Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/ueIl5HLpFqn43HBQc7-Q4ZVn06k.roa
File:                     ueIl5HLpFqn43HBQc7-Q4ZVn06k.roa (raw, json)
Hash identifier:          fzhg7jHCYT5oIQ824HH1vwjcqcxosVhT8YpZmbw8K50=
Subject key identifier:   B9:E2:25:E4:72:E9:16:A9:F8:DC:70:50:73:BF:90:E1:95:67:D3:A9
Certificate issuer:       /CN=2979cc43c2469ffa5cf8b7ac639b01f3a768ac55
Certificate serial:       0194214468258E398034D6832300ED560D78
Authority key identifier: 29:79:CC:43:C2:46:9F:FA:5C:F8:B7:AC:63:9B:01:F3:A7:68:AC:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KXnMQ8JGn_pc-LesY5sB86dorFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/ueIl5HLpFqn43HBQc7-Q4ZVn06k.roa
Signing time:             Wed 01 Jan 2025 09:48:38 +0000
ROA not before:           Wed 01 Jan 2025 09:48:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214504
IP address blocks:        185.121.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/KXnMQ8JGn_pc-LesY5sB86dorFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/KXnMQ8JGn_pc-LesY5sB86dorFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KXnMQ8JGn_pc-LesY5sB86dorFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:68:25:8e:39:80:34:d6:83:23:00:ed:56:0d:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2979cc43c2469ffa5cf8b7ac639b01f3a768ac55
        Validity
            Not Before: Jan  1 09:48:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b9e225e472e916a9f8dc705073bf90e19567d3a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:2a:7e:4c:52:7b:50:94:30:f2:98:2b:bd:fd:
                    aa:50:4d:cb:76:db:67:15:de:49:22:18:3c:46:29:
                    d3:36:e4:b4:d0:38:fb:84:d6:e1:98:db:68:9d:ac:
                    5a:b2:8b:47:9c:f8:d6:7e:de:84:4a:59:4d:d5:b7:
                    a0:53:f5:70:f8:34:89:ee:ce:dc:c7:fa:fc:6c:2d:
                    b2:95:61:40:0e:b8:e8:a7:ba:55:94:1e:64:47:8a:
                    aa:70:ea:83:2e:e2:76:eb:90:71:33:4e:ed:07:cc:
                    1e:f3:6a:55:7b:ea:2f:6c:9c:18:15:22:5a:40:f2:
                    7c:6a:4c:08:cf:45:e8:18:49:4a:d0:5a:81:0e:b0:
                    2a:4e:dd:7b:e2:ec:68:f1:1c:8c:e8:d0:d5:db:fd:
                    72:3a:29:d0:c8:b7:7c:c4:da:bb:95:20:cf:c9:0a:
                    dd:8a:e9:17:da:d6:83:3c:0a:7d:12:b0:64:7a:df:
                    87:99:5b:29:35:75:d5:be:0c:e1:91:56:58:69:5e:
                    62:e9:6e:90:9e:8f:84:21:21:c4:e9:7b:c6:fe:de:
                    97:48:7e:94:b5:7e:6b:6b:d4:92:a9:42:d4:77:fb:
                    ae:90:e7:00:52:79:34:97:b2:e6:0a:85:70:5a:dd:
                    9b:d0:aa:7c:0b:2c:a5:a2:0b:03:e7:74:0b:03:d8:
                    d8:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:E2:25:E4:72:E9:16:A9:F8:DC:70:50:73:BF:90:E1:95:67:D3:A9
            X509v3 Authority Key Identifier:
                keyid:29:79:CC:43:C2:46:9F:FA:5C:F8:B7:AC:63:9B:01:F3:A7:68:AC:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KXnMQ8JGn_pc-LesY5sB86dorFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/ueIl5HLpFqn43HBQc7-Q4ZVn06k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/KXnMQ8JGn_pc-LesY5sB86dorFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.121.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:d8:9a:a4:c2:f3:af:47:0f:f2:11:26:ce:f2:4c:80:45:49:
         65:28:d0:14:ca:86:2d:6f:b7:26:1f:39:db:37:7b:c1:e2:88:
         6b:56:32:69:b1:ce:54:9a:74:0c:fb:e3:17:5f:1e:35:48:9c:
         63:61:12:b3:b9:e2:ad:80:02:35:57:e6:63:3e:ef:1a:98:28:
         e8:42:b0:3e:ce:c5:5c:ee:76:e3:a6:c4:76:af:77:81:1e:08:
         de:62:01:44:67:78:83:b5:40:60:62:28:85:f1:47:6c:ec:a4:
         1f:75:64:89:87:ae:88:f6:4a:1f:2d:75:f1:39:c0:f2:9f:9a:
         f2:fc:48:70:2d:99:95:80:a6:cb:4a:c1:76:44:38:99:fa:76:
         54:22:97:2e:6e:35:76:62:ee:23:9f:03:a3:96:7e:03:77:5d:
         4b:b3:c3:89:47:38:02:13:20:69:14:7f:bc:d2:b6:70:3b:d5:
         e9:c7:da:7c:30:c1:6e:b4:a7:16:f2:fe:8a:a2:41:35:d2:f8:
         ed:67:d6:ce:24:23:c2:0a:5c:54:01:64:de:f2:d9:3b:57:1c:
         10:4e:6b:49:ac:8b:52:63:34:34:ff:d3:60:56:d4:3a:d6:ba:
         a7:88:6c:11:9e:fb:4e:8d:04:62:ee:03:e9:f3:69:2d:4f:3c:
         1a:9d:b8:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRGgljjmANNaDIwDtVg14MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NzljYzQzYzI0NjlmZmE1Y2Y4YjdhYzYzOWIwMWYzYTc2
OGFjNTUwHhcNMjUwMTAxMDk0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWUyMjVlNDcyZTkxNmE5ZjhkYzcwNTA3M2JmOTBlMTk1NjdkM2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmCp+TFJ7UJQw8pgrvf2qUE3Ldttn
Fd5JIhg8RinTNuS00Dj7hNbhmNtonaxasotHnPjWft6ESllN1begU/Vw+DSJ7s7c
x/r8bC2ylWFADrjop7pVlB5kR4qqcOqDLuJ265BxM07tB8we82pVe+ovbJwYFSJa
QPJ8akwIz0XoGElK0FqBDrAqTt174uxo8RyM6NDV2/1yOinQyLd8xNq7lSDPyQrd
iukX2taDPAp9ErBket+HmVspNXXVvgzhkVZYaV5i6W6Qno+EISHE6XvG/t6XSH6U
tX5ra9SSqULUd/uukOcAUnk0l7LmCoVwWt2b0Kp8CyylogsD53QLA9jYTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLniJeRy6Rap+NxwUHO/kOGVZ9OpMB8GA1UdIwQY
MBaAFCl5zEPCRp/6XPi3rGObAfOnaKxVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1huTVE4SkduX3BjLUxlc1k1c0I4NmRvckZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi9lNDBmOWQtMDBmNC00MGQ5LThiOGQt
NDBlYWViYzFjNDdlLzEvdWVJbDVITHBGcW40M0hCUWM3LVE0WlZuMDZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi9lNDBmOWQtMDBmNC00MGQ5LThiOGQtNDBlYWViYzFjNDdl
LzEvS1huTVE4SkduX3BjLUxlc1k1c0I4NmRvckZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXnhMA0G
CSqGSIb3DQEBCwUAA4IBAQCM2JqkwvOvRw/yESbO8kyARUllKNAUyoYtb7cmHznb
N3vB4ohrVjJpsc5UmnQM++MXXx41SJxjYRKzueKtgAI1V+ZjPu8amCjoQrA+zsVc
7nbjpsR2r3eBHgjeYgFEZ3iDtUBgYiiF8Uds7KQfdWSJh66I9kofLXXxOcDyn5ry
/EhwLZmVgKbLSsF2RDiZ+nZUIpcubjV2Yu4jnwOjln4Dd11Ls8OJRzgCEyBpFH+8
0rZwO9Xpx9p8MMFutKcW8v6KokE10vjtZ9bOJCPCClxUAWTe8tk7VxwQTmtJrItS
YzQ0/9NgVtQ61rqniGwRnvtOjQRi7gPp82ktTzwanbgK
-----END CERTIFICATE-----