Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/ecb45e-2db6-4b54-bc91-0596296f12de/1/uvCFX9itk7RPxPZl6lvvghFjg1E.roa
File:                     uvCFX9itk7RPxPZl6lvvghFjg1E.roa (raw, json)
Hash identifier:          P3N8o135VPbcqFaS3kCnXkMSVi3GCBY96T9QuQyMyig=
Subject key identifier:   BA:F0:85:5F:D8:AD:93:B4:4F:C4:F6:65:EA:5B:EF:82:11:63:83:51
Certificate issuer:       /CN=b45e62270d20f9467a6afc78963dbcfb80fbf52a
Certificate serial:       01942368DA29B6FD27496B0F980306D7D256
Authority key identifier: B4:5E:62:27:0D:20:F9:46:7A:6A:FC:78:96:3D:BC:FB:80:FB:F5:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tF5iJw0g-UZ6avx4lj28-4D79So.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/ecb45e-2db6-4b54-bc91-0596296f12de/1/uvCFX9itk7RPxPZl6lvvghFjg1E.roa
Signing time:             Wed 01 Jan 2025 19:47:41 +0000
ROA not before:           Wed 01 Jan 2025 19:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2607
IP address blocks:        193.87.0.0/16 maxlen: 17
                          194.160.0.0/16 maxlen: 17
                          2001:4118::/32 maxlen: 33
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/ecb45e-2db6-4b54-bc91-0596296f12de/1/tF5iJw0g-UZ6avx4lj28-4D79So.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/ecb45e-2db6-4b54-bc91-0596296f12de/1/tF5iJw0g-UZ6avx4lj28-4D79So.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tF5iJw0g-UZ6avx4lj28-4D79So.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:68:da:29:b6:fd:27:49:6b:0f:98:03:06:d7:d2:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b45e62270d20f9467a6afc78963dbcfb80fbf52a
        Validity
            Not Before: Jan  1 19:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=baf0855fd8ad93b44fc4f665ea5bef8211638351
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:97:6b:aa:4c:c0:4a:9a:a3:de:95:1f:6c:72:
                    8e:0a:90:e7:36:11:f9:8d:2b:d8:f5:55:6d:37:da:
                    e3:65:29:11:6f:ca:03:9d:73:0e:2e:b4:0f:97:68:
                    53:95:f4:f2:4b:7f:4b:d9:13:38:e3:d6:c9:1d:7a:
                    ce:ff:40:7e:0a:23:6b:5e:42:a6:9d:85:66:1f:9e:
                    b2:05:02:44:f2:fb:51:a6:5d:22:fc:8f:ee:b5:6a:
                    40:bf:7d:ff:7f:d2:ca:36:34:7b:d3:13:0e:26:7c:
                    4f:6f:52:5b:a3:8d:7e:b3:7e:6c:ea:43:a1:9b:3f:
                    c3:16:75:f6:51:7e:2d:0c:fe:22:9d:64:1f:07:48:
                    db:b3:fb:34:89:77:e6:c7:fb:9b:98:32:4d:56:37:
                    f9:a4:22:96:ff:f6:f5:98:7a:50:e4:19:99:50:eb:
                    1b:bf:73:2f:c6:8f:81:86:3d:60:7b:4e:56:ae:fd:
                    27:16:ce:48:ad:2d:df:40:66:05:68:cb:9b:ba:c9:
                    fa:3a:f5:45:9a:8c:28:b7:ba:28:0b:fa:8f:28:01:
                    e5:51:be:f9:0c:df:57:57:e1:f6:83:eb:95:23:5d:
                    89:85:a6:22:34:c8:90:ae:57:bb:57:f0:ba:f3:2d:
                    c1:e4:f8:af:93:1e:8b:d0:bb:ba:ff:01:69:0f:72:
                    c1:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:F0:85:5F:D8:AD:93:B4:4F:C4:F6:65:EA:5B:EF:82:11:63:83:51
            X509v3 Authority Key Identifier:
                keyid:B4:5E:62:27:0D:20:F9:46:7A:6A:FC:78:96:3D:BC:FB:80:FB:F5:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tF5iJw0g-UZ6avx4lj28-4D79So.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/ecb45e-2db6-4b54-bc91-0596296f12de/1/uvCFX9itk7RPxPZl6lvvghFjg1E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/ecb45e-2db6-4b54-bc91-0596296f12de/1/tF5iJw0g-UZ6avx4lj28-4D79So.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.87.0.0/16
                  194.160.0.0/16
                IPv6:
                  2001:4118::/32

    Signature Algorithm: sha256WithRSAEncryption
         25:84:4b:f2:7e:9e:b0:67:f2:fb:a7:0c:14:c7:95:77:34:04:
         5e:5d:b9:d3:21:8e:a0:e9:35:43:3b:f5:12:e6:c3:7a:37:37:
         47:70:71:30:59:84:1d:17:c3:71:d0:84:e0:e0:ac:90:d8:fc:
         2f:08:1e:3d:aa:a7:ff:68:65:a3:18:bf:01:02:9b:93:8a:de:
         61:a5:56:6e:72:ea:a2:7e:8f:a3:9c:07:5c:34:6e:e9:c9:90:
         1a:1b:d1:56:eb:a4:23:ba:5e:3a:ab:90:f7:6a:41:a1:fe:2a:
         d5:3f:84:df:b5:6b:16:6a:b2:4a:60:f2:7b:fd:45:00:3d:57:
         84:26:cb:52:b7:0b:ee:7c:b5:8b:b9:63:e3:4b:82:7e:a8:75:
         59:31:7c:57:51:a0:ad:72:95:d5:cb:c0:9a:ce:58:05:0f:1b:
         a0:c2:8b:76:d9:57:ce:61:ec:ac:f8:7f:5c:52:d4:83:4c:f3:
         b5:24:b4:59:42:43:41:50:a7:a8:a0:48:6c:48:d3:ac:5b:5b:
         56:c0:64:fe:92:88:22:dd:74:ae:82:82:61:55:32:ee:c6:bc:
         59:4b:c6:c1:04:3a:ac:db:58:27:87:2d:bf:85:cb:49:01:61:
         08:b7:43:13:db:53:fb:b8:d6:f5:b3:a8:ab:44:db:1e:c7:da:
         31:0b:f8:65
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAZQjaNoptv0nSWsPmAMG19JWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0NWU2MjI3MGQyMGY5NDY3YTZhZmM3ODk2M2RiY2ZiODBm
YmY1MmEwHhcNMjUwMTAxMTk0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWYwODU1ZmQ4YWQ5M2I0NGZjNGY2NjVlYTViZWY4MjExNjM4MzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ZdrqkzASpqj3pUfbHKOCpDnNhH5
jSvY9VVtN9rjZSkRb8oDnXMOLrQPl2hTlfTyS39L2RM449bJHXrO/0B+CiNrXkKm
nYVmH56yBQJE8vtRpl0i/I/utWpAv33/f9LKNjR70xMOJnxPb1Jbo41+s35s6kOh
mz/DFnX2UX4tDP4inWQfB0jbs/s0iXfmx/ubmDJNVjf5pCKW//b1mHpQ5BmZUOsb
v3Mvxo+Bhj1ge05Wrv0nFs5IrS3fQGYFaMubusn6OvVFmowot7ooC/qPKAHlUb75
DN9XV+H2g+uVI12JhaYiNMiQrle7V/C68y3B5Pivkx6L0Lu6/wFpD3LBXwIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFLrwhV/YrZO0T8T2Zepb74IRY4NRMB8GA1UdIwQY
MBaAFLReYicNIPlGemr8eJY9vPuA+/UqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEY1aUp3MGctVVo2YXZ4NGxqMjgtNEQ3OVNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC9lY2I0NWUtMmRiNi00YjU0LWJjOTEt
MDU5NjI5NmYxMmRlLzEvdXZDRlg5aXRrN1JQeFBabDZsdnZnaEZqZzFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC9lY2I0NWUtMmRiNi00YjU0LWJjOTEtMDU5NjI5NmYxMmRl
LzEvdEY1aUp3MGctVVo2YXZ4NGxqMjgtNEQ3OVNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDIGCCsGAQUFBwEHAQH/BCMwITAQBAIAATAKAwMAwVcDAwDC
oDANBAIAAjAHAwUAIAFBGDANBgkqhkiG9w0BAQsFAAOCAQEAJYRL8n6esGfy+6cM
FMeVdzQEXl250yGOoOk1Qzv1EubDejc3R3BxMFmEHRfDcdCE4OCskNj8LwgePaqn
/2hloxi/AQKbk4reYaVWbnLqon6Po5wHXDRu6cmQGhvRVuukI7peOquQ92pBof4q
1T+E37VrFmqySmDye/1FAD1XhCbLUrcL7ny1i7lj40uCfqh1WTF8V1GgrXKV1cvA
ms5YBQ8boMKLdtlXzmHsrPh/XFLUg0zztSS0WUJDQVCnqKBIbEjTrFtbVsBk/pKI
It10roKCYVUy7sa8WUvGwQQ6rNtYJ4ctv4XLSQFhCLdDE9tT+7jW9bOoq0TbHsfa
MQv4ZQ==
-----END CERTIFICATE-----