619dfc84
Certificate serial:       019425FD97844D89B72A09FB4006E467F8A5
Authority key identifier: A2:F9:74:EF:B5:0E:72:9C:9E:01:5A:8B:C2:B6:C2:B0:61:9D:FC:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ovl077UOcpyeAVqLwrbCsGGd_IQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/668345-f5bc-4a3f-b6ff-10df49f65616/1/Uk_aanYMRxowJq16GMNyhbsFOEw.roa
Signing time:             Thu 02 Jan 2025 07:49:23 +0000
ROA not before:           Thu 02 Jan 2025 07:49:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39480
IP address blocks:        46.182.72.0/21 maxlen: 21
                          195.225.204.0/23 maxlen: 23
                          195.225.206.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/668345-f5bc-4a3f-b6ff-10df49f65616/1/ovl077UOcpyeAVqLwrbCsGGd_IQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/668345-f5bc-4a3f-b6ff-10df49f65616/1/ovl077UOcpyeAVqLwrbCsGGd_IQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ovl077UOcpyeAVqLwrbCsGGd_IQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:97:84:4d:89:b7:2a:09:fb:40:06:e4:67:f8:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2f974efb50e729c9e015a8bc2b6c2b0619dfc84
        Validity
            Not Before: Jan  2 07:49:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=524fda6a760c471a3026ad7a18c37285bb05384c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:03:d1:ca:b2:32:b5:1f:2a:ef:bc:44:a1:58:
                    35:d8:3d:03:a7:fc:32:2f:51:b5:ab:af:a8:5e:95:
                    34:72:ea:50:a5:de:a1:f3:fd:a4:21:a4:70:2c:66:
                    75:89:e5:73:05:46:ab:6a:4e:00:38:41:c3:7b:bc:
                    05:12:d5:ba:74:cf:67:d4:8d:19:10:75:7f:e4:29:
                    c5:0a:44:db:ce:9b:ef:0a:e0:00:f1:9d:c4:48:c9:
                    01:9b:07:36:c7:1e:d9:d4:d0:c9:10:f1:fb:9f:30:
                    7e:cb:c3:f8:06:24:e5:15:4b:4a:7a:83:db:4b:df:
                    41:5b:ea:77:46:33:88:3b:7e:b8:58:75:c8:92:2e:
                    87:ca:0e:06:35:7b:6b:84:2b:3b:45:dd:34:13:dd:
                    7b:7f:e0:2e:99:3b:7b:b2:73:7b:ef:dd:db:23:55:
                    44:15:7f:7e:e7:a6:c6:e6:4b:59:ac:65:7c:1f:e5:
                    e1:86:05:65:ef:77:ff:64:3c:e3:41:26:53:2f:4a:
                    81:e7:b5:1f:4f:ce:8b:15:ab:45:61:d8:af:c2:5b:
                    ab:0e:18:06:5c:cf:2f:7f:14:d3:d5:7d:2d:1f:9b:
                    02:c7:a8:7d:20:e0:60:0c:a6:eb:62:68:1a:72:58:
                    b3:43:4e:50:55:2f:75:39:a2:29:11:2f:0d:c4:00:
                    36:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:4F:DA:6A:76:0C:47:1A:30:26:AD:7A:18:C3:72:85:BB:05:38:4C
            X509v3 Authority Key Identifier:
                keyid:A2:F9:74:EF:B5:0E:72:9C:9E:01:5A:8B:C2:B6:C2:B0:61:9D:FC:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ovl077UOcpyeAVqLwrbCsGGd_IQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/668345-f5bc-4a3f-b6ff-10df49f65616/1/Uk_aanYMRxowJq16GMNyhbsFOEw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/668345-f5bc-4a3f-b6ff-10df49f65616/1/ovl077UOcpyeAVqLwrbCsGGd_IQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.182.72.0/21
