Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/a8d4ab-dc96-4c9c-af48-a0d48d0d7461/1/UvUgYTWDFGHSILhLnDleF6nCpwc.roa
File:                     UvUgYTWDFGHSILhLnDleF6nCpwc.roa (raw, json)
Hash identifier:          tO7zdjUxIW8wkz3mlxGsBayZMuTcSLS7NFD7RR4IDf8=
Subject key identifier:   52:F5:20:61:35:83:14:61:D2:20:B8:4B:9C:39:5E:17:A9:C2:A7:07
Certificate issuer:       /CN=14a4ba50b468fceeac194627e98ba1f57deb4fc0
Certificate serial:       018D74173C32DD3ABDD0D39F5544E10D3937
Authority key identifier: 14:A4:BA:50:B4:68:FC:EE:AC:19:46:27:E9:8B:A1:F5:7D:EB:4F:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FKS6ULRo_O6sGUYn6Yuh9X3rT8A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/a8d4ab-dc96-4c9c-af48-a0d48d0d7461/1/UvUgYTWDFGHSILhLnDleF6nCpwc.roa
Signing time:             Sun 04 Feb 2024 12:28:16 +0000
ROA not before:           Sun 04 Feb 2024 12:28:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205579
IP address blocks:        185.30.248.0/22 maxlen: 22
                          185.30.248.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/a8d4ab-dc96-4c9c-af48-a0d48d0d7461/1/FKS6ULRo_O6sGUYn6Yuh9X3rT8A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/a8d4ab-dc96-4c9c-af48-a0d48d0d7461/1/FKS6ULRo_O6sGUYn6Yuh9X3rT8A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FKS6ULRo_O6sGUYn6Yuh9X3rT8A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:74:17:3c:32:dd:3a:bd:d0:d3:9f:55:44:e1:0d:39:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=14a4ba50b468fceeac194627e98ba1f57deb4fc0
        Validity
            Not Before: Feb  4 12:28:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=52f5206135831461d220b84b9c395e17a9c2a707
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:5d:a8:12:91:81:70:d1:ee:ff:5f:3c:bb:7d:
                    c2:e0:0b:fd:78:45:11:0d:06:69:8f:99:97:f6:22:
                    c2:8e:2c:59:34:ed:ce:a8:b2:9c:04:b1:16:80:0e:
                    eb:4f:41:38:81:84:f7:6f:20:0a:9a:a9:38:ee:81:
                    83:a3:cd:b5:e6:e3:ef:f5:32:63:9f:3e:75:a2:fe:
                    7d:d7:75:fa:b7:b4:ed:ae:a6:d8:4e:43:b2:11:48:
                    53:c4:20:65:6d:75:26:6c:be:fc:c5:c0:f9:cf:34:
                    cc:26:84:f4:f4:c7:4a:e7:a4:b0:96:bc:41:b1:0d:
                    93:8f:81:33:10:0b:07:42:f8:f6:72:68:44:32:c6:
                    d3:26:be:9f:83:0a:83:ad:99:29:c5:b6:6b:25:53:
                    28:d1:d2:d5:d6:16:36:f5:f1:b2:be:8d:6f:60:82:
                    ef:6d:40:34:f2:be:58:61:cb:52:c8:73:62:b9:be:
                    e7:0c:82:47:9b:97:c5:93:5b:5e:9e:9a:eb:1d:da:
                    df:ff:ba:2c:78:ab:55:88:4c:a3:e5:60:89:7c:da:
                    32:51:a3:a8:ff:a0:76:61:df:ba:39:a9:1b:d0:c3:
                    91:ae:c8:d0:48:76:df:eb:b9:a4:86:b4:54:9c:41:
                    e9:1c:de:fe:13:92:3d:e9:1f:f0:7a:6a:40:da:03:
                    e9:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:F5:20:61:35:83:14:61:D2:20:B8:4B:9C:39:5E:17:A9:C2:A7:07
            X509v3 Authority Key Identifier:
                keyid:14:A4:BA:50:B4:68:FC:EE:AC:19:46:27:E9:8B:A1:F5:7D:EB:4F:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FKS6ULRo_O6sGUYn6Yuh9X3rT8A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/a8d4ab-dc96-4c9c-af48-a0d48d0d7461/1/UvUgYTWDFGHSILhLnDleF6nCpwc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/a8d4ab-dc96-4c9c-af48-a0d48d0d7461/1/FKS6ULRo_O6sGUYn6Yuh9X3rT8A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.30.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         05:3a:23:dc:fe:e4:5b:b2:56:ea:ec:b8:6a:93:66:2a:b1:bb:
         75:0f:39:ed:e8:af:98:ae:05:7e:d2:08:dd:66:9a:74:bf:44:
         4b:3b:51:2b:b7:75:cc:a9:2e:fa:67:86:ec:f9:1c:bd:44:49:
         1b:58:74:04:7c:62:d1:3f:36:ba:71:03:80:d9:3c:1f:f9:9d:
         a9:d3:2a:5c:d1:28:4c:53:7d:cf:c5:94:eb:89:96:ca:aa:91:
         38:b7:bc:10:86:41:94:ab:5a:91:e2:1d:f1:3a:d4:ff:2a:d0:
         25:7f:09:8b:ac:e8:c9:6c:4a:e8:aa:aa:10:08:45:6b:31:0c:
         b4:3a:82:b1:b9:1e:ce:e1:67:31:4b:d8:98:7a:00:03:1e:2c:
         c1:0c:2a:be:07:1b:3f:cd:d7:53:3a:5b:cd:e0:a2:02:43:76:
         a7:26:ee:2f:c1:ca:80:9b:cb:1a:69:6f:81:15:a3:0b:3c:98:
         ff:48:62:d0:13:64:db:47:13:e1:35:f4:1f:80:b0:e9:7b:27:
         c0:9f:66:e9:50:a4:b7:ba:8c:55:19:ea:92:23:c7:f4:5a:f4:
         2e:8c:1c:6f:b5:13:af:d7:04:e2:d4:f9:d9:aa:ff:32:39:8c:
         16:46:70:cf:1d:c1:10:5e:d8:23:20:e4:04:e4:43:12:7f:7a:
         79:7c:db:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY10Fzwy3Tq90NOfVUThDTk3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0YTRiYTUwYjQ2OGZjZWVhYzE5NDYyN2U5OGJhMWY1N2Rl
YjRmYzAwHhcNMjQwMjA0MTIyODE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmY1MjA2MTM1ODMxNDYxZDIyMGI4NGI5YzM5NWUxN2E5YzJhNzA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApF2oEpGBcNHu/188u33C4Av9eEUR
DQZpj5mX9iLCjixZNO3OqLKcBLEWgA7rT0E4gYT3byAKmqk47oGDo8215uPv9TJj
nz51ov5913X6t7TtrqbYTkOyEUhTxCBlbXUmbL78xcD5zzTMJoT09MdK56SwlrxB
sQ2Tj4EzEAsHQvj2cmhEMsbTJr6fgwqDrZkpxbZrJVMo0dLV1hY29fGyvo1vYILv
bUA08r5YYctSyHNiub7nDIJHm5fFk1tenprrHdrf/7oseKtViEyj5WCJfNoyUaOo
/6B2Yd+6Oakb0MORrsjQSHbf67mkhrRUnEHpHN7+E5I96R/wempA2gPpdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFL1IGE1gxRh0iC4S5w5XhepwqcHMB8GA1UdIwQY
MBaAFBSkulC0aPzurBlGJ+mLofV960/AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRktTNlVMUm9fTzZzR1VZbjZZdWg5WDNyVDhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS9hOGQ0YWItZGM5Ni00YzljLWFmNDgt
YTBkNDhkMGQ3NDYxLzEvVXZVZ1lUV0RGR0hTSUxoTG5EbGVGNm5DcHdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS9hOGQ0YWItZGM5Ni00YzljLWFmNDgtYTBkNDhkMGQ3NDYx
LzEvRktTNlVMUm9fTzZzR1VZbjZZdWg5WDNyVDhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuR74MA0G
CSqGSIb3DQEBCwUAA4IBAQAFOiPc/uRbslbq7Lhqk2Yqsbt1Dznt6K+YrgV+0gjd
Zpp0v0RLO1Ert3XMqS76Z4bs+Ry9REkbWHQEfGLRPza6cQOA2Twf+Z2p0ypc0ShM
U33PxZTriZbKqpE4t7wQhkGUq1qR4h3xOtT/KtAlfwmLrOjJbEroqqoQCEVrMQy0
OoKxuR7O4WcxS9iYegADHizBDCq+Bxs/zddTOlvN4KICQ3anJu4vwcqAm8saaW+B
FaMLPJj/SGLQE2TbRxPhNfQfgLDpeyfAn2bpUKS3uoxVGeqSI8f0WvQujBxvtROv
1wTi1PnZqv8yOYwWRnDPHcEQXtgjIOQE5EMSf3p5fNvb
-----END CERTIFICATE-----