Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/UHKWf0IFUDq4891IQbRTHXY2rfo.roa
File:                     UHKWf0IFUDq4891IQbRTHXY2rfo.roa (raw, json)
Hash identifier:          khzJ2vmoGD7A0nhnzsOiCPmcx8Ixl6GoeAYAbQaOA34=
Subject key identifier:   50:72:96:7F:42:05:50:3A:B8:F3:DD:48:41:B4:53:1D:76:36:AD:FA
Certificate issuer:       /CN=ba9d30e6035be8b8386061f271481c707e04ce2b
Certificate serial:       0194228E0F0D841B630799EFC13D5280966A
Authority key identifier: BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/UHKWf0IFUDq4891IQbRTHXY2rfo.roa
Signing time:             Wed 01 Jan 2025 15:48:42 +0000
ROA not before:           Wed 01 Jan 2025 15:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203634
IP address blocks:        82.222.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 03:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:0f:0d:84:1b:63:07:99:ef:c1:3d:52:80:96:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba9d30e6035be8b8386061f271481c707e04ce2b
        Validity
            Not Before: Jan  1 15:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5072967f4205503ab8f3dd4841b4531d7636adfa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:8a:e4:cc:7b:b2:99:b4:2c:99:27:85:be:81:
                    8d:a3:7a:86:81:68:b0:9a:d9:da:b5:98:44:37:e9:
                    ee:b0:5d:9a:0f:09:e2:8c:19:85:f1:0e:31:65:4d:
                    2a:cb:76:ad:dd:4c:a5:5d:4c:c5:99:56:91:82:ae:
                    de:83:a6:90:8a:cd:cb:6c:96:6b:3b:8c:80:5a:43:
                    80:9b:2c:06:a0:95:e7:3b:fc:1a:79:2c:51:55:11:
                    8d:f1:38:98:bd:ee:c2:44:70:69:92:65:01:9c:66:
                    77:9b:30:f1:fe:90:ed:b0:95:14:08:8e:a6:64:31:
                    b1:2b:a2:8d:ec:21:37:59:37:49:07:da:3b:17:79:
                    c7:6b:10:2f:be:1a:c3:9a:a3:b5:d2:10:5e:e1:40:
                    6f:b4:20:d8:15:dc:0e:b2:d4:29:0a:6a:58:29:45:
                    0c:a1:ee:07:3b:35:1e:24:a7:c4:3d:ac:0c:b8:9f:
                    77:12:81:7a:fa:78:17:71:68:b8:5d:ca:a3:ef:db:
                    3a:2f:5e:d9:33:d4:98:30:b9:a0:ef:d7:fe:92:55:
                    fd:7c:fa:17:34:db:8f:14:24:c5:b9:6c:ef:75:59:
                    d0:79:fd:93:b3:ac:fc:3c:0a:17:c8:36:20:98:c3:
                    af:92:c2:66:8c:76:a0:16:d0:8c:69:ec:97:c5:38:
                    58:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:72:96:7F:42:05:50:3A:B8:F3:DD:48:41:B4:53:1D:76:36:AD:FA
            X509v3 Authority Key Identifier:
                keyid:BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/UHKWf0IFUDq4891IQbRTHXY2rfo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.222.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:e7:ef:0e:37:56:38:2b:24:c4:0d:17:f6:28:de:d4:70:b6:
         a0:4b:7c:09:86:bc:9c:aa:3e:69:14:80:3c:2d:38:c5:12:b4:
         ab:4b:a1:2e:0a:14:e3:5d:0c:f6:d6:7b:f4:68:73:2f:0d:a2:
         00:4a:88:3d:dd:4b:cf:e2:09:fb:a4:cc:0d:17:5a:1b:b0:f5:
         c3:59:db:9e:8e:58:e3:e8:ba:82:af:14:b9:e1:fd:3e:8a:4a:
         58:c2:7b:c0:25:ed:9e:4d:26:cc:0b:a0:0d:6c:73:e6:6e:02:
         41:da:5e:4b:77:e7:10:47:8d:eb:78:de:43:52:1c:a0:ac:32:
         35:b0:39:93:cf:c1:85:8e:99:d0:83:c4:b7:4a:9b:39:a6:d5:
         64:39:29:90:7e:17:24:76:01:ff:e4:d4:e7:3f:6d:a9:1b:c7:
         c5:06:4c:2d:20:45:d1:db:d9:a2:c1:ab:3a:66:3b:09:e5:f6:
         e6:71:10:54:5f:a0:28:31:48:dd:b8:f2:c4:14:31:e6:46:e0:
         6c:2f:0c:1e:6b:39:8e:a2:02:f8:8d:98:3e:58:7d:af:38:1c:
         b8:b5:31:ed:f2:cf:94:b0:5b:ee:a8:eb:e9:5a:40:21:5b:a4:
         62:42:49:a6:65:36:86:10:a2:11:9a:14:59:7e:3b:20:0b:0c:
         ed:e3:1e:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijg8NhBtjB5nvwT1SgJZqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhOWQzMGU2MDM1YmU4YjgzODYwNjFmMjcxNDgxYzcwN2Uw
NGNlMmIwHhcNMjUwMTAxMTU0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDcyOTY3ZjQyMDU1MDNhYjhmM2RkNDg0MWI0NTMxZDc2MzZhZGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoYrkzHuymbQsmSeFvoGNo3qGgWiw
mtnatZhEN+nusF2aDwnijBmF8Q4xZU0qy3at3UylXUzFmVaRgq7eg6aQis3LbJZr
O4yAWkOAmywGoJXnO/waeSxRVRGN8TiYve7CRHBpkmUBnGZ3mzDx/pDtsJUUCI6m
ZDGxK6KN7CE3WTdJB9o7F3nHaxAvvhrDmqO10hBe4UBvtCDYFdwOstQpCmpYKUUM
oe4HOzUeJKfEPawMuJ93EoF6+ngXcWi4Xcqj79s6L17ZM9SYMLmg79f+klX9fPoX
NNuPFCTFuWzvdVnQef2Ts6z8PAoXyDYgmMOvksJmjHagFtCMaeyXxThYeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFByln9CBVA6uPPdSEG0Ux12Nq36MB8GA1UdIwQY
MBaAFLqdMOYDW+i4OGBh8nFIHHB+BM4rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgt
NWQ1ODRmYmM1ZDI3LzEvVUhLV2YwSUZVRHE0ODkxSVFiUlRIWFkycmZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgtNWQ1ODRmYmM1ZDI3
LzEvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUt6fMA0G
CSqGSIb3DQEBCwUAA4IBAQBg5+8ON1Y4KyTEDRf2KN7UcLagS3wJhrycqj5pFIA8
LTjFErSrS6EuChTjXQz21nv0aHMvDaIASog93UvP4gn7pMwNF1obsPXDWduejljj
6LqCrxS54f0+ikpYwnvAJe2eTSbMC6ANbHPmbgJB2l5Ld+cQR43reN5DUhygrDI1
sDmTz8GFjpnQg8S3Sps5ptVkOSmQfhckdgH/5NTnP22pG8fFBkwtIEXR29miwas6
ZjsJ5fbmcRBUX6AoMUjduPLEFDHmRuBsLwweazmOogL4jZg+WH2vOBy4tTHt8s+U
sFvuqOvpWkAhW6RiQkmmZTaGEKIRmhRZfjsgCwzt4x5b
-----END CERTIFICATE-----