Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/uLuyvw0wrMVvBem7CUEZ696cEaY.roa
File:                     uLuyvw0wrMVvBem7CUEZ696cEaY.roa (raw, json)
Hash identifier:          58TBUJNSj3ItVqjUjVmn6+wJaB5pgjoDXSiDFW+I4P4=
Subject key identifier:   B8:BB:B2:BF:0D:30:AC:C5:6F:05:E9:BB:09:41:19:EB:DE:9C:11:A6
Certificate issuer:       /CN=4292b5da4b4ffeaf720649518fbaaa10c5cb2811
Certificate serial:       0194236983FAAF52DA782035E4D2D6C7D83A
Authority key identifier: 42:92:B5:DA:4B:4F:FE:AF:72:06:49:51:8F:BA:AA:10:C5:CB:28:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QpK12ktP_q9yBklRj7qqEMXLKBE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/uLuyvw0wrMVvBem7CUEZ696cEaY.roa
Signing time:             Wed 01 Jan 2025 19:48:25 +0000
ROA not before:           Wed 01 Jan 2025 19:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57866
IP address blocks:        193.37.216.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/QpK12ktP_q9yBklRj7qqEMXLKBE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/QpK12ktP_q9yBklRj7qqEMXLKBE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QpK12ktP_q9yBklRj7qqEMXLKBE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:83:fa:af:52:da:78:20:35:e4:d2:d6:c7:d8:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4292b5da4b4ffeaf720649518fbaaa10c5cb2811
        Validity
            Not Before: Jan  1 19:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b8bbb2bf0d30acc56f05e9bb094119ebde9c11a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:61:ba:6e:ea:4d:b5:7e:f5:ae:1d:8d:d9:3c:
                    d6:fb:5f:79:00:42:af:5c:a5:29:73:02:c3:1a:5b:
                    02:19:d7:44:10:c4:c3:1b:45:20:7d:50:c2:1a:95:
                    16:5c:97:ba:38:67:1d:2a:43:0f:d8:a0:56:09:7d:
                    f4:72:6e:b5:0c:66:01:a4:b0:86:a0:10:53:32:84:
                    ce:13:f2:ff:db:79:f5:3f:f5:4a:b0:e8:69:5c:cf:
                    9b:c4:84:0e:2a:89:fe:f5:b5:7e:a3:39:1a:1f:fc:
                    e5:b4:31:33:0a:1f:ba:23:90:3e:cf:a6:f0:e4:78:
                    bd:e9:ed:32:9d:3c:ff:a7:66:0e:94:f1:29:c3:d2:
                    ca:bc:87:e8:49:b9:cd:46:6e:c8:54:27:1d:26:59:
                    84:bf:4e:1b:7c:d7:83:fc:c9:e4:11:47:97:6d:49:
                    42:39:58:ac:be:78:21:68:3d:c3:34:a6:37:f1:7f:
                    4f:9d:fe:73:e0:7c:d4:e3:7d:97:be:0e:6d:51:f6:
                    02:86:fb:86:13:a6:38:e4:97:c1:58:46:18:ec:18:
                    ec:bd:7a:f1:eb:f5:61:2a:68:1d:54:11:a8:fc:cd:
                    ef:e7:48:2c:8a:ec:ee:1d:89:84:c0:35:82:a0:ab:
                    26:d6:9f:4a:ed:f1:f4:40:6f:39:ac:30:f8:d3:de:
                    57:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:BB:B2:BF:0D:30:AC:C5:6F:05:E9:BB:09:41:19:EB:DE:9C:11:A6
            X509v3 Authority Key Identifier:
                keyid:42:92:B5:DA:4B:4F:FE:AF:72:06:49:51:8F:BA:AA:10:C5:CB:28:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QpK12ktP_q9yBklRj7qqEMXLKBE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/uLuyvw0wrMVvBem7CUEZ696cEaY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/QpK12ktP_q9yBklRj7qqEMXLKBE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2e:08:6e:3a:fc:bc:b7:92:d5:ec:42:e6:ad:e3:e8:d3:a8:db:
         5a:99:0d:4e:61:ec:bb:e2:2b:53:e3:d1:6b:20:29:e8:f1:1a:
         75:7e:eb:49:c8:bd:77:f0:1e:48:3e:3d:b3:2b:1d:c5:f6:e9:
         55:73:0a:86:89:db:2a:e5:ab:75:48:cb:38:cc:a9:c8:2a:12:
         92:fb:80:b6:13:b8:be:a9:aa:a8:98:26:3c:53:a3:13:d4:df:
         4f:eb:db:1c:61:8a:73:9f:bc:9f:6e:29:df:71:29:33:69:b9:
         f9:92:8b:f6:3f:99:a5:c8:e3:ad:bb:a4:cc:62:bc:0f:a6:42:
         f4:0f:e5:ce:01:96:49:48:a7:df:22:50:d3:5b:5d:ff:0f:22:
         e2:10:b8:a2:81:96:5c:f2:9a:a3:8d:7a:bc:a5:48:ae:cb:fa:
         af:37:54:40:69:46:26:2f:81:c3:8a:6d:70:65:9f:27:87:d6:
         13:64:8f:b7:37:47:bf:6a:e0:2d:bf:06:59:e3:5d:5c:ae:fd:
         c2:a8:b7:a7:b8:b9:78:f6:ef:60:58:dd:7b:5f:c5:2c:91:86:
         7d:57:e7:e7:b0:5b:d0:8c:35:f5:cb:5d:6b:33:a9:e2:bf:3d:
         7d:7c:09:5d:60:2a:b2:b1:2f:83:75:db:89:d0:19:64:7c:76:
         00:20:04:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaYP6r1LaeCA15NLWx9g6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyOTJiNWRhNGI0ZmZlYWY3MjA2NDk1MThmYmFhYTEwYzVj
YjI4MTEwHhcNMjUwMTAxMTk0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGJiYjJiZjBkMzBhY2M1NmYwNWU5YmIwOTQxMTllYmRlOWMxMWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3GG6bupNtX71rh2N2TzW+195AEKv
XKUpcwLDGlsCGddEEMTDG0UgfVDCGpUWXJe6OGcdKkMP2KBWCX30cm61DGYBpLCG
oBBTMoTOE/L/23n1P/VKsOhpXM+bxIQOKon+9bV+ozkaH/zltDEzCh+6I5A+z6bw
5Hi96e0ynTz/p2YOlPEpw9LKvIfoSbnNRm7IVCcdJlmEv04bfNeD/MnkEUeXbUlC
OVisvnghaD3DNKY38X9Pnf5z4HzU432Xvg5tUfYChvuGE6Y45JfBWEYY7BjsvXrx
6/VhKmgdVBGo/M3v50gsiuzuHYmEwDWCoKsm1p9K7fH0QG85rDD4095XgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLi7sr8NMKzFbwXpuwlBGevenBGmMB8GA1UdIwQY
MBaAFEKStdpLT/6vcgZJUY+6qhDFyygRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXBLMTJrdFBfcTl5QmtsUmo3cXFFTVhMS0JFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS80NTIyZmItYzFkYS00Y2NjLWE3Yzct
YTA0M2UxYjY3Yjk0LzEvdUx1eXZ3MHdyTVZ2QmVtN0NVRVo2OTZjRWFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS80NTIyZmItYzFkYS00Y2NjLWE3YzctYTA0M2UxYjY3Yjk0
LzEvUXBLMTJrdFBfcTl5QmtsUmo3cXFFTVhMS0JFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwSXYMA0G
CSqGSIb3DQEBCwUAA4IBAQAuCG46/Ly3ktXsQuat4+jTqNtamQ1OYey74itT49Fr
ICno8Rp1futJyL138B5IPj2zKx3F9ulVcwqGidsq5at1SMs4zKnIKhKS+4C2E7i+
qaqomCY8U6MT1N9P69scYYpzn7yfbinfcSkzabn5kov2P5mlyOOtu6TMYrwPpkL0
D+XOAZZJSKffIlDTW13/DyLiELiigZZc8pqjjXq8pUiuy/qvN1RAaUYmL4HDim1w
ZZ8nh9YTZI+3N0e/auAtvwZZ411crv3CqLenuLl49u9gWN17X8UskYZ9V+fnsFvQ
jDX1y11rM6nivz19fAldYCqysS+DdduJ0BlkfHYAIAS+
-----END CERTIFICATE-----