Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9ce449-5ea6-4f80-ba5d-97bb1a7c4316/1/UgsM9IySNlxMAMu3nxLBQeRmBwM.roa
File:                     UgsM9IySNlxMAMu3nxLBQeRmBwM.roa (raw, json)
Hash identifier:          iWc/Vehzon/VP/j65KvlMpaDrurTE8lXeWv7jdRc8u4=
Subject key identifier:   52:0B:0C:F4:8C:92:36:5C:4C:00:CB:B7:9F:12:C1:41:E4:66:07:03
Certificate issuer:       /CN=480e3e80aeeb84c32612f4fad116e2690a546c7a
Certificate serial:       0194228E03C3A0B95CC375FF3C537708EB39
Authority key identifier: 48:0E:3E:80:AE:EB:84:C3:26:12:F4:FA:D1:16:E2:69:0A:54:6C:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SA4-gK7rhMMmEvT60RbiaQpUbHo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9ce449-5ea6-4f80-ba5d-97bb1a7c4316/1/UgsM9IySNlxMAMu3nxLBQeRmBwM.roa
Signing time:             Wed 01 Jan 2025 15:48:39 +0000
ROA not before:           Wed 01 Jan 2025 15:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49223
IP address blocks:        185.119.212.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9ce449-5ea6-4f80-ba5d-97bb1a7c4316/1/SA4-gK7rhMMmEvT60RbiaQpUbHo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9ce449-5ea6-4f80-ba5d-97bb1a7c4316/1/SA4-gK7rhMMmEvT60RbiaQpUbHo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SA4-gK7rhMMmEvT60RbiaQpUbHo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:03:c3:a0:b9:5c:c3:75:ff:3c:53:77:08:eb:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=480e3e80aeeb84c32612f4fad116e2690a546c7a
        Validity
            Not Before: Jan  1 15:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=520b0cf48c92365c4c00cbb79f12c141e4660703
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:18:bc:b0:66:97:2a:19:c7:1f:dc:19:38:25:
                    98:5c:dd:fb:93:8d:93:13:81:ea:1e:06:12:43:fe:
                    75:9a:2d:88:4e:9e:3d:4b:d7:c2:f4:2d:c6:06:9b:
                    c9:f8:f7:32:48:cf:b3:e7:6b:2a:36:f7:90:18:a6:
                    de:c6:86:17:38:e8:08:6d:4f:77:86:e6:ed:40:cb:
                    5a:24:59:42:d4:a4:3a:4a:89:be:25:a3:d0:d1:2e:
                    6a:a4:4c:9f:be:5d:e7:c1:63:51:80:62:94:6b:52:
                    a4:39:97:71:d6:c4:d3:6c:58:09:fd:3c:4d:da:11:
                    4b:d9:15:e3:3a:53:f2:99:9e:32:82:ae:5e:f6:ca:
                    85:29:58:a2:b9:36:13:e0:5f:49:e0:11:a9:f8:22:
                    54:a1:cd:25:cb:06:f8:aa:6e:84:cc:10:2e:19:23:
                    27:fd:da:69:79:8c:3f:98:35:0f:7d:65:66:e0:b2:
                    60:16:cf:4f:04:2e:9b:0c:f9:f7:2f:22:f8:4d:a5:
                    ed:9d:23:23:00:6b:3d:a5:e5:04:1b:7e:da:c4:fe:
                    14:88:30:31:07:6c:1f:58:c0:bd:41:f6:dd:e7:e5:
                    d8:0f:e2:3f:5f:78:3c:9e:78:40:a7:c3:7f:d7:6d:
                    ae:b7:17:04:be:27:e1:73:69:1d:cb:7f:1a:ce:a1:
                    60:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:0B:0C:F4:8C:92:36:5C:4C:00:CB:B7:9F:12:C1:41:E4:66:07:03
            X509v3 Authority Key Identifier:
                keyid:48:0E:3E:80:AE:EB:84:C3:26:12:F4:FA:D1:16:E2:69:0A:54:6C:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SA4-gK7rhMMmEvT60RbiaQpUbHo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9ce449-5ea6-4f80-ba5d-97bb1a7c4316/1/UgsM9IySNlxMAMu3nxLBQeRmBwM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9ce449-5ea6-4f80-ba5d-97bb1a7c4316/1/SA4-gK7rhMMmEvT60RbiaQpUbHo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.119.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         20:3c:aa:07:65:8f:52:0e:75:f0:42:92:35:5f:3f:c7:78:97:
         0a:68:59:56:20:6e:a9:db:dc:8e:e8:63:85:d9:a4:de:41:89:
         00:0c:60:22:ee:6d:85:c9:c4:c9:1d:64:32:49:46:2a:6c:35:
         df:85:57:c6:81:6a:98:38:7a:96:9d:13:64:77:48:3a:b2:57:
         9a:f8:4f:fc:21:ac:41:12:40:d2:8d:29:65:e5:11:25:78:31:
         44:6e:56:2c:c1:22:36:fb:98:43:0a:bc:da:02:b7:9e:b9:bf:
         fb:6a:9d:ce:4b:6c:8f:2e:34:05:ff:c0:a8:1a:ed:48:8d:95:
         1d:8a:a5:29:5a:05:eb:72:01:06:96:94:c3:63:68:4f:42:2e:
         00:51:69:8c:6d:28:b4:be:39:08:ed:a4:e6:a2:b7:61:fe:28:
         e1:c1:9c:f8:66:0d:b0:c0:00:a6:45:7a:a0:a3:05:ed:af:d9:
         c3:ad:b5:4c:4f:a6:4c:55:0c:00:48:1d:72:00:a2:36:77:06:
         7b:1c:ff:58:9c:ca:9c:29:06:be:b6:82:40:72:df:57:b7:dd:
         a0:ac:24:15:eb:35:97:96:22:54:23:c3:58:ff:6a:cc:ab:eb:
         0c:db:43:72:3a:5b:88:3c:9b:a9:44:ad:e8:99:d6:49:a7:b1:
         56:32:42:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijgPDoLlcw3X/PFN3COs5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MGUzZTgwYWVlYjg0YzMyNjEyZjRmYWQxMTZlMjY5MGE1
NDZjN2EwHhcNMjUwMTAxMTU0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjBiMGNmNDhjOTIzNjVjNGMwMGNiYjc5ZjEyYzE0MWU0NjYwNzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAshi8sGaXKhnHH9wZOCWYXN37k42T
E4HqHgYSQ/51mi2ITp49S9fC9C3GBpvJ+PcySM+z52sqNveQGKbexoYXOOgIbU93
hubtQMtaJFlC1KQ6Som+JaPQ0S5qpEyfvl3nwWNRgGKUa1KkOZdx1sTTbFgJ/TxN
2hFL2RXjOlPymZ4ygq5e9sqFKViiuTYT4F9J4BGp+CJUoc0lywb4qm6EzBAuGSMn
/dppeYw/mDUPfWVm4LJgFs9PBC6bDPn3LyL4TaXtnSMjAGs9peUEG37axP4UiDAx
B2wfWMC9Qfbd5+XYD+I/X3g8nnhAp8N/122utxcEvifhc2kdy38azqFgPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFILDPSMkjZcTADLt58SwUHkZgcDMB8GA1UdIwQY
MBaAFEgOPoCu64TDJhL0+tEW4mkKVGx6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0E0LWdLN3JoTU1tRXZUNjBSYmlhUXBVYkhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85Y2U0NDktNWVhNi00ZjgwLWJhNWQt
OTdiYjFhN2M0MzE2LzEvVWdzTTlJeVNObHhNQU11M254TEJRZVJtQndNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85Y2U0NDktNWVhNi00ZjgwLWJhNWQtOTdiYjFhN2M0MzE2
LzEvU0E0LWdLN3JoTU1tRXZUNjBSYmlhUXBVYkhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXfUMA0G
CSqGSIb3DQEBCwUAA4IBAQAgPKoHZY9SDnXwQpI1Xz/HeJcKaFlWIG6p29yO6GOF
2aTeQYkADGAi7m2FycTJHWQySUYqbDXfhVfGgWqYOHqWnRNkd0g6slea+E/8IaxB
EkDSjSll5REleDFEblYswSI2+5hDCrzaAreeub/7ap3OS2yPLjQF/8CoGu1IjZUd
iqUpWgXrcgEGlpTDY2hPQi4AUWmMbSi0vjkI7aTmordh/ijhwZz4Zg2wwACmRXqg
owXtr9nDrbVMT6ZMVQwASB1yAKI2dwZ7HP9YnMqcKQa+toJAct9Xt92grCQV6zWX
liJUI8NY/2rMq+sM20NyOluIPJupRK3omdZJp7FWMkK1
-----END CERTIFICATE-----