Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/UkcXR5GY1oJE8ql6EfUayHGo-5c.roa
File:                     UkcXR5GY1oJE8ql6EfUayHGo-5c.roa (raw, json)
Hash identifier:          7ieqNXiHBu4w3yGmh/1MmL46uIjoL27ZQaAgb0zIvtE=
Subject key identifier:   52:47:17:47:91:98:D6:82:44:F2:A9:7A:11:F5:1A:C8:71:A8:FB:97
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       0194A6BCBB7BB683A96AE318CA4CB5DE2C5C
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/UkcXR5GY1oJE8ql6EfUayHGo-5c.roa
Signing time:             Mon 27 Jan 2025 07:49:34 +0000
ROA not before:           Mon 27 Jan 2025 07:49:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        94.103.56.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:a6:bc:bb:7b:b6:83:a9:6a:e3:18:ca:4c:b5:de:2c:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: Jan 27 07:49:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=524717479198d68244f2a97a11f51ac871a8fb97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:de:dd:4b:36:6c:2f:d1:cf:e1:3b:9d:90:36:
                    a5:53:9f:b0:cf:b4:42:99:81:3f:85:8d:96:56:31:
                    80:4b:e6:cd:29:dd:74:27:ab:a7:d2:b5:4d:b4:0c:
                    8d:17:4d:c4:e4:4c:a4:d1:8b:b0:54:4a:20:67:70:
                    b9:8e:c8:29:f0:f3:2b:95:7f:7f:2a:28:82:cb:17:
                    d3:3f:54:50:19:79:0a:73:e7:29:16:79:67:3c:7b:
                    df:d5:31:ee:3c:ad:ad:f2:87:6d:63:b1:f3:40:a7:
                    a7:ff:0c:3b:c5:11:1a:3e:53:0e:be:6a:a2:0b:dd:
                    b1:28:d1:f5:9c:40:bc:ad:54:cd:9d:fa:6d:2a:1d:
                    c4:05:98:ea:37:e5:80:be:ae:b2:0a:94:0c:70:91:
                    40:86:9f:65:bb:cc:7b:4b:4c:7f:00:9d:3d:29:24:
                    f4:c8:d2:ab:e9:14:77:70:d6:1d:5f:e3:8a:84:ea:
                    7d:fd:20:cc:b2:33:24:67:dd:d1:b4:1b:ce:ee:5b:
                    cb:ad:3b:b2:ba:d5:d5:cf:82:1d:4c:d0:41:a2:4a:
                    a7:89:1b:24:79:d9:0f:27:c8:da:9f:04:d5:34:97:
                    be:7d:3c:69:b5:c1:8f:62:ec:b8:42:40:8b:26:07:
                    51:17:85:36:c5:e0:2c:a1:bc:22:e5:99:d1:b8:9f:
                    98:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:47:17:47:91:98:D6:82:44:F2:A9:7A:11:F5:1A:C8:71:A8:FB:97
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/UkcXR5GY1oJE8ql6EfUayHGo-5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.103.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6c:d6:e9:6e:a5:c0:e1:bb:87:b4:eb:ca:b1:33:a8:26:07:0f:
         29:53:af:60:ff:40:f4:06:3b:4f:9b:e3:63:30:97:4b:7a:5a:
         20:16:81:33:d1:73:4c:c6:a6:da:b9:df:f0:7a:38:0f:63:20:
         62:39:d0:a4:20:5c:77:e8:46:4e:1e:7b:d6:d6:b9:b7:8d:b2:
         36:55:c8:80:07:89:ef:9e:19:a5:81:56:97:6e:f4:d6:dd:7f:
         f8:5c:3b:c1:24:dc:7f:73:5d:9f:47:a9:ec:64:d4:c7:d9:0a:
         e2:ec:39:d0:93:c5:b0:b9:2f:c4:47:e7:fa:36:12:d9:5c:23:
         9a:b0:7d:21:bf:23:8b:47:4f:a8:a9:61:99:30:fb:ee:37:67:
         dc:72:16:b4:90:b0:91:46:cb:b3:4d:0d:b7:c7:04:5e:e6:c7:
         8c:51:e2:c1:0d:db:45:08:d5:cf:89:d2:4f:13:95:30:a3:cf:
         39:97:d6:52:40:fa:8a:13:f2:8e:0a:ba:08:c1:dd:b3:07:84:
         2a:10:97:42:4c:d8:de:18:69:01:07:6d:89:4d:5e:67:a3:26:
         e2:54:88:5d:fa:ba:0f:a2:01:6d:75:a1:87:25:0c:23:d6:15:
         03:e5:13:77:7c:3a:d0:9c:70:34:50:6f:a7:32:a0:32:86:92:
         6c:b2:ef:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSmvLt7toOpauMYyky13ixcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjUwMTI3MDc0OTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjQ3MTc0NzkxOThkNjgyNDRmMmE5N2ExMWY1MWFjODcxYThmYjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy97dSzZsL9HP4TudkDalU5+wz7RC
mYE/hY2WVjGAS+bNKd10J6un0rVNtAyNF03E5Eyk0YuwVEogZ3C5jsgp8PMrlX9/
KiiCyxfTP1RQGXkKc+cpFnlnPHvf1THuPK2t8odtY7HzQKen/ww7xREaPlMOvmqi
C92xKNH1nEC8rVTNnfptKh3EBZjqN+WAvq6yCpQMcJFAhp9lu8x7S0x/AJ09KST0
yNKr6RR3cNYdX+OKhOp9/SDMsjMkZ93RtBvO7lvLrTuyutXVz4IdTNBBokqniRsk
edkPJ8janwTVNJe+fTxptcGPYuy4QkCLJgdRF4U2xeAsobwi5ZnRuJ+YjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFJHF0eRmNaCRPKpehH1GshxqPuXMB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvVWtjWFI1R1kxb0pFOHFsNkVmVWF5SEdvLTVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXmc4MA0G
CSqGSIb3DQEBCwUAA4IBAQBs1ulupcDhu4e068qxM6gmBw8pU69g/0D0BjtPm+Nj
MJdLelogFoEz0XNMxqbaud/wejgPYyBiOdCkIFx36EZOHnvW1rm3jbI2VciAB4nv
nhmlgVaXbvTW3X/4XDvBJNx/c12fR6nsZNTH2Qri7DnQk8WwuS/ER+f6NhLZXCOa
sH0hvyOLR0+oqWGZMPvuN2fccha0kLCRRsuzTQ23xwRe5seMUeLBDdtFCNXPidJP
E5Uwo885l9ZSQPqKE/KOCroIwd2zB4QqEJdCTNjeGGkBB22JTV5noybiVIhd+roP
ogFtdaGHJQwj1hUD5RN3fDrQnHA0UG+nMqAyhpJssu+b
-----END CERTIFICATE-----