Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/ba6755-4273-48e1-8582-712fa65a25ba/1/UxDrDzP2TNEJomhvUm5pptefxgA.roa
File:                     UxDrDzP2TNEJomhvUm5pptefxgA.roa (raw, json)
Hash identifier:          /MVrUvLgefyKi9OhWDKlnZN9gJaxVmd7pmpH+GNvKAQ=
Subject key identifier:   53:10:EB:0F:33:F6:4C:D1:09:A2:68:6F:52:6E:69:A6:D7:9F:C6:00
Certificate issuer:       /CN=38ca3f38d8e5a301eaf6924b924fe8f57aac690d
Certificate serial:       0194236923770943AFE5C93D5ADF8FBA3B13
Authority key identifier: 38:CA:3F:38:D8:E5:A3:01:EA:F6:92:4B:92:4F:E8:F5:7A:AC:69:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OMo_ONjlowHq9pJLkk_o9XqsaQ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/ba6755-4273-48e1-8582-712fa65a25ba/1/UxDrDzP2TNEJomhvUm5pptefxgA.roa
Signing time:             Wed 01 Jan 2025 19:48:00 +0000
ROA not before:           Wed 01 Jan 2025 19:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62027
IP address blocks:        185.97.134.0/24 maxlen: 24
                          185.97.135.0/24 maxlen: 24
                          2a00:cee5::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/ba6755-4273-48e1-8582-712fa65a25ba/1/OMo_ONjlowHq9pJLkk_o9XqsaQ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/ba6755-4273-48e1-8582-712fa65a25ba/1/OMo_ONjlowHq9pJLkk_o9XqsaQ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OMo_ONjlowHq9pJLkk_o9XqsaQ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:23:77:09:43:af:e5:c9:3d:5a:df:8f:ba:3b:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38ca3f38d8e5a301eaf6924b924fe8f57aac690d
        Validity
            Not Before: Jan  1 19:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5310eb0f33f64cd109a2686f526e69a6d79fc600
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:16:a2:2f:e3:ca:ea:28:c7:dc:4b:67:a3:52:
                    27:67:35:f8:dd:d9:44:9c:11:a2:06:ff:cd:e7:fd:
                    97:ca:32:a2:bc:5b:a2:b5:4e:c8:dc:60:ba:6c:a8:
                    51:7e:79:54:dc:12:ec:1a:a9:47:74:81:68:ab:9e:
                    5c:09:34:91:54:27:88:80:df:9d:8f:63:39:97:74:
                    6a:76:5c:85:b7:f7:89:f2:dd:e7:f0:5b:f0:5d:96:
                    af:02:6b:bc:40:9b:4f:b2:79:75:04:60:db:35:e3:
                    e4:a9:0d:23:0f:e6:df:25:7a:c1:72:1d:c5:2b:22:
                    91:63:8e:c3:02:72:45:b4:87:c1:a1:80:8c:14:df:
                    e4:fd:a7:ef:66:87:9c:5a:89:de:5f:34:44:ff:93:
                    6f:db:9a:5f:e0:f2:8a:2a:d9:4e:ec:ef:55:96:9f:
                    7b:1b:c3:9a:d5:9e:7f:70:fc:1e:f5:63:f8:02:0a:
                    16:14:5e:20:ef:0f:4d:8f:63:02:a4:14:d7:a1:9e:
                    1f:cf:35:35:31:4e:d6:6f:2b:74:76:bd:fe:ab:f5:
                    2e:50:35:b6:b2:02:5d:e5:b4:28:25:31:78:c5:6a:
                    ac:3a:70:51:32:00:90:ad:46:03:5f:4a:33:1e:9d:
                    41:c8:f5:54:e4:23:20:83:f2:bc:ce:0a:d0:eb:db:
                    00:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:10:EB:0F:33:F6:4C:D1:09:A2:68:6F:52:6E:69:A6:D7:9F:C6:00
            X509v3 Authority Key Identifier:
                keyid:38:CA:3F:38:D8:E5:A3:01:EA:F6:92:4B:92:4F:E8:F5:7A:AC:69:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OMo_ONjlowHq9pJLkk_o9XqsaQ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/ba6755-4273-48e1-8582-712fa65a25ba/1/UxDrDzP2TNEJomhvUm5pptefxgA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/ba6755-4273-48e1-8582-712fa65a25ba/1/OMo_ONjlowHq9pJLkk_o9XqsaQ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.97.134.0/23
                IPv6:
                  2a00:cee5::/32

    Signature Algorithm: sha256WithRSAEncryption
         8b:1e:bd:8f:ce:53:11:3e:a7:ef:d5:4a:59:51:a8:d8:eb:fb:
         5f:a6:89:1d:58:45:a2:1a:df:38:27:60:09:60:72:9b:22:b0:
         28:91:58:eb:92:00:77:2e:6a:b0:bc:a0:27:14:97:53:31:fe:
         6e:04:0a:0d:59:b7:e0:ad:15:82:6f:7c:ff:8d:c1:e5:9d:a2:
         5a:ae:f8:f2:a6:49:e9:c7:dd:7d:c0:fb:9a:ec:61:96:eb:fd:
         b1:d5:81:92:0b:e4:b8:67:ee:e3:c7:95:d9:6a:78:bb:74:5c:
         82:5f:1b:95:4f:d1:f7:17:33:6d:48:90:cf:5b:1e:63:c7:fd:
         d1:24:92:31:4e:6f:5b:7f:84:5f:1a:60:3a:9b:aa:a5:94:0a:
         2d:9c:47:2f:b6:05:4c:20:34:0d:35:c3:df:26:78:f8:92:70:
         94:9b:c4:a1:37:6c:71:d5:3d:7d:e0:d9:9f:0e:35:0e:9e:fc:
         b7:5e:e2:31:f2:33:bc:76:f7:57:1d:a6:9f:6f:f4:fa:5c:91:
         b3:30:66:62:5f:14:8e:7f:ba:8c:bd:b9:b6:0d:3a:a1:60:f8:
         59:ff:a9:32:22:2d:c2:98:2e:4b:29:3a:8c:a0:45:5b:35:be:
         6d:6b:84:a8:51:c2:69:b8:a4:9e:fc:10:10:e9:f9:ef:c4:d3:
         f4:b8:09:4b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQjaSN3CUOv5ck9Wt+PujsTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4Y2EzZjM4ZDhlNWEzMDFlYWY2OTI0YjkyNGZlOGY1N2Fh
YzY5MGQwHhcNMjUwMTAxMTk0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzEwZWIwZjMzZjY0Y2QxMDlhMjY4NmY1MjZlNjlhNmQ3OWZjNjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkxaiL+PK6ijH3Etno1InZzX43dlE
nBGiBv/N5/2XyjKivFuitU7I3GC6bKhRfnlU3BLsGqlHdIFoq55cCTSRVCeIgN+d
j2M5l3RqdlyFt/eJ8t3n8FvwXZavAmu8QJtPsnl1BGDbNePkqQ0jD+bfJXrBch3F
KyKRY47DAnJFtIfBoYCMFN/k/afvZoecWoneXzRE/5Nv25pf4PKKKtlO7O9Vlp97
G8Oa1Z5/cPwe9WP4AgoWFF4g7w9Nj2MCpBTXoZ4fzzU1MU7Wbyt0dr3+q/UuUDW2
sgJd5bQoJTF4xWqsOnBRMgCQrUYDX0ozHp1ByPVU5CMgg/K8zgrQ69sAkQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFMQ6w8z9kzRCaJob1JuaabXn8YAMB8GA1UdIwQY
MBaAFDjKPzjY5aMB6vaSS5JP6PV6rGkNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT01vX09Oamxvd0hxOXBKTGtrX285WHFzYVEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9iYTY3NTUtNDI3My00OGUxLTg1ODIt
NzEyZmE2NWEyNWJhLzEvVXhEckR6UDJUTkVKb21odlVtNXBwdGVmeGdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9iYTY3NTUtNDI3My00OGUxLTg1ODItNzEyZmE2NWEyNWJh
LzEvT01vX09Oamxvd0hxOXBKTGtrX285WHFzYVEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBuWGGMA0E
AgACMAcDBQAqAM7lMA0GCSqGSIb3DQEBCwUAA4IBAQCLHr2PzlMRPqfv1UpZUajY
6/tfpokdWEWiGt84J2AJYHKbIrAokVjrkgB3LmqwvKAnFJdTMf5uBAoNWbfgrRWC
b3z/jcHlnaJarvjypknpx919wPua7GGW6/2x1YGSC+S4Z+7jx5XZani7dFyCXxuV
T9H3FzNtSJDPWx5jx/3RJJIxTm9bf4RfGmA6m6qllAotnEcvtgVMIDQNNcPfJnj4
knCUm8ShN2xx1T194NmfDjUOnvy3XuIx8jO8dvdXHaafb/T6XJGzMGZiXxSOf7qM
vbm2DTqhYPhZ/6kyIi3CmC5LKTqMoEVbNb5ta4SoUcJpuKSe/BAQ6fnvxNP0uAlL
-----END CERTIFICATE-----