Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/682b07-773f-46fd-82e2-b9211e1fc1ac/1/uiLIHzK4-mf16_OjnZc2yUpW0us.roa
File:                     uiLIHzK4-mf16_OjnZc2yUpW0us.roa (raw, json)
Hash identifier:          RlQY7OlYxlif+RwnDDphDKPVhonzC8U4YVG2wYszXJM=
Subject key identifier:   BA:22:C8:1F:32:B8:FA:67:F5:EB:F3:A3:9D:97:36:C9:4A:56:D2:EB
Certificate issuer:       /CN=c9d6b59a93e324083fbca4237e47e9f5ebf371ab
Certificate serial:       019426D948C7351B3CCC73BFD347A374FCA8
Authority key identifier: C9:D6:B5:9A:93:E3:24:08:3F:BC:A4:23:7E:47:E9:F5:EB:F3:71:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yda1mpPjJAg_vKQjfkfp9evzcas.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/682b07-773f-46fd-82e2-b9211e1fc1ac/1/uiLIHzK4-mf16_OjnZc2yUpW0us.roa
Signing time:             Thu 02 Jan 2025 11:49:21 +0000
ROA not before:           Thu 02 Jan 2025 11:49:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43260
IP address blocks:        185.193.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/682b07-773f-46fd-82e2-b9211e1fc1ac/1/yda1mpPjJAg_vKQjfkfp9evzcas.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/682b07-773f-46fd-82e2-b9211e1fc1ac/1/yda1mpPjJAg_vKQjfkfp9evzcas.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yda1mpPjJAg_vKQjfkfp9evzcas.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 10:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:48:c7:35:1b:3c:cc:73:bf:d3:47:a3:74:fc:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d6b59a93e324083fbca4237e47e9f5ebf371ab
        Validity
            Not Before: Jan  2 11:49:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ba22c81f32b8fa67f5ebf3a39d9736c94a56d2eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:56:5a:9c:3f:33:1e:39:3b:78:86:b3:c8:b2:
                    bd:7d:a5:69:dc:2a:32:be:49:91:4d:ad:cc:13:29:
                    81:de:02:ae:a5:ae:c1:85:38:bf:69:18:ff:0b:3a:
                    bd:92:0b:b1:82:8a:6e:1e:54:6f:fc:0b:28:c0:7f:
                    c1:ab:ad:12:d7:11:bf:cb:e3:b3:c6:79:59:7d:97:
                    f6:e4:c0:7f:7b:9e:10:76:7a:e0:86:69:6d:54:f0:
                    ac:e1:9e:4e:4a:8b:62:83:46:cd:ac:c7:dd:e8:4a:
                    02:33:94:6f:02:a1:94:07:2e:0c:78:4a:fa:5c:77:
                    54:03:06:3d:9b:4e:1e:01:6f:4a:28:1d:96:7d:b9:
                    62:b5:d1:d1:a5:ce:bd:c8:a2:0a:40:b9:6d:9e:3c:
                    7e:e1:f4:7f:6f:2e:d6:a2:31:12:90:6a:d5:15:d4:
                    ec:04:b5:84:31:07:ab:05:f6:03:3c:0d:c4:b6:0a:
                    16:ac:73:78:b9:5e:9a:6e:a2:93:d2:8e:c8:bb:ec:
                    a3:7b:2b:22:9a:47:45:45:76:1f:7d:84:65:77:39:
                    c9:40:7b:32:26:07:d2:e3:d4:a7:8b:8b:04:7b:4f:
                    55:db:8c:b7:d4:1a:6c:48:3b:2b:d0:a4:a5:65:3a:
                    52:1c:a1:67:97:91:33:d5:c2:12:1d:b6:f4:b7:d6:
                    64:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:22:C8:1F:32:B8:FA:67:F5:EB:F3:A3:9D:97:36:C9:4A:56:D2:EB
            X509v3 Authority Key Identifier:
                keyid:C9:D6:B5:9A:93:E3:24:08:3F:BC:A4:23:7E:47:E9:F5:EB:F3:71:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yda1mpPjJAg_vKQjfkfp9evzcas.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/682b07-773f-46fd-82e2-b9211e1fc1ac/1/uiLIHzK4-mf16_OjnZc2yUpW0us.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/682b07-773f-46fd-82e2-b9211e1fc1ac/1/yda1mpPjJAg_vKQjfkfp9evzcas.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.193.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d7:f6:3e:fc:b3:5c:24:7d:8c:59:c3:2f:c5:93:28:df:b3:d8:
         f6:ab:13:f4:b4:4a:7d:5f:cd:d3:b7:06:1b:14:a7:ab:63:39:
         c4:23:3b:9c:8e:5c:ed:3e:bc:50:8f:f4:2d:12:44:a8:6d:58:
         75:01:08:70:f2:41:c9:db:cf:b8:fc:d7:0e:db:70:83:4d:53:
         3b:01:f2:72:c2:ee:5e:ff:e0:a4:95:b4:01:6a:dd:ec:cc:a7:
         b3:57:5c:34:69:7f:d1:2f:6d:4d:25:2a:41:d1:b3:d4:d7:7a:
         f5:eb:77:c0:dc:26:fd:67:e4:0e:8a:ee:8d:f3:f3:95:30:55:
         f7:ca:20:08:72:e4:3c:83:16:f5:1b:cd:60:b2:3f:57:41:98:
         89:c6:b0:c2:b7:f1:a2:93:f5:6b:f6:d1:12:5a:27:60:bc:7b:
         24:9e:14:02:69:bf:2e:b9:f2:b8:26:90:38:5d:ee:13:cb:13:
         ac:c9:7a:5c:eb:9b:de:92:15:82:37:bb:63:0c:95:14:f8:16:
         9b:9e:8d:e2:78:ba:4c:26:6f:86:c4:a8:0a:40:e1:03:6e:4f:
         df:c2:a6:7b:42:17:be:f8:43:80:c7:f7:37:30:b8:41:45:93:
         dd:07:16:48:43:77:02:a1:30:2f:4d:26:d6:44:62:5a:cd:6d:
         3c:b5:89:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2UjHNRs8zHO/00ejdPyoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDZiNTlhOTNlMzI0MDgzZmJjYTQyMzdlNDdlOWY1ZWJm
MzcxYWIwHhcNMjUwMTAyMTE0OTIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTIyYzgxZjMyYjhmYTY3ZjVlYmYzYTM5ZDk3MzZjOTRhNTZkMmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVZanD8zHjk7eIazyLK9faVp3Coy
vkmRTa3MEymB3gKupa7BhTi/aRj/Czq9kguxgopuHlRv/AsowH/Bq60S1xG/y+Oz
xnlZfZf25MB/e54QdnrghmltVPCs4Z5OSotig0bNrMfd6EoCM5RvAqGUBy4MeEr6
XHdUAwY9m04eAW9KKB2WfblitdHRpc69yKIKQLltnjx+4fR/by7WojESkGrVFdTs
BLWEMQerBfYDPA3EtgoWrHN4uV6abqKT0o7Iu+yjeysimkdFRXYffYRldznJQHsy
JgfS49Sni4sEe09V24y31BpsSDsr0KSlZTpSHKFnl5Ez1cISHbb0t9ZklwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLoiyB8yuPpn9evzo52XNslKVtLrMB8GA1UdIwQY
MBaAFMnWtZqT4yQIP7ykI35H6fXr83GrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRhMW1wUGpKQWdfdktRamZrZnA5ZXZ6Y2FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny82ODJiMDctNzczZi00NmZkLTgyZTIt
YjkyMTFlMWZjMWFjLzEvdWlMSUh6SzQtbWYxNl9Pam5aYzJ5VXBXMHVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny82ODJiMDctNzczZi00NmZkLTgyZTItYjkyMTFlMWZjMWFj
LzEveWRhMW1wUGpKQWdfdktRamZrZnA5ZXZ6Y2FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucGlMA0G
CSqGSIb3DQEBCwUAA4IBAQDX9j78s1wkfYxZwy/Fkyjfs9j2qxP0tEp9X83TtwYb
FKerYznEIzucjlztPrxQj/QtEkSobVh1AQhw8kHJ28+4/NcO23CDTVM7AfJywu5e
/+CklbQBat3szKezV1w0aX/RL21NJSpB0bPU13r163fA3Cb9Z+QOiu6N8/OVMFX3
yiAIcuQ8gxb1G81gsj9XQZiJxrDCt/Gik/Vr9tESWidgvHsknhQCab8uufK4JpA4
Xe4TyxOsyXpc65vekhWCN7tjDJUU+Babno3ieLpMJm+GxKgKQOEDbk/fwqZ7Qhe+
+EOAx/c3MLhBRZPdBxZIQ3cCoTAvTSbWRGJazW08tYm/
-----END CERTIFICATE-----