Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/ULfjtaXZKeO21K8lDdoLHe5Lbts.roa
File:                     ULfjtaXZKeO21K8lDdoLHe5Lbts.roa (raw, json)
Hash identifier:          Ky4d9tu18NCNsNUD91GQmMhDdLCi4CgvFfPWYH5+Qp4=
Subject key identifier:   50:B7:E3:B5:A5:D9:29:E3:B6:D4:AF:25:0D:DA:0B:1D:EE:4B:6E:DB
Certificate issuer:       /CN=2909fffcd81a66bc98b629d4c0579247645f0fe4
Certificate serial:       019421440942CCC709771B4F26D51EAB8624
Authority key identifier: 29:09:FF:FC:D8:1A:66:BC:98:B6:29:D4:C0:57:92:47:64:5F:0F:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/ULfjtaXZKeO21K8lDdoLHe5Lbts.roa
Signing time:             Wed 01 Jan 2025 09:48:14 +0000
ROA not before:           Wed 01 Jan 2025 09:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43345
IP address blocks:        62.221.250.0/24 maxlen: 24
                          185.94.228.0/24 maxlen: 24
                          2a05:1500:500::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:09:42:cc:c7:09:77:1b:4f:26:d5:1e:ab:86:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2909fffcd81a66bc98b629d4c0579247645f0fe4
        Validity
            Not Before: Jan  1 09:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=50b7e3b5a5d929e3b6d4af250dda0b1dee4b6edb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:e5:01:83:47:0d:84:76:86:da:7c:ca:90:4f:
                    b0:1d:c5:7a:23:5b:1d:66:aa:b4:35:32:1e:06:a7:
                    6f:48:63:77:4d:33:05:f1:16:a9:7c:86:bd:64:05:
                    ab:35:10:c1:33:2c:f8:f8:aa:cd:bd:9b:64:e2:75:
                    38:cf:8d:8b:38:9f:af:30:d5:3e:19:17:1e:70:ac:
                    83:19:55:0b:65:1f:64:f5:47:8b:e0:d4:f5:09:79:
                    b3:5a:83:a1:3d:64:48:ef:13:8a:39:20:53:b7:81:
                    0a:49:0f:d5:b0:e8:77:8d:e1:26:3b:e2:f0:b6:ee:
                    37:ed:a4:47:f6:dd:10:d0:e7:de:3f:2f:80:d0:b9:
                    5b:e6:3d:18:d2:ff:f9:0c:fb:44:9b:20:32:71:3e:
                    79:c6:b6:0a:d6:30:f4:5a:9b:8f:74:83:bc:1d:40:
                    e9:7f:d4:5a:f1:fb:05:53:49:09:ab:0d:96:53:e3:
                    27:39:9e:24:b5:e0:73:cc:ef:7a:12:57:47:b3:34:
                    a0:f1:4e:67:be:91:1e:1c:02:25:f9:2a:48:d1:47:
                    48:a1:77:e8:bd:23:78:9e:e8:78:c9:36:1d:81:a1:
                    cd:ce:ed:e8:b0:8f:ef:f8:16:e6:59:3c:d0:bc:f1:
                    59:67:c8:e8:6a:97:b3:f9:46:d2:e8:c9:e8:0c:23:
                    e3:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:B7:E3:B5:A5:D9:29:E3:B6:D4:AF:25:0D:DA:0B:1D:EE:4B:6E:DB
            X509v3 Authority Key Identifier:
                keyid:29:09:FF:FC:D8:1A:66:BC:98:B6:29:D4:C0:57:92:47:64:5F:0F:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/ULfjtaXZKeO21K8lDdoLHe5Lbts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.221.250.0/24