                  195.225.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7b:f0:f4:97:f9:f5:1d:e8:9c:9c:ea:16:96:c6:a4:bc:7d:d3:
         86:4f:0a:07:65:38:93:e9:6b:46:ef:49:c2:f9:03:44:92:6b:
         a6:76:c1:51:11:6e:99:66:5d:d5:fb:15:5d:e3:a6:bf:26:8a:
         ce:6a:e3:3f:52:5a:e5:f0:c6:cc:6a:dd:a6:cd:ee:51:ba:29:
         85:6f:68:b5:dd:ae:72:77:a9:d3:96:c6:55:94:9e:66:fc:dd:
         10:b3:c7:a2:91:de:02:ce:5f:6c:52:97:0b:87:02:60:59:1f:
         e9:d6:00:c1:0b:1e:41:25:61:d7:89:00:d2:ea:fd:6e:ad:cc:
         db:6a:84:4c:cc:c6:15:93:6f:fd:fe:4d:ce:48:27:6e:96:1d:
         6c:51:cd:7d:bf:dc:e7:04:0f:5f:6c:8a:d7:8c:89:07:ca:7d:
         d1:80:bf:ab:d9:5b:7c:a6:8e:82:28:fd:85:12:6b:5b:2b:21:
         57:d1:34:cc:19:fd:60:a1:b6:93:f4:ca:8b:5c:a1:5a:52:06:
         97:b3:10:92:0e:1e:0d:de:b5:ae:45:9e:69:ad:6a:a0:f8:d6:
         af:65:f2:19:c0:17:3d:ad:f3:f0:43:f6:43:6c:a7:69:85:d1:
         95:5b:44:3c:ed:18:a6:40:e4:ec:3d:7f:4d:63:79:c2:be:1a:
         14:be:ae:ab
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQl/ZeETYm3Kgn7QAbkZ/ilMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyZjk3NGVmYjUwZTcyOWM5ZTAxNWE4YmMyYjZjMmIwNjE5
ZGZjODQwHhcNMjUwMTAyMDc0OTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjRmZGE2YTc2MGM0NzFhMzAyNmFkN2ExOGMzNzI4NWJiMDUzODRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwPRyrIytR8q77xEoVg12D0Dp/wy
L1G1q6+oXpU0cupQpd6h8/2kIaRwLGZ1ieVzBUarak4AOEHDe7wFEtW6dM9n1I0Z
EHV/5CnFCkTbzpvvCuAA8Z3ESMkBmwc2xx7Z1NDJEPH7nzB+y8P4BiTlFUtKeoPb
S99BW+p3RjOIO364WHXIki6Hyg4GNXtrhCs7Rd00E917f+AumTt7snN7793bI1VE
FX9+56bG5ktZrGV8H+XhhgVl73f/ZDzjQSZTL0qB57UfT86LFatFYdivwlurDhgG
XM8vfxTT1X0tH5sCx6h9IOBgDKbrYmgaclizQ05QVS91OaIpES8NxAA2uQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFJP2mp2DEcaMCatehjDcoW7BThMMB8GA1UdIwQY
MBaAFKL5dO+1DnKcngFai8K2wrBhnfyEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3ZsMDc3VU9jcHllQVZxTHdyYkNzR0dkX0lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC82NjgzNDUtZjViYy00YTNmLWI2ZmYt
MTBkZjQ5ZjY1NjE2LzEvVWtfYWFuWU1SeG93SnExNkdNTnloYnNGT0V3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC82NjgzNDUtZjViYy00YTNmLWI2ZmYtMTBkZjQ5ZjY1NjE2
LzEvb3ZsMDc3VU9jcHllQVZxTHdyYkNzR0dkX0lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDLrZIAwQC
w+HMMA0GCSqGSIb3DQEBCwUAA4IBAQB78PSX+fUd6Jyc6haWxqS8fdOGTwoHZTiT
6WtG70nC+QNEkmumdsFREW6ZZl3V+xVd46a/JorOauM/Ulrl8MbMat2mze5RuimF
b2i13a5yd6nTlsZVlJ5m/N0Qs8eikd4Czl9sUpcLhwJgWR/p1gDBCx5BJWHXiQDS
6v1urczbaoRMzMYVk2/9/k3OSCdulh1sUc19v9znBA9fbIrXjIkHyn3RgL+r2Vt8
po6CKP2FEmtbKyFX0TTMGf1gobaT9MqLXKFaUgaXsxCSDh4N3rWuRZ5prWqg+Nav
ZfIZwBc9rfPwQ/ZDbKdphdGVW0Q87RimQOTsPX9NY3nCvhoUvq6r
-----END CERTIFICATE-----