Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/6f433b-dc32-45a2-979e-ff143368753f/1/uL0oA5oOVHGz1EKQthaeZ4nofOI.roa
File:                     uL0oA5oOVHGz1EKQthaeZ4nofOI.roa (raw, json)
Hash identifier:          Ukj6KTn0iYnjxnepezeV1ye/hQ4gCPQyF7UCJwJgWx0=
Subject key identifier:   B8:BD:28:03:9A:0E:54:71:B3:D4:42:90:B6:16:9E:67:89:E8:7C:E2
Certificate issuer:       /CN=ea55dfd13021d5855ff194534933cd7d6cacd6cf
Certificate serial:       01942521D1F271EA05C2DE52CA1784C19B50
Authority key identifier: EA:55:DF:D1:30:21:D5:85:5F:F1:94:53:49:33:CD:7D:6C:AC:D6:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6lXf0TAh1YVf8ZRTSTPNfWys1s8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/6f433b-dc32-45a2-979e-ff143368753f/1/uL0oA5oOVHGz1EKQthaeZ4nofOI.roa
Signing time:             Thu 02 Jan 2025 03:49:20 +0000
ROA not before:           Thu 02 Jan 2025 03:49:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42303
IP address blocks:        185.102.16.0/22 maxlen: 24
                          2a01:6300::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/6f433b-dc32-45a2-979e-ff143368753f/1/6lXf0TAh1YVf8ZRTSTPNfWys1s8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/6f433b-dc32-45a2-979e-ff143368753f/1/6lXf0TAh1YVf8ZRTSTPNfWys1s8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6lXf0TAh1YVf8ZRTSTPNfWys1s8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Apr 2025 14:31:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:d1:f2:71:ea:05:c2:de:52:ca:17:84:c1:9b:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea55dfd13021d5855ff194534933cd7d6cacd6cf
        Validity
            Not Before: Jan  2 03:49:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b8bd28039a0e5471b3d44290b6169e6789e87ce2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:78:1b:16:bf:ac:5e:86:c2:c3:79:3b:c6:d5:
                    05:4e:42:bc:2d:fe:00:4b:b1:3a:ff:06:1b:f5:16:
                    fd:0c:d6:ba:6f:13:68:b9:35:7d:c7:d0:4f:4a:fa:
                    2e:6c:43:5a:b8:1c:ea:ed:26:0b:a3:8d:35:15:b4:
                    5a:a5:c2:d2:77:d0:d1:4c:71:7c:25:4b:2d:8c:97:
                    27:f5:04:3f:93:65:e5:e0:0c:7e:17:59:7d:50:84:
                    c0:30:6f:d8:d9:21:f6:a6:63:ab:c1:45:42:cf:21:
                    d9:19:44:2a:63:89:f4:3a:e6:83:06:1f:e7:fd:13:
                    70:b1:54:ce:51:15:46:6e:2a:6e:1b:9a:19:23:39:
                    00:bc:02:18:14:77:2e:7c:c9:74:fb:ed:0e:9e:8c:
                    01:9f:b5:88:25:1c:0f:5d:d1:00:ac:b4:f0:a1:78:
                    26:e9:df:14:1f:91:09:fd:08:d3:d2:63:e6:bf:b1:
                    fe:83:8a:b1:0f:dd:12:6e:29:06:be:3d:8f:c1:33:
                    b8:15:84:dc:14:3c:6c:a4:d6:95:06:09:25:67:9a:
                    bb:c8:b4:0e:f7:5d:20:41:19:7c:56:48:27:e1:d3:
                    dc:c1:9f:bd:51:35:dd:8c:1e:59:be:5e:18:ce:a3:
                    05:22:cc:6e:86:d4:ee:25:a4:02:d7:45:92:0d:8f:
                    f8:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:BD:28:03:9A:0E:54:71:B3:D4:42:90:B6:16:9E:67:89:E8:7C:E2
            X509v3 Authority Key Identifier:
                keyid:EA:55:DF:D1:30:21:D5:85:5F:F1:94:53:49:33:CD:7D:6C:AC:D6:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6lXf0TAh1YVf8ZRTSTPNfWys1s8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/6f433b-dc32-45a2-979e-ff143368753f/1/uL0oA5oOVHGz1EKQthaeZ4nofOI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/6f433b-dc32-45a2-979e-ff143368753f/1/6lXf0TAh1YVf8ZRTSTPNfWys1s8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.102.16.0/22
                IPv6:
                  2a01:6300::/32

    Signature Algorithm: sha256WithRSAEncryption
         8d:6b:31:c4:f4:24:db:3c:b8:93:36:83:31:50:83:b5:6a:4e:
         bd:62:3e:44:63:f4:f9:ad:99:46:d7:f7:96:dc:1f:4b:48:37:
         63:50:7c:4e:c0:50:aa:cd:59:68:71:a0:50:2b:34:e6:8a:50:
         cb:37:72:ea:86:95:21:29:b0:39:f5:2b:df:8d:ac:d4:06:fa:
         2a:f6:6a:66:94:cf:f9:de:8a:0b:6b:d6:41:44:29:51:33:b1:
         99:29:1b:38:3c:3b:f5:c2:d7:53:9e:d4:b3:fe:98:02:7a:c3:
         aa:df:e6:48:66:36:31:e1:04:f2:ac:23:2b:00:4e:f8:e5:cd:
         02:61:bc:f0:09:74:cd:3a:e9:fa:dc:8d:c3:9a:e6:5a:6b:8a:
         77:d5:0a:a6:59:02:19:f6:76:d9:2f:d5:da:d1:a8:cd:fa:f2:
         e5:19:2a:5d:46:59:52:f0:20:19:03:f6:6d:26:4f:7c:00:1d:
         f4:6a:41:98:ae:39:75:c5:53:8e:ae:64:2e:5c:98:6f:19:c3:
         b9:f1:88:6f:c6:26:e0:a5:9f:36:35:a3:3d:19:88:0a:cb:15:
         89:96:16:04:a9:ea:0c:76:99:4b:72:18:0e:b8:06:42:89:a4:
         5c:b0:a3:9e:10:30:e6:dd:a9:a5:00:7e:9b:ff:3a:bd:27:b5:
         c9:99:c8:d3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlIdHyceoFwt5SyheEwZtQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhNTVkZmQxMzAyMWQ1ODU1ZmYxOTQ1MzQ5MzNjZDdkNmNh
Y2Q2Y2YwHhcNMjUwMTAyMDM0OTIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGJkMjgwMzlhMGU1NDcxYjNkNDQyOTBiNjE2OWU2Nzg5ZTg3Y2UyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwngbFr+sXobCw3k7xtUFTkK8Lf4A
S7E6/wYb9Rb9DNa6bxNouTV9x9BPSvoubENauBzq7SYLo401FbRapcLSd9DRTHF8
JUstjJcn9QQ/k2Xl4Ax+F1l9UITAMG/Y2SH2pmOrwUVCzyHZGUQqY4n0OuaDBh/n
/RNwsVTOURVGbipuG5oZIzkAvAIYFHcufMl0++0OnowBn7WIJRwPXdEArLTwoXgm
6d8UH5EJ/QjT0mPmv7H+g4qxD90SbikGvj2PwTO4FYTcFDxspNaVBgklZ5q7yLQO
910gQRl8Vkgn4dPcwZ+9UTXdjB5Zvl4YzqMFIsxuhtTuJaQC10WSDY/42wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLi9KAOaDlRxs9RCkLYWnmeJ6HziMB8GA1UdIwQY
MBaAFOpV39EwIdWFX/GUU0kzzX1srNbPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmxYZjBUQWgxWVZmOFpSVFNUUE5mV3lzMXM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS82ZjQzM2ItZGMzMi00NWEyLTk3OWUt
ZmYxNDMzNjg3NTNmLzEvdUwwb0E1b09WSEd6MUVLUXRoYWVaNG5vZk9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS82ZjQzM2ItZGMzMi00NWEyLTk3OWUtZmYxNDMzNjg3NTNm
LzEvNmxYZjBUQWgxWVZmOFpSVFNUUE5mV3lzMXM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWYQMA0E
AgACMAcDBQAqAWMAMA0GCSqGSIb3DQEBCwUAA4IBAQCNazHE9CTbPLiTNoMxUIO1
ak69Yj5EY/T5rZlG1/eW3B9LSDdjUHxOwFCqzVlocaBQKzTmilDLN3LqhpUhKbA5
9SvfjazUBvoq9mpmlM/53ooLa9ZBRClRM7GZKRs4PDv1wtdTntSz/pgCesOq3+ZI
ZjYx4QTyrCMrAE745c0CYbzwCXTNOun63I3DmuZaa4p31QqmWQIZ9nbZL9Xa0ajN
+vLlGSpdRllS8CAZA/ZtJk98AB30akGYrjl1xVOOrmQuXJhvGcO58YhvxibgpZ82
NaM9GYgKyxWJlhYEqeoMdplLchgOuAZCiaRcsKOeEDDm3amlAH6b/zq9J7XJmcjT
-----END CERTIFICATE-----