Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/44f5df-2cdc-4f18-be30-d7c4158e9db4/1/ugrj7hUFFw6rHB6augnG5kTf3DU.roa
File:                     ugrj7hUFFw6rHB6augnG5kTf3DU.roa (raw, json)
Hash identifier:          78hbfMivlafcxeG/47FQpp9qALdUhy11vEIQAh8sDDg=
Subject key identifier:   BA:0A:E3:EE:15:05:17:0E:AB:1C:1E:9A:BA:09:C6:E6:44:DF:DC:35
Certificate issuer:       /CN=5a2a022fed81cba608817d2a9589a5098e0a708e
Certificate serial:       01941FFA5179A956E8DFC6E0E8C20DB23997
Authority key identifier: 5A:2A:02:2F:ED:81:CB:A6:08:81:7D:2A:95:89:A5:09:8E:0A:70:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WioCL-2By6YIgX0qlYmlCY4KcI4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/44f5df-2cdc-4f18-be30-d7c4158e9db4/1/ugrj7hUFFw6rHB6augnG5kTf3DU.roa
Signing time:             Wed 01 Jan 2025 03:48:06 +0000
ROA not before:           Wed 01 Jan 2025 03:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48918
IP address blocks:        95.215.212.0/22 maxlen: 24
                          95.215.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/44f5df-2cdc-4f18-be30-d7c4158e9db4/1/WioCL-2By6YIgX0qlYmlCY4KcI4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/44f5df-2cdc-4f18-be30-d7c4158e9db4/1/WioCL-2By6YIgX0qlYmlCY4KcI4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WioCL-2By6YIgX0qlYmlCY4KcI4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:51:79:a9:56:e8:df:c6:e0:e8:c2:0d:b2:39:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a2a022fed81cba608817d2a9589a5098e0a708e
        Validity
            Not Before: Jan  1 03:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ba0ae3ee1505170eab1c1e9aba09c6e644dfdc35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fc:a3:fd:13:7f:98:f5:0e:3b:6c:3f:c2:14:44:
                    dd:95:a5:b1:0a:3c:07:5b:e3:32:ca:ae:18:df:f3:
                    45:75:93:94:f9:d7:ec:1c:78:c8:71:59:5b:65:d7:
                    82:4a:66:0a:8f:86:5f:e1:1a:e4:11:8d:05:50:b0:
                    7f:75:37:03:a2:e9:82:06:52:08:22:71:ec:a7:46:
                    74:ce:94:7b:ab:09:ff:7c:b2:24:92:1f:59:11:85:
                    83:49:f7:12:97:48:0f:18:9f:37:f5:34:81:ab:02:
                    06:77:22:f9:c7:ea:98:9e:c8:3c:96:75:ee:a2:ff:
                    ee:2d:d8:41:9e:cc:d7:3d:2e:85:ff:d8:09:80:cb:
                    12:53:e9:a7:b6:fb:57:fa:56:e5:2f:19:da:1b:97:
                    0a:ea:d9:36:8e:99:69:b2:db:dc:64:72:d9:8a:1f:
                    f5:38:b4:4d:a1:2a:03:30:13:1b:ff:d8:42:68:b0:
                    e9:fe:3e:fc:84:ba:d0:40:ce:5d:d0:09:e5:3d:43:
                    0b:cb:1a:bf:06:54:f4:ca:ff:35:a7:16:54:49:55:
                    65:cb:92:71:09:7f:d9:c2:25:ea:0a:24:d0:b6:8f:
                    c0:34:e0:8a:e4:65:16:c8:fa:11:bb:90:a7:bd:28:
                    12:5f:54:e9:e5:c8:90:59:94:75:2d:7b:c3:36:d2:
                    4e:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:0A:E3:EE:15:05:17:0E:AB:1C:1E:9A:BA:09:C6:E6:44:DF:DC:35
            X509v3 Authority Key Identifier:
                keyid:5A:2A:02:2F:ED:81:CB:A6:08:81:7D:2A:95:89:A5:09:8E:0A:70:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WioCL-2By6YIgX0qlYmlCY4KcI4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/44f5df-2cdc-4f18-be30-d7c4158e9db4/1/ugrj7hUFFw6rHB6augnG5kTf3DU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/44f5df-2cdc-4f18-be30-d7c4158e9db4/1/WioCL-2By6YIgX0qlYmlCY4KcI4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.215.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         94:ba:ed:b7:11:18:7a:23:e5:7d:75:0d:fd:07:d2:24:64:d9:
         90:ab:99:f2:c3:a1:26:9f:94:7d:50:c6:68:a1:95:01:d0:e3:
         c1:29:05:ad:84:66:dc:30:68:49:f9:71:fc:10:7b:6b:8b:ef:
         bc:f7:5e:bd:f9:16:b1:f2:c4:d6:57:04:b6:70:53:f2:85:d5:
         65:23:ac:ef:c4:77:65:f3:b0:42:dd:43:13:ca:81:0c:fd:a7:
         1c:7e:20:7a:2b:17:0c:ac:04:11:a4:e6:99:70:5c:2b:ef:5f:
         64:e0:20:a2:59:fa:09:0e:47:20:fb:f0:5f:c1:51:19:33:6b:
         d8:38:bc:77:4d:53:15:c0:53:1d:90:a8:f8:a1:76:a6:18:3e:
         54:c9:68:1e:01:3d:c3:3a:d2:b6:43:80:0b:e2:f9:43:66:06:
         2c:10:ef:9a:ff:00:fb:fc:9b:21:1b:6d:d4:48:cf:dd:6d:27:
         5a:c6:90:b5:28:94:ee:ef:cd:22:76:a9:ed:4b:92:8d:ee:4d:
         dc:e3:5f:df:ee:79:10:a8:ec:ba:d9:21:af:1c:bd:23:be:71:
         dc:49:d3:8b:62:1e:f1:af:5f:07:9b:95:91:33:34:13:95:f7:
         f8:ed:fe:57:86:52:b2:8a:4a:c3:5b:ff:d2:5f:1b:15:ea:16:
         56:8e:fa:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+lF5qVbo38bg6MINsjmXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhMmEwMjJmZWQ4MWNiYTYwODgxN2QyYTk1ODlhNTA5OGUw
YTcwOGUwHhcNMjUwMTAxMDM0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTBhZTNlZTE1MDUxNzBlYWIxYzFlOWFiYTA5YzZlNjQ0ZGZkYzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/KP9E3+Y9Q47bD/CFETdlaWxCjwH
W+Myyq4Y3/NFdZOU+dfsHHjIcVlbZdeCSmYKj4Zf4RrkEY0FULB/dTcDoumCBlII
InHsp0Z0zpR7qwn/fLIkkh9ZEYWDSfcSl0gPGJ839TSBqwIGdyL5x+qYnsg8lnXu
ov/uLdhBnszXPS6F/9gJgMsSU+mntvtX+lblLxnaG5cK6tk2jplpstvcZHLZih/1
OLRNoSoDMBMb/9hCaLDp/j78hLrQQM5d0AnlPUMLyxq/BlT0yv81pxZUSVVly5Jx
CX/ZwiXqCiTQto/ANOCK5GUWyPoRu5CnvSgSX1Tp5ciQWZR1LXvDNtJOOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLoK4+4VBRcOqxwemroJxuZE39w1MB8GA1UdIwQY
MBaAFFoqAi/tgcumCIF9KpWJpQmOCnCOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2lvQ0wtMkJ5NllJZ1gwcWxZbWxDWTRLY0k0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC80NGY1ZGYtMmNkYy00ZjE4LWJlMzAt
ZDdjNDE1OGU5ZGI0LzEvdWdyajdoVUZGdzZySEI2YXVnbkc1a1RmM0RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC80NGY1ZGYtMmNkYy00ZjE4LWJlMzAtZDdjNDE1OGU5ZGI0
LzEvV2lvQ0wtMkJ5NllJZ1gwcWxZbWxDWTRLY0k0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCX9fUMA0G
CSqGSIb3DQEBCwUAA4IBAQCUuu23ERh6I+V9dQ39B9IkZNmQq5nyw6Emn5R9UMZo
oZUB0OPBKQWthGbcMGhJ+XH8EHtri++89169+Rax8sTWVwS2cFPyhdVlI6zvxHdl
87BC3UMTyoEM/accfiB6KxcMrAQRpOaZcFwr719k4CCiWfoJDkcg+/BfwVEZM2vY
OLx3TVMVwFMdkKj4oXamGD5UyWgeAT3DOtK2Q4AL4vlDZgYsEO+a/wD7/JshG23U
SM/dbSdaxpC1KJTu780idqntS5KN7k3c41/f7nkQqOy62SGvHL0jvnHcSdOLYh7x
r18Hm5WRMzQTlff47f5XhlKyikrDW//SXxsV6hZWjvrN
-----END CERTIFICATE-----