Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/995881-39cd-4104-9b29-0b6459775b64/1/UG2XZdsSP9vahLS8deUbiGwgM84.roa
File:                     UG2XZdsSP9vahLS8deUbiGwgM84.roa (raw, json)
Hash identifier:          H+YkvMLky6FPgjSDWIrs7G2kpfOLt2YF+/59bitetA8=
Subject key identifier:   50:6D:97:65:DB:12:3F:DB:DA:84:B4:BC:75:E5:1B:88:6C:20:33:CE
Certificate issuer:       /CN=3a1a0c0016b9b33f93e8a7a393d09190d5e18499
Certificate serial:       019423D6DC16C26C0424BEA0E11C03D6EFA2
Authority key identifier: 3A:1A:0C:00:16:B9:B3:3F:93:E8:A7:A3:93:D0:91:90:D5:E1:84:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OhoMABa5sz-T6Kejk9CRkNXhhJk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/995881-39cd-4104-9b29-0b6459775b64/1/UG2XZdsSP9vahLS8deUbiGwgM84.roa
Signing time:             Wed 01 Jan 2025 21:47:51 +0000
ROA not before:           Wed 01 Jan 2025 21:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30848
IP address blocks:        178.250.200.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/995881-39cd-4104-9b29-0b6459775b64/1/OhoMABa5sz-T6Kejk9CRkNXhhJk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/995881-39cd-4104-9b29-0b6459775b64/1/OhoMABa5sz-T6Kejk9CRkNXhhJk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OhoMABa5sz-T6Kejk9CRkNXhhJk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:dc:16:c2:6c:04:24:be:a0:e1:1c:03:d6:ef:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a1a0c0016b9b33f93e8a7a393d09190d5e18499
        Validity
            Not Before: Jan  1 21:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=506d9765db123fdbda84b4bc75e51b886c2033ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:75:13:96:e0:f3:08:eb:74:15:27:40:fa:53:
                    70:b6:c9:e0:c3:aa:29:81:bf:13:f0:69:a6:86:13:
                    71:ae:82:e7:69:d9:87:2a:31:e2:77:f0:bd:e5:c9:
                    a5:9f:c1:8b:c7:14:db:73:4d:87:5c:2f:01:63:89:
                    91:fd:d8:73:83:7c:31:27:ae:34:d0:75:c5:f5:57:
                    9a:83:5c:89:f8:d5:82:de:6d:96:28:fc:27:90:e1:
                    3e:ac:1f:db:f7:ba:9f:71:d1:4d:90:5e:fa:d2:2a:
                    97:9d:30:75:ef:f0:d6:c8:33:4e:3b:b3:c2:03:98:
                    a3:45:5b:06:31:e3:e9:9f:99:e1:71:ad:1f:13:6c:
                    6c:75:48:07:d1:07:c0:38:6a:2b:b7:77:14:50:5b:
                    35:cd:9c:2e:a9:6b:de:23:83:27:c8:d8:6b:16:9f:
                    35:de:ac:25:4e:4e:ca:b8:cc:c7:71:e2:38:1c:82:
                    6c:e4:e2:74:40:c5:87:d1:3e:db:86:31:3a:3d:d5:
                    f7:ff:ee:30:3b:6e:6b:ba:ac:31:9e:40:a7:cf:a5:
                    e2:d3:1a:99:e6:d6:a2:43:8f:da:32:68:d3:37:f2:
                    58:ad:87:f9:ad:68:dd:a6:be:cc:8c:23:fb:70:87:
                    53:78:93:7d:d2:20:de:52:cc:2b:ae:fd:8b:ad:c1:
                    39:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:6D:97:65:DB:12:3F:DB:DA:84:B4:BC:75:E5:1B:88:6C:20:33:CE
            X509v3 Authority Key Identifier:
                keyid:3A:1A:0C:00:16:B9:B3:3F:93:E8:A7:A3:93:D0:91:90:D5:E1:84:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OhoMABa5sz-T6Kejk9CRkNXhhJk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/995881-39cd-4104-9b29-0b6459775b64/1/UG2XZdsSP9vahLS8deUbiGwgM84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/995881-39cd-4104-9b29-0b6459775b64/1/OhoMABa5sz-T6Kejk9CRkNXhhJk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.250.200.0/21

    Signature Algorithm: sha256WithRSAEncryption
         07:9c:1c:df:ab:00:d0:98:5e:c1:a5:d2:07:f8:45:79:47:94:
         c1:82:45:e0:d9:26:fa:d2:63:d5:ed:f0:bb:cc:72:4f:b1:5c:
         f5:d2:a2:ea:1c:ca:da:b8:3a:fa:1c:50:3e:41:8a:15:0b:3c:
         bf:8f:0f:bc:d0:6b:d8:d6:38:18:cb:c5:2a:8f:f7:f6:07:84:
         ad:65:d1:fb:88:73:b1:6c:87:c5:8b:27:b3:a4:dd:4d:bc:18:
         0b:96:ba:67:fd:ef:cf:6a:1d:dc:ab:41:7d:8d:ea:a7:2c:5d:
         02:b8:72:a4:84:c0:10:5c:67:1d:d4:cc:5a:06:ef:42:45:df:
         96:62:4c:04:0a:9f:c7:68:83:86:90:d4:93:fa:68:a2:f1:6d:
         4b:26:3a:f3:21:76:dc:e5:4f:73:06:ad:da:65:e0:22:24:29:
         94:ca:9a:d3:e5:df:7b:24:49:66:14:9c:f1:37:83:16:ec:35:
         24:4c:9c:4b:37:66:71:51:63:11:e2:2d:c5:e2:00:20:d6:40:
         c0:54:3b:57:cf:da:d2:45:93:3d:bb:83:94:d6:72:f9:98:94:
         01:76:8a:12:60:a0:56:6c:d8:9c:1c:64:44:63:7d:0b:64:41:
         f8:06:f3:b6:33:30:fd:b3:3d:ad:09:eb:06:b4:6a:13:97:56:
         c2:ab:d6:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1twWwmwEJL6g4RwD1u+iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMWEwYzAwMTZiOWIzM2Y5M2U4YTdhMzkzZDA5MTkwZDVl
MTg0OTkwHhcNMjUwMTAxMjE0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDZkOTc2NWRiMTIzZmRiZGE4NGI0YmM3NWU1MWI4ODZjMjAzM2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA73UTluDzCOt0FSdA+lNwtsngw6op
gb8T8GmmhhNxroLnadmHKjHid/C95cmln8GLxxTbc02HXC8BY4mR/dhzg3wxJ640
0HXF9Veag1yJ+NWC3m2WKPwnkOE+rB/b97qfcdFNkF760iqXnTB17/DWyDNOO7PC
A5ijRVsGMePpn5nhca0fE2xsdUgH0QfAOGort3cUUFs1zZwuqWveI4MnyNhrFp81
3qwlTk7KuMzHceI4HIJs5OJ0QMWH0T7bhjE6PdX3/+4wO25ruqwxnkCnz6Xi0xqZ
5taiQ4/aMmjTN/JYrYf5rWjdpr7MjCP7cIdTeJN90iDeUswrrv2LrcE5cwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFBtl2XbEj/b2oS0vHXlG4hsIDPOMB8GA1UdIwQY
MBaAFDoaDAAWubM/k+ino5PQkZDV4YSZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2hvTUFCYTVzei1UNktlams5Q1JrTlhoaEprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy85OTU4ODEtMzljZC00MTA0LTliMjkt
MGI2NDU5Nzc1YjY0LzEvVUcyWFpkc1NQOXZhaExTOGRlVWJpR3dnTTg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy85OTU4ODEtMzljZC00MTA0LTliMjktMGI2NDU5Nzc1YjY0
LzEvT2hvTUFCYTVzei1UNktlams5Q1JrTlhoaEprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDsvrIMA0G
CSqGSIb3DQEBCwUAA4IBAQAHnBzfqwDQmF7BpdIH+EV5R5TBgkXg2Sb60mPV7fC7
zHJPsVz10qLqHMrauDr6HFA+QYoVCzy/jw+80GvY1jgYy8Uqj/f2B4StZdH7iHOx
bIfFiyezpN1NvBgLlrpn/e/Pah3cq0F9jeqnLF0CuHKkhMAQXGcd1MxaBu9CRd+W
YkwECp/HaIOGkNST+mii8W1LJjrzIXbc5U9zBq3aZeAiJCmUyprT5d97JElmFJzx
N4MW7DUkTJxLN2ZxUWMR4i3F4gAg1kDAVDtXz9rSRZM9u4OU1nL5mJQBdooSYKBW
bNicHGREY30LZEH4BvO2MzD9sz2tCesGtGoTl1bCq9ay
-----END CERTIFICATE-----