Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/1-UwssftU1Q50I2ZMm1YB96JnJrQ.roa
File:                     1-UwssftU1Q50I2ZMm1YB96JnJrQ.roa (raw, json)
Hash identifier:          5kj+vo8AyIDhcVTeWxzWVbYNvObPDiQtfd1I6cUdY60=
Subject key identifier:   F9:4C:2C:B1:FB:54:D5:0E:74:23:66:4C:9B:56:01:F7:A2:67:26:B4
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       0196445E4375CD65907199C155936DA4E193
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/1-UwssftU1Q50I2ZMm1YB96JnJrQ.roa
Signing time:             Thu 17 Apr 2025 15:29:10 +0000
ROA not before:           Thu 17 Apr 2025 15:29:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199414
IP address blocks:        81.181.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:44:5e:43:75:cd:65:90:71:99:c1:55:93:6d:a4:e1:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Apr 17 15:29:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f94c2cb1fb54d50e7423664c9b5601f7a26726b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:c5:83:74:93:28:0a:46:2e:1f:1f:e1:86:1f:
                    dc:40:11:ef:e7:13:ee:d9:da:e9:70:2f:d8:0a:c5:
                    97:41:b6:14:43:4f:49:af:df:e1:be:16:72:1b:92:
                    d5:dd:83:21:fe:aa:f2:37:f6:b6:2e:a3:68:bf:f3:
                    63:7d:d7:e0:28:38:74:e3:80:0a:6c:8c:53:ee:ab:
                    b0:cd:c8:f8:c0:14:b9:65:54:8e:97:20:70:a7:fb:
                    9e:90:73:12:9f:c1:40:5b:56:d7:94:08:56:0f:da:
                    0e:09:8b:9e:fb:5f:ac:97:42:3f:2e:39:77:db:49:
                    a9:2f:58:cd:7c:94:9d:48:b2:0b:45:78:cf:2a:c9:
                    e0:97:29:5c:b9:10:78:03:b3:87:74:05:2b:8a:af:
                    83:c4:84:cb:01:aa:2f:8b:d4:db:5a:1c:2f:26:01:
                    d0:d8:a9:50:bd:aa:b2:3f:9a:e8:0a:23:37:de:fb:
                    aa:fa:95:55:90:e2:a6:51:6d:84:c2:77:4d:95:7c:
                    84:38:e1:00:9d:6d:89:e8:d5:d9:16:33:23:1f:6d:
                    c3:e1:38:79:84:91:72:76:10:fe:cc:ef:e6:77:cd:
                    e2:a2:c4:db:88:a7:7c:3e:eb:0a:4d:99:76:59:e5:
                    f4:41:19:82:6a:7b:84:c0:cd:a4:73:0a:75:cb:82:
                    73:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:4C:2C:B1:FB:54:D5:0E:74:23:66:4C:9B:56:01:F7:A2:67:26:B4
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/1-UwssftU1Q50I2ZMm1YB96JnJrQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.181.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:48:fa:80:f4:a6:a7:15:f4:aa:c2:82:34:e5:d3:57:9c:08:
         45:fa:53:83:d2:8c:c3:89:63:38:30:46:8b:a1:71:d0:6c:46:
         4f:ce:b7:6b:09:9b:7f:dc:85:60:55:f7:6e:ed:3e:5f:fc:db:
         34:7e:c7:6e:07:34:a2:94:35:97:3b:25:24:9f:84:ed:9f:70:
         0c:fd:fc:33:1a:3d:4a:dd:26:2a:f4:b4:f4:fe:12:e9:d0:ed:
         f0:9b:53:4f:2f:e1:c6:d6:de:86:17:5a:5e:a0:eb:9d:f4:29:
         75:ef:19:8d:5e:32:cb:bc:c4:f0:4d:67:9f:22:a0:cb:36:7b:
         54:f3:c4:81:68:fd:e7:4f:43:1f:e2:e8:4c:36:e3:1c:1e:7f:
         79:fe:2a:b2:f2:ba:69:f7:cb:e9:b6:f7:fb:12:f7:23:67:92:
         f6:f4:11:6c:7e:db:d5:79:6f:7c:f8:79:6d:f3:02:71:c9:c5:
         65:e4:d2:ae:ab:93:ea:46:8b:5c:a4:ac:c7:91:68:78:61:fc:
         82:bd:86:a8:f1:a3:75:2a:55:a0:32:c7:c8:fd:1e:2a:b4:f9:
         3f:1f:c5:b1:3d:8f:9a:0f:e5:27:f7:bd:82:80:96:f8:9f:06:
         c2:d2:55:83:0c:fc:ba:8a:ed:5f:8d:20:1d:6a:96:9e:3e:dd:
         cc:1d:a1:09
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZZEXkN1zWWQcZnBVZNtpOGTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjUwNDE3MTUyOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTRjMmNiMWZiNTRkNTBlNzQyMzY2NGM5YjU2MDFmN2EyNjcyNmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy8WDdJMoCkYuHx/hhh/cQBHv5xPu
2drpcC/YCsWXQbYUQ09Jr9/hvhZyG5LV3YMh/qryN/a2LqNov/NjfdfgKDh044AK
bIxT7quwzcj4wBS5ZVSOlyBwp/uekHMSn8FAW1bXlAhWD9oOCYue+1+sl0I/Ljl3
20mpL1jNfJSdSLILRXjPKsnglylcuRB4A7OHdAUriq+DxITLAaovi9TbWhwvJgHQ
2KlQvaqyP5roCiM33vuq+pVVkOKmUW2EwndNlXyEOOEAnW2J6NXZFjMjH23D4Th5
hJFydhD+zO/md83iosTbiKd8PusKTZl2WeX0QRmCanuEwM2kcwp1y4JziwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPlMLLH7VNUOdCNmTJtWAfeiZya0MB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvMS1Vd3NzZnRVMVE1MEkyWk1tMVlCOTZKbkpyUS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTUvNzE5M2RiLTdmODUtNDJiYi1iMDlhLWY1MmM0N2MyMjVk
Yi8xL01ZTjRXUmJObU5mSGNOYUZGRlNacUtDaFZ5SS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFG19DAN
BgkqhkiG9w0BAQsFAAOCAQEAIkj6gPSmpxX0qsKCNOXTV5wIRfpTg9KMw4ljODBG
i6Fx0GxGT863awmbf9yFYFX3bu0+X/zbNH7Hbgc0opQ1lzslJJ+E7Z9wDP38Mxo9
St0mKvS09P4S6dDt8JtTTy/hxtbehhdaXqDrnfQpde8ZjV4yy7zE8E1nnyKgyzZ7
VPPEgWj9509DH+LoTDbjHB5/ef4qsvK6affL6bb3+xL3I2eS9vQRbH7b1XlvfPh5
bfMCccnFZeTSrquT6kaLXKSsx5FoeGH8gr2GqPGjdSpVoDLHyP0eKrT5Px/FsT2P
mg/lJ/e9goCW+J8GwtJVgwz8uortX40gHWqWnj7dzB2hCQ==
-----END CERTIFICATE-----