Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/5c6f3f-0bab-4fd0-bf94-7656da6ede09/1/ugeI_SPpOI_az_dGl_P54hP9qpg.roa
File:                     ugeI_SPpOI_az_dGl_P54hP9qpg.roa (raw, json)
Hash identifier:          HZZ/y/qcvJFbb7qD1Pg6FgrRdOBnE2ywGhjLdlNi6S8=
Subject key identifier:   BA:07:88:FD:23:E9:38:8F:DA:CF:F7:46:97:F3:F9:E2:13:FD:AA:98
Certificate issuer:       /CN=cd979ccf10aff5f773694d9f43e5d5db472d6485
Certificate serial:       01942068617DFF424F2C11009C09B639C2E2
Authority key identifier: CD:97:9C:CF:10:AF:F5:F7:73:69:4D:9F:43:E5:D5:DB:47:2D:64:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zZeczxCv9fdzaU2fQ-XV20ctZIU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/5c6f3f-0bab-4fd0-bf94-7656da6ede09/1/ugeI_SPpOI_az_dGl_P54hP9qpg.roa
Signing time:             Wed 01 Jan 2025 05:48:19 +0000
ROA not before:           Wed 01 Jan 2025 05:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200701
IP address blocks:        77.244.0.0/20 maxlen: 20
                          185.212.24.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/5c6f3f-0bab-4fd0-bf94-7656da6ede09/1/zZeczxCv9fdzaU2fQ-XV20ctZIU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/5c6f3f-0bab-4fd0-bf94-7656da6ede09/1/zZeczxCv9fdzaU2fQ-XV20ctZIU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zZeczxCv9fdzaU2fQ-XV20ctZIU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:61:7d:ff:42:4f:2c:11:00:9c:09:b6:39:c2:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd979ccf10aff5f773694d9f43e5d5db472d6485
        Validity
            Not Before: Jan  1 05:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ba0788fd23e9388fdacff74697f3f9e213fdaa98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:01:0a:8d:81:90:2e:dd:3a:e8:5c:43:f8:cb:
                    ac:70:a4:62:c2:f0:d3:4c:ce:af:b1:3d:2d:45:0f:
                    cf:a2:26:20:8b:6b:b5:47:1b:34:b2:14:cb:42:a8:
                    2d:6b:81:12:dc:a4:17:df:30:30:9d:6f:79:4b:f6:
                    8f:c6:cd:bc:99:3a:1a:ff:b3:2c:4e:76:ce:44:01:
                    86:8a:a1:7d:70:c1:9e:83:c9:6f:68:c9:1f:d1:b9:
                    fa:fb:fe:53:77:d9:45:8d:f5:4f:26:4a:63:b9:ff:
                    a7:40:79:65:1c:15:7e:02:26:4c:c5:02:5f:c2:3e:
                    c3:39:3d:31:db:38:21:5f:36:0d:78:81:e5:b2:f7:
                    0f:88:11:1a:1d:90:28:c2:e3:83:90:93:ba:93:ef:
                    f9:d7:c1:72:32:70:e0:9c:ac:7b:58:93:e5:0a:42:
                    d6:75:31:e9:9f:9d:1d:95:20:ce:b2:10:fe:5b:e0:
                    e2:a9:92:d2:24:b6:5f:db:35:eb:b9:02:7e:b0:1d:
                    34:cc:fa:bd:9f:fe:d8:8b:23:64:6b:e1:e4:98:2c:
                    11:1c:47:59:4f:29:f4:94:a7:1b:84:7b:f4:92:f4:
                    cb:44:da:81:04:17:eb:0a:7e:de:4c:60:31:28:d7:
                    cc:7c:cc:1b:87:04:aa:7b:fa:ff:b6:2d:c1:23:fd:
                    ed:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:07:88:FD:23:E9:38:8F:DA:CF:F7:46:97:F3:F9:E2:13:FD:AA:98
            X509v3 Authority Key Identifier:
                keyid:CD:97:9C:CF:10:AF:F5:F7:73:69:4D:9F:43:E5:D5:DB:47:2D:64:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zZeczxCv9fdzaU2fQ-XV20ctZIU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/5c6f3f-0bab-4fd0-bf94-7656da6ede09/1/ugeI_SPpOI_az_dGl_P54hP9qpg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/5c6f3f-0bab-4fd0-bf94-7656da6ede09/1/zZeczxCv9fdzaU2fQ-XV20ctZIU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.244.0.0/20
                  185.212.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7a:2a:1a:73:7a:e0:ba:ae:85:bc:8f:0b:70:ae:19:04:61:e8:
         9e:82:b1:f0:a5:5c:54:47:47:d4:16:96:00:28:79:52:8d:27:
         e5:8a:64:fe:2b:7d:8c:8e:7c:11:1f:9e:ce:71:85:2f:61:eb:
         c5:6a:d2:a2:07:d3:83:9a:9c:10:11:96:f2:b4:de:70:c9:f2:
         2b:13:91:08:d6:b0:29:93:9d:9d:9b:97:0b:93:83:a9:1c:92:
         fc:a7:a0:63:2f:36:8f:5c:f1:a5:0b:e4:7e:fe:ed:e4:d0:37:
         dd:f2:57:47:da:5b:30:dd:3e:4d:76:b6:ad:08:c2:a3:a3:4a:
         27:c9:8a:b8:86:ff:4a:50:bf:55:e4:b8:51:e1:93:5a:3d:87:
         71:47:6d:6e:77:d1:5d:dd:42:2b:b4:d1:79:49:33:03:ad:ef:
         98:c4:25:d0:f3:63:3f:5d:30:01:18:c7:ae:46:36:32:22:e1:
         92:6a:f5:81:f9:b0:b0:8a:29:a0:57:ea:13:0b:f4:36:a4:07:
         64:af:c8:71:d3:42:23:af:26:f4:ae:88:8c:24:61:21:46:a9:
         78:09:f1:02:22:df:1c:67:ab:54:80:e6:7d:e7:8d:18:80:8b:
         1c:7d:be:67:ba:66:9f:f7:12:7f:10:70:31:ad:d1:0e:83:27:
         c8:2e:e7:dd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQgaGF9/0JPLBEAnAm2OcLiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkOTc5Y2NmMTBhZmY1Zjc3MzY5NGQ5ZjQzZTVkNWRiNDcy
ZDY0ODUwHhcNMjUwMTAxMDU0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTA3ODhmZDIzZTkzODhmZGFjZmY3NDY5N2YzZjllMjEzZmRhYTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzgEKjYGQLt066FxD+MuscKRiwvDT
TM6vsT0tRQ/PoiYgi2u1Rxs0shTLQqgta4ES3KQX3zAwnW95S/aPxs28mToa/7Ms
TnbORAGGiqF9cMGeg8lvaMkf0bn6+/5Td9lFjfVPJkpjuf+nQHllHBV+AiZMxQJf
wj7DOT0x2zghXzYNeIHlsvcPiBEaHZAowuODkJO6k+/518FyMnDgnKx7WJPlCkLW
dTHpn50dlSDOshD+W+DiqZLSJLZf2zXruQJ+sB00zPq9n/7YiyNka+HkmCwRHEdZ
Tyn0lKcbhHv0kvTLRNqBBBfrCn7eTGAxKNfMfMwbhwSqe/r/ti3BI/3ttQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLoHiP0j6TiP2s/3Rpfz+eIT/aqYMB8GA1UdIwQY
MBaAFM2XnM8Qr/X3c2lNn0Pl1dtHLWSFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelplY3p4Q3Y5ZmR6YVUyZlEtWFYyMGN0WklVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi81YzZmM2YtMGJhYi00ZmQwLWJmOTQt
NzY1NmRhNmVkZTA5LzEvdWdlSV9TUHBPSV9hel9kR2xfUDU0aFA5cXBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi81YzZmM2YtMGJhYi00ZmQwLWJmOTQtNzY1NmRhNmVkZTA5
LzEvelplY3p4Q3Y5ZmR6YVUyZlEtWFYyMGN0WklVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQETfQAAwQC
udQYMA0GCSqGSIb3DQEBCwUAA4IBAQB6KhpzeuC6roW8jwtwrhkEYeiegrHwpVxU
R0fUFpYAKHlSjSflimT+K32MjnwRH57OcYUvYevFatKiB9ODmpwQEZbytN5wyfIr
E5EI1rApk52dm5cLk4OpHJL8p6BjLzaPXPGlC+R+/u3k0Dfd8ldH2lsw3T5Ndrat
CMKjo0onyYq4hv9KUL9V5LhR4ZNaPYdxR21ud9Fd3UIrtNF5STMDre+YxCXQ82M/
XTABGMeuRjYyIuGSavWB+bCwiimgV+oTC/Q2pAdkr8hx00Ijryb0roiMJGEhRql4
CfECIt8cZ6tUgOZ9540YgIscfb5numaf9xJ/EHAxrdEOgyfILufd
-----END CERTIFICATE-----