Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/uEehilTaJNTK6wTZHHdxxqFauYo.roa
File:                     uEehilTaJNTK6wTZHHdxxqFauYo.roa (raw, json)
Hash identifier:          tRIraXpN8mX3nJ3uL7fIgHQ/edV3rhiXldnw6ddpk0I=
Subject key identifier:   B8:47:A1:8A:54:DA:24:D4:CA:EB:04:D9:1C:77:71:C6:A1:5A:B9:8A
Certificate issuer:       /CN=ddbe6e0adae8bb478393aab175b638644c74ccb7
Certificate serial:       019427B374924B7138C065998874D6A54717
Authority key identifier: DD:BE:6E:0A:DA:E8:BB:47:83:93:AA:B1:75:B6:38:64:4C:74:CC:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3b5uCtrou0eDk6qxdbY4ZEx0zLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/uEehilTaJNTK6wTZHHdxxqFauYo.roa
Signing time:             Thu 02 Jan 2025 15:47:39 +0000
ROA not before:           Thu 02 Jan 2025 15:47:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2856
IP address blocks:        31.130.240.0/23 maxlen: 24
                          178.212.56.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/3b5uCtrou0eDk6qxdbY4ZEx0zLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/3b5uCtrou0eDk6qxdbY4ZEx0zLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3b5uCtrou0eDk6qxdbY4ZEx0zLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b3:74:92:4b:71:38:c0:65:99:88:74:d6:a5:47:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddbe6e0adae8bb478393aab175b638644c74ccb7
        Validity
            Not Before: Jan  2 15:47:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b847a18a54da24d4caeb04d91c7771c6a15ab98a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:0e:9b:50:63:88:e7:58:b8:b4:ed:f6:82:d8:
                    43:39:37:54:1c:dc:6f:d2:5a:5b:01:fb:95:48:9f:
                    2f:48:bf:73:35:83:20:36:6c:97:39:6b:8d:8c:e8:
                    d4:66:1e:ee:e2:ca:b2:fc:00:02:ea:38:1f:9a:91:
                    cd:ca:8d:33:d9:7e:16:cc:8c:40:24:f6:9f:8a:e2:
                    04:67:2e:92:3b:12:6e:a2:51:c0:80:0c:12:55:90:
                    bd:30:1d:13:0c:69:68:fc:87:f8:81:fd:c6:c0:24:
                    5f:d1:ab:43:48:e4:a1:2f:57:13:78:74:67:20:25:
                    8b:0f:13:d5:85:f7:25:d6:bc:af:ce:a3:de:86:89:
                    ee:ec:5b:70:34:0c:d7:da:5c:dd:d0:3b:19:ed:78:
                    25:b9:dd:c9:3f:ee:82:ee:86:99:00:9c:58:73:fa:
                    6e:ae:0a:e9:bb:b2:c3:72:d9:85:a7:bb:fc:8d:48:
                    4d:03:18:a3:87:13:f1:10:fb:5d:a9:7f:1e:0d:36:
                    cc:ed:4b:25:16:dc:a9:3e:2a:b8:a0:55:69:cb:32:
                    88:31:35:f1:a0:b5:fd:36:bd:43:87:71:c0:5c:19:
                    89:3e:c5:09:4c:8f:97:63:30:d5:47:1a:5d:02:35:
                    19:94:b6:05:ed:46:2f:49:6b:f0:1d:98:ac:53:d5:
                    01:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:47:A1:8A:54:DA:24:D4:CA:EB:04:D9:1C:77:71:C6:A1:5A:B9:8A
            X509v3 Authority Key Identifier:
                keyid:DD:BE:6E:0A:DA:E8:BB:47:83:93:AA:B1:75:B6:38:64:4C:74:CC:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b5uCtrou0eDk6qxdbY4ZEx0zLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/uEehilTaJNTK6wTZHHdxxqFauYo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/3b5uCtrou0eDk6qxdbY4ZEx0zLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.130.240.0/23
                  178.212.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b0:01:3a:dd:92:17:79:dd:0c:60:78:d0:3c:69:da:86:d4:dc:
         9b:4e:52:86:25:7c:bb:9d:22:20:52:80:68:6c:e6:2c:ff:c5:
         49:53:f9:80:a2:07:b2:63:77:2f:73:cb:ac:6c:cf:a3:33:8b:
         13:54:da:e7:c7:89:87:5d:7f:10:69:c5:53:d2:cb:1f:33:5f:
         bf:8c:25:c4:de:8a:cc:fe:53:bb:55:48:d8:8d:7d:0b:48:82:
         9d:fc:b5:b9:9d:19:0e:70:9c:3a:74:30:3c:d4:f4:97:79:3b:
         3a:4e:e7:b3:29:2a:13:32:8b:cc:80:c9:b7:67:ea:da:30:6d:
         29:19:01:60:9f:56:88:cf:cd:e8:ff:a0:19:2c:a5:ec:68:98:
         ca:23:a6:0f:34:a0:e8:5b:ee:36:9b:53:e0:cb:a0:1d:fa:ed:
         e5:4c:8f:c6:8f:95:a6:89:f9:78:2e:59:f3:cd:9e:27:13:ef:
         1d:1e:ac:3d:51:3a:c4:e2:84:4e:83:3b:b6:99:87:f6:a1:0c:
         1a:4c:5c:ca:04:03:21:6c:10:b6:c5:d6:57:1e:54:9e:b3:9e:
         24:06:8f:c6:1f:2c:71:55:85:90:7f:fd:d2:44:76:8c:e5:f3:
         4b:ee:64:bd:5a:de:9d:e4:de:7f:b7:13:11:84:50:8b:6e:50:
         2c:ae:6f:52
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQns3SSS3E4wGWZiHTWpUcXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkYmU2ZTBhZGFlOGJiNDc4MzkzYWFiMTc1YjYzODY0NGM3
NGNjYjcwHhcNMjUwMTAyMTU0NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODQ3YTE4YTU0ZGEyNGQ0Y2FlYjA0ZDkxYzc3NzFjNmExNWFiOThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzQ6bUGOI51i4tO32gthDOTdUHNxv
0lpbAfuVSJ8vSL9zNYMgNmyXOWuNjOjUZh7u4sqy/AAC6jgfmpHNyo0z2X4WzIxA
JPafiuIEZy6SOxJuolHAgAwSVZC9MB0TDGlo/If4gf3GwCRf0atDSOShL1cTeHRn
ICWLDxPVhfcl1ryvzqPehonu7FtwNAzX2lzd0DsZ7Xglud3JP+6C7oaZAJxYc/pu
rgrpu7LDctmFp7v8jUhNAxijhxPxEPtdqX8eDTbM7UslFtypPiq4oFVpyzKIMTXx
oLX9Nr1Dh3HAXBmJPsUJTI+XYzDVRxpdAjUZlLYF7UYvSWvwHZisU9UBgwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLhHoYpU2iTUyusE2Rx3ccahWrmKMB8GA1UdIwQY
MBaAFN2+bgra6LtHg5OqsXW2OGRMdMy3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2I1dUN0cm91MGVEazZxeGRiWTRaRXgwekxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNjdiNzgtNThjOC00MzExLTllNjkt
NmJhYTNiNTQ4ZDIzLzEvdUVlaGlsVGFKTlRLNndUWkhIZHh4cUZhdVlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNjdiNzgtNThjOC00MzExLTllNjktNmJhYTNiNTQ4ZDIz
LzEvM2I1dUN0cm91MGVEazZxeGRiWTRaRXgwekxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBH4LwAwQB
stQ4MA0GCSqGSIb3DQEBCwUAA4IBAQCwATrdkhd53QxgeNA8adqG1NybTlKGJXy7
nSIgUoBobOYs/8VJU/mAogeyY3cvc8usbM+jM4sTVNrnx4mHXX8QacVT0ssfM1+/
jCXE3orM/lO7VUjYjX0LSIKd/LW5nRkOcJw6dDA81PSXeTs6TuezKSoTMovMgMm3
Z+raMG0pGQFgn1aIz83o/6AZLKXsaJjKI6YPNKDoW+42m1Pgy6Ad+u3lTI/Gj5Wm
ifl4LlnzzZ4nE+8dHqw9UTrE4oROgzu2mYf2oQwaTFzKBAMhbBC2xdZXHlSes54k
Bo/GHyxxVYWQf/3SRHaM5fNL7mS9Wt6d5N5/txMRhFCLblAsrm9S
-----END CERTIFICATE-----