Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/8e1198-e50f-416f-9d6b-1e9bff5e4021/1/ukETrBXaXN-UD0p_P4lkBp13yEg.roa
File:                     ukETrBXaXN-UD0p_P4lkBp13yEg.roa (raw, json)
Hash identifier:          1tDW+L2GN0E1ucMKdwQbOBeshAxIT1tSiJJRpkDWW6c=
Subject key identifier:   BA:41:13:AC:15:DA:5C:DF:94:0F:4A:7F:3F:89:64:06:9D:77:C8:48
Certificate issuer:       /CN=4df0970484eb26bc59fd8fa8d5bf7c3c7212d011
Certificate serial:       0196B062DA2FC50637D87E37A579314BEB23
Authority key identifier: 4D:F0:97:04:84:EB:26:BC:59:FD:8F:A8:D5:BF:7C:3C:72:12:D0:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TfCXBITrJrxZ_Y-o1b98PHIS0BE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/8e1198-e50f-416f-9d6b-1e9bff5e4021/1/ukETrBXaXN-UD0p_P4lkBp13yEg.roa
Signing time:             Thu 08 May 2025 14:53:10 +0000
ROA not before:           Thu 08 May 2025 14:53:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8772
IP address blocks:        185.230.44.0/22 maxlen: 22
                          185.237.226.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/8e1198-e50f-416f-9d6b-1e9bff5e4021/1/TfCXBITrJrxZ_Y-o1b98PHIS0BE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/8e1198-e50f-416f-9d6b-1e9bff5e4021/1/TfCXBITrJrxZ_Y-o1b98PHIS0BE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TfCXBITrJrxZ_Y-o1b98PHIS0BE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Jun 2025 09:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b0:62:da:2f:c5:06:37:d8:7e:37:a5:79:31:4b:eb:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4df0970484eb26bc59fd8fa8d5bf7c3c7212d011
        Validity
            Not Before: May  8 14:53:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ba4113ac15da5cdf940f4a7f3f8964069d77c848
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:23:5e:f8:11:f1:a5:f3:72:d9:d2:26:62:3d:
                    24:41:af:4b:10:d2:ea:44:60:67:45:b6:30:49:e3:
                    d1:6a:f6:57:cb:b4:d4:8e:39:97:18:bc:17:81:e0:
                    8a:73:53:a8:21:0d:11:b0:ca:33:de:50:b7:1b:31:
                    19:de:8c:66:8e:c6:bd:42:b5:6a:fd:c1:34:08:12:
                    fd:65:42:4a:59:09:6d:50:a3:32:f8:fb:55:ea:a2:
                    ec:f7:6c:97:14:5c:0d:99:ee:a0:d5:53:f8:74:4f:
                    9b:76:d6:69:6d:e9:9e:fd:1f:23:ac:04:9f:a6:ef:
                    24:86:d9:a8:16:92:f6:f3:68:38:62:23:45:d8:38:
                    10:e9:8f:4d:a7:12:4a:c7:17:24:cc:80:98:d2:fd:
                    64:2d:57:8d:16:56:58:07:41:d9:c6:75:7c:11:73:
                    41:07:2d:eb:33:5d:8d:68:af:e3:e5:32:b0:a5:4c:
                    cd:51:e6:26:d6:49:d7:a7:cb:db:19:55:8a:06:0e:
                    17:c6:2e:d5:1d:95:14:d1:c8:95:75:68:04:bc:4f:
                    3a:5b:34:2e:7a:25:de:0f:ab:b8:a9:78:ee:72:f4:
                    7c:a4:fc:c6:22:b6:fb:e1:e8:0c:00:12:64:c0:ae:
                    3c:34:be:8b:a7:18:ab:81:cc:d3:c3:26:40:49:4f:
                    71:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:41:13:AC:15:DA:5C:DF:94:0F:4A:7F:3F:89:64:06:9D:77:C8:48
            X509v3 Authority Key Identifier:
                keyid:4D:F0:97:04:84:EB:26:BC:59:FD:8F:A8:D5:BF:7C:3C:72:12:D0:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TfCXBITrJrxZ_Y-o1b98PHIS0BE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/8e1198-e50f-416f-9d6b-1e9bff5e4021/1/ukETrBXaXN-UD0p_P4lkBp13yEg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/8e1198-e50f-416f-9d6b-1e9bff5e4021/1/TfCXBITrJrxZ_Y-o1b98PHIS0BE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.230.44.0/22
                  185.237.226.0/23

    Signature Algorithm: sha256WithRSAEncryption
         88:8e:6f:ea:e4:40:bc:11:55:39:96:1b:8b:a4:b0:b5:b4:3d:
         86:68:b9:37:ee:42:85:34:96:fe:4a:88:6a:24:5d:79:bf:e2:
         b7:f0:d8:46:d3:a4:8a:b5:07:94:47:b7:d0:b6:f1:13:5c:4d:
         77:ea:9c:ad:73:86:66:4c:0a:34:7c:bb:39:76:00:bd:03:69:
         4e:95:f4:89:a3:4a:dd:bb:8f:70:ce:f3:af:0b:d0:d4:99:61:
         71:ee:ca:47:f9:f2:b9:7e:0c:42:96:d8:27:ca:4c:bb:ae:6c:
         5a:8e:f2:76:31:bd:36:84:bf:37:4a:50:4c:1b:3a:5a:a5:86:
         16:88:f1:1c:5f:39:4c:64:71:ee:46:0e:50:09:26:20:c7:43:
         35:f3:9d:eb:d7:98:b5:80:0f:ed:8d:4e:91:8e:e8:01:16:8b:
         cd:b0:7b:5d:b4:6f:34:d7:b5:00:4a:80:d5:fd:75:ab:ea:71:
         62:82:8f:91:7e:8d:72:d0:31:6e:18:aa:42:11:fa:a5:d2:1e:
         4f:9e:be:b6:5f:3d:dc:41:cc:cf:a5:e2:5a:16:c3:20:d6:99:
         21:48:85:fc:a9:bd:41:da:e2:54:f3:bb:ce:63:f7:53:d8:d7:
         61:ca:7e:3b:27:8b:8f:ec:3e:33:9e:0f:ce:bb:84:06:08:8c:
         8a:ac:df:35
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZawYtovxQY32H43pXkxS+sjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZjA5NzA0ODRlYjI2YmM1OWZkOGZhOGQ1YmY3YzNjNzIx
MmQwMTEwHhcNMjUwNTA4MTQ1MzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTQxMTNhYzE1ZGE1Y2RmOTQwZjRhN2YzZjg5NjQwNjlkNzdjODQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCNe+BHxpfNy2dImYj0kQa9LENLq
RGBnRbYwSePRavZXy7TUjjmXGLwXgeCKc1OoIQ0RsMoz3lC3GzEZ3oxmjsa9QrVq
/cE0CBL9ZUJKWQltUKMy+PtV6qLs92yXFFwNme6g1VP4dE+bdtZpbeme/R8jrASf
pu8khtmoFpL282g4YiNF2DgQ6Y9NpxJKxxckzICY0v1kLVeNFlZYB0HZxnV8EXNB
By3rM12NaK/j5TKwpUzNUeYm1knXp8vbGVWKBg4Xxi7VHZUU0ciVdWgEvE86WzQu
eiXeD6u4qXjucvR8pPzGIrb74egMABJkwK48NL6LpxirgczTwyZASU9xvwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLpBE6wV2lzflA9Kfz+JZAadd8hIMB8GA1UdIwQY
MBaAFE3wlwSE6ya8Wf2PqNW/fDxyEtARMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGZDWEJJVHJKcnhaX1ktbzFiOThQSElTMEJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC84ZTExOTgtZTUwZi00MTZmLTlkNmIt
MWU5YmZmNWU0MDIxLzEvdWtFVHJCWGFYTi1VRDBwX1A0bGtCcDEzeUVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC84ZTExOTgtZTUwZi00MTZmLTlkNmItMWU5YmZmNWU0MDIx
LzEvVGZDWEJJVHJKcnhaX1ktbzFiOThQSElTMEJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCueYsAwQB
ue3iMA0GCSqGSIb3DQEBCwUAA4IBAQCIjm/q5EC8EVU5lhuLpLC1tD2GaLk37kKF
NJb+SohqJF15v+K38NhG06SKtQeUR7fQtvETXE136pytc4ZmTAo0fLs5dgC9A2lO
lfSJo0rdu49wzvOvC9DUmWFx7spH+fK5fgxCltgnyky7rmxajvJ2Mb02hL83SlBM
GzpapYYWiPEcXzlMZHHuRg5QCSYgx0M1853r15i1gA/tjU6RjugBFovNsHtdtG80
17UASoDV/XWr6nFigo+Rfo1y0DFuGKpCEfql0h5Pnr62Xz3cQczPpeJaFsMg1pkh
SIX8qb1B2uJU87vOY/dT2Ndhyn47J4uP7D4zng/Ou4QGCIyKrN81
-----END CERTIFICATE-----