Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/uu5iNm4qRGVtoAR_aTUNWqWiuB8.roa
File:                     uu5iNm4qRGVtoAR_aTUNWqWiuB8.roa (raw, json)
Hash identifier:          bJ0NHqqR7kxOZ1BnUrsEttxq00FUSEcatGuV+rrH2JE=
Subject key identifier:   BA:EE:62:36:6E:2A:44:65:6D:A0:04:7F:69:35:0D:5A:A5:A2:B8:1F
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143FC55473071A18E0C2508B23EF3F6
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/uu5iNm4qRGVtoAR_aTUNWqWiuB8.roa
Signing time:             Wed 01 Jan 2025 09:48:11 +0000
ROA not before:           Wed 01 Jan 2025 09:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197649
IP address blocks:        82.153.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:fc:55:47:30:71:a1:8e:0c:25:08:b2:3e:f3:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=baee62366e2a44656da0047f69350d5aa5a2b81f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:f5:34:a7:07:4f:a2:00:69:cc:7a:b3:da:2b:
                    d9:c3:0c:34:8b:b8:4b:ed:64:4e:08:a5:f4:1b:84:
                    f1:bc:78:f1:f7:6c:cc:93:a3:f0:b2:14:ed:6e:b7:
                    c4:89:fe:89:63:0f:cb:e6:2d:ea:fe:df:52:dd:78:
                    c9:ff:60:4c:4d:48:61:dc:f7:c7:52:18:43:de:e0:
                    45:29:56:0b:f6:1b:3d:a2:4b:41:c3:99:64:f3:19:
                    6a:1f:c1:10:09:0e:6e:7c:6c:6d:bc:6a:90:0d:3f:
                    7f:ca:db:75:d9:33:e2:9a:ea:93:90:c1:7a:c1:a1:
                    f2:00:3d:f6:57:9f:5d:2b:a4:e9:f2:fd:a1:f8:a7:
                    ef:43:21:1e:ef:06:4c:7a:e8:9b:5b:ac:ce:60:b8:
                    8d:c4:35:dc:4b:47:9b:3b:a9:ab:19:13:0a:5b:c6:
                    c9:4a:c1:47:1f:e8:51:b1:00:f1:58:86:33:9b:91:
                    2b:8f:59:77:e2:43:3e:4d:a0:6a:8e:54:1b:c7:21:
                    73:95:31:77:4a:44:ef:d6:da:70:57:ea:e6:51:63:
                    9e:51:42:80:55:23:0d:0a:d9:b1:0c:2b:9c:17:1d:
                    cd:11:33:48:cb:d2:1d:04:1f:7b:c2:9c:43:85:f8:
                    db:76:2e:c4:e8:4e:b1:3c:94:b8:e8:cb:db:5f:82:
                    06:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:EE:62:36:6E:2A:44:65:6D:A0:04:7F:69:35:0D:5A:A5:A2:B8:1F
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/uu5iNm4qRGVtoAR_aTUNWqWiuB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:5d:8a:ae:12:7f:31:51:be:d0:b4:a3:55:68:ab:a5:d0:ad:
         a8:61:5f:05:fe:2d:15:79:25:f7:fd:f9:ee:c2:85:5e:92:d5:
         0a:00:e2:8b:d5:2f:a5:79:40:b2:1e:c3:c7:95:d1:d3:56:55:
         26:0a:9a:1d:d1:b8:13:d3:d9:03:53:60:db:ff:5a:1a:97:c5:
         6f:e0:21:b8:cf:a5:7d:cb:5f:8a:0c:41:9f:02:c7:6b:a9:83:
         53:5f:a1:0a:15:4a:2c:64:7d:33:d8:42:20:82:29:75:91:63:
         ac:76:7f:c8:cf:7e:b5:1b:cf:5f:af:a7:e5:4e:04:ad:0a:c7:
         83:be:ce:2c:d0:45:10:6b:6d:3d:52:1f:9e:27:29:63:fe:68:
         c8:91:33:f0:af:be:1c:de:eb:41:6a:a9:16:e4:82:b0:e9:86:
         4f:8a:99:27:43:35:db:8a:1a:c9:cd:94:2c:f5:08:5d:63:e6:
         08:07:95:f1:1d:53:35:d7:61:15:26:e9:f1:c7:57:91:aa:2a:
         a9:73:be:9f:46:39:3e:8c:22:ac:b9:09:52:a3:22:93:56:c3:
         5b:c4:b5:7c:5c:aa:42:cb:b4:50:cd:29:9a:b9:e4:68:a9:fb:
         47:01:5b:8b:c6:d5:34:88:67:ad:dd:1c:3a:4d:88:fb:cf:b6:
         ea:a1:f0:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ/xVRzBxoY4MJQiyPvP2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWVlNjIzNjZlMmE0NDY1NmRhMDA0N2Y2OTM1MGQ1YWE1YTJiODFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4PU0pwdPogBpzHqz2ivZwww0i7hL
7WROCKX0G4TxvHjx92zMk6PwshTtbrfEif6JYw/L5i3q/t9S3XjJ/2BMTUhh3PfH
UhhD3uBFKVYL9hs9oktBw5lk8xlqH8EQCQ5ufGxtvGqQDT9/ytt12TPimuqTkMF6
waHyAD32V59dK6Tp8v2h+KfvQyEe7wZMeuibW6zOYLiNxDXcS0ebO6mrGRMKW8bJ
SsFHH+hRsQDxWIYzm5Erj1l34kM+TaBqjlQbxyFzlTF3SkTv1tpwV+rmUWOeUUKA
VSMNCtmxDCucFx3NETNIy9IdBB97wpxDhfjbdi7E6E6xPJS46MvbX4IG8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLruYjZuKkRlbaAEf2k1DVqlorgfMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvdXU1aU5tNHFSR1Z0b0FSX2FUVU5XcVdpdUI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUplAMA0G
CSqGSIb3DQEBCwUAA4IBAQBnXYquEn8xUb7QtKNVaKul0K2oYV8F/i0VeSX3/fnu
woVektUKAOKL1S+leUCyHsPHldHTVlUmCpod0bgT09kDU2Db/1oal8Vv4CG4z6V9
y1+KDEGfAsdrqYNTX6EKFUosZH0z2EIggil1kWOsdn/Iz361G89fr6flTgStCseD
vs4s0EUQa209Uh+eJylj/mjIkTPwr74c3utBaqkW5IKw6YZPipknQzXbihrJzZQs
9QhdY+YIB5XxHVM112EVJunxx1eRqiqpc76fRjk+jCKsuQlSoyKTVsNbxLV8XKpC
y7RQzSmaueRoqftHAVuLxtU0iGet3Rw6TYj7z7bqofDN
-----END CERTIFICATE-----