Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/bec253-9c29-478c-9711-cb63d6fbbfc7/1/x_UGYHPi4KGbhasIbcCsyLRrLvc.roa
File:                     x_UGYHPi4KGbhasIbcCsyLRrLvc.roa (raw, json)
Hash identifier:          TZUXAFaKqC1GafLAz2qnfFwZj2ZE2C3Lq2YMTRrQmKk=
Subject key identifier:   C7:F5:06:60:73:E2:E0:A1:9B:85:AB:08:6D:C0:AC:C8:B4:6B:2E:F7
Certificate issuer:       /CN=ef94bccbd4c2e0ff8f7aab045e14a311f3b2f9fe
Certificate serial:       01948A20178B4E658BEDE693F48A39C60E35
Authority key identifier: EF:94:BC:CB:D4:C2:E0:FF:8F:7A:AB:04:5E:14:A3:11:F3:B2:F9:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/75S8y9TC4P-PeqsEXhSjEfOy-f4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/bec253-9c29-478c-9711-cb63d6fbbfc7/1/x_UGYHPi4KGbhasIbcCsyLRrLvc.roa
Signing time:             Tue 21 Jan 2025 18:29:06 +0000
ROA not before:           Tue 21 Jan 2025 18:29:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8220
IP address blocks:        192.231.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/bec253-9c29-478c-9711-cb63d6fbbfc7/1/75S8y9TC4P-PeqsEXhSjEfOy-f4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/bec253-9c29-478c-9711-cb63d6fbbfc7/1/75S8y9TC4P-PeqsEXhSjEfOy-f4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/75S8y9TC4P-PeqsEXhSjEfOy-f4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:8a:20:17:8b:4e:65:8b:ed:e6:93:f4:8a:39:c6:0e:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef94bccbd4c2e0ff8f7aab045e14a311f3b2f9fe
        Validity
            Not Before: Jan 21 18:29:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c7f5066073e2e0a19b85ab086dc0acc8b46b2ef7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:20:2f:a3:63:b1:71:0f:ab:3f:e5:70:fb:c2:
                    4a:c7:d9:ee:f5:ee:42:73:d1:b6:c7:d9:9b:2c:23:
                    b8:22:25:e4:76:ae:4e:83:3b:ad:ed:a6:4a:38:11:
                    ec:29:a4:14:6d:36:79:59:79:8b:7e:de:d5:0e:7b:
                    62:5c:d9:46:c3:f6:d1:81:26:e7:4f:d9:72:62:87:
                    0c:28:d6:ec:e5:3d:24:b7:0e:a2:55:9f:b4:d8:ae:
                    ca:f8:df:3a:de:f0:35:63:e9:2c:29:13:b7:db:5e:
                    06:88:fd:a4:c6:9f:b8:28:fe:14:46:cd:cb:15:df:
                    5c:fc:ad:d8:78:30:f9:86:fc:70:0b:fb:ca:8f:e0:
                    3c:e2:31:b1:ba:7b:52:56:67:e2:d9:7d:50:06:df:
                    b8:bc:a8:92:c0:d2:c1:7b:10:ff:f6:eb:09:ce:e6:
                    66:26:e4:8e:1e:be:02:2b:5f:4f:a6:64:c2:0b:a2:
                    93:a0:e0:e2:c7:19:58:08:2d:bd:6e:bd:c1:86:4b:
                    28:de:10:59:66:b8:6c:b6:2a:5d:93:9f:76:39:3b:
                    7e:64:00:0c:76:59:48:db:06:99:ff:61:58:e6:08:
                    93:0f:15:75:e9:9f:e9:7e:31:98:e8:2b:05:53:c6:
                    f6:9c:f3:d9:e9:32:4f:5e:84:2e:8e:fd:b3:23:93:
                    eb:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:F5:06:60:73:E2:E0:A1:9B:85:AB:08:6D:C0:AC:C8:B4:6B:2E:F7
            X509v3 Authority Key Identifier:
                keyid:EF:94:BC:CB:D4:C2:E0:FF:8F:7A:AB:04:5E:14:A3:11:F3:B2:F9:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/75S8y9TC4P-PeqsEXhSjEfOy-f4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/bec253-9c29-478c-9711-cb63d6fbbfc7/1/x_UGYHPi4KGbhasIbcCsyLRrLvc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/bec253-9c29-478c-9711-cb63d6fbbfc7/1/75S8y9TC4P-PeqsEXhSjEfOy-f4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.231.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:c9:89:7b:16:6d:79:24:1a:d9:c9:84:2c:33:59:fd:ff:55:
         20:f0:36:de:7b:bf:44:ab:ff:e1:e8:de:8a:c2:04:e5:1c:de:
         f3:de:d0:cd:1d:a2:6a:fd:c9:27:6d:02:86:bd:3b:8b:b7:a2:
         3d:cf:b3:42:78:f9:35:d0:ba:56:28:0f:db:f0:58:c7:19:ba:
         b5:01:dc:9d:16:ad:ca:43:03:e3:2d:d8:dc:c6:97:40:24:c9:
         b2:7c:68:a6:71:3c:bd:ef:46:f5:f8:5a:d8:d4:2d:fe:b4:b2:
         a7:05:f4:71:4d:ac:24:9c:16:10:c4:c4:1e:40:d1:f5:fe:fc:
         12:02:c5:a7:56:f0:00:f0:e0:ac:90:d8:9e:76:91:ae:d4:45:
         8f:b4:a0:03:0d:da:62:30:21:0d:e1:4a:7c:48:b5:e2:f8:44:
         51:69:2e:d9:ce:31:62:4f:94:bd:e3:47:e8:51:e8:b7:8a:ec:
         68:b0:4d:ea:c1:74:a5:d7:c3:69:9b:46:fe:d8:44:67:e2:13:
         fc:84:0f:cd:5e:3d:f8:7d:6a:48:b2:f2:12:a6:87:2f:70:26:
         39:fc:1c:79:82:7c:da:36:2a:0c:a9:93:cc:a5:c5:7f:90:fd:
         55:4b:ab:17:b2:d3:57:c4:08:72:d8:db:02:35:cb:1b:b2:79:
         b0:5c:c4:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSKIBeLTmWL7eaT9Io5xg41MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmOTRiY2NiZDRjMmUwZmY4ZjdhYWIwNDVlMTRhMzExZjNi
MmY5ZmUwHhcNMjUwMTIxMTgyOTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2Y1MDY2MDczZTJlMGExOWI4NWFiMDg2ZGMwYWNjOGI0NmIyZWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0yAvo2OxcQ+rP+Vw+8JKx9nu9e5C
c9G2x9mbLCO4IiXkdq5Ogzut7aZKOBHsKaQUbTZ5WXmLft7VDntiXNlGw/bRgSbn
T9lyYocMKNbs5T0ktw6iVZ+02K7K+N863vA1Y+ksKRO3214GiP2kxp+4KP4URs3L
Fd9c/K3YeDD5hvxwC/vKj+A84jGxuntSVmfi2X1QBt+4vKiSwNLBexD/9usJzuZm
JuSOHr4CK19PpmTCC6KToODixxlYCC29br3Bhkso3hBZZrhstipdk592OTt+ZAAM
dllI2waZ/2FY5giTDxV16Z/pfjGY6CsFU8b2nPPZ6TJPXoQujv2zI5PrKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMf1BmBz4uChm4WrCG3ArMi0ay73MB8GA1UdIwQY
MBaAFO+UvMvUwuD/j3qrBF4UoxHzsvn+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzVTOHk5VEM0UC1QZXFzRVhoU2pFZk95LWY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9iZWMyNTMtOWMyOS00NzhjLTk3MTEt
Y2I2M2Q2ZmJiZmM3LzEveF9VR1lIUGk0S0diaGFzSWJjQ3N5TFJyTHZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9iZWMyNTMtOWMyOS00NzhjLTk3MTEtY2I2M2Q2ZmJiZmM3
LzEvNzVTOHk5VEM0UC1QZXFzRVhoU2pFZk95LWY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwOcRMA0G
CSqGSIb3DQEBCwUAA4IBAQBGyYl7Fm15JBrZyYQsM1n9/1Ug8Dbee79Eq//h6N6K
wgTlHN7z3tDNHaJq/cknbQKGvTuLt6I9z7NCePk10LpWKA/b8FjHGbq1AdydFq3K
QwPjLdjcxpdAJMmyfGimcTy970b1+FrY1C3+tLKnBfRxTawknBYQxMQeQNH1/vwS
AsWnVvAA8OCskNiedpGu1EWPtKADDdpiMCEN4Up8SLXi+ERRaS7ZzjFiT5S940fo
Uei3iuxosE3qwXSl18Npm0b+2ERn4hP8hA/NXj34fWpIsvISpocvcCY5/Bx5gnza
NioMqZPMpcV/kP1VS6sXstNXxAhy2NsCNcsbsnmwXMRp
-----END CERTIFICATE-----