Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/6e43b9-c6a7-4d51-8061-06c8bb374a58/1/UI1__jiZeKmutEsj1q3GQDM4G-M.roa
File:                     UI1__jiZeKmutEsj1q3GQDM4G-M.roa (raw, json)
Hash identifier:          9sMXrW5behwUEYOSItq82zCqNDvrla3Ktrtlxw/s2dc=
Subject key identifier:   50:8D:7F:FE:38:99:78:A9:AE:B4:4B:23:D6:AD:C6:40:33:38:1B:E3
Certificate issuer:       /CN=e06536d2b17c45c175739f3313119be219d331ac
Certificate serial:       019423D6B0B07D3AEA326097DB9DAC7DA696
Authority key identifier: E0:65:36:D2:B1:7C:45:C1:75:73:9F:33:13:11:9B:E2:19:D3:31:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4GU20rF8RcF1c58zExGb4hnTMaw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/6e43b9-c6a7-4d51-8061-06c8bb374a58/1/UI1__jiZeKmutEsj1q3GQDM4G-M.roa
Signing time:             Wed 01 Jan 2025 21:47:40 +0000
ROA not before:           Wed 01 Jan 2025 21:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15576
IP address blocks:        185.254.76.0/22 maxlen: 22
                          188.92.224.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/6e43b9-c6a7-4d51-8061-06c8bb374a58/1/4GU20rF8RcF1c58zExGb4hnTMaw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/6e43b9-c6a7-4d51-8061-06c8bb374a58/1/4GU20rF8RcF1c58zExGb4hnTMaw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4GU20rF8RcF1c58zExGb4hnTMaw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:b0:b0:7d:3a:ea:32:60:97:db:9d:ac:7d:a6:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e06536d2b17c45c175739f3313119be219d331ac
        Validity
            Not Before: Jan  1 21:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=508d7ffe389978a9aeb44b23d6adc64033381be3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:97:48:7b:26:7f:1f:be:82:0e:35:9d:02:6b:
                    e4:87:be:65:63:c8:c3:8c:7c:9f:d8:b8:e9:ab:73:
                    56:8a:86:87:d8:27:46:1b:1d:91:bf:eb:0e:60:52:
                    10:76:9d:67:38:34:36:53:40:84:86:48:7e:58:c1:
                    95:49:44:51:d8:ae:03:24:6e:66:4e:5f:dd:4c:36:
                    21:f2:ad:4d:92:2b:5d:92:3c:b8:0f:a4:9e:1a:80:
                    7b:39:fa:7b:aa:99:5a:8a:29:a0:9e:15:a8:27:ab:
                    af:6c:70:be:e7:ab:07:b9:99:ea:03:90:0b:b7:02:
                    4c:ac:19:56:2b:82:3e:22:dc:f1:72:24:92:23:66:
                    d0:4e:10:57:c3:5e:df:f7:bc:40:08:ed:2a:11:b0:
                    dc:b7:e4:7d:6a:bb:fe:2e:c7:60:ce:f4:60:30:2c:
                    05:68:33:7b:5d:de:4d:5f:7c:cc:b2:f1:25:54:a5:
                    0f:40:e5:47:41:07:2a:bb:96:85:59:d7:7c:33:ab:
                    2f:85:2e:86:61:f4:db:1e:26:2e:b1:02:83:d4:95:
                    ad:10:b2:cb:a0:70:f8:d8:f1:bd:3f:dd:2b:cc:bf:
                    2f:4a:d5:1c:2f:f0:b1:93:02:1b:4e:76:b8:e1:e8:
                    71:42:2b:45:bb:6c:04:0c:5b:ed:b5:fc:62:44:ad:
                    1a:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:8D:7F:FE:38:99:78:A9:AE:B4:4B:23:D6:AD:C6:40:33:38:1B:E3
            X509v3 Authority Key Identifier:
                keyid:E0:65:36:D2:B1:7C:45:C1:75:73:9F:33:13:11:9B:E2:19:D3:31:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4GU20rF8RcF1c58zExGb4hnTMaw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/6e43b9-c6a7-4d51-8061-06c8bb374a58/1/UI1__jiZeKmutEsj1q3GQDM4G-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/6e43b9-c6a7-4d51-8061-06c8bb374a58/1/4GU20rF8RcF1c58zExGb4hnTMaw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.254.76.0/22
                  188.92.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         11:a4:c8:a8:21:5c:9d:84:af:81:5b:99:be:f8:ca:4d:d5:21:
         a9:b2:66:00:f7:75:93:b3:9c:67:48:f7:9f:19:ba:e5:77:f4:
         19:f8:2d:3c:5e:81:10:c5:40:ce:4d:a4:e3:bf:60:48:0f:4b:
         93:e1:fe:88:33:50:55:73:2b:16:a3:9c:f5:e6:9d:93:b0:26:
         32:70:e2:e6:08:b2:ef:d4:03:2c:9c:e7:c4:57:96:f4:37:fc:
         b0:01:49:e3:85:fd:7c:68:e3:a3:ef:36:9e:7c:28:ea:68:a9:
         cc:75:a8:d8:5e:74:fd:3e:45:0a:05:e3:42:05:44:5b:23:42:
         b8:e8:a3:e1:37:89:f2:86:f2:01:88:33:87:df:15:2c:b5:c4:
         56:62:11:95:2e:37:03:75:ea:ce:fd:43:ea:ee:e0:fe:b9:bc:
         b3:2a:18:40:04:c4:27:dd:6b:43:d2:00:a1:8b:4f:aa:f6:58:
         67:60:39:d0:c2:ce:fe:fa:eb:55:aa:a5:72:9a:c4:11:f4:03:
         be:f1:aa:64:4c:4f:4a:f7:27:2a:41:69:0c:5d:11:c1:40:7f:
         c8:b4:30:3e:24:a3:2c:9a:47:32:6d:27:d0:f6:ac:17:73:b4:
         1a:cf:7b:3a:38:7d:9c:38:a8:dc:56:44:36:e1:14:d8:6c:bc:
         0e:b2:8d:fe
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQj1rCwfTrqMmCX252sfaaWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNjUzNmQyYjE3YzQ1YzE3NTczOWYzMzEzMTE5YmUyMTlk
MzMxYWMwHhcNMjUwMTAxMjE0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDhkN2ZmZTM4OTk3OGE5YWViNDRiMjNkNmFkYzY0MDMzMzgxYmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApZdIeyZ/H76CDjWdAmvkh75lY8jD
jHyf2Ljpq3NWioaH2CdGGx2Rv+sOYFIQdp1nODQ2U0CEhkh+WMGVSURR2K4DJG5m
Tl/dTDYh8q1Nkitdkjy4D6SeGoB7Ofp7qplaiimgnhWoJ6uvbHC+56sHuZnqA5AL
twJMrBlWK4I+ItzxciSSI2bQThBXw17f97xACO0qEbDct+R9arv+LsdgzvRgMCwF
aDN7Xd5NX3zMsvElVKUPQOVHQQcqu5aFWdd8M6svhS6GYfTbHiYusQKD1JWtELLL
oHD42PG9P90rzL8vStUcL/CxkwIbTna44ehxQitFu2wEDFvttfxiRK0aCQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFCNf/44mXiprrRLI9atxkAzOBvjMB8GA1UdIwQY
MBaAFOBlNtKxfEXBdXOfMxMRm+IZ0zGsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEdVMjByRjhSY0YxYzU4ekV4R2I0aG5UTWF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy82ZTQzYjktYzZhNy00ZDUxLTgwNjEt
MDZjOGJiMzc0YTU4LzEvVUkxX19qaVplS211dEVzajFxM0dRRE00Ry1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy82ZTQzYjktYzZhNy00ZDUxLTgwNjEtMDZjOGJiMzc0YTU4
LzEvNEdVMjByRjhSY0YxYzU4ekV4R2I0aG5UTWF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuf5MAwQD
vFzgMA0GCSqGSIb3DQEBCwUAA4IBAQARpMioIVydhK+BW5m++MpN1SGpsmYA93WT
s5xnSPefGbrld/QZ+C08XoEQxUDOTaTjv2BID0uT4f6IM1BVcysWo5z15p2TsCYy
cOLmCLLv1AMsnOfEV5b0N/ywAUnjhf18aOOj7zaefCjqaKnMdajYXnT9PkUKBeNC
BURbI0K46KPhN4nyhvIBiDOH3xUstcRWYhGVLjcDderO/UPq7uD+ubyzKhhABMQn
3WtD0gChi0+q9lhnYDnQws7++utVqqVymsQR9AO+8apkTE9K9ycqQWkMXRHBQH/I
tDA+JKMsmkcybSfQ9qwXc7Qaz3s6OH2cOKjcVkQ24RTYbLwOso3+
-----END CERTIFICATE-----