Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/445a66-b76b-4b48-a02d-bc289a931b4b/1/UubezK0uH4JLqxbhgPEY0N-6nSw.roa
File:                     UubezK0uH4JLqxbhgPEY0N-6nSw.roa (raw, json)
Hash identifier:          Oagl7z5x1jSe2CWCzxXuth3kqDf2dweMIxQL2+jadVg=
Subject key identifier:   52:E6:DE:CC:AD:2E:1F:82:4B:AB:16:E1:80:F1:18:D0:DF:BA:9D:2C
Certificate issuer:       /CN=880b0f7acb87d134c3859d72d0d1a61e4751bac0
Certificate serial:       01942067F51D7431C2440F1D64C6485352F8
Authority key identifier: 88:0B:0F:7A:CB:87:D1:34:C3:85:9D:72:D0:D1:A6:1E:47:51:BA:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iAsPesuH0TTDhZ1y0NGmHkdRusA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/445a66-b76b-4b48-a02d-bc289a931b4b/1/UubezK0uH4JLqxbhgPEY0N-6nSw.roa
Signing time:             Wed 01 Jan 2025 05:47:51 +0000
ROA not before:           Wed 01 Jan 2025 05:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51092
IP address blocks:        185.250.0.0/22 maxlen: 22
                          185.250.3.0/24 maxlen: 24
                          2a0c:7bc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/445a66-b76b-4b48-a02d-bc289a931b4b/1/iAsPesuH0TTDhZ1y0NGmHkdRusA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/445a66-b76b-4b48-a02d-bc289a931b4b/1/iAsPesuH0TTDhZ1y0NGmHkdRusA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iAsPesuH0TTDhZ1y0NGmHkdRusA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:f5:1d:74:31:c2:44:0f:1d:64:c6:48:53:52:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=880b0f7acb87d134c3859d72d0d1a61e4751bac0
        Validity
            Not Before: Jan  1 05:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=52e6deccad2e1f824bab16e180f118d0dfba9d2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:57:84:87:4b:ef:6b:01:96:96:f6:46:e4:e0:
                    79:a0:60:ac:04:8c:e7:50:78:bd:30:37:ca:7a:3d:
                    07:32:4c:1b:35:6e:55:59:0e:9f:e0:4f:f0:0c:b1:
                    79:d5:6c:6e:9a:b0:98:1f:7e:32:d9:0c:30:29:9c:
                    e7:49:bb:af:ec:6b:9f:a0:9c:23:f2:50:3f:9b:0e:
                    9d:16:ab:12:aa:4c:86:31:37:1e:b2:af:c9:41:d4:
                    51:76:94:09:ee:b8:ec:ed:28:df:4f:e2:1c:97:12:
                    d0:5d:11:ec:03:a5:40:db:81:ba:5d:8f:59:d6:05:
                    7e:6d:70:92:c9:e5:2d:68:12:62:b9:f9:46:3a:b6:
                    30:70:81:e9:82:34:5b:6e:b7:ba:f0:2b:18:61:76:
                    28:35:3d:e5:ec:31:a0:a3:4e:90:b8:be:75:ce:da:
                    57:ac:17:80:8e:6b:1b:7b:3a:89:ea:02:ea:07:44:
                    e2:60:fe:26:45:7a:c7:1a:eb:e4:ba:96:10:38:54:
                    62:94:3c:49:39:32:dc:1f:9d:ad:66:33:e9:b4:c7:
                    be:72:4b:d6:ef:94:97:c2:0b:c7:5a:a8:59:94:42:
                    18:ba:b6:a2:7f:b5:49:12:a2:9f:19:e1:4d:9a:53:
                    74:3b:63:2c:7a:2e:43:8f:f7:1c:a4:6d:6d:3d:a7:
                    4e:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:E6:DE:CC:AD:2E:1F:82:4B:AB:16:E1:80:F1:18:D0:DF:BA:9D:2C
            X509v3 Authority Key Identifier:
                keyid:88:0B:0F:7A:CB:87:D1:34:C3:85:9D:72:D0:D1:A6:1E:47:51:BA:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iAsPesuH0TTDhZ1y0NGmHkdRusA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/445a66-b76b-4b48-a02d-bc289a931b4b/1/UubezK0uH4JLqxbhgPEY0N-6nSw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/445a66-b76b-4b48-a02d-bc289a931b4b/1/iAsPesuH0TTDhZ1y0NGmHkdRusA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.250.0.0/22
                IPv6:
                  2a0c:7bc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         06:5f:a6:ce:c2:96:f9:c3:b6:c5:b1:7e:1e:76:c2:d3:56:af:
         27:c3:75:ed:18:85:d9:a1:c0:57:0e:a6:97:d5:66:ff:76:57:
         70:cb:3c:08:dd:91:1a:6b:4e:5a:2e:1f:6f:23:e7:10:4e:9d:
         2b:ca:c0:23:f4:c4:ab:85:f5:98:ea:47:05:8d:0b:e7:75:b7:
         cd:f8:cf:fe:11:4e:30:9f:ba:1e:e0:d5:b1:7f:78:ea:e9:78:
         b3:7b:8e:18:5e:f6:46:53:59:f9:8d:a4:f8:43:ac:67:69:c2:
         df:d2:38:c9:dc:92:85:06:91:04:3c:f8:44:4d:56:7f:da:31:
         57:72:a8:1a:b9:f3:82:b4:c0:3d:1f:6e:d9:57:73:05:56:97:
         c5:69:22:43:d6:53:6c:00:d5:73:39:52:83:a2:c9:69:f8:80:
         b8:06:e9:42:82:4c:a8:23:20:cd:17:21:37:f0:1b:78:02:a1:
         29:6d:e6:8d:00:56:a7:3e:47:e9:32:c1:2e:4e:11:b9:ae:17:
         49:85:0e:a4:8e:9e:95:92:09:99:23:f5:34:ab:25:4f:43:39:
         64:8f:f1:05:3b:b8:0a:39:e5:f6:79:4f:4d:27:22:99:18:74:
         a8:6e:60:2b:37:21:8b:ad:23:57:4e:7a:3c:5a:17:78:eb:55:
         b4:92:00:9c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQgZ/UddDHCRA8dZMZIU1L4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4MGIwZjdhY2I4N2QxMzRjMzg1OWQ3MmQwZDFhNjFlNDc1
MWJhYzAwHhcNMjUwMTAxMDU0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmU2ZGVjY2FkMmUxZjgyNGJhYjE2ZTE4MGYxMThkMGRmYmE5ZDJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3FeEh0vvawGWlvZG5OB5oGCsBIzn
UHi9MDfKej0HMkwbNW5VWQ6f4E/wDLF51WxumrCYH34y2QwwKZznSbuv7GufoJwj
8lA/mw6dFqsSqkyGMTcesq/JQdRRdpQJ7rjs7SjfT+IclxLQXRHsA6VA24G6XY9Z
1gV+bXCSyeUtaBJiuflGOrYwcIHpgjRbbre68CsYYXYoNT3l7DGgo06QuL51ztpX
rBeAjmsbezqJ6gLqB0TiYP4mRXrHGuvkupYQOFRilDxJOTLcH52tZjPptMe+ckvW
75SXwgvHWqhZlEIYuraif7VJEqKfGeFNmlN0O2Msei5Dj/ccpG1tPadOjwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFLm3sytLh+CS6sW4YDxGNDfup0sMB8GA1UdIwQY
MBaAFIgLD3rLh9E0w4WdctDRph5HUbrAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUFzUGVzdUgwVFREaFoxeTBOR21Ia2RSdXNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi80NDVhNjYtYjc2Yi00YjQ4LWEwMmQt
YmMyODlhOTMxYjRiLzEvVXViZXpLMHVINEpMcXhiaGdQRVkwTi02blN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi80NDVhNjYtYjc2Yi00YjQ4LWEwMmQtYmMyODlhOTMxYjRi
LzEvaUFzUGVzdUgwVFREaFoxeTBOR21Ia2RSdXNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufoAMA0E
AgACMAcDBQMqDHvAMA0GCSqGSIb3DQEBCwUAA4IBAQAGX6bOwpb5w7bFsX4edsLT
Vq8nw3XtGIXZocBXDqaX1Wb/dldwyzwI3ZEaa05aLh9vI+cQTp0rysAj9MSrhfWY
6kcFjQvndbfN+M/+EU4wn7oe4NWxf3jq6Xize44YXvZGU1n5jaT4Q6xnacLf0jjJ
3JKFBpEEPPhETVZ/2jFXcqgaufOCtMA9H27ZV3MFVpfFaSJD1lNsANVzOVKDoslp
+IC4BulCgkyoIyDNFyE38Bt4AqEpbeaNAFanPkfpMsEuThG5rhdJhQ6kjp6VkgmZ
I/U0qyVPQzlkj/EFO7gKOeX2eU9NJyKZGHSobmArNyGLrSNXTno8Whd461W0kgCc
-----END CERTIFICATE-----