Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/uB6D1M5Ea4qIO2c3klbdxsedvEY.roa
File:                     uB6D1M5Ea4qIO2c3klbdxsedvEY.roa (raw, json)
Hash identifier:          O/tQOIV8YRGFHDDjz3/BlQlZVmE4Yz0SgugjYTrO9Ac=
Subject key identifier:   B8:1E:83:D4:CE:44:6B:8A:88:3B:67:37:92:56:DD:C6:C7:9D:BC:46
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       0194282756E9BE1C4DC2A77895EDCA9EC262
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/uB6D1M5Ea4qIO2c3klbdxsedvEY.roa
Signing time:             Thu 02 Jan 2025 17:54:14 +0000
ROA not before:           Thu 02 Jan 2025 17:54:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     32613
IP address blocks:        86.107.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:56:e9:be:1c:4d:c2:a7:78:95:ed:ca:9e:c2:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan  2 17:54:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b81e83d4ce446b8a883b67379256ddc6c79dbc46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:89:18:7b:fc:5f:c9:c4:89:c2:76:90:f5:22:
                    b6:1b:be:6d:e5:02:f4:1f:02:c0:e7:1e:22:86:91:
                    ce:98:52:b8:14:12:bb:af:28:6e:3d:29:ad:7b:0d:
                    8a:af:1d:e6:a9:2a:ce:66:4b:0b:7e:66:68:48:ab:
                    83:34:41:63:43:e8:a4:64:a1:dc:86:5b:ff:d4:5d:
                    64:07:d9:db:96:45:3c:a6:20:a8:44:98:b4:b9:6d:
                    73:61:b4:a1:28:9c:83:7b:f4:6a:8b:ca:16:0d:da:
                    a4:e7:8e:af:b5:50:46:7e:57:1d:46:3f:9b:73:15:
                    2e:9b:88:cb:95:5f:c6:10:4e:ed:08:5c:93:3d:f1:
                    e1:c5:6b:a7:71:17:a2:6b:da:c7:ac:04:14:d5:dc:
                    ef:91:7c:30:45:2c:56:44:c2:9d:c8:06:5d:38:c6:
                    46:db:14:12:44:c9:b3:41:bb:a9:35:c7:9a:d2:cc:
                    96:7b:ce:d3:5e:40:da:27:5e:05:7f:65:26:f9:c5:
                    7d:19:aa:bd:7d:4e:07:e4:79:e5:3d:bb:88:b2:fd:
                    73:10:a5:69:3d:d3:e5:02:89:3b:d5:90:55:35:00:
                    dc:c3:6f:53:3e:dc:d9:a4:c9:49:02:e9:cb:65:7c:
                    49:51:cc:ba:ae:84:7f:b5:95:87:1d:a7:06:15:6b:
                    d5:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:1E:83:D4:CE:44:6B:8A:88:3B:67:37:92:56:DD:C6:C7:9D:BC:46
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/uB6D1M5Ea4qIO2c3klbdxsedvEY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.107.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:82:72:18:cf:55:8d:a3:99:7c:19:50:b7:fc:10:c6:47:b4:
         21:44:04:f9:d8:c2:ea:6e:af:19:34:ed:f4:4c:be:b7:c5:95:
         54:2a:03:90:74:29:a3:c5:43:6b:00:92:f4:7d:cf:60:d9:91:
         55:be:41:84:68:13:3c:88:fa:4d:c1:ae:1b:aa:44:57:73:aa:
         df:4b:b2:90:f3:70:d1:fb:5e:9d:c5:a0:75:1a:06:3c:e2:d1:
         68:03:c6:56:7a:af:c8:f8:0e:a1:05:f2:ee:a2:e7:01:f5:fc:
         98:c2:7e:8d:0c:f8:bc:3a:cf:1d:c3:69:32:94:5c:b0:ee:33:
         64:bb:44:77:ed:56:90:10:1f:7b:8a:f3:ee:a3:ac:a6:37:3c:
         4d:eb:14:58:e4:21:9e:cd:e8:71:c3:8a:db:b0:52:d0:e4:64:
         32:b0:b3:4d:9b:dc:4c:54:1a:6d:fc:94:41:5c:17:a0:07:49:
         19:05:ac:6f:0f:50:c5:d6:2c:81:03:59:2e:78:7b:f3:2c:78:
         6a:f0:af:81:db:e0:4d:ca:0d:12:a3:12:82:90:5b:28:3c:0f:
         f8:8a:69:ce:bc:a3:2f:dd:e6:db:e4:e2:a2:72:a4:05:57:45:
         a8:cb:87:35:20:bc:46:d0:aa:dc:bc:95:a1:4d:94:6f:ba:c9:
         ce:84:75:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJ1bpvhxNwqd4le3KnsJiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwMTAyMTc1NDE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODFlODNkNGNlNDQ2YjhhODgzYjY3Mzc5MjU2ZGRjNmM3OWRiYzQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2IkYe/xfycSJwnaQ9SK2G75t5QL0
HwLA5x4ihpHOmFK4FBK7ryhuPSmtew2Krx3mqSrOZksLfmZoSKuDNEFjQ+ikZKHc
hlv/1F1kB9nblkU8piCoRJi0uW1zYbShKJyDe/Rqi8oWDdqk546vtVBGflcdRj+b
cxUum4jLlV/GEE7tCFyTPfHhxWuncReia9rHrAQU1dzvkXwwRSxWRMKdyAZdOMZG
2xQSRMmzQbupNcea0syWe87TXkDaJ14Ff2Um+cV9Gaq9fU4H5HnlPbuIsv1zEKVp
PdPlAok71ZBVNQDcw29TPtzZpMlJAunLZXxJUcy6roR/tZWHHacGFWvVKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLgeg9TORGuKiDtnN5JW3cbHnbxGMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvdUI2RDFNNUVhNHFJTzJjM2tsYmR4c2VkdkVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVmuoMA0G
CSqGSIb3DQEBCwUAA4IBAQAZgnIYz1WNo5l8GVC3/BDGR7QhRAT52MLqbq8ZNO30
TL63xZVUKgOQdCmjxUNrAJL0fc9g2ZFVvkGEaBM8iPpNwa4bqkRXc6rfS7KQ83DR
+16dxaB1GgY84tFoA8ZWeq/I+A6hBfLuoucB9fyYwn6NDPi8Os8dw2kylFyw7jNk
u0R37VaQEB97ivPuo6ymNzxN6xRY5CGezehxw4rbsFLQ5GQysLNNm9xMVBpt/JRB
XBegB0kZBaxvD1DF1iyBA1kueHvzLHhq8K+B2+BNyg0SoxKCkFsoPA/4imnOvKMv
3ebb5OKicqQFV0Woy4c1ILxG0KrcvJWhTZRvusnOhHV5
-----END CERTIFICATE-----