Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/0d38f9-e0c1-46cc-9a22-dfbb6ec3430e/1/uXgPf_GHZXRnXeYChGwQ6YgTY0A.roa
File:                     uXgPf_GHZXRnXeYChGwQ6YgTY0A.roa (raw, json)
Hash identifier:          O3rlazvN4WdAuuqeK4Ye7g2IFvV+XXKOscOrXA6JGjw=
Subject key identifier:   B9:78:0F:7F:F1:87:65:74:67:5D:E6:02:84:6C:10:E9:88:13:63:40
Certificate issuer:       /CN=17d2cc9e0b8186b60b270313cd96821022d04b95
Certificate serial:       01941FFA9A8530F9B4D043F89404F98E6DDC
Authority key identifier: 17:D2:CC:9E:0B:81:86:B6:0B:27:03:13:CD:96:82:10:22:D0:4B:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9LMnguBhrYLJwMTzZaCECLQS5U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/0d38f9-e0c1-46cc-9a22-dfbb6ec3430e/1/uXgPf_GHZXRnXeYChGwQ6YgTY0A.roa
Signing time:             Wed 01 Jan 2025 03:48:24 +0000
ROA not before:           Wed 01 Jan 2025 03:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205185
IP address blocks:        212.125.140.0/24 maxlen: 24
                          212.125.141.0/24 maxlen: 24
                          2a14:2940::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/0d38f9-e0c1-46cc-9a22-dfbb6ec3430e/1/F9LMnguBhrYLJwMTzZaCECLQS5U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/0d38f9-e0c1-46cc-9a22-dfbb6ec3430e/1/F9LMnguBhrYLJwMTzZaCECLQS5U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9LMnguBhrYLJwMTzZaCECLQS5U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 12:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:9a:85:30:f9:b4:d0:43:f8:94:04:f9:8e:6d:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d2cc9e0b8186b60b270313cd96821022d04b95
        Validity
            Not Before: Jan  1 03:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b9780f7ff1876574675de602846c10e988136340
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:b7:c1:47:ef:13:db:98:3c:66:d8:bb:15:12:
                    60:7b:5c:3a:29:bd:c6:0b:da:06:8c:80:bb:b3:ff:
                    ef:fa:15:e5:7f:05:85:29:8d:2f:9c:41:13:13:a1:
                    5a:23:c8:23:d0:12:8d:db:a3:59:58:e3:a0:f9:11:
                    df:4a:1f:f9:8d:fb:44:f0:53:78:0e:dd:ed:bb:a2:
                    59:5e:d3:8a:92:85:f9:0c:33:4d:31:a6:22:f1:a0:
                    c1:dc:9a:1f:a0:be:d8:65:a4:92:f7:42:ac:7e:49:
                    67:7a:21:25:e3:97:78:23:b5:71:0b:05:49:fd:a1:
                    da:f2:2a:c0:00:9b:68:14:83:f2:86:e5:a0:82:02:
                    35:5d:a5:e3:8c:85:5b:25:b3:73:a6:c7:17:55:be:
                    4a:21:a6:b2:15:de:28:9a:37:2a:a7:11:29:bd:0c:
                    e5:8d:f7:11:13:f2:8a:f8:ae:f6:58:2b:9f:d1:1d:
                    0a:be:9f:4d:0d:18:19:d9:c1:22:c8:b5:9a:3b:59:
                    4f:72:cc:89:7f:01:99:08:14:08:87:1e:4d:94:0d:
                    b1:89:f1:a3:25:e4:ab:93:a2:55:18:ae:24:4b:93:
                    5b:71:27:5c:c8:45:38:1a:2f:41:aa:cc:f8:36:90:
                    4d:c3:7d:48:fd:dd:52:0b:ef:94:3f:26:00:4f:90:
                    82:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:78:0F:7F:F1:87:65:74:67:5D:E6:02:84:6C:10:E9:88:13:63:40
            X509v3 Authority Key Identifier:
                keyid:17:D2:CC:9E:0B:81:86:B6:0B:27:03:13:CD:96:82:10:22:D0:4B:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9LMnguBhrYLJwMTzZaCECLQS5U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/0d38f9-e0c1-46cc-9a22-dfbb6ec3430e/1/uXgPf_GHZXRnXeYChGwQ6YgTY0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/0d38f9-e0c1-46cc-9a22-dfbb6ec3430e/1/F9LMnguBhrYLJwMTzZaCECLQS5U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.125.140.0/23
                IPv6:
                  2a14:2940::/29

    Signature Algorithm: sha256WithRSAEncryption
         24:41:3a:f8:22:4c:bb:fe:1f:ae:9d:bf:8d:f2:11:33:2e:49:
         07:89:6d:a6:e5:0f:6f:06:62:56:e7:dd:3e:1e:74:40:40:e9:
         43:81:7c:5c:76:21:cd:89:4e:32:fe:fe:0a:c5:7d:50:4e:7a:
         4f:cc:fd:bb:e4:b5:f1:68:b8:bd:26:6b:6b:0f:e1:f4:c7:5b:
         94:41:b4:49:9a:40:e2:17:7f:cb:c6:87:39:70:ab:4f:40:98:
         0f:b9:62:16:17:ce:77:5f:48:16:21:1c:61:69:46:e7:33:07:
         76:d1:7a:83:c1:88:1b:45:5b:77:25:68:92:54:92:f1:44:d5:
         a0:6d:73:39:2e:4d:9a:32:6a:96:26:03:de:aa:c2:58:6c:28:
         8a:75:cc:dc:73:22:bd:ed:00:be:67:fa:2b:bc:b4:15:36:07:
         14:a9:3b:74:37:d8:0a:3a:cf:d2:84:16:75:ee:e3:44:55:f6:
         0c:8d:ad:3f:61:5d:87:f3:00:0b:4f:da:3e:b8:d0:c6:76:bd:
         b3:40:82:5a:fc:79:b5:65:f8:d3:2a:6f:8f:f1:74:c4:1d:33:
         42:60:ce:1b:75:19:ad:3a:62:6c:96:52:14:7b:e8:c4:99:99:
         15:1b:00:77:7c:81:4b:ba:c1:34:ae:27:90:fd:f5:7b:51:fb:
         c4:39:5e:8f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQf+pqFMPm00EP4lAT5jm3cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDJjYzllMGI4MTg2YjYwYjI3MDMxM2NkOTY4MjEwMjJk
MDRiOTUwHhcNMjUwMTAxMDM0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTc4MGY3ZmYxODc2NTc0Njc1ZGU2MDI4NDZjMTBlOTg4MTM2MzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlLfBR+8T25g8Zti7FRJge1w6Kb3G
C9oGjIC7s//v+hXlfwWFKY0vnEETE6FaI8gj0BKN26NZWOOg+RHfSh/5jftE8FN4
Dt3tu6JZXtOKkoX5DDNNMaYi8aDB3JofoL7YZaSS90KsfklneiEl45d4I7VxCwVJ
/aHa8irAAJtoFIPyhuWgggI1XaXjjIVbJbNzpscXVb5KIaayFd4omjcqpxEpvQzl
jfcRE/KK+K72WCuf0R0Kvp9NDRgZ2cEiyLWaO1lPcsyJfwGZCBQIhx5NlA2xifGj
JeSrk6JVGK4kS5NbcSdcyEU4Gi9Bqsz4NpBNw31I/d1SC++UPyYAT5CCsQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLl4D3/xh2V0Z13mAoRsEOmIE2NAMB8GA1UdIwQY
MBaAFBfSzJ4LgYa2CycDE82WghAi0EuVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlMTW5ndUJocllMSndNVHpaYUNFQ0xRUzVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8wZDM4ZjktZTBjMS00NmNjLTlhMjIt
ZGZiYjZlYzM0MzBlLzEvdVhnUGZfR0haWFJuWGVZQ2hHd1E2WWdUWTBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8wZDM4ZjktZTBjMS00NmNjLTlhMjItZGZiYjZlYzM0MzBl
LzEvRjlMTW5ndUJocllMSndNVHpaYUNFQ0xRUzVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQB1H2MMA0E
AgACMAcDBQMqFClAMA0GCSqGSIb3DQEBCwUAA4IBAQAkQTr4Iky7/h+unb+N8hEz
LkkHiW2m5Q9vBmJW590+HnRAQOlDgXxcdiHNiU4y/v4KxX1QTnpPzP275LXxaLi9
JmtrD+H0x1uUQbRJmkDiF3/Lxoc5cKtPQJgPuWIWF853X0gWIRxhaUbnMwd20XqD
wYgbRVt3JWiSVJLxRNWgbXM5Lk2aMmqWJgPeqsJYbCiKdczccyK97QC+Z/orvLQV
NgcUqTt0N9gKOs/ShBZ17uNEVfYMja0/YV2H8wALT9o+uNDGdr2zQIJa/Hm1ZfjT
Km+P8XTEHTNCYM4bdRmtOmJsllIUe+jEmZkVGwB3fIFLusE0rieQ/fV7UfvEOV6P
-----END CERTIFICATE-----