Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/UslAMNDGH2di8acO0CKRyggNeYw.roa
File:                     UslAMNDGH2di8acO0CKRyggNeYw.roa (raw, json)
Hash identifier:          Is2XzIL1X5KivLoJ0suQcLDIhE0bjKUklpVRev/W/oI=
Subject key identifier:   52:C9:40:30:D0:C6:1F:67:62:F1:A7:0E:D0:22:91:CA:08:0D:79:8C
Certificate issuer:       /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial:       0194258F963FE5C551519FEE6B64080DA268
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/UslAMNDGH2di8acO0CKRyggNeYw.roa
Signing time:             Thu 02 Jan 2025 05:49:14 +0000
ROA not before:           Thu 02 Jan 2025 05:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396356
IP address blocks:        178.213.182.0/24 maxlen: 24
                          178.213.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:96:3f:e5:c5:51:51:9f:ee:6b:64:08:0d:a2:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
        Validity
            Not Before: Jan  2 05:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=52c94030d0c61f6762f1a70ed02291ca080d798c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:c8:36:fa:a0:e3:61:c5:3c:ef:36:79:91:fd:
                    a4:74:f4:d3:a2:c9:11:a8:8a:dc:31:80:dd:11:ce:
                    3c:87:72:64:e6:0c:e8:ff:a7:a1:3a:9e:44:e5:0d:
                    59:c1:ba:5e:d8:ae:ff:ec:68:bb:86:54:a5:78:16:
                    ae:82:ea:73:fc:6b:f1:df:fe:2b:8a:54:5b:e0:d4:
                    d9:b3:93:87:8a:5e:f1:14:65:35:81:8a:9b:e9:51:
                    d4:73:a6:a6:05:4e:4e:74:c0:3b:30:f3:06:9d:87:
                    43:a9:45:dd:a1:f2:e4:cc:54:27:d9:bf:0c:5b:8a:
                    f1:6e:b0:c1:25:d6:d0:8b:b8:c9:62:e0:4f:81:25:
                    da:08:c8:5c:d8:ee:e5:6f:66:6b:27:ca:91:e8:64:
                    f5:cd:1b:1c:60:8d:6c:49:07:46:b3:a9:84:5e:fc:
                    b9:0d:cf:e6:26:99:ce:58:59:94:0d:8b:8c:d0:37:
                    9d:6e:b9:6b:39:f9:fd:db:fa:08:b1:69:cb:f4:c8:
                    b8:40:fe:61:3c:f5:ff:c5:f1:1f:c6:69:bf:1b:d7:
                    cd:ad:f8:6c:e6:9b:76:a1:ae:bb:4f:d1:aa:62:b0:
                    9c:a6:23:09:88:25:04:7f:6a:47:06:a8:f8:1d:62:
                    bd:92:7b:6c:3b:9b:5e:0b:84:8e:dc:19:de:16:d9:
                    44:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:C9:40:30:D0:C6:1F:67:62:F1:A7:0E:D0:22:91:CA:08:0D:79:8C
            X509v3 Authority Key Identifier:
                keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/UslAMNDGH2di8acO0CKRyggNeYw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.213.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8b:da:a2:81:20:86:80:50:96:ad:b6:73:b2:af:f3:13:a9:47:
         5b:1d:53:67:05:c6:63:0c:95:89:26:41:1f:40:e8:38:c5:92:
         91:c6:d8:fc:13:f9:84:f2:59:cd:4a:21:86:20:77:cf:ac:06:
         0e:6b:a7:6a:b6:07:1c:de:98:c9:8c:69:38:93:5f:cd:db:5d:
         67:8d:5c:78:a8:e4:39:b8:83:65:cd:a6:ff:97:51:76:99:6b:
         c4:8b:74:d2:65:69:c0:ba:d5:e0:2d:4e:9c:3a:62:86:73:bd:
         64:14:f8:b4:8f:3e:84:48:00:1c:2b:e6:85:57:04:a2:a6:9d:
         e9:6d:1b:59:57:47:94:85:22:8f:ae:ee:d0:4c:a3:d8:bf:2c:
         c4:64:85:85:c7:62:3f:c2:b7:09:2a:4c:7c:6c:28:34:7d:7b:
         6d:2c:1f:43:93:e9:58:bb:54:eb:cf:13:a0:8a:d7:ef:c1:05:
         2c:86:53:1d:e0:17:7b:3f:90:e4:21:18:f0:6c:1b:34:ee:3c:
         41:2e:6f:97:8f:37:63:25:22:97:f3:c1:8c:0f:b4:ea:7f:02:
         27:d9:39:cc:37:b7:b9:24:c5:33:08:6c:90:21:71:73:ce:a3:
         87:5b:c1:c7:9d:45:c9:fa:24:92:a8:1f:66:e1:04:8f:ee:76:
         2d:0a:8e:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj5Y/5cVRUZ/ua2QIDaJoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjUwMTAyMDU0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmM5NDAzMGQwYzYxZjY3NjJmMWE3MGVkMDIyOTFjYTA4MGQ3OThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmsg2+qDjYcU87zZ5kf2kdPTToskR
qIrcMYDdEc48h3Jk5gzo/6ehOp5E5Q1Zwbpe2K7/7Gi7hlSleBaugupz/Gvx3/4r
ilRb4NTZs5OHil7xFGU1gYqb6VHUc6amBU5OdMA7MPMGnYdDqUXdofLkzFQn2b8M
W4rxbrDBJdbQi7jJYuBPgSXaCMhc2O7lb2ZrJ8qR6GT1zRscYI1sSQdGs6mEXvy5
Dc/mJpnOWFmUDYuM0DedbrlrOfn92/oIsWnL9Mi4QP5hPPX/xfEfxmm/G9fNrfhs
5pt2oa67T9GqYrCcpiMJiCUEf2pHBqj4HWK9kntsO5teC4SO3BneFtlEZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFLJQDDQxh9nYvGnDtAikcoIDXmMMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvVXNsQU1OREdIMmRpOGFjTzBDS1J5Z2dOZVl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBstW2MA0G
CSqGSIb3DQEBCwUAA4IBAQCL2qKBIIaAUJattnOyr/MTqUdbHVNnBcZjDJWJJkEf
QOg4xZKRxtj8E/mE8lnNSiGGIHfPrAYOa6dqtgcc3pjJjGk4k1/N211njVx4qOQ5
uINlzab/l1F2mWvEi3TSZWnAutXgLU6cOmKGc71kFPi0jz6ESAAcK+aFVwSipp3p
bRtZV0eUhSKPru7QTKPYvyzEZIWFx2I/wrcJKkx8bCg0fXttLB9Dk+lYu1TrzxOg
itfvwQUshlMd4Bd7P5DkIRjwbBs07jxBLm+XjzdjJSKX88GMD7TqfwIn2TnMN7e5
JMUzCGyQIXFzzqOHW8HHnUXJ+iSSqB9m4QSP7nYtCo7b
-----END CERTIFICATE-----