Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/300165-25c6-401b-9cbf-1f49bc7fd3bd/1/uE_fVUsQj_lty3I3lYpDSAIBXSQ.roa
File:                     uE_fVUsQj_lty3I3lYpDSAIBXSQ.roa (raw, json)
Hash identifier:          RZlwhFI1FuSzwxiwupmztd/WqpFc9LHBsKw5C8YM+Cc=
Subject key identifier:   B8:4F:DF:55:4B:10:8F:F9:6D:CB:72:37:95:8A:43:48:02:01:5D:24
Certificate issuer:       /CN=a8ef61bdc034fb5638bcf19e07ec21d90019d42c
Certificate serial:       0194266BC20EA4F6BCDFE61D2CF569F82DB8
Authority key identifier: A8:EF:61:BD:C0:34:FB:56:38:BC:F1:9E:07:EC:21:D9:00:19:D4:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qO9hvcA0-1Y4vPGeB-wh2QAZ1Cw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/300165-25c6-401b-9cbf-1f49bc7fd3bd/1/uE_fVUsQj_lty3I3lYpDSAIBXSQ.roa
Signing time:             Thu 02 Jan 2025 09:49:43 +0000
ROA not before:           Thu 02 Jan 2025 09:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39848
IP address blocks:        84.234.108.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/300165-25c6-401b-9cbf-1f49bc7fd3bd/1/qO9hvcA0-1Y4vPGeB-wh2QAZ1Cw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/300165-25c6-401b-9cbf-1f49bc7fd3bd/1/qO9hvcA0-1Y4vPGeB-wh2QAZ1Cw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qO9hvcA0-1Y4vPGeB-wh2QAZ1Cw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:c2:0e:a4:f6:bc:df:e6:1d:2c:f5:69:f8:2d:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8ef61bdc034fb5638bcf19e07ec21d90019d42c
        Validity
            Not Before: Jan  2 09:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b84fdf554b108ff96dcb7237958a434802015d24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:9e:d9:80:dc:d3:4e:04:63:e1:1f:46:d3:c5:
                    f2:44:ed:f0:63:6f:f4:00:7b:49:9d:86:2b:84:51:
                    53:d9:de:12:f2:fc:96:9b:f3:b3:11:15:bb:04:02:
                    d6:cc:59:c7:64:b1:14:b6:a1:31:9a:36:0c:f8:bd:
                    39:a4:60:ca:ef:52:97:df:dc:8a:da:3c:ce:c9:6f:
                    6f:24:c6:6f:f7:80:6d:ed:e3:0a:1b:c6:8e:cd:6a:
                    7d:fa:e8:e4:75:76:33:16:66:85:77:ca:bc:36:6f:
                    0f:8c:3b:8b:64:79:a5:c6:6b:be:e5:21:5f:0f:79:
                    22:81:19:4a:8c:eb:bd:1d:d1:4e:35:b2:51:9d:10:
                    20:08:13:1a:89:62:6f:68:b3:0d:22:9b:06:eb:92:
                    1e:99:4e:fc:68:df:17:e5:05:79:d3:83:df:14:8a:
                    f4:28:b9:ca:4b:37:e6:ed:91:13:48:cd:59:1c:63:
                    00:ca:57:ee:7c:58:da:7d:c8:c1:be:2b:ad:52:1e:
                    95:16:de:fe:db:58:93:7a:20:32:a3:aa:3b:88:ea:
                    c3:5d:8c:bf:1e:ce:96:80:88:67:24:e1:17:a9:db:
                    f6:e3:7b:ca:08:6d:bf:05:ca:70:dd:1a:e6:c5:66:
                    db:20:3c:af:67:4a:d2:93:c6:67:39:c5:65:b8:36:
                    36:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:4F:DF:55:4B:10:8F:F9:6D:CB:72:37:95:8A:43:48:02:01:5D:24
            X509v3 Authority Key Identifier:
                keyid:A8:EF:61:BD:C0:34:FB:56:38:BC:F1:9E:07:EC:21:D9:00:19:D4:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qO9hvcA0-1Y4vPGeB-wh2QAZ1Cw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/300165-25c6-401b-9cbf-1f49bc7fd3bd/1/uE_fVUsQj_lty3I3lYpDSAIBXSQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/300165-25c6-401b-9cbf-1f49bc7fd3bd/1/qO9hvcA0-1Y4vPGeB-wh2QAZ1Cw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.234.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6e:5b:c2:79:67:20:2d:22:f5:7f:34:10:59:9a:37:9d:6b:0d:
         f3:ad:13:d8:66:eb:ed:bd:a9:67:0e:94:7e:3c:db:5b:9c:73:
         d9:96:c8:ed:30:fb:fc:55:f1:bf:33:05:46:c8:f1:88:b9:ae:
         5e:da:cd:b3:0d:e8:d8:35:a0:4c:71:a5:10:5f:32:9f:5e:75:
         d4:87:64:ff:f1:e4:50:3a:57:a5:7f:b6:94:74:63:16:0d:06:
         5f:2e:dc:c8:1a:fb:83:98:d3:7e:e4:3a:e0:2d:51:01:df:71:
         0d:80:f6:85:d6:0c:f1:46:72:21:09:bd:75:52:84:bd:03:6d:
         1b:3e:86:7f:91:4b:e5:fb:9d:ef:0c:6d:05:fc:da:20:ed:64:
         74:bb:87:45:61:64:2f:88:98:fb:a3:28:31:5e:97:cd:06:e2:
         a7:5a:85:57:f1:4f:9c:fd:fc:24:65:7a:44:4d:6c:c7:04:12:
         a9:21:ad:38:48:67:2a:10:87:98:ef:ed:c3:dd:24:8a:be:df:
         a5:cc:b9:67:f3:13:1e:da:37:07:e5:d4:9a:48:76:7e:b3:5e:
         9e:8c:10:f2:c2:c3:65:c2:ba:a0:85:85:99:a2:40:1d:c9:a8:
         dd:8b:45:49:43:85:0a:ca:3d:41:77:89:f4:50:3e:a9:40:a4:
         79:f4:c3:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma8IOpPa83+YdLPVp+C24MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4ZWY2MWJkYzAzNGZiNTYzOGJjZjE5ZTA3ZWMyMWQ5MDAx
OWQ0MmMwHhcNMjUwMTAyMDk0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODRmZGY1NTRiMTA4ZmY5NmRjYjcyMzc5NThhNDM0ODAyMDE1ZDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA657ZgNzTTgRj4R9G08XyRO3wY2/0
AHtJnYYrhFFT2d4S8vyWm/OzERW7BALWzFnHZLEUtqExmjYM+L05pGDK71KX39yK
2jzOyW9vJMZv94Bt7eMKG8aOzWp9+ujkdXYzFmaFd8q8Nm8PjDuLZHmlxmu+5SFf
D3kigRlKjOu9HdFONbJRnRAgCBMaiWJvaLMNIpsG65IemU78aN8X5QV504PfFIr0
KLnKSzfm7ZETSM1ZHGMAylfufFjafcjBviutUh6VFt7+21iTeiAyo6o7iOrDXYy/
Hs6WgIhnJOEXqdv243vKCG2/Bcpw3RrmxWbbIDyvZ0rSk8ZnOcVluDY2EQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLhP31VLEI/5bctyN5WKQ0gCAV0kMB8GA1UdIwQY
MBaAFKjvYb3ANPtWOLzxngfsIdkAGdQsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcU85aHZjQTAtMVk0dlBHZUItd2gyUUFaMUN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8zMDAxNjUtMjVjNi00MDFiLTljYmYt
MWY0OWJjN2ZkM2JkLzEvdUVfZlZVc1FqX2x0eTNJM2xZcERTQUlCWFNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8zMDAxNjUtMjVjNi00MDFiLTljYmYtMWY0OWJjN2ZkM2Jk
LzEvcU85aHZjQTAtMVk0dlBHZUItd2gyUUFaMUN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVOpsMA0G
CSqGSIb3DQEBCwUAA4IBAQBuW8J5ZyAtIvV/NBBZmjedaw3zrRPYZuvtvalnDpR+
PNtbnHPZlsjtMPv8VfG/MwVGyPGIua5e2s2zDejYNaBMcaUQXzKfXnXUh2T/8eRQ
Olelf7aUdGMWDQZfLtzIGvuDmNN+5DrgLVEB33ENgPaF1gzxRnIhCb11UoS9A20b
PoZ/kUvl+53vDG0F/Nog7WR0u4dFYWQviJj7oygxXpfNBuKnWoVX8U+c/fwkZXpE
TWzHBBKpIa04SGcqEIeY7+3D3SSKvt+lzLln8xMe2jcH5dSaSHZ+s16ejBDywsNl
wrqghYWZokAdyajdi0VJQ4UKyj1Bd4n0UD6pQKR59MPW
-----END CERTIFICATE-----