Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/sUVG_n72Y0BsPTQLs7HdE3k6hqY.roa
File:                     sUVG_n72Y0BsPTQLs7HdE3k6hqY.roa (raw, json)
Hash identifier:          5DGMMzTfJHjceBlrAlCZ8hf2mikIq6NUlE8LlW1OeFc=
Subject key identifier:   B1:45:46:FE:7E:F6:63:40:6C:3D:34:0B:B3:B1:DD:13:79:3A:86:A6
Certificate issuer:       /CN=a7fd3f89335dcf828666b28fad8ae993bd448878
Certificate serial:       019427B6367249E9AAD99928E273878710B9
Authority key identifier: A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/sUVG_n72Y0BsPTQLs7HdE3k6hqY.roa
Signing time:             Thu 02 Jan 2025 15:50:40 +0000
ROA not before:           Thu 02 Jan 2025 15:50:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61317
IP address blocks:        194.32.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:36:72:49:e9:aa:d9:99:28:e2:73:87:87:10:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7fd3f89335dcf828666b28fad8ae993bd448878
        Validity
            Not Before: Jan  2 15:50:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b14546fe7ef663406c3d340bb3b1dd13793a86a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:6f:0e:e9:d9:cf:86:e8:9e:a6:a8:92:86:47:
                    77:d3:cb:1f:e8:6f:e2:cd:80:a6:57:9f:c3:b4:c8:
                    98:8c:80:4c:a1:ed:a4:af:2e:7b:a0:8a:d8:27:eb:
                    a6:43:b4:29:dd:86:e9:d7:86:f3:54:8c:27:ef:6f:
                    46:de:62:da:d3:34:7d:5a:1a:32:4b:17:65:35:1b:
                    81:4b:f2:52:85:75:16:b9:85:58:1e:01:05:f8:eb:
                    5b:56:49:04:9c:75:46:d0:40:bc:06:50:1d:af:16:
                    39:ff:af:c9:98:61:47:90:92:f6:2a:2f:e3:5c:a7:
                    69:8a:66:f9:95:a3:6a:44:42:6f:b4:0b:ee:c5:59:
                    c0:52:e7:51:4b:33:43:28:18:97:18:85:00:bf:9d:
                    13:1c:cf:eb:e1:ee:b8:d2:4f:f9:c7:1a:d5:2b:93:
                    59:8f:c8:88:95:ba:ef:ab:d7:4a:5d:cf:32:c7:7a:
                    f0:b4:64:70:5f:8c:0d:73:f1:69:b4:25:4a:f3:a0:
                    9b:4d:46:9e:16:85:1f:48:1d:c9:b9:12:47:a9:10:
                    3a:07:6d:d1:ff:77:f1:d8:e0:5f:cc:a7:31:d4:0e:
                    57:6a:ab:47:49:ec:e6:06:86:27:c5:a5:6d:6b:12:
                    8b:ad:e0:1b:c8:01:19:9b:c8:ee:7e:8d:ca:e5:48:
                    91:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:45:46:FE:7E:F6:63:40:6C:3D:34:0B:B3:B1:DD:13:79:3A:86:A6
            X509v3 Authority Key Identifier:
                keyid:A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/sUVG_n72Y0BsPTQLs7HdE3k6hqY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.32.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:c4:50:38:f2:93:e8:89:b4:a2:30:62:90:d2:3c:46:4d:e4:
         1e:a1:86:63:fc:6e:18:a0:80:92:1e:0d:37:17:3a:58:41:9f:
         f0:d2:8c:c8:23:70:ac:ac:4b:36:f1:fe:b1:df:6b:9a:13:e2:
         d3:2f:fd:cf:41:3c:6d:81:09:9a:0d:b2:15:fe:52:95:67:ee:
         39:fc:71:21:1c:b4:5f:ee:d5:5b:94:00:21:cf:fb:b0:17:99:
         65:0b:1e:b9:b0:83:07:5e:6b:df:bd:76:7a:da:f3:7f:51:3c:
         95:40:7e:7c:99:44:46:47:f1:78:e5:6c:b5:23:87:37:80:44:
         27:96:96:e4:0e:c2:6e:6b:32:15:22:2c:7c:08:19:78:d6:0a:
         b7:26:6f:e0:37:de:ce:83:5d:b6:1e:2e:c3:52:c5:f1:30:fa:
         3f:a7:4b:54:0a:56:74:ae:b5:49:e9:2b:4a:55:ff:a7:ab:16:
         2a:14:3c:53:16:32:06:69:1a:04:91:f2:24:36:f3:95:cd:8a:
         0b:e9:fd:58:d5:c8:bf:6d:ca:8d:e9:f3:13:df:ef:93:8a:7f:
         a7:fb:c2:0d:85:03:6d:3e:cb:85:8a:00:56:fb:8d:b8:35:5e:
         07:0c:85:78:c0:63:cb:d3:3a:b5:c9:26:25:62:11:40:7b:9b:
         00:6a:78:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntjZySemq2Zko4nOHhxC5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZmQzZjg5MzM1ZGNmODI4NjY2YjI4ZmFkOGFlOTkzYmQ0
NDg4NzgwHhcNMjUwMTAyMTU1MDQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTQ1NDZmZTdlZjY2MzQwNmMzZDM0MGJiM2IxZGQxMzc5M2E4NmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7m8O6dnPhuiepqiShkd308sf6G/i
zYCmV5/DtMiYjIBMoe2kry57oIrYJ+umQ7Qp3Ybp14bzVIwn729G3mLa0zR9Whoy
SxdlNRuBS/JShXUWuYVYHgEF+OtbVkkEnHVG0EC8BlAdrxY5/6/JmGFHkJL2Ki/j
XKdpimb5laNqREJvtAvuxVnAUudRSzNDKBiXGIUAv50THM/r4e640k/5xxrVK5NZ
j8iIlbrvq9dKXc8yx3rwtGRwX4wNc/FptCVK86CbTUaeFoUfSB3JuRJHqRA6B23R
/3fx2OBfzKcx1A5XaqtHSezmBoYnxaVtaxKLreAbyAEZm8jufo3K5UiRcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLFFRv5+9mNAbD00C7Ox3RN5OoamMB8GA1UdIwQY
MBaAFKf9P4kzXc+Chmayj62K6ZO9RIh4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcF8wX2lUTmR6NEtHWnJLUHJZcnBrNzFFaUhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC8zODhmZDgtYzgxZi00ZTcxLWFmNTIt
YzBiMWFkNDM1Yjk1LzEvc1VWR19uNzJZMEJzUFRRTHM3SGRFM2s2aHFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC8zODhmZDgtYzgxZi00ZTcxLWFmNTItYzBiMWFkNDM1Yjk1
LzEvcF8wX2lUTmR6NEtHWnJLUHJZcnBrNzFFaUhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiCSMA0G
CSqGSIb3DQEBCwUAA4IBAQB5xFA48pPoibSiMGKQ0jxGTeQeoYZj/G4YoICSHg03
FzpYQZ/w0ozII3CsrEs28f6x32uaE+LTL/3PQTxtgQmaDbIV/lKVZ+45/HEhHLRf
7tVblAAhz/uwF5llCx65sIMHXmvfvXZ62vN/UTyVQH58mURGR/F45Wy1I4c3gEQn
lpbkDsJuazIVIix8CBl41gq3Jm/gN97Og122Hi7DUsXxMPo/p0tUClZ0rrVJ6StK
Vf+nqxYqFDxTFjIGaRoEkfIkNvOVzYoL6f1Y1ci/bcqN6fMT3++Tin+n+8INhQNt
PsuFigBW+424NV4HDIV4wGPL0zq1ySYlYhFAe5sAangT
-----END CERTIFICATE-----