Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/cbff8f-0fcb-487d-8115-de7590f3f6b8/1/UZVUY94sqKLEh0icWoOQh0bntwI.roa
File:                     UZVUY94sqKLEh0icWoOQh0bntwI.roa (raw, json)
Hash identifier:          vpvG9SY3H1VjvlXeI35sSNyZFm3fdFFooAVPM0TU2c0=
Subject key identifier:   51:95:54:63:DE:2C:A8:A2:C4:87:48:9C:5A:83:90:87:46:E7:B7:02
Certificate issuer:       /CN=88e882bf964f7092c43cdcf7550de9562c26a028
Certificate serial:       0194258EC5F169FFBC40EF2065409FB836FF
Authority key identifier: 88:E8:82:BF:96:4F:70:92:C4:3C:DC:F7:55:0D:E9:56:2C:26:A0:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iOiCv5ZPcJLEPNz3VQ3pViwmoCg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/cbff8f-0fcb-487d-8115-de7590f3f6b8/1/UZVUY94sqKLEh0icWoOQh0bntwI.roa
Signing time:             Thu 02 Jan 2025 05:48:21 +0000
ROA not before:           Thu 02 Jan 2025 05:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8368
IP address blocks:        212.85.56.0/21 maxlen: 24
                          217.18.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/cbff8f-0fcb-487d-8115-de7590f3f6b8/1/iOiCv5ZPcJLEPNz3VQ3pViwmoCg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/cbff8f-0fcb-487d-8115-de7590f3f6b8/1/iOiCv5ZPcJLEPNz3VQ3pViwmoCg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iOiCv5ZPcJLEPNz3VQ3pViwmoCg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:c5:f1:69:ff:bc:40:ef:20:65:40:9f:b8:36:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88e882bf964f7092c43cdcf7550de9562c26a028
        Validity
            Not Before: Jan  2 05:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=51955463de2ca8a2c487489c5a83908746e7b702
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:59:68:fc:c2:9f:e0:ca:63:40:bb:e8:c8:42:
                    ae:dd:ba:47:78:1a:ac:76:19:61:15:1c:27:66:16:
                    c5:22:08:94:80:d9:c9:b2:e3:d3:5f:b9:84:2b:3a:
                    10:a1:e8:01:44:bc:67:01:40:30:48:9a:d9:dd:cb:
                    e5:4c:87:a2:07:20:54:af:88:44:3d:33:0c:ae:cb:
                    6d:05:ee:6d:63:46:06:00:70:78:f2:fe:b2:18:79:
                    e6:ce:12:1a:af:19:57:c8:bb:8c:02:de:95:c2:86:
                    0a:70:77:47:d5:06:9c:35:e2:6f:71:01:5e:e5:1f:
                    07:70:e0:8e:4c:b4:e5:6e:2f:ae:da:92:19:08:ba:
                    83:cf:5e:d8:0c:f0:14:b5:ad:69:74:5c:a6:c0:59:
                    a3:11:fc:4c:60:3b:9b:6b:8b:a8:3a:5c:55:d1:a7:
                    a2:f0:a4:49:9f:cd:66:1d:b8:a6:3e:bf:96:d9:a9:
                    1a:a3:0c:d8:b5:d1:b7:f2:a8:a4:a2:b8:5b:b6:dd:
                    ed:da:e9:87:45:bf:1d:f7:02:d9:14:03:a8:5f:06:
                    32:67:6e:9e:d4:cd:ba:f0:ac:12:8d:dc:40:0e:b3:
                    8b:e9:5d:de:b9:4e:4f:ff:8b:6a:13:0e:8b:13:53:
                    a0:6e:32:7a:37:29:9c:dd:84:5e:2c:83:bb:a5:0a:
                    1d:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:95:54:63:DE:2C:A8:A2:C4:87:48:9C:5A:83:90:87:46:E7:B7:02
            X509v3 Authority Key Identifier:
                keyid:88:E8:82:BF:96:4F:70:92:C4:3C:DC:F7:55:0D:E9:56:2C:26:A0:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iOiCv5ZPcJLEPNz3VQ3pViwmoCg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/cbff8f-0fcb-487d-8115-de7590f3f6b8/1/UZVUY94sqKLEh0icWoOQh0bntwI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/cbff8f-0fcb-487d-8115-de7590f3f6b8/1/iOiCv5ZPcJLEPNz3VQ3pViwmoCg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.85.56.0/21
                  217.18.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:1a:3c:c2:c9:2e:35:94:57:10:30:7f:15:e1:e1:5b:89:ce:
         fc:22:b2:33:65:e9:f7:0d:34:56:e6:62:d5:84:14:11:65:b2:
         50:04:23:44:db:79:49:38:ec:98:47:25:0e:1c:97:ea:aa:9d:
         5c:ab:0c:e9:73:b8:d3:52:48:25:51:54:d5:95:f1:cc:ce:9d:
         e3:fe:5c:ce:e3:d0:b4:84:37:9d:91:e4:79:f5:cf:cd:db:a6:
         d8:9c:9f:ce:8e:e5:cd:6f:b2:8d:e4:a2:2a:f6:df:9e:c2:34:
         5d:c7:b4:94:71:cb:05:21:ba:4e:0b:d3:47:2b:b9:d5:6a:fa:
         d1:e0:b9:ee:38:9f:f9:43:c6:b7:41:b1:e7:6b:f4:5e:a8:8b:
         94:c5:40:9f:a8:1d:24:55:33:6d:2e:bc:26:24:e3:4a:62:ac:
         53:2b:2b:4c:76:0c:83:21:a4:c5:fa:8b:ef:64:00:58:48:89:
         cf:6c:3f:8c:b0:7e:8f:9c:6a:32:66:b9:79:36:cf:bf:0e:fa:
         6d:d2:53:e0:5f:c5:37:77:be:08:b1:78:13:df:e9:e7:56:21:
         28:af:65:28:48:3b:35:de:ce:5a:9e:dc:86:28:c6:be:7e:5f:
         4e:69:96:05:a8:f3:29:a6:c6:9c:1c:ac:7f:1e:35:d5:7d:20:
         ac:22:bd:80
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQljsXxaf+8QO8gZUCfuDb/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4ZTg4MmJmOTY0ZjcwOTJjNDNjZGNmNzU1MGRlOTU2MmMy
NmEwMjgwHhcNMjUwMTAyMDU0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTk1NTQ2M2RlMmNhOGEyYzQ4NzQ4OWM1YTgzOTA4NzQ2ZTdiNzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApFlo/MKf4MpjQLvoyEKu3bpHeBqs
dhlhFRwnZhbFIgiUgNnJsuPTX7mEKzoQoegBRLxnAUAwSJrZ3cvlTIeiByBUr4hE
PTMMrsttBe5tY0YGAHB48v6yGHnmzhIarxlXyLuMAt6VwoYKcHdH1QacNeJvcQFe
5R8HcOCOTLTlbi+u2pIZCLqDz17YDPAUta1pdFymwFmjEfxMYDuba4uoOlxV0aei
8KRJn81mHbimPr+W2akaowzYtdG38qikorhbtt3t2umHRb8d9wLZFAOoXwYyZ26e
1M268KwSjdxADrOL6V3euU5P/4tqEw6LE1OgbjJ6Nymc3YReLIO7pQodYQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFGVVGPeLKiixIdInFqDkIdG57cCMB8GA1UdIwQY
MBaAFIjogr+WT3CSxDzc91UN6VYsJqAoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaU9pQ3Y1WlBjSkxFUE56M1ZRM3BWaXdtb0NnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9jYmZmOGYtMGZjYi00ODdkLTgxMTUt
ZGU3NTkwZjNmNmI4LzEvVVpWVVk5NHNxS0xFaDBpY1dvT1FoMGJudHdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9jYmZmOGYtMGZjYi00ODdkLTgxMTUtZGU3NTkwZjNmNmI4
LzEvaU9pQ3Y1WlBjSkxFUE56M1ZRM3BWaXdtb0NnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQD1FU4AwQA
2RJQMA0GCSqGSIb3DQEBCwUAA4IBAQCcGjzCyS41lFcQMH8V4eFbic78IrIzZen3
DTRW5mLVhBQRZbJQBCNE23lJOOyYRyUOHJfqqp1cqwzpc7jTUkglUVTVlfHMzp3j
/lzO49C0hDedkeR59c/N26bYnJ/OjuXNb7KN5KIq9t+ewjRdx7SUccsFIbpOC9NH
K7nVavrR4LnuOJ/5Q8a3QbHna/ReqIuUxUCfqB0kVTNtLrwmJONKYqxTKytMdgyD
IaTF+ovvZABYSInPbD+MsH6PnGoyZrl5Ns+/Dvpt0lPgX8U3d74IsXgT3+nnViEo
r2UoSDs13s5antyGKMa+fl9OaZYFqPMppsacHKx/HjXVfSCsIr2A
-----END CERTIFICATE-----