Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/ae5206-c843-4bd5-8860-71e95b04b3ec/1/uSjPkHVrQGEYzySpy8LO3vhOhQk.roa
File:                     uSjPkHVrQGEYzySpy8LO3vhOhQk.roa (raw, json)
Hash identifier:          7CsfbkRbBqND0q0gdzh2M/F8+y9Oj0uA6RZKZkPuiPY=
Subject key identifier:   B9:28:CF:90:75:6B:40:61:18:CF:24:A9:CB:C2:CE:DE:F8:4E:85:09
Certificate issuer:       /CN=a43b5322b8ea38a7a044dcb0671a75dba1043d7e
Certificate serial:       01941F8C16C789F6894C14C7E94C31BDEEA4
Authority key identifier: A4:3B:53:22:B8:EA:38:A7:A0:44:DC:B0:67:1A:75:DB:A1:04:3D:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pDtTIrjqOKegRNywZxp126EEPX4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/ae5206-c843-4bd5-8860-71e95b04b3ec/1/uSjPkHVrQGEYzySpy8LO3vhOhQk.roa
Signing time:             Wed 01 Jan 2025 01:47:42 +0000
ROA not before:           Wed 01 Jan 2025 01:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214876
IP address blocks:        185.190.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/ae5206-c843-4bd5-8860-71e95b04b3ec/1/pDtTIrjqOKegRNywZxp126EEPX4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/ae5206-c843-4bd5-8860-71e95b04b3ec/1/pDtTIrjqOKegRNywZxp126EEPX4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pDtTIrjqOKegRNywZxp126EEPX4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 10:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:16:c7:89:f6:89:4c:14:c7:e9:4c:31:bd:ee:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a43b5322b8ea38a7a044dcb0671a75dba1043d7e
        Validity
            Not Before: Jan  1 01:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b928cf90756b406118cf24a9cbc2cedef84e8509
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:cf:7b:2d:0a:65:48:94:f8:59:5a:92:1d:20:
                    13:97:42:72:e2:bf:3b:da:df:ab:7a:b2:78:31:1f:
                    c9:45:7a:0e:7c:f6:10:d7:66:ff:87:0d:a7:6c:9b:
                    66:a7:3a:89:18:39:6b:dd:7f:34:c0:e8:42:99:42:
                    f2:05:e4:11:7f:a4:cd:e6:80:20:40:eb:61:62:9d:
                    a7:49:67:cb:ba:10:49:b9:cd:dd:3a:db:29:59:9f:
                    3c:cd:aa:d4:22:44:7a:f8:dd:ca:03:05:50:51:e0:
                    f2:09:f8:87:0e:b5:6e:f6:ac:3b:3b:cd:d9:e4:de:
                    76:d6:b8:35:50:e5:14:b4:c7:9b:89:e7:ed:ad:e6:
                    e5:8e:3b:1d:fd:9c:91:73:09:01:12:b9:56:24:64:
                    2e:cf:99:0a:92:46:a3:92:c8:f2:8a:c4:c7:21:ec:
                    0f:4b:6f:30:4a:05:ed:0d:c5:95:d7:93:4d:a7:7d:
                    52:d9:2f:e5:84:e2:8e:18:17:ac:ec:0e:6a:67:a4:
                    e6:8e:31:d5:ba:57:18:fb:ec:cf:be:e7:f9:1d:32:
                    67:12:c9:37:b5:78:88:02:9b:9b:a9:cb:7d:ec:60:
                    e4:ee:a7:2f:ad:dd:91:30:ad:0f:8e:88:58:66:66:
                    a0:2b:0e:5b:5d:f0:eb:0a:69:4e:6a:99:6c:e9:af:
                    65:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:28:CF:90:75:6B:40:61:18:CF:24:A9:CB:C2:CE:DE:F8:4E:85:09
            X509v3 Authority Key Identifier:
                keyid:A4:3B:53:22:B8:EA:38:A7:A0:44:DC:B0:67:1A:75:DB:A1:04:3D:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pDtTIrjqOKegRNywZxp126EEPX4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/ae5206-c843-4bd5-8860-71e95b04b3ec/1/uSjPkHVrQGEYzySpy8LO3vhOhQk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/ae5206-c843-4bd5-8860-71e95b04b3ec/1/pDtTIrjqOKegRNywZxp126EEPX4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.190.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d7:47:f0:64:5f:7f:a6:cb:43:9d:c3:47:67:9a:6f:07:99:c9:
         df:c7:72:6f:08:17:86:13:0b:96:58:0b:e8:2d:54:a3:c2:db:
         d1:47:ff:fc:39:58:b7:7f:90:a2:0e:7f:99:8d:c1:b9:dd:f6:
         40:14:6d:b6:d6:a5:0b:a8:c1:7b:fa:68:a4:64:a6:fb:40:66:
         8d:c4:d6:82:71:3c:f5:a7:b0:f3:8a:3f:38:16:33:ea:4f:7d:
         74:fd:93:91:8d:2f:f9:6d:b2:73:f5:37:8d:da:bc:6f:ab:0e:
         46:24:67:3c:d1:fe:77:a5:c0:a2:56:52:b4:f5:c1:88:03:26:
         c8:7b:c0:b5:fa:29:ca:29:4d:8e:b2:2e:8a:56:b9:7d:7d:1a:
         95:32:cd:ae:13:05:63:43:86:eb:1c:b9:42:c3:b3:00:3c:ee:
         80:36:58:83:a6:5e:70:fa:13:c0:b3:63:d8:3b:49:29:55:5a:
         5b:24:53:ec:73:13:32:0d:34:34:18:ac:d7:c3:52:eb:bf:73:
         