Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/2d1a0a-71cc-4f57-aa63-bedac10aacdc/1/Uy9WOwPWbRCpTH3lj7ESDUuv-LI.roa
File:                     Uy9WOwPWbRCpTH3lj7ESDUuv-LI.roa (raw, json)
Hash identifier:          1fij03uU2Ynnat5tn8++7hQPOH2AmJ+7FEvkLIb0i0I=
Subject key identifier:   53:2F:56:3B:03:D6:6D:10:A9:4C:7D:E5:8F:B1:12:0D:4B:AF:F8:B2
Certificate issuer:       /CN=bf5bdc4106adde89e1ce9c32b807b2082ebb9944
Certificate serial:       01941FFA3B6DBC3DA2C906A1B8C478D18B61
Authority key identifier: BF:5B:DC:41:06:AD:DE:89:E1:CE:9C:32:B8:07:B2:08:2E:BB:99:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v1vcQQat3onhzpwyuAeyCC67mUQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/2d1a0a-71cc-4f57-aa63-bedac10aacdc/1/Uy9WOwPWbRCpTH3lj7ESDUuv-LI.roa
Signing time:             Wed 01 Jan 2025 03:48:00 +0000
ROA not before:           Wed 01 Jan 2025 03:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62276
IP address blocks:        185.40.168.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/2d1a0a-71cc-4f57-aa63-bedac10aacdc/1/v1vcQQat3onhzpwyuAeyCC67mUQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/2d1a0a-71cc-4f57-aa63-bedac10aacdc/1/v1vcQQat3onhzpwyuAeyCC67mUQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v1vcQQat3onhzpwyuAeyCC67mUQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 03:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:3b:6d:bc:3d:a2:c9:06:a1:b8:c4:78:d1:8b:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf5bdc4106adde89e1ce9c32b807b2082ebb9944
        Validity
            Not Before: Jan  1 03:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=532f563b03d66d10a94c7de58fb1120d4baff8b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:d7:f8:cf:1d:e3:f7:6a:2e:65:6f:10:fd:3f:
                    44:65:a5:fc:15:c9:bd:85:63:e7:9b:45:5f:60:b8:
                    37:e7:a7:66:f5:e3:a9:bf:9d:60:9f:5e:6f:47:e6:
                    2c:ff:ec:5e:39:e0:90:f3:db:f5:f5:87:95:dd:75:
                    85:49:47:0c:7c:c2:48:28:50:f7:95:d8:ba:4d:ad:
                    fa:ca:79:d2:48:80:dc:d2:7c:e3:6e:3c:5e:16:12:
                    56:e9:de:6f:cc:de:9d:12:b9:1e:64:ef:45:91:cb:
                    ba:5a:73:64:3e:bb:0c:f6:32:86:1d:98:e3:b4:cc:
                    f8:92:ea:bb:7e:91:7a:76:26:fd:48:2c:ee:59:6b:
                    26:6c:c4:fd:83:2a:73:97:7f:ad:79:b9:84:3f:d2:
                    c7:6c:de:55:5f:68:22:e6:81:72:bb:11:ca:f3:b2:
                    96:40:9d:b0:70:3f:15:d1:f9:0c:e3:2c:b2:93:2d:
                    8e:41:a8:30:55:5f:9f:1b:8f:0f:82:8b:e0:e5:88:
                    b5:dd:29:a3:15:7d:60:a4:81:64:d6:c2:32:43:4e:
                    da:fa:d6:f2:ea:87:7a:7e:a7:e6:be:9d:e5:42:2b:
                    38:69:0e:d8:aa:68:d6:18:ea:d5:ab:01:d8:d3:fa:
                    62:77:49:c6:6a:d8:f9:ce:56:f0:34:d8:08:66:61:
                    a2:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:2F:56:3B:03:D6:6D:10:A9:4C:7D:E5:8F:B1:12:0D:4B:AF:F8:B2
            X509v3 Authority Key Identifier:
                keyid:BF:5B:DC:41:06:AD:DE:89:E1:CE:9C:32:B8:07:B2:08:2E:BB:99:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v1vcQQat3onhzpwyuAeyCC67mUQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/2d1a0a-71cc-4f57-aa63-bedac10aacdc/1/Uy9WOwPWbRCpTH3lj7ESDUuv-LI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/2d1a0a-71cc-4f57-aa63-bedac10aacdc/1/v1vcQQat3onhzpwyuAeyCC67mUQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.40.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         51:8a:11:12:3e:96:b3:36:82:b9:de:46:d5:40:06:ef:cf:0c:
         6b:6e:00:04:3b:80:8a:b8:33:ca:47:5d:82:a1:dc:b6:88:c8:
         bf:b8:6b:70:2e:6f:bd:7c:82:f3:e0:b0:4a:a5:5b:36:87:30:
         33:08:2c:da:b4:fb:3f:7a:1d:0a:f2:52:ae:9e:2d:db:ee:9b:
         47:b8:b3:3d:71:af:eb:0f:fd:07:ee:b2:73:fd:06:f9:8b:51:
         4a:12:ba:c6:eb:ff:81:fe:f9:d4:a2:3f:3b:43:15:e6:be:b6:
         41:5a:b6:7f:7d:ac:9f:64:e1:a5:ac:8d:35:cb:2b:eb:52:d6:
         f7:c2:db:56:7e:5e:3a:e5:49:74:28:ac:e8:a8:1d:9b:e5:f6:
         a6:8d:d1:dd:cb:6f:b3:89:10:8e:ea:80:cc:75:c1:e0:d8:be:
         3f:ee:bf:07:e4:a4:0b:22:a7:62:db:19:7c:92:f3:cf:93:47:
         64:88:15:75:4a:0d:00:94:24:56:fe:cc:97:a6:8b:45:d3:49:
         be:fc:28:cf:a5:04:ac:43:a3:7d:74:f0:48:dc:dc:f0:ae:b3:
         a7:b4:20:cc:8a:00:86:5f:d7:d9:33:54:58:a7:fe:0f:75:be:
         cb:eb:71:16:9d:bf:d4:ab:40:ef:ea:c2:bf:75:2c:52:d9:9b:
         95:5f:92:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+jttvD2iyQahuMR40YthMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmNWJkYzQxMDZhZGRlODllMWNlOWMzMmI4MDdiMjA4MmVi
Yjk5NDQwHhcNMjUwMTAxMDM0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzJmNTYzYjAzZDY2ZDEwYTk0YzdkZTU4ZmIxMTIwZDRiYWZmOGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3df4zx3j92ouZW8Q/T9EZaX8Fcm9
hWPnm0VfYLg356dm9eOpv51gn15vR+Ys/+xeOeCQ89v19YeV3XWFSUcMfMJIKFD3
ldi6Ta36ynnSSIDc0nzjbjxeFhJW6d5vzN6dErkeZO9Fkcu6WnNkPrsM9jKGHZjj
tMz4kuq7fpF6dib9SCzuWWsmbMT9gypzl3+tebmEP9LHbN5VX2gi5oFyuxHK87KW
QJ2wcD8V0fkM4yyyky2OQagwVV+fG48Pgovg5Yi13SmjFX1gpIFk1sIyQ07a+tby
6od6fqfmvp3lQis4aQ7YqmjWGOrVqwHY0/pid0nGatj5zlbwNNgIZmGi1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFMvVjsD1m0QqUx95Y+xEg1Lr/iyMB8GA1UdIwQY
MBaAFL9b3EEGrd6J4c6cMrgHsgguu5lEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjF2Y1FRYXQzb25oenB3eXVBZXlDQzY3bVVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC8yZDFhMGEtNzFjYy00ZjU3LWFhNjMt
YmVkYWMxMGFhY2RjLzEvVXk5V093UFdiUkNwVEgzbGo3RVNEVXV2LUxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC8yZDFhMGEtNzFjYy00ZjU3LWFhNjMtYmVkYWMxMGFhY2Rj
LzEvdjF2Y1FRYXQzb25oenB3eXVBZXlDQzY3bVVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSioMA0G
CSqGSIb3DQEBCwUAA4IBAQBRihESPpazNoK53kbVQAbvzwxrbgAEO4CKuDPKR12C
ody2iMi/uGtwLm+9fILz4LBKpVs2hzAzCCzatPs/eh0K8lKuni3b7ptHuLM9ca/r
D/0H7rJz/Qb5i1FKErrG6/+B/vnUoj87QxXmvrZBWrZ/fayfZOGlrI01yyvrUtb3
wttWfl465Ul0KKzoqB2b5famjdHdy2+ziRCO6oDMdcHg2L4/7r8H5KQLIqdi2xl8
kvPPk0dkiBV1Sg0AlCRW/syXpotF00m+/CjPpQSsQ6N9dPBI3NzwrrOntCDMigCG
X9fZM1RYp/4Pdb7L63EWnb/Uq0Dv6sK/dSxS2ZuVX5Jl
-----END CERTIFICATE-----