Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/325b84-2ed4-4092-906c-100eed812c40/1/uZ5GJPrp9SFd4Iq3FGcL7RdiaHc.roa
File:                     uZ5GJPrp9SFd4Iq3FGcL7RdiaHc.roa (raw, json)
Hash identifier:          qgD6SLmZc9P0p+V20mf5ZvuX3cLkvcDCzUTLrsNawj4=
Subject key identifier:   B9:9E:46:24:FA:E9:F5:21:5D:E0:8A:B7:14:67:0B:ED:17:62:68:77
Certificate issuer:       /CN=a62f2d3c269d935227690b28b7fbdd953e1e9edc
Certificate serial:       0194221F5B5D062984524FC86432084FC40B
Authority key identifier: A6:2F:2D:3C:26:9D:93:52:27:69:0B:28:B7:FB:DD:95:3E:1E:9E:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pi8tPCadk1InaQsot_vdlT4entw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/325b84-2ed4-4092-906c-100eed812c40/1/uZ5GJPrp9SFd4Iq3FGcL7RdiaHc.roa
Signing time:             Wed 01 Jan 2025 13:47:47 +0000
ROA not before:           Wed 01 Jan 2025 13:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     702
IP address blocks:        185.42.232.0/24 maxlen: 24
                          185.42.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/325b84-2ed4-4092-906c-100eed812c40/1/pi8tPCadk1InaQsot_vdlT4entw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/325b84-2ed4-4092-906c-100eed812c40/1/pi8tPCadk1InaQsot_vdlT4entw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pi8tPCadk1InaQsot_vdlT4entw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 13:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:5b:5d:06:29:84:52:4f:c8:64:32:08:4f:c4:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a62f2d3c269d935227690b28b7fbdd953e1e9edc
        Validity
            Not Before: Jan  1 13:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b99e4624fae9f5215de08ab714670bed17626877
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:63:40:f2:db:b0:ff:a0:42:81:45:b3:15:5c:
                    d1:19:85:a4:e4:d2:46:55:11:d6:ff:b5:1f:b1:6a:
                    9a:79:46:84:e8:56:f2:51:d7:2f:81:ba:12:15:3a:
                    75:5c:21:c2:42:f2:81:87:91:f8:27:86:09:a2:89:
                    d1:24:f1:2b:6c:1e:48:b5:04:dd:23:83:88:72:d9:
                    c4:14:29:6a:13:2c:c5:b3:15:be:db:2d:5d:88:c6:
                    42:b6:e3:41:78:68:6c:71:14:0f:a4:bb:c8:f3:eb:
                    cf:21:c3:ea:18:6a:5f:ca:49:a3:a1:a0:4a:da:cd:
                    86:03:c3:e4:a1:46:9f:47:4e:3f:a7:67:68:82:3c:
                    01:82:3a:33:48:ad:dc:ca:d1:15:0b:64:55:52:2f:
                    c8:8e:bc:cd:05:03:53:12:a3:bb:82:db:52:e9:d5:
                    f7:8c:c2:f7:91:25:2c:35:9c:5e:ae:91:cf:9e:b1:
                    10:fa:ab:ba:13:1f:04:43:07:94:6f:a3:1c:57:5e:
                    84:be:95:3e:23:08:f3:1c:d8:e2:93:58:fc:0b:b8:
                    80:74:05:60:55:da:7f:19:56:41:51:e7:82:42:5f:
                    83:03:34:ce:9e:f2:6d:95:2d:07:ad:63:c6:00:f1:
                    2a:fb:d0:52:3e:2f:ab:52:a4:e6:2f:cc:db:65:c5:
                    36:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:9E:46:24:FA:E9:F5:21:5D:E0:8A:B7:14:67:0B:ED:17:62:68:77
            X509v3 Authority Key Identifier:
                keyid:A6:2F:2D:3C:26:9D:93:52:27:69:0B:28:B7:FB:DD:95:3E:1E:9E:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pi8tPCadk1InaQsot_vdlT4entw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/325b84-2ed4-4092-906c-100eed812c40/1/uZ5GJPrp9SFd4Iq3FGcL7RdiaHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/325b84-2ed4-4092-906c-100eed812c40/1/pi8tPCadk1InaQsot_vdlT4entw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.42.232.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2a:93:68:0a:9f:b4:6b:09:32:6c:8b:cb:ff:fe:93:4c:a6:a2:
         2a:2a:e1:12:62:2e:85:ee:81:9d:09:21:3d:d7:56:4b:eb:24:
         22:56:e2:fd:4d:ba:e8:c4:bd:ea:04:21:c7:0e:a2:ab:ce:5a:
         7b:5d:6d:a8:d8:b1:0f:52:19:7d:5d:5b:9f:1b:23:e2:60:71:
         5b:32:1e:8a:1d:12:9f:ba:38:8b:b3:a6:7d:74:c8:b2:55:e6:
         36:f6:57:a9:bd:5f:45:b8:07:c5:8c:66:51:ca:ad:89:2c:28:
         f4:a7:b5:2e:2a:e3:d3:2a:0a:a8:05:f1:27:51:60:ca:03:86:
         24:34:cb:63:6a:02:8f:c3:9a:b1:99:a0:3a:f9:79:28:60:a0:
         f3:22:b1:76:93:12:29:fe:c0:de:3a:2d:24:c9:50:dc:ae:d4:
         51:16:c8:f0:5a:f9:62:44:ff:e6:42:03:dd:60:7c:61:fb:03:
         96:aa:9b:38:f4:10:7f:84:17:79:a3:2d:b2:b0:3c:92:57:ca:
         7a:76:53:20:97:57:3a:91:20:e9:ab:f5:89:96:74:e9:87:ef:
         7c:9f:01:60:2a:bc:d5:e6:08:86:36:e3:e4:65:69:14:52:8b:
         c6:8a:db:08:08:ac:4e:d4:50:bc:bf:0a:dc:15:30:61:9a:d9:
         b3:8a:b7:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH1tdBimEUk/IZDIIT8QLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MmYyZDNjMjY5ZDkzNTIyNzY5MGIyOGI3ZmJkZDk1M2Ux
ZTllZGMwHhcNMjUwMTAxMTM0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTllNDYyNGZhZTlmNTIxNWRlMDhhYjcxNDY3MGJlZDE3NjI2ODc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqWNA8tuw/6BCgUWzFVzRGYWk5NJG
VRHW/7UfsWqaeUaE6FbyUdcvgboSFTp1XCHCQvKBh5H4J4YJoonRJPErbB5ItQTd
I4OIctnEFClqEyzFsxW+2y1diMZCtuNBeGhscRQPpLvI8+vPIcPqGGpfykmjoaBK
2s2GA8PkoUafR04/p2dogjwBgjozSK3cytEVC2RVUi/IjrzNBQNTEqO7gttS6dX3
jML3kSUsNZxerpHPnrEQ+qu6Ex8EQweUb6McV16EvpU+IwjzHNjik1j8C7iAdAVg
Vdp/GVZBUeeCQl+DAzTOnvJtlS0HrWPGAPEq+9BSPi+rUqTmL8zbZcU2BQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLmeRiT66fUhXeCKtxRnC+0XYmh3MB8GA1UdIwQY
MBaAFKYvLTwmnZNSJ2kLKLf73ZU+Hp7cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGk4dFBDYWRrMUluYVFzb3RfdmRsVDRlbnR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8zMjViODQtMmVkNC00MDkyLTkwNmMt
MTAwZWVkODEyYzQwLzEvdVo1R0pQcnA5U0ZkNElxM0ZHY0w3UmRpYUhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8zMjViODQtMmVkNC00MDkyLTkwNmMtMTAwZWVkODEyYzQw
LzEvcGk4dFBDYWRrMUluYVFzb3RfdmRsVDRlbnR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuSroMA0G
CSqGSIb3DQEBCwUAA4IBAQAqk2gKn7RrCTJsi8v//pNMpqIqKuESYi6F7oGdCSE9
11ZL6yQiVuL9TbroxL3qBCHHDqKrzlp7XW2o2LEPUhl9XVufGyPiYHFbMh6KHRKf
ujiLs6Z9dMiyVeY29lepvV9FuAfFjGZRyq2JLCj0p7UuKuPTKgqoBfEnUWDKA4Yk
NMtjagKPw5qxmaA6+XkoYKDzIrF2kxIp/sDeOi0kyVDcrtRRFsjwWvliRP/mQgPd
YHxh+wOWqps49BB/hBd5oy2ysDySV8p6dlMgl1c6kSDpq/WJlnTph+98nwFgKrzV
5giGNuPkZWkUUovGitsICKxO1FC8vwrcFTBhmtmzircJ
-----END CERTIFICATE-----