Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/UH7ERX2uEAwiuiu2EIP73IUUkwI.roa
File:                     UH7ERX2uEAwiuiu2EIP73IUUkwI.roa (raw, json)
Hash identifier:          71rfZI37bB6WKWLPGXn68iFKAbS6rOx+kOHCTWBrP9Q=
Subject key identifier:   50:7E:C4:45:7D:AE:10:0C:22:BA:2B:B6:10:83:FB:DC:85:14:93:02
Certificate issuer:       /CN=8ad9281aafefc8375ad8b4b7e604899555952237
Certificate serial:       019425218BF46DF118A4B572E72FF087F2D8
Authority key identifier: 8A:D9:28:1A:AF:EF:C8:37:5A:D8:B4:B7:E6:04:89:95:55:95:22:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/itkoGq_vyDda2LS35gSJlVWVIjc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/UH7ERX2uEAwiuiu2EIP73IUUkwI.roa
Signing time:             Thu 02 Jan 2025 03:49:03 +0000
ROA not before:           Thu 02 Jan 2025 03:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207085
IP address blocks:        185.160.90.0/24 maxlen: 24
                          2a07:bbc0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/itkoGq_vyDda2LS35gSJlVWVIjc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/itkoGq_vyDda2LS35gSJlVWVIjc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/itkoGq_vyDda2LS35gSJlVWVIjc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 00:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:8b:f4:6d:f1:18:a4:b5:72:e7:2f:f0:87:f2:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ad9281aafefc8375ad8b4b7e604899555952237
        Validity
            Not Before: Jan  2 03:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=507ec4457dae100c22ba2bb61083fbdc85149302
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:17:71:37:f5:10:15:f9:e4:95:0c:4a:26:49:
                    dc:18:05:e6:67:51:03:d1:97:1e:8a:9f:4d:2b:e6:
                    98:01:1d:8b:85:97:fb:3e:c5:d1:e2:ce:6a:b4:6d:
                    41:57:61:2a:91:ce:11:ec:8e:af:4f:93:5e:64:dd:
                    61:e6:47:e1:f9:45:ca:de:92:2a:0c:53:07:80:d7:
                    9e:5c:98:d7:86:db:85:9d:d9:4e:ce:e6:3b:0c:be:
                    30:c3:6e:5d:58:ee:2d:14:fb:7e:b8:9a:e8:b8:bd:
                    e4:76:89:e0:ac:81:94:dd:b8:2a:dc:2b:22:1e:a6:
                    cb:89:6b:51:0b:65:cc:f4:ba:52:40:e2:1f:34:24:
                    d2:b3:0d:97:04:ba:10:97:a0:88:e3:a8:f4:49:b0:
                    1e:b0:da:91:3a:85:56:90:0a:15:61:a0:23:93:94:
                    90:71:85:74:30:f8:d5:d3:40:f8:c3:85:b3:e6:12:
                    c7:2d:a7:a6:d6:bd:2d:b5:b5:47:65:cf:b6:0c:cf:
                    9c:ae:ae:53:0f:9d:a2:56:ff:1c:24:e9:b1:af:fd:
                    32:e2:3a:00:36:08:ff:2c:f7:f8:73:84:70:60:5d:
                    b7:c9:10:b3:8b:8d:f7:e5:65:a9:fb:52:69:86:a5:
                    27:52:a7:bd:5c:ba:c4:19:3e:55:4a:c7:80:8c:55:
                    98:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:7E:C4:45:7D:AE:10:0C:22:BA:2B:B6:10:83:FB:DC:85:14:93:02
            X509v3 Authority Key Identifier:
                keyid:8A:D9:28:1A:AF:EF:C8:37:5A:D8:B4:B7:E6:04:89:95:55:95:22:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/itkoGq_vyDda2LS35gSJlVWVIjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/UH7ERX2uEAwiuiu2EIP73IUUkwI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/itkoGq_vyDda2LS35gSJlVWVIjc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.160.90.0/24
                IPv6:
                  2a07:bbc0::/48

    Signature Algorithm: sha256WithRSAEncryption
         45:b2:5f:7d:9c:d7:e7:2f:7f:ff:88:66:4f:cf:66:0c:60:38:
         03:6f:73:ce:24:92:b8:bc:72:d7:e1:3b:d2:15:c4:2a:8b:6c:
         38:c6:19:59:c1:12:c9:32:1c:09:05:34:98:a7:4a:bb:33:91:
         c0:29:23:ea:34:8a:b8:92:0d:cc:06:ef:14:6c:4f:f0:03:4d:
         fb:a5:57:e2:1e:00:9c:7e:3d:93:dc:ea:8b:7e:17:e0:87:e0:
         7e:37:97:2a:74:56:3f:e6:9d:50:17:db:12:a5:d2:ff:c5:e4:
         88:1b:60:39:94:12:d2:ec:b4:3f:91:cb:ad:28:cf:f1:32:8e:
         e1:19:b4:58:29:95:43:c8:e7:07:f5:4c:6f:9a:b4:ad:60:37:
         e3:74:52:89:b1:5f:40:83:58:79:6e:ec:43:50:73:c6:d3:a8:
         dd:f2:25:0b:e3:d2:50:3a:92:ff:de:05:53:3b:bd:23:94:eb:
         ef:f1:56:b8:2c:9d:76:fa:a2:aa:87:e5:97:16:db:cc:b8:8b:
         02:82:31:dc:9e:f2:99:e9:ee:2e:bd:ad:84:cf:47:3f:78:b3:
         b0:f3:90:3e:d9:10:72:76:fe:a6:a2:b2:55:5c:c2:4b:c0:78:
         c6:00:11:39:2f:9f:db:99:d5:31:b3:43:6a:f7:25:09:cc:e2:
         a0:a4:92:df
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQlIYv0bfEYpLVy5y/wh/LYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhZDkyODFhYWZlZmM4Mzc1YWQ4YjRiN2U2MDQ4OTk1NTU5
NTIyMzcwHhcNMjUwMTAyMDM0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDdlYzQ0NTdkYWUxMDBjMjJiYTJiYjYxMDgzZmJkYzg1MTQ5MzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArxdxN/UQFfnklQxKJkncGAXmZ1ED
0Zceip9NK+aYAR2LhZf7PsXR4s5qtG1BV2Eqkc4R7I6vT5NeZN1h5kfh+UXK3pIq
DFMHgNeeXJjXhtuFndlOzuY7DL4ww25dWO4tFPt+uJrouL3kdongrIGU3bgq3Csi
HqbLiWtRC2XM9LpSQOIfNCTSsw2XBLoQl6CI46j0SbAesNqROoVWkAoVYaAjk5SQ
cYV0MPjV00D4w4Wz5hLHLaem1r0ttbVHZc+2DM+crq5TD52iVv8cJOmxr/0y4joA
Ngj/LPf4c4RwYF23yRCzi4335WWp+1JphqUnUqe9XLrEGT5VSseAjFWYHQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFB+xEV9rhAMIrorthCD+9yFFJMCMB8GA1UdIwQY
MBaAFIrZKBqv78g3Wti0t+YEiZVVlSI3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXRrb0dxX3Z5RGRhMkxTMzVnU0psVldWSWpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC8wNTg1MDktMmZlNy00ODZiLWI0YWQt
OGM3NGY5ZGQ2N2ZjLzEvVUg3RVJYMnVFQXdpdWl1MkVJUDczSVVVa3dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC8wNTg1MDktMmZlNy00ODZiLWI0YWQtOGM3NGY5ZGQ2N2Zj
LzEvaXRrb0dxX3Z5RGRhMkxTMzVnU0psVldWSWpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuaBaMA8E
AgACMAkDBwAqB7vAAAAwDQYJKoZIhvcNAQELBQADggEBAEWyX32c1+cvf/+IZk/P
ZgxgOANvc84kkri8ctfhO9IVxCqLbDjGGVnBEskyHAkFNJinSrszkcApI+o0iriS
DcwG7xRsT/ADTfulV+IeAJx+PZPc6ot+F+CH4H43lyp0Vj/mnVAX2xKl0v/F5Igb
YDmUEtLstD+Ry60oz/EyjuEZtFgplUPI5wf1TG+atK1gN+N0UomxX0CDWHlu7ENQ
c8bTqN3yJQvj0lA6kv/eBVM7vSOU6+/xVrgsnXb6oqqH5ZcW28y4iwKCMdye8pnp
7i69rYTPRz94s7DzkD7ZEHJ2/qaislVcwkvAeMYAETkvn9uZ1TGzQ2r3JQnM4qCk
kt8=
-----END CERTIFICATE-----