Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/Uy3DNd8cAhKYVPioxN7PoymKedw.roa
File:                     Uy3DNd8cAhKYVPioxN7PoymKedw.roa (raw, json)
Hash identifier:          L7X4DMP3u2TfIijoOqDl6Vi5RU6BP6p/8G5SNNVhw+I=
Subject key identifier:   53:2D:C3:35:DF:1C:02:12:98:54:F8:A8:C4:DE:CF:A3:29:8A:79:DC
Certificate issuer:       /CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
Certificate serial:       019421B1CDE81396AD3B446EB99E7FD9526A
Authority key identifier: F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/Uy3DNd8cAhKYVPioxN7PoymKedw.roa
Signing time:             Wed 01 Jan 2025 11:48:08 +0000
ROA not before:           Wed 01 Jan 2025 11:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8990
IP address blocks:        195.228.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:cd:e8:13:96:ad:3b:44:6e:b9:9e:7f:d9:52:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
        Validity
            Not Before: Jan  1 11:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=532dc335df1c02129854f8a8c4decfa3298a79dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:0c:0c:c9:c4:44:56:82:6d:14:e3:4d:73:85:
                    30:06:9a:8b:9b:34:78:dc:85:e8:0d:69:05:c2:72:
                    80:5e:82:b1:de:a9:b7:fb:87:2e:08:17:61:af:f8:
                    49:fe:88:c2:f5:c7:22:e8:69:71:3c:e1:61:6e:21:
                    73:e4:b2:1e:37:36:9f:ce:39:fd:6a:38:cc:60:da:
                    6e:a5:29:17:32:10:2c:34:f2:af:99:2c:ff:87:4c:
                    f0:50:9f:61:e2:9f:dd:6f:2c:12:02:bc:51:14:a8:
                    23:96:20:11:1c:f5:fb:54:f2:9d:20:fc:72:ca:3e:
                    5a:e4:c5:d7:d6:7e:2e:60:a8:3f:35:6e:16:ee:0a:
                    e8:26:88:b7:a4:68:07:96:7c:21:d9:55:bd:4b:b5:
                    59:99:69:f9:7b:79:72:63:91:80:2b:58:50:49:e0:
                    1a:ca:1b:d5:62:fa:23:8e:5b:68:7f:5e:c9:ad:51:
                    00:2e:f4:15:a8:71:f8:c6:18:0d:43:2a:9f:76:b5:
                    a7:b3:41:7b:69:0d:d6:85:2d:a8:ab:85:99:0b:8f:
                    51:88:f5:92:b8:55:e4:c6:92:71:44:bb:e2:9a:7f:
                    95:1f:e7:8a:43:55:45:6a:fa:ea:ad:7b:80:90:40:
                    ef:11:01:97:f0:46:2c:5e:c9:6f:fc:45:13:f7:b4:
                    33:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:2D:C3:35:DF:1C:02:12:98:54:F8:A8:C4:DE:CF:A3:29:8A:79:DC
            X509v3 Authority Key Identifier:
                keyid:F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/Uy3DNd8cAhKYVPioxN7PoymKedw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.228.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:9b:11:54:f0:2f:2c:97:82:59:18:66:a9:a8:ec:9b:52:d6:
         a5:88:b7:3c:f9:00:d2:6f:d6:8b:a6:6b:07:03:49:f1:0c:98:
         57:23:c6:59:a2:53:40:6b:5b:45:8f:30:58:56:3e:42:a5:6d:
         d2:2f:d5:e6:44:37:ea:0c:89:ca:b1:87:47:2e:32:21:24:f2:
         5c:0a:90:ae:64:7d:ef:5f:d7:56:ff:7f:56:61:5e:05:57:0a:
         fc:ba:e3:a7:a4:f5:24:92:8a:f6:99:3e:7b:4c:99:89:16:27:
         a3:81:f0:24:fd:69:c3:25:d8:60:62:7b:4f:99:db:f8:3e:88:
         ae:4e:2e:c3:69:ae:a1:97:80:43:a6:75:c8:d5:a6:c8:30:75:
         14:be:89:9d:48:fd:d9:9c:fb:6e:fc:35:99:9d:82:09:06:41:
         e1:0b:c4:1b:b9:17:63:97:93:50:f3:91:03:7c:17:c2:8e:b1:
         6d:5b:b2:25:a7:c7:c7:db:b1:29:ca:78:e2:a8:d0:0e:12:26:
         2a:38:df:83:8a:28:e0:32:73:9c:73:04:5c:fc:17:c7:13:9f:
         c3:0e:e9:ad:eb:69:5b:b0:a7:67:81:f2:d9:7c:05:03:e6:d7:
         84:0a:e8:95:49:9f:bf:8c:88:b6:3c:f0:c4:46:23:b7:46:6a:
         a2:a1:9a:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsc3oE5atO0RuuZ5/2VJqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMmRhYzYwNWY0NjU5NzE4YzBhMTVlMWY3MzJjYmQ0ZjQ4
YWFlN2IwHhcNMjUwMTAxMTE0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzJkYzMzNWRmMWMwMjEyOTg1NGY4YThjNGRlY2ZhMzI5OGE3OWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwwMycREVoJtFONNc4UwBpqLmzR4
3IXoDWkFwnKAXoKx3qm3+4cuCBdhr/hJ/ojC9cci6GlxPOFhbiFz5LIeNzafzjn9
ajjMYNpupSkXMhAsNPKvmSz/h0zwUJ9h4p/dbywSArxRFKgjliARHPX7VPKdIPxy
yj5a5MXX1n4uYKg/NW4W7groJoi3pGgHlnwh2VW9S7VZmWn5e3lyY5GAK1hQSeAa
yhvVYvojjltof17JrVEALvQVqHH4xhgNQyqfdrWns0F7aQ3WhS2oq4WZC49RiPWS
uFXkxpJxRLvimn+VH+eKQ1VFavrqrXuAkEDvEQGX8EYsXslv/EUT97QzdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFMtwzXfHAISmFT4qMTez6MpinncMB8GA1UdIwQY
MBaAFPAtrGBfRllxjAoV4fcyy9T0iq57MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYt
MjkyYWU0NmU2MzAyLzEvVXkzRE5kOGNBaEtZVlBpb3hON1BveW1LZWR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYtMjkyYWU0NmU2MzAy
LzEvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+QCMA0G
CSqGSIb3DQEBCwUAA4IBAQBfmxFU8C8sl4JZGGapqOybUtaliLc8+QDSb9aLpmsH
A0nxDJhXI8ZZolNAa1tFjzBYVj5CpW3SL9XmRDfqDInKsYdHLjIhJPJcCpCuZH3v
X9dW/39WYV4FVwr8uuOnpPUkkor2mT57TJmJFiejgfAk/WnDJdhgYntPmdv4Poiu
Ti7Daa6hl4BDpnXI1abIMHUUvomdSP3ZnPtu/DWZnYIJBkHhC8QbuRdjl5NQ85ED
fBfCjrFtW7Ilp8fH27EpynjiqNAOEiYqON+DiijgMnOccwRc/BfHE5/DDumt62lb
sKdngfLZfAUD5teECuiVSZ+/jIi2PPDERiO3RmqioZqj
-----END CERTIFICATE-----