Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/194c8e-e1b6-4aae-b5b2-7981fde6bf39/1/uvD1NcvE0sPpTuXNxuhcQ5fPB6Q.roa
File:                     uvD1NcvE0sPpTuXNxuhcQ5fPB6Q.roa (raw, json)
Hash identifier:          OX3lDi/3JYwmJY7qneRsBmTQJvJ1wj5rMRdXng4YNi4=
Subject key identifier:   BA:F0:F5:35:CB:C4:D2:C3:E9:4E:E5:CD:C6:E8:5C:43:97:CF:07:A4
Certificate issuer:       /CN=304a791dc74f2377232fbb07b6ae71240ab9555f
Certificate serial:       019424447F79C8568B5FB7732B905E680E03
Authority key identifier: 30:4A:79:1D:C7:4F:23:77:23:2F:BB:07:B6:AE:71:24:0A:B9:55:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MEp5HcdPI3cjL7sHtq5xJAq5VV8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/194c8e-e1b6-4aae-b5b2-7981fde6bf39/1/uvD1NcvE0sPpTuXNxuhcQ5fPB6Q.roa
Signing time:             Wed 01 Jan 2025 23:47:36 +0000
ROA not before:           Wed 01 Jan 2025 23:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12905
IP address blocks:        62.176.160.0/19 maxlen: 19
                          185.250.244.0/22 maxlen: 22
                          2a06:6bc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/194c8e-e1b6-4aae-b5b2-7981fde6bf39/1/MEp5HcdPI3cjL7sHtq5xJAq5VV8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/194c8e-e1b6-4aae-b5b2-7981fde6bf39/1/MEp5HcdPI3cjL7sHtq5xJAq5VV8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MEp5HcdPI3cjL7sHtq5xJAq5VV8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:7f:79:c8:56:8b:5f:b7:73:2b:90:5e:68:0e:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=304a791dc74f2377232fbb07b6ae71240ab9555f
        Validity
            Not Before: Jan  1 23:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=baf0f535cbc4d2c3e94ee5cdc6e85c4397cf07a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:04:19:92:10:3e:c9:56:cb:aa:0d:ac:d9:23:
                    f3:e2:68:33:f7:17:ff:98:f1:2b:d8:37:69:dd:36:
                    ae:d4:23:74:57:13:86:e4:c6:a0:8c:08:42:72:f3:
                    51:af:7b:98:c6:ad:e0:41:be:81:3a:27:5e:c4:a7:
                    0e:45:89:bd:fc:bc:ae:19:14:41:ae:b1:1a:53:a9:
                    11:9f:75:b7:26:ba:9a:03:7c:d4:e7:98:8b:15:d0:
                    65:92:a9:6e:d5:a1:8b:9c:a3:9f:36:b7:7f:74:30:
                    54:0c:30:51:be:4a:27:b4:3e:44:e6:4a:3f:ec:4e:
                    a5:22:64:80:4d:71:cb:c4:ec:1a:3c:47:80:b1:98:
                    e2:29:17:f8:e3:88:a7:cf:99:15:a9:d7:0e:d4:e1:
                    9b:a7:ce:a8:bd:2c:8c:d1:a7:ff:d4:de:36:11:41:
                    88:b8:ae:da:27:10:f4:7e:2f:50:77:63:c0:55:e5:
                    47:d2:b4:f9:5d:2e:d9:14:6f:c5:8a:6b:8a:6c:04:
                    69:a9:3e:fb:bd:77:5e:ec:76:4c:ad:34:3a:2c:b6:
                    c2:42:72:a2:d2:c9:4a:65:31:35:fc:9a:11:71:97:
                    b9:5b:60:a9:54:65:07:ec:60:aa:08:7f:5c:3d:b6:
                    d3:3c:85:c9:ad:1d:56:16:5f:fa:a0:81:3d:f7:fc:
                    20:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:F0:F5:35:CB:C4:D2:C3:E9:4E:E5:CD:C6:E8:5C:43:97:CF:07:A4
            X509v3 Authority Key Identifier:
                keyid:30:4A:79:1D:C7:4F:23:77:23:2F:BB:07:B6:AE:71:24:0A:B9:55:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MEp5HcdPI3cjL7sHtq5xJAq5VV8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/194c8e-e1b6-4aae-b5b2-7981fde6bf39/1/uvD1NcvE0sPpTuXNxuhcQ5fPB6Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/194c8e-e1b6-4aae-b5b2-7981fde6bf39/1/MEp5HcdPI3cjL7sHtq5xJAq5VV8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.176.160.0/19
                  185.250.244.0/22
                IPv6:
                  2a06:6bc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         9b:3f:b1:d4:a9:01:b4:3c:9a:d5:17:67:86:68:bd:14:f6:ad:
         a8:3d:b0:98:a6:fa:b7:a5:f3:aa:b4:db:b7:73:2a:86:ef:7a:
         32:38:57:f3:b0:fd:cb:5f:b0:83:9a:64:1c:16:fa:df:13:d0:
         e3:22:2d:7c:8c:df:57:d0:26:f7:bd:5e:53:a0:63:8f:8f:81:
         ad:15:0b:85:3d:94:0a:c9:28:89:50:8c:ab:7c:4e:1f:7c:67:
         1a:f3:42:be:c2:0a:ec:ed:fd:57:27:06:6b:3f:b5:30:b6:e8:
         d3:b4:1b:4b:52:82:cb:f1:6b:f3:d6:22:30:5a:e4:ff:63:49:
         e3:24:64:9a:fc:35:7c:f3:85:ed:7c:3d:84:ac:ce:72:51:01:
         23:fc:73:af:26:f1:c5:a7:52:c9:0b:41:c6:68:4a:5c:de:57:
         65:bc:b0:95:03:58:ee:5d:74:64:d5:35:1a:ef:98:37:82:90:
         29:48:03:c8:b7:3a:f8:c6:10:c6:9a:94:96:0c:f5:f3:76:a3:
         f0:b0:c1:9b:dd:2e:1a:ce:8b:84:50:94:fd:f6:77:ff:0a:e4:
         58:f1:0c:20:6e:8c:bb:6b:3b:5a:71:f1:90:1f:33:1d:5d:56:
         48:1e:b0:3e:88:91:64:61:63:57:26:20:22:9b:81:8c:92:b4:
         d0:fe:7f:53
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQkRH95yFaLX7dzK5BeaA4DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwNGE3OTFkYzc0ZjIzNzcyMzJmYmIwN2I2YWU3MTI0MGFi
OTU1NWYwHhcNMjUwMTAxMjM0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWYwZjUzNWNiYzRkMmMzZTk0ZWU1Y2RjNmU4NWM0Mzk3Y2YwN2E0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvgQZkhA+yVbLqg2s2SPz4mgz9xf/
mPEr2Ddp3Tau1CN0VxOG5MagjAhCcvNRr3uYxq3gQb6BOidexKcORYm9/LyuGRRB
rrEaU6kRn3W3JrqaA3zU55iLFdBlkqlu1aGLnKOfNrd/dDBUDDBRvkontD5E5ko/
7E6lImSATXHLxOwaPEeAsZjiKRf444inz5kVqdcO1OGbp86ovSyM0af/1N42EUGI
uK7aJxD0fi9Qd2PAVeVH0rT5XS7ZFG/FimuKbARpqT77vXde7HZMrTQ6LLbCQnKi
0slKZTE1/JoRcZe5W2CpVGUH7GCqCH9cPbbTPIXJrR1WFl/6oIE99/wgywIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLrw9TXLxNLD6U7lzcboXEOXzwekMB8GA1UdIwQY
MBaAFDBKeR3HTyN3Iy+7B7aucSQKuVVfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUVwNUhjZFBJM2NqTDdzSHRxNXhKQXE1VlY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8xOTRjOGUtZTFiNi00YWFlLWI1YjIt
Nzk4MWZkZTZiZjM5LzEvdXZEMU5jdkUwc1BwVHVYTnh1aGNRNWZQQjZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8xOTRjOGUtZTFiNi00YWFlLWI1YjItNzk4MWZkZTZiZjM5
LzEvTUVwNUhjZFBJM2NqTDdzSHRxNXhKQXE1VlY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQFPrCgAwQC
ufr0MA0EAgACMAcDBQMqBmvAMA0GCSqGSIb3DQEBCwUAA4IBAQCbP7HUqQG0PJrV
F2eGaL0U9q2oPbCYpvq3pfOqtNu3cyqG73oyOFfzsP3LX7CDmmQcFvrfE9DjIi18
jN9X0Cb3vV5ToGOPj4GtFQuFPZQKySiJUIyrfE4ffGca80K+wgrs7f1XJwZrP7Uw
tujTtBtLUoLL8Wvz1iIwWuT/Y0njJGSa/DV884XtfD2ErM5yUQEj/HOvJvHFp1LJ
C0HGaEpc3ldlvLCVA1juXXRk1TUa75g3gpApSAPItzr4xhDGmpSWDPXzdqPwsMGb
3S4azouEUJT99nf/CuRY8Qwgboy7aztacfGQHzMdXVZIHrA+iJFkYWNXJiAim4GM
krTQ/n9T
-----END CERTIFICATE-----