Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/ba6f3e-e95b-48d2-8419-413da667a8be/1/UaT5Q9bX82Bqe6jOA8JUwqN9Vlk.roa
File:                     UaT5Q9bX82Bqe6jOA8JUwqN9Vlk.roa (raw, json)
Hash identifier:          juEH9dDl19+Gh9JzennWIbN6WX5TGedOU3KMBiUkbg4=
Subject key identifier:   51:A4:F9:43:D6:D7:F3:60:6A:7B:A8:CE:03:C2:54:C2:A3:7D:56:59
Certificate issuer:       /CN=9b19758a087876816dc19361eaf1e9412de73f86
Certificate serial:       01942521F2C6B662F89B1887B1AADA20A8B3
Authority key identifier: 9B:19:75:8A:08:78:76:81:6D:C1:93:61:EA:F1:E9:41:2D:E7:3F:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mxl1igh4doFtwZNh6vHpQS3nP4Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/ba6f3e-e95b-48d2-8419-413da667a8be/1/UaT5Q9bX82Bqe6jOA8JUwqN9Vlk.roa
Signing time:             Thu 02 Jan 2025 03:49:29 +0000
ROA not before:           Thu 02 Jan 2025 03:49:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60118
IP address blocks:        185.150.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/ba6f3e-e95b-48d2-8419-413da667a8be/1/mxl1igh4doFtwZNh6vHpQS3nP4Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/ba6f3e-e95b-48d2-8419-413da667a8be/1/mxl1igh4doFtwZNh6vHpQS3nP4Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mxl1igh4doFtwZNh6vHpQS3nP4Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 03:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:f2:c6:b6:62:f8:9b:18:87:b1:aa:da:20:a8:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b19758a087876816dc19361eaf1e9412de73f86
        Validity
            Not Before: Jan  2 03:49:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=51a4f943d6d7f3606a7ba8ce03c254c2a37d5659
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:a9:c2:0c:ac:d4:62:95:fc:5b:5b:37:db:10:
                    07:02:9f:cd:97:17:c1:ce:e0:32:3a:71:08:91:eb:
                    62:c7:8b:0b:14:79:cf:ff:2f:48:00:a0:c4:67:28:
                    27:ef:64:0b:a2:2d:09:07:30:75:60:3b:7b:8c:c8:
                    20:49:e8:a1:84:7a:ce:95:54:03:fc:37:5b:68:34:
                    78:78:c4:20:c2:52:2d:72:5f:fd:d7:aa:bf:e7:f2:
                    52:f5:6f:7f:78:87:45:37:b1:50:6d:99:56:97:d4:
                    6e:d7:97:27:21:e7:a4:e7:d5:22:6c:16:38:5b:b6:
                    35:2e:ea:6b:05:44:ae:d2:65:06:a0:eb:99:77:cb:
                    b5:66:fb:70:06:1c:4d:4a:57:96:d5:21:70:11:8b:
                    1a:fb:bd:a1:e6:af:d4:23:65:f2:66:2d:c5:56:77:
                    62:84:7b:94:8d:b5:70:cc:4c:a9:50:84:b5:2d:11:
                    38:da:7b:4e:c6:a2:03:27:30:9e:27:7c:8a:ef:de:
                    ac:5a:ed:c3:dc:15:0e:c1:91:c8:e4:78:77:f4:2a:
                    0f:47:22:0c:04:78:74:f7:a3:f0:ab:96:e5:68:8d:
                    19:80:66:67:09:c2:b9:d0:d8:18:d8:ae:6b:db:ec:
                    dd:c7:56:fc:b4:3a:8b:00:51:d5:3f:f4:8e:93:01:
                    04:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:A4:F9:43:D6:D7:F3:60:6A:7B:A8:CE:03:C2:54:C2:A3:7D:56:59
            X509v3 Authority Key Identifier:
                keyid:9B:19:75:8A:08:78:76:81:6D:C1:93:61:EA:F1:E9:41:2D:E7:3F:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mxl1igh4doFtwZNh6vHpQS3nP4Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/ba6f3e-e95b-48d2-8419-413da667a8be/1/UaT5Q9bX82Bqe6jOA8JUwqN9Vlk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/ba6f3e-e95b-48d2-8419-413da667a8be/1/mxl1igh4doFtwZNh6vHpQS3nP4Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.150.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:08:ba:6b:7d:47:9f:cc:87:bc:fb:de:76:98:0a:6f:4f:fe:
         54:b3:88:83:ab:ef:28:67:e0:9c:e6:2e:f6:3c:9d:e3:76:23:
         93:4f:e2:7c:bf:f1:00:32:c1:bb:48:1c:33:d9:6d:18:11:c4:
         30:fa:19:7a:da:ec:4c:d1:e3:f1:36:04:9d:91:ed:9e:af:b5:
         70:71:e6:81:3c:de:99:8e:d0:ef:c4:86:cd:92:b1:c4:38:cc:
         01:6d:8d:6c:f6:a6:26:10:cd:91:67:ae:c1:ae:0c:26:70:2e:
         c7:81:01:5f:d4:ad:8a:57:82:9e:0b:b6:3f:67:f3:db:46:39:
         5c:0c:34:77:51:3d:c2:e8:c4:36:af:ff:8d:67:ed:a3:57:ef:
         1d:9e:59:6c:11:30:fa:e9:ec:e3:81:92:28:8a:ae:60:85:e6:
         79:6a:e4:ac:44:9c:d2:d0:cf:2c:ec:d4:7f:f4:d5:36:d6:1c:
         c6:03:89:d9:8a:50:7f:2e:ef:37:85:6f:15:5d:a7:1f:09:97:
         2d:4a:11:21:cb:46:f5:06:2a:6a:1c:3f:9c:6f:e8:5a:7b:2d:
         55:fb:b1:b4:ec:0c:44:b8:eb:3e:ea:1c:ee:a8:13:ae:e8:22:
         1d:dd:d8:bb:21:68:dd:d6:90:28:db:f8:fa:d0:e3:07:d0:f5:
         88:3f:f2:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIfLGtmL4mxiHsaraIKizMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliMTk3NThhMDg3ODc2ODE2ZGMxOTM2MWVhZjFlOTQxMmRl
NzNmODYwHhcNMjUwMTAyMDM0OTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWE0Zjk0M2Q2ZDdmMzYwNmE3YmE4Y2UwM2MyNTRjMmEzN2Q1NjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzqnCDKzUYpX8W1s32xAHAp/NlxfB
zuAyOnEIketix4sLFHnP/y9IAKDEZygn72QLoi0JBzB1YDt7jMggSeihhHrOlVQD
/DdbaDR4eMQgwlItcl/916q/5/JS9W9/eIdFN7FQbZlWl9Ru15cnIeek59UibBY4
W7Y1LuprBUSu0mUGoOuZd8u1ZvtwBhxNSleW1SFwEYsa+72h5q/UI2XyZi3FVndi
hHuUjbVwzEypUIS1LRE42ntOxqIDJzCeJ3yK796sWu3D3BUOwZHI5Hh39CoPRyIM
BHh096Pwq5blaI0ZgGZnCcK50NgY2K5r2+zdx1b8tDqLAFHVP/SOkwEEKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFGk+UPW1/NganuozgPCVMKjfVZZMB8GA1UdIwQY
MBaAFJsZdYoIeHaBbcGTYerx6UEt5z+GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXhsMWlnaDRkb0Z0d1pOaDZ2SHBRUzNuUDRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9iYTZmM2UtZTk1Yi00OGQyLTg0MTkt
NDEzZGE2NjdhOGJlLzEvVWFUNVE5Ylg4MkJxZTZqT0E4SlV3cU45VmxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9iYTZmM2UtZTk1Yi00OGQyLTg0MTktNDEzZGE2NjdhOGJl
LzEvbXhsMWlnaDRkb0Z0d1pOaDZ2SHBRUzNuUDRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZYRMA0G
CSqGSIb3DQEBCwUAA4IBAQAUCLprfUefzIe8+952mApvT/5Us4iDq+8oZ+Cc5i72
PJ3jdiOTT+J8v/EAMsG7SBwz2W0YEcQw+hl62uxM0ePxNgSdke2er7VwceaBPN6Z
jtDvxIbNkrHEOMwBbY1s9qYmEM2RZ67BrgwmcC7HgQFf1K2KV4KeC7Y/Z/PbRjlc
DDR3UT3C6MQ2r/+NZ+2jV+8dnllsETD66ezjgZIoiq5gheZ5auSsRJzS0M8s7NR/
9NU21hzGA4nZilB/Lu83hW8VXacfCZctShEhy0b1BipqHD+cb+haey1V+7G07AxE
uOs+6hzuqBOu6CId3di7IWjd1pAo2/j60OMH0PWIP/IE
-----END CERTIFICATE-----