Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/ed5c1e-2d5f-4222-bdc7-63b95240d745/1/ukTm-wxzEJj-s_OEsyy8V9c_Wr4.roa
File:                     ukTm-wxzEJj-s_OEsyy8V9c_Wr4.roa (raw, json)
Hash identifier:          fj9aOH6SJjD+OTCiFFLafnYvA1jJNlZv9daAJcHZMJs=
Subject key identifier:   BA:44:E6:FB:0C:73:10:98:FE:B3:F3:84:B3:2C:BC:57:D7:3F:5A:BE
Certificate issuer:       /CN=d74ce9d9e18a2a8a06cb4d9b08b59cd76b221184
Certificate serial:       019427B5F140A48764EF733E3815CA76CBC2
Authority key identifier: D7:4C:E9:D9:E1:8A:2A:8A:06:CB:4D:9B:08:B5:9C:D7:6B:22:11:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/10zp2eGKKooGy02bCLWc12siEYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/ed5c1e-2d5f-4222-bdc7-63b95240d745/1/ukTm-wxzEJj-s_OEsyy8V9c_Wr4.roa
Signing time:             Thu 02 Jan 2025 15:50:22 +0000
ROA not before:           Thu 02 Jan 2025 15:50:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25376
IP address blocks:        185.108.44.0/22 maxlen: 24
                          2a01:8560::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/ed5c1e-2d5f-4222-bdc7-63b95240d745/1/10zp2eGKKooGy02bCLWc12siEYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/ed5c1e-2d5f-4222-bdc7-63b95240d745/1/10zp2eGKKooGy02bCLWc12siEYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/10zp2eGKKooGy02bCLWc12siEYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 12:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:f1:40:a4:87:64:ef:73:3e:38:15:ca:76:cb:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d74ce9d9e18a2a8a06cb4d9b08b59cd76b221184
        Validity
            Not Before: Jan  2 15:50:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ba44e6fb0c731098feb3f384b32cbc57d73f5abe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:29:9d:84:d3:f5:39:f5:4f:e5:fd:43:70:4e:
                    89:73:6e:df:f6:1b:7a:64:25:f3:d9:f8:22:3c:6a:
                    2d:47:c8:ca:e2:ab:f0:9e:68:b9:63:63:25:e0:54:
                    c5:40:b4:8d:35:98:b6:04:27:79:52:01:ca:91:cb:
                    9f:fc:8d:c7:e0:e5:ac:20:d5:a3:81:83:65:78:50:
                    1d:7a:60:23:3f:49:0f:3e:f8:70:b8:17:47:da:23:
                    b1:c9:ad:ed:54:80:6f:ca:eb:4f:5d:74:e7:ec:0e:
                    0c:95:ed:12:53:a4:63:fb:d7:73:a2:a4:da:af:3b:
                    24:eb:49:ee:9a:6f:cf:ec:82:03:f2:f5:c5:64:a5:
                    e4:6f:6b:9e:3e:c6:7d:55:99:f6:d9:34:40:a3:d5:
                    88:b9:79:20:ea:0c:98:2c:87:91:66:22:dc:43:0a:
                    0f:ae:8e:29:13:7d:c0:bc:b6:62:ad:b4:cc:02:b7:
                    fc:08:d4:b2:ce:22:6d:f5:6f:63:f4:84:3f:71:cc:
                    15:18:c3:38:50:fc:ba:09:09:c1:d5:06:d1:88:69:
                    0c:80:b0:6b:67:6d:76:c2:c5:63:ef:25:89:8a:e7:
                    a6:3b:2d:e0:3a:67:db:c0:5d:7d:47:d3:05:a7:d4:
                    24:92:5f:93:a1:d2:9f:0c:9a:1a:19:ad:c6:98:3f:
                    79:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:44:E6:FB:0C:73:10:98:FE:B3:F3:84:B3:2C:BC:57:D7:3F:5A:BE
            X509v3 Authority Key Identifier:
                keyid:D7:4C:E9:D9:E1:8A:2A:8A:06:CB:4D:9B:08:B5:9C:D7:6B:22:11:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10zp2eGKKooGy02bCLWc12siEYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/ed5c1e-2d5f-4222-bdc7-63b95240d745/1/ukTm-wxzEJj-s_OEsyy8V9c_Wr4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/ed5c1e-2d5f-4222-bdc7-63b95240d745/1/10zp2eGKKooGy02bCLWc12siEYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.108.44.0/22
                IPv6:
                  2a01:8560::/32

    Signature Algorithm: sha256WithRSAEncryption
         99:1c:24:49:c4:25:89:e4:a2:dc:c9:af:cc:08:93:14:58:12:
         9b:d5:36:a6:f5:5c:41:6e:c5:df:1a:73:29:f2:32:b9:c2:1f:
         e4:3f:94:eb:34:38:d3:b3:73:21:a3:78:fa:ac:17:1e:b0:5d:
         f5:26:b6:ed:47:1a:74:a9:bd:04:c5:27:78:b1:7c:4e:16:d7:
         1c:e6:17:33:b6:f8:5b:56:c8:72:4b:2d:80:f5:0d:8c:37:fd:
         24:e9:58:f8:5d:20:fe:61:42:4d:8a:79:6e:42:db:2d:64:19:
         73:fe:2e:11:bf:c9:31:6d:eb:14:ae:2e:a2:81:35:83:39:5f:
         30:d9:4d:49:1a:08:d5:73:93:e7:95:b8:b9:43:ab:0d:00:9b:
         ce:d5:93:93:e6:d1:6e:55:18:68:c8:e8:72:8e:26:51:e9:20:
         b2:ac:7d:7f:fa:f7:dd:69:fe:47:a2:3b:92:8c:d7:41:9a:96:
         92:3e:8f:48:53:f2:65:21:67:a8:7d:43:14:99:34:f4:55:6b:
         90:2c:bf:dc:68:62:03:2c:08:9b:ee:ae:a3:3c:4d:e3:ae:01:
         8f:61:76:d0:da:21:7e:59:a0:b6:ba:52:2a:58:ec:b9:ef:d9:
         08:7a:92:3b:4f:c8:28:63:d2:fd:d2:f0:16:32:07:97:34:85:
         23:c7:e3:71
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQntfFApIdk73M+OBXKdsvCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NGNlOWQ5ZTE4YTJhOGEwNmNiNGQ5YjA4YjU5Y2Q3NmIy
MjExODQwHhcNMjUwMTAyMTU1MDIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTQ0ZTZmYjBjNzMxMDk4ZmViM2YzODRiMzJjYmM1N2Q3M2Y1YWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhymdhNP1OfVP5f1DcE6Jc27f9ht6
ZCXz2fgiPGotR8jK4qvwnmi5Y2Ml4FTFQLSNNZi2BCd5UgHKkcuf/I3H4OWsINWj
gYNleFAdemAjP0kPPvhwuBdH2iOxya3tVIBvyutPXXTn7A4Mle0SU6Rj+9dzoqTa
rzsk60numm/P7IID8vXFZKXkb2uePsZ9VZn22TRAo9WIuXkg6gyYLIeRZiLcQwoP
ro4pE33AvLZirbTMArf8CNSyziJt9W9j9IQ/ccwVGMM4UPy6CQnB1QbRiGkMgLBr
Z212wsVj7yWJiuemOy3gOmfbwF19R9MFp9Qkkl+TodKfDJoaGa3GmD95WQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLpE5vsMcxCY/rPzhLMsvFfXP1q+MB8GA1UdIwQY
MBaAFNdM6dnhiiqKBstNmwi1nNdrIhGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTB6cDJlR0tLb29HeTAyYkNMV2MxMnNpRVlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9lZDVjMWUtMmQ1Zi00MjIyLWJkYzct
NjNiOTUyNDBkNzQ1LzEvdWtUbS13eHpFSmotc19PRXN5eThWOWNfV3I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9lZDVjMWUtMmQ1Zi00MjIyLWJkYzctNjNiOTUyNDBkNzQ1
LzEvMTB6cDJlR0tLb29HeTAyYkNMV2MxMnNpRVlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWwsMA0E
AgACMAcDBQAqAYVgMA0GCSqGSIb3DQEBCwUAA4IBAQCZHCRJxCWJ5KLcya/MCJMU
WBKb1Tam9VxBbsXfGnMp8jK5wh/kP5TrNDjTs3Mho3j6rBcesF31JrbtRxp0qb0E
xSd4sXxOFtcc5hcztvhbVshySy2A9Q2MN/0k6Vj4XSD+YUJNinluQtstZBlz/i4R
v8kxbesUri6igTWDOV8w2U1JGgjVc5Pnlbi5Q6sNAJvO1ZOT5tFuVRhoyOhyjiZR
6SCyrH1/+vfdaf5HojuSjNdBmpaSPo9IU/JlIWeofUMUmTT0VWuQLL/caGIDLAib
7q6jPE3jrgGPYXbQ2iF+WaC2ulIqWOy579kIepI7T8goY9L90vAWMgeXNIUjx+Nx
-----END CERTIFICATE-----