Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/UTD25HSfDCitfEF77H0gTbBbKYg.roa
File:                     UTD25HSfDCitfEF77H0gTbBbKYg.roa (raw, json)
Hash identifier:          JlSU0P58p4ohrtWd9vf+kXPT1uTSHo3mBZt0nA+3jpA=
Subject key identifier:   51:30:F6:E4:74:9F:0C:28:AD:7C:41:7B:EC:7D:20:4D:B0:5B:29:88
Certificate issuer:       /CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
Certificate serial:       019427B56C4C3B43AE2CF76C8C8F025CF273
Authority key identifier: A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/UTD25HSfDCitfEF77H0gTbBbKYg.roa
Signing time:             Thu 02 Jan 2025 15:49:48 +0000
ROA not before:           Thu 02 Jan 2025 15:49:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61244
IP address blocks:        46.236.224.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:6c:4c:3b:43:ae:2c:f7:6c:8c:8f:02:5c:f2:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
        Validity
            Not Before: Jan  2 15:49:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5130f6e4749f0c28ad7c417bec7d204db05b2988
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:92:3d:3d:39:e2:04:1e:b6:8a:87:65:36:cb:
                    ed:36:70:cb:0c:ab:08:75:92:0e:70:b7:bf:ee:b7:
                    ab:6f:f1:ac:43:ca:3c:da:66:ad:49:a7:a0:0b:9e:
                    14:09:f7:70:7f:5c:d9:fa:b1:c1:9e:23:8c:25:b3:
                    de:75:b9:b1:e4:9b:e6:b1:aa:3a:96:42:1c:ec:f8:
                    ac:04:b1:53:81:a1:0e:ed:c0:c4:c8:2f:0b:9a:98:
                    d5:c8:ad:8d:bc:d6:90:f4:10:d7:56:34:21:c1:03:
                    19:29:c1:4a:d0:a9:80:5c:0a:ea:12:1f:cb:f2:a4:
                    05:64:56:da:06:6a:eb:a1:d3:4c:b5:f8:1d:51:2b:
                    fa:67:4f:b8:d9:1b:29:02:4a:21:7b:d9:3f:04:ab:
                    2f:dd:1b:97:79:15:7c:65:fb:98:33:6e:17:b4:28:
                    d7:3c:3d:6c:8d:a0:06:5a:d3:1b:fe:a2:fe:9c:81:
                    3e:fd:65:97:21:40:09:72:55:4e:bd:d7:37:2a:f8:
                    79:b5:f2:dc:82:a9:c8:6f:89:36:a8:75:e7:09:b0:
                    08:7c:b0:de:74:66:54:9a:a0:09:4b:1a:2f:0c:34:
                    e8:c0:8e:17:8d:4e:d2:ec:5c:0e:52:52:6d:f5:b6:
                    5c:e9:22:7a:92:c3:fa:7c:85:ec:93:ba:7e:bf:e2:
                    be:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:30:F6:E4:74:9F:0C:28:AD:7C:41:7B:EC:7D:20:4D:B0:5B:29:88
            X509v3 Authority Key Identifier:
                keyid:A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/UTD25HSfDCitfEF77H0gTbBbKYg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         22:15:48:ca:02:94:4b:2a:ce:72:de:8b:29:4b:d9:60:9c:e0:
         a8:1a:9e:6f:21:50:df:e9:6f:55:4b:20:3f:29:04:57:f2:70:
         30:fa:4a:41:82:dd:27:18:0e:b7:ed:ab:02:22:11:cd:8c:a7:
         9d:e9:e0:3c:98:82:31:fe:3f:64:d2:47:db:92:35:39:57:9a:
         e9:93:e7:70:a4:a9:e5:8d:37:e7:4b:aa:b8:f9:e1:3b:3e:66:
         73:23:76:8a:a7:46:3b:b9:a7:46:bf:43:c7:8a:17:75:6b:46:
         b8:1d:34:76:4d:04:f7:c8:6c:d6:f3:bd:23:96:1b:d0:65:4b:
         19:0a:08:a4:95:61:54:5b:0e:3f:29:d2:27:55:99:c4:43:1e:
         85:cc:f1:36:0a:39:63:25:42:77:a9:c6:b1:5a:4f:fe:b8:59:
         14:41:9b:ac:56:46:67:2f:ca:92:1e:18:9d:20:b4:b7:61:0f:
         24:cb:3d:10:7f:71:1b:48:ba:9f:11:66:52:1d:ea:83:eb:4e:
         52:cc:e3:f4:60:f3:c8:ff:28:fe:36:5e:19:7e:db:50:3b:d4:
         27:8c:bc:d7:21:8a:7a:87:f9:bf:c1:36:aa:76:1b:e9:49:e5:
         c6:e9:8d:81:29:43:b5:df:76:98:ed:9d:ab:6e:c0:1c:41:e1:
         36:49:44:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntWxMO0OuLPdsjI8CXPJzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyYjEyZThkZjNhYmQ1NTU5ZjljZjk2ODBhZjY1ZGQxNjU4
OWRlODYwHhcNMjUwMTAyMTU0OTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTMwZjZlNDc0OWYwYzI4YWQ3YzQxN2JlYzdkMjA0ZGIwNWIyOTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAupI9PTniBB62iodlNsvtNnDLDKsI
dZIOcLe/7rerb/GsQ8o82matSaegC54UCfdwf1zZ+rHBniOMJbPedbmx5Jvmsao6
lkIc7PisBLFTgaEO7cDEyC8LmpjVyK2NvNaQ9BDXVjQhwQMZKcFK0KmAXArqEh/L
8qQFZFbaBmrrodNMtfgdUSv6Z0+42RspAkohe9k/BKsv3RuXeRV8ZfuYM24XtCjX
PD1sjaAGWtMb/qL+nIE+/WWXIUAJclVOvdc3Kvh5tfLcgqnIb4k2qHXnCbAIfLDe
dGZUmqAJSxovDDTowI4XjU7S7FwOUlJt9bZc6SJ6ksP6fIXsk7p+v+K+3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFEw9uR0nwworXxBe+x9IE2wWymIMB8GA1UdIwQY
MBaAFKKxLo3zq9VVn5z5aAr2XdFlid6GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEt
YjRjYjYzN2RhOGMzLzEvVVREMjVIU2ZEQ2l0ZkVGNzdIMGdUYkJiS1lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEtYjRjYjYzN2RhOGMz
LzEvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFLuzgMA0G
CSqGSIb3DQEBCwUAA4IBAQAiFUjKApRLKs5y3ospS9lgnOCoGp5vIVDf6W9VSyA/
KQRX8nAw+kpBgt0nGA637asCIhHNjKed6eA8mIIx/j9k0kfbkjU5V5rpk+dwpKnl
jTfnS6q4+eE7PmZzI3aKp0Y7uadGv0PHihd1a0a4HTR2TQT3yGzW870jlhvQZUsZ
CgiklWFUWw4/KdInVZnEQx6FzPE2CjljJUJ3qcaxWk/+uFkUQZusVkZnL8qSHhid
ILS3YQ8kyz0Qf3EbSLqfEWZSHeqD605SzOP0YPPI/yj+Nl4ZfttQO9QnjLzXIYp6
h/m/wTaqdhvpSeXG6Y2BKUO133aY7Z2rbsAcQeE2SURB
-----END CERTIFICATE-----