Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/6ecfca-feb2-4af0-aefe-799509d19ac3/1/UPOmKS-wCVFYZbdnuQ3DjxycBYs.roa
File:                     UPOmKS-wCVFYZbdnuQ3DjxycBYs.roa (raw, json)
Hash identifier:          wDCKtOot6cNGvhctv9YJsxtzSFcNno8Vt28nw8UusF0=
Subject key identifier:   50:F3:A6:29:2F:B0:09:51:58:65:B7:67:B9:0D:C3:8F:1C:9C:05:8B
Certificate issuer:       /CN=323e22d153692fa876f45a698a64070abd29bb39
Certificate serial:       0196E2BE63F485BE0D44AC7A4DDC292C2886
Authority key identifier: 32:3E:22:D1:53:69:2F:A8:76:F4:5A:69:8A:64:07:0A:BD:29:BB:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mj4i0VNpL6h29FppimQHCr0puzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/6ecfca-feb2-4af0-aefe-799509d19ac3/1/UPOmKS-wCVFYZbdnuQ3DjxycBYs.roa
Signing time:             Sun 18 May 2025 09:34:10 +0000
ROA not before:           Sun 18 May 2025 09:34:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211235
IP address blocks:        45.89.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/6ecfca-feb2-4af0-aefe-799509d19ac3/1/Mj4i0VNpL6h29FppimQHCr0puzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/6ecfca-feb2-4af0-aefe-799509d19ac3/1/Mj4i0VNpL6h29FppimQHCr0puzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mj4i0VNpL6h29FppimQHCr0puzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 21:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:e2:be:63:f4:85:be:0d:44:ac:7a:4d:dc:29:2c:28:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=323e22d153692fa876f45a698a64070abd29bb39
        Validity
            Not Before: May 18 09:34:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=50f3a6292fb009515865b767b90dc38f1c9c058b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:d2:f4:fd:72:3d:3d:71:61:3c:2a:b0:f6:3f:
                    50:48:23:47:08:02:5d:33:fd:4f:a5:88:5c:23:17:
                    13:60:83:87:8d:7d:1e:60:8d:81:80:f0:d7:ec:d1:
                    e5:45:57:16:7f:c1:c8:0e:49:64:5e:84:e5:01:6a:
                    c9:a6:c1:21:d4:e0:f3:5b:9f:96:8f:6d:4c:1f:fc:
                    c2:0d:b4:df:45:17:5b:b4:4e:58:65:1d:33:0d:fc:
                    a5:e5:a1:56:b1:91:51:b3:f4:35:2e:3e:7f:7d:3c:
                    9e:cd:74:48:20:18:98:e8:a0:cf:be:b0:c4:07:41:
                    15:c8:75:8a:66:ed:cb:b0:a8:84:a8:f5:6c:85:8b:
                    d7:e0:e3:b7:de:68:c3:2d:9f:e0:c4:2d:37:9d:5e:
                    3d:00:23:b4:f2:7f:cf:b8:f4:8c:bd:ed:fd:24:56:
                    5c:10:81:59:3c:7b:10:e1:08:d5:a3:f9:2f:f2:cb:
                    97:28:65:7d:60:2e:4f:3a:10:9d:69:90:a7:4c:ec:
                    55:b7:e5:12:49:fc:27:d0:62:59:ba:4c:33:f0:6e:
                    15:18:ec:f5:fd:e4:71:f7:2b:92:3f:f7:ab:3a:86:
                    75:16:0a:f9:20:9a:6e:fb:47:29:3b:dc:a3:27:9f:
                    e7:27:a9:4e:ff:ca:03:30:fb:07:2c:cb:18:4e:e9:
                    85:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:F3:A6:29:2F:B0:09:51:58:65:B7:67:B9:0D:C3:8F:1C:9C:05:8B
            X509v3 Authority Key Identifier:
                keyid:32:3E:22:D1:53:69:2F:A8:76:F4:5A:69:8A:64:07:0A:BD:29:BB:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mj4i0VNpL6h29FppimQHCr0puzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6ecfca-feb2-4af0-aefe-799509d19ac3/1/UPOmKS-wCVFYZbdnuQ3DjxycBYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6ecfca-feb2-4af0-aefe-799509d19ac3/1/Mj4i0VNpL6h29FppimQHCr0puzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:e7:09:a0:77:73:0f:56:f6:43:5d:1d:23:1e:38:19:df:1e:
         47:98:28:cb:2b:0b:20:5c:52:b6:f8:f5:f3:9c:fc:23:b1:81:
         96:aa:9b:8b:9e:03:3e:5f:32:f5:e9:ac:31:c0:5b:eb:c4:cd:
         91:c1:91:d8:99:34:bd:20:24:b7:6c:74:49:7f:47:10:90:9b:
         3e:c8:c4:7a:10:f2:ef:a1:92:b6:9a:8a:a1:72:b8:df:21:e2:
         8a:e4:32:b6:8f:55:d0:2a:62:66:d3:6c:8e:e5:94:9b:41:3c:
         78:4c:0b:1b:b9:05:39:89:20:19:77:ba:ae:66:cc:c5:08:66:
         8b:d8:fd:dc:1f:af:b2:32:d9:05:1c:3d:c6:ab:3f:01:d9:ac:
         98:a4:65:9b:87:b4:87:86:b8:d4:1e:14:18:d8:48:ff:91:cc:
         93:22:b2:81:e1:f0:22:ac:54:54:87:d6:ba:24:71:80:64:2f:
         00:c7:81:5f:38:7d:10:6c:45:59:31:ae:6e:cc:99:a8:92:0b:
         1b:88:91:80:e3:22:e0:1c:b3:58:e4:d5:a1:d9:e0:06:c9:4d:
         cf:aa:89:89:dc:6f:dd:1b:71:1f:55:43:67:70:f0:7e:7b:8b:
         f2:76:46:5a:be:25:fc:4d:d2:73:e4:ab:64:dc:51:e4:71:71:
         72:0f:6a:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbivmP0hb4NRKx6TdwpLCiGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyM2UyMmQxNTM2OTJmYTg3NmY0NWE2OThhNjQwNzBhYmQy
OWJiMzkwHhcNMjUwNTE4MDkzNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGYzYTYyOTJmYjAwOTUxNTg2NWI3NjdiOTBkYzM4ZjFjOWMwNThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuNL0/XI9PXFhPCqw9j9QSCNHCAJd
M/1PpYhcIxcTYIOHjX0eYI2BgPDX7NHlRVcWf8HIDklkXoTlAWrJpsEh1ODzW5+W
j21MH/zCDbTfRRdbtE5YZR0zDfyl5aFWsZFRs/Q1Lj5/fTyezXRIIBiY6KDPvrDE
B0EVyHWKZu3LsKiEqPVshYvX4OO33mjDLZ/gxC03nV49ACO08n/PuPSMve39JFZc
EIFZPHsQ4QjVo/kv8suXKGV9YC5POhCdaZCnTOxVt+USSfwn0GJZukwz8G4VGOz1
/eRx9yuSP/erOoZ1Fgr5IJpu+0cpO9yjJ5/nJ6lO/8oDMPsHLMsYTumFIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFDzpikvsAlRWGW3Z7kNw48cnAWLMB8GA1UdIwQY
MBaAFDI+ItFTaS+odvRaaYpkBwq9Kbs5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWo0aTBWTnBMNmgyOUZwcGltUUhDcjBwdXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC82ZWNmY2EtZmViMi00YWYwLWFlZmUt
Nzk5NTA5ZDE5YWMzLzEvVVBPbUtTLXdDVkZZWmJkbnVRM0RqeHljQllzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC82ZWNmY2EtZmViMi00YWYwLWFlZmUtNzk5NTA5ZDE5YWMz
LzEvTWo0aTBWTnBMNmgyOUZwcGltUUhDcjBwdXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVkUMA0G
CSqGSIb3DQEBCwUAA4IBAQCP5wmgd3MPVvZDXR0jHjgZ3x5HmCjLKwsgXFK2+PXz
nPwjsYGWqpuLngM+XzL16awxwFvrxM2RwZHYmTS9ICS3bHRJf0cQkJs+yMR6EPLv
oZK2moqhcrjfIeKK5DK2j1XQKmJm02yO5ZSbQTx4TAsbuQU5iSAZd7quZszFCGaL
2P3cH6+yMtkFHD3Gqz8B2ayYpGWbh7SHhrjUHhQY2Ej/kcyTIrKB4fAirFRUh9a6
JHGAZC8Ax4FfOH0QbEVZMa5uzJmokgsbiJGA4yLgHLNY5NWh2eAGyU3PqomJ3G/d
G3EfVUNncPB+e4vydkZaviX8TdJz5Ktk3FHkcXFyD2pM
-----END CERTIFICATE-----