Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/584997-83ab-4817-aac3-88cf72ca9e46/1/uHwLCNaqw6reh3PVszS52rCZ-BI.roa
File:                     uHwLCNaqw6reh3PVszS52rCZ-BI.roa (raw, json)
Hash identifier:          vspOmj+Pb8zK0rzuCoe71w3v46APy4r5nJ3Ab+uPU+w=
Subject key identifier:   B8:7C:0B:08:D6:AA:C3:AA:DE:87:73:D5:B3:34:B9:DA:B0:99:F8:12
Certificate issuer:       /CN=6eb64fa8e05a2d7f564acf289ae757c404cdd9d0
Certificate serial:       0194ACC919FCB71E1A528533152D71FAA21E
Authority key identifier: 6E:B6:4F:A8:E0:5A:2D:7F:56:4A:CF:28:9A:E7:57:C4:04:CD:D9:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/brZPqOBaLX9WSs8omudXxATN2dA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/584997-83ab-4817-aac3-88cf72ca9e46/1/uHwLCNaqw6reh3PVszS52rCZ-BI.roa
Signing time:             Tue 28 Jan 2025 12:00:47 +0000
ROA not before:           Tue 28 Jan 2025 12:00:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        164.152.232.0/21 maxlen: 21
                          194.164.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/584997-83ab-4817-aac3-88cf72ca9e46/1/brZPqOBaLX9WSs8omudXxATN2dA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/584997-83ab-4817-aac3-88cf72ca9e46/1/brZPqOBaLX9WSs8omudXxATN2dA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/brZPqOBaLX9WSs8omudXxATN2dA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ac:c9:19:fc:b7:1e:1a:52:85:33:15:2d:71:fa:a2:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6eb64fa8e05a2d7f564acf289ae757c404cdd9d0
        Validity
            Not Before: Jan 28 12:00:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b87c0b08d6aac3aade8773d5b334b9dab099f812
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:37:1d:b4:f8:e1:ad:b9:f8:d5:4b:06:13:6a:
                    36:ed:95:ed:b6:85:1f:68:26:ed:b1:c7:eb:40:b2:
                    79:af:81:9b:4b:d0:cd:8b:4f:6d:37:ec:18:a0:ce:
                    27:83:1d:6a:9c:98:e0:36:bb:10:f1:16:56:dc:94:
                    cb:ec:8c:ca:57:8b:d5:cd:2c:76:e5:0c:18:e8:0b:
                    d3:80:4f:ec:a4:0f:da:69:7c:22:b9:25:50:8e:77:
                    2d:64:55:77:d3:f4:16:55:b1:56:81:40:d7:cb:da:
                    8a:74:5b:59:94:c8:6f:95:1a:52:a9:49:1c:d8:9c:
                    60:51:db:7f:ed:43:20:aa:49:9f:f1:70:9e:84:36:
                    4a:61:6a:d5:f0:11:da:40:fe:ad:d9:a4:1f:f1:50:
                    f0:57:bb:ab:32:c2:9f:93:dd:4b:f7:a3:c8:96:1d:
                    c9:4c:c6:11:e4:d3:cc:a6:2d:94:bc:bc:be:4a:63:
                    8b:bc:6d:66:b0:44:5a:fa:a2:1f:94:f0:d5:8e:88:
                    75:eb:11:c2:d0:b6:94:85:91:da:60:9e:a7:36:94:
                    49:f9:b7:9c:7d:45:a6:f3:44:25:83:ca:5d:3e:12:
                    5f:09:40:de:f2:a7:86:c9:b7:9f:34:53:cf:de:4f:
                    5a:0a:5c:b0:e1:08:1c:66:b1:f0:b3:97:c7:e5:4f:
                    45:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:7C:0B:08:D6:AA:C3:AA:DE:87:73:D5:B3:34:B9:DA:B0:99:F8:12
            X509v3 Authority Key Identifier:
                keyid:6E:B6:4F:A8:E0:5A:2D:7F:56:4A:CF:28:9A:E7:57:C4:04:CD:D9:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/brZPqOBaLX9WSs8omudXxATN2dA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/584997-83ab-4817-aac3-88cf72ca9e46/1/uHwLCNaqw6reh3PVszS52rCZ-BI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/584997-83ab-4817-aac3-88cf72ca9e46/1/brZPqOBaLX9WSs8omudXxATN2dA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.152.232.0/21
                  194.164.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:25:ee:6e:68:f1:88:49:25:b1:48:cb:72:81:8e:ca:4c:1b:
         3e:05:b6:c8:b1:f8:ad:02:5b:7f:9b:96:cb:fe:eb:50:4f:81:
         5c:ee:f9:b6:c3:be:cd:82:13:a0:8c:f6:6b:f4:4c:37:55:41:
         cd:ab:1b:33:b6:4d:11:4e:dc:45:d8:ed:1e:2c:84:b7:89:34:
         70:35:5b:36:ec:7a:0c:04:b6:a1:59:aa:aa:89:29:62:ec:02:
         13:5f:1d:f7:52:61:36:23:38:e2:06:10:2d:a6:62:08:47:0b:
         54:6a:21:e3:5e:a5:e0:a0:4f:cc:21:a5:d1:17:f3:30:fc:26:
         cc:61:90:82:24:1b:67:76:00:15:4f:2c:1b:1a:16:14:1e:06:
         f3:62:1d:b7:f6:f9:b4:dc:2a:5f:26:ea:b3:44:a2:b1:53:16:
         40:6a:2b:01:02:dd:eb:15:af:7d:f7:0d:71:af:c7:d4:09:dd:
         1f:89:58:1b:c1:e5:c6:23:c3:74:0f:3f:09:32:a6:8f:bc:12:
         4d:fd:90:7e:4e:7f:7e:1f:10:83:53:75:88:dc:11:a7:c1:d8:
         f8:c2:88:c5:00:f3:70:b9:b4:b9:28:39:80:67:ff:df:dd:ac:
         9d:23:eb:4a:f8:f1:56:8f:a3:2d:51:95:64:4f:37:c3:eb:ce:
         33:9f:e0:43
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZSsyRn8tx4aUoUzFS1x+qIeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlYjY0ZmE4ZTA1YTJkN2Y1NjRhY2YyODlhZTc1N2M0MDRj
ZGQ5ZDAwHhcNMjUwMTI4MTIwMDQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODdjMGIwOGQ2YWFjM2FhZGU4NzczZDViMzM0YjlkYWIwOTlmODEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAozcdtPjhrbn41UsGE2o27ZXttoUf
aCbtscfrQLJ5r4GbS9DNi09tN+wYoM4ngx1qnJjgNrsQ8RZW3JTL7IzKV4vVzSx2
5QwY6AvTgE/spA/aaXwiuSVQjnctZFV30/QWVbFWgUDXy9qKdFtZlMhvlRpSqUkc
2JxgUdt/7UMgqkmf8XCehDZKYWrV8BHaQP6t2aQf8VDwV7urMsKfk91L96PIlh3J
TMYR5NPMpi2UvLy+SmOLvG1msERa+qIflPDVjoh16xHC0LaUhZHaYJ6nNpRJ+bec
fUWm80Qlg8pdPhJfCUDe8qeGybefNFPP3k9aClyw4QgcZrHws5fH5U9FmQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLh8CwjWqsOq3odz1bM0udqwmfgSMB8GA1UdIwQY
MBaAFG62T6jgWi1/VkrPKJrnV8QEzdnQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnJaUHFPQmFMWDlXU3M4b211ZFh4QVROMmRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy81ODQ5OTctODNhYi00ODE3LWFhYzMt
ODhjZjcyY2E5ZTQ2LzEvdUh3TENOYXF3NnJlaDNQVnN6UzUyckNaLUJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy81ODQ5OTctODNhYi00ODE3LWFhYzMtODhjZjcyY2E5ZTQ2
LzEvYnJaUHFPQmFMWDlXU3M4b211ZFh4QVROMmRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDpJjoAwQA
wqT2MA0GCSqGSIb3DQEBCwUAA4IBAQA7Je5uaPGISSWxSMtygY7KTBs+BbbIsfit
Alt/m5bL/utQT4Fc7vm2w77NghOgjPZr9Ew3VUHNqxsztk0RTtxF2O0eLIS3iTRw
NVs27HoMBLahWaqqiSli7AITXx33UmE2IzjiBhAtpmIIRwtUaiHjXqXgoE/MIaXR
F/Mw/CbMYZCCJBtndgAVTywbGhYUHgbzYh239vm03CpfJuqzRKKxUxZAaisBAt3r
Fa999w1xr8fUCd0fiVgbweXGI8N0Dz8JMqaPvBJN/ZB+Tn9+HxCDU3WI3BGnwdj4
wojFAPNwubS5KDmAZ//f3aydI+tK+PFWj6MtUZVkTzfD684zn+BD
-----END CERTIFICATE-----