                  185.94.228.0/24
                IPv6:
                  2a05:1500:500::/40

    Signature Algorithm: sha256WithRSAEncryption
         98:a8:0a:97:55:ce:1c:b2:3c:c2:a6:f3:41:21:63:00:f1:a8:
         0e:fd:ff:c2:38:43:22:ef:c7:82:04:f2:49:72:e7:52:82:fa:
         80:08:ed:fa:3c:dd:6c:87:9e:0b:b4:bb:f7:bc:2d:e9:f9:10:
         d7:4b:b4:05:db:31:c9:b3:31:72:13:fb:fa:e0:3b:74:d1:24:
         ad:3e:d3:ea:7c:ca:4c:e5:22:a2:ea:01:4f:5a:de:74:f7:9e:
         d6:35:de:aa:bb:a0:9c:ec:c7:e2:e3:df:7a:29:d9:bb:20:6d:
         70:95:a8:bb:6f:a4:32:bf:dd:87:19:5b:12:71:5f:95:da:75:
         9a:8c:89:5d:7e:ce:90:24:7e:8f:a9:2d:8a:59:33:82:18:88:
         7b:6c:db:c2:98:7e:fb:bf:99:b9:72:20:94:c9:0e:8b:92:66:
         01:76:89:4a:27:f9:17:6c:ff:09:28:de:c1:88:0e:3e:d5:b4:
         35:99:99:ab:7e:3e:9b:c9:b5:37:24:d6:c7:e7:cd:1d:d6:78:
         71:75:d9:4f:dd:14:d7:55:b2:7a:58:c2:26:d2:6a:07:78:f3:
         35:d4:a6:10:19:88:7d:27:10:db:3c:ec:40:5b:d2:77:0e:b9:
         5d:47:33:f9:26:b4:98:86:29:ca:73:85:f5:cd:09:64:68:28:
         f2:58:61:bf
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZQhRAlCzMcJdxtPJtUeq4YkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MDlmZmZjZDgxYTY2YmM5OGI2MjlkNGMwNTc5MjQ3NjQ1
ZjBmZTQwHhcNMjUwMTAxMDk0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGI3ZTNiNWE1ZDkyOWUzYjZkNGFmMjUwZGRhMGIxZGVlNGI2ZWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjuUBg0cNhHaG2nzKkE+wHcV6I1sd
Zqq0NTIeBqdvSGN3TTMF8RapfIa9ZAWrNRDBMyz4+KrNvZtk4nU4z42LOJ+vMNU+
GRcecKyDGVULZR9k9UeL4NT1CXmzWoOhPWRI7xOKOSBTt4EKSQ/VsOh3jeEmO+Lw
tu437aRH9t0Q0OfePy+A0Llb5j0Y0v/5DPtEmyAycT55xrYK1jD0WpuPdIO8HUDp
f9Ra8fsFU0kJqw2WU+MnOZ4kteBzzO96EldHszSg8U5nvpEeHAIl+SpI0UdIoXfo
vSN4nuh4yTYdgaHNzu3osI/v+BbmWTzQvPFZZ8joapez+UbS6MnoDCPjuwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFFC347Wl2SnjttSvJQ3aCx3uS27bMB8GA1UdIwQY
MBaAFCkJ//zYGma8mLYp1MBXkkdkXw/kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1FuX19OZ2FacnlZdGluVXdGZVNSMlJmRC1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9kZTMwNDEtOTUzNi00OTJlLWE5Y2Qt
ZjJhZTdiYzdlY2M1LzEvVUxmanRhWFpLZU8yMUs4bERkb0xIZTVMYnRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9kZTMwNDEtOTUzNi00OTJlLWE5Y2QtZjJhZTdiYzdlY2M1
LzEvS1FuX19OZ2FacnlZdGluVXdGZVNSMlJmRC1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDASBAIAATAMAwQAPt36AwQA
uV7kMA4EAgACMAgDBgAqBRUABTANBgkqhkiG9w0BAQsFAAOCAQEAmKgKl1XOHLI8
wqbzQSFjAPGoDv3/wjhDIu/HggTySXLnUoL6gAjt+jzdbIeeC7S797wt6fkQ10u0
BdsxybMxchP7+uA7dNEkrT7T6nzKTOUiouoBT1redPee1jXeqrugnOzH4uPfeinZ
uyBtcJWou2+kMr/dhxlbEnFfldp1moyJXX7OkCR+j6ktilkzghiIe2zbwph++7+Z
uXIglMkOi5JmAXaJSif5F2z/CSjewYgOPtW0NZmZq34+m8m1NyTWx+fNHdZ4cXXZ
T90U11WyeljCJtJqB3jzNdSmEBmIfScQ2zzsQFvSdw65XUcz+Sa0mIYpynOF9c0J
ZGgo8lhhvw==
-----END CERTIFICATE-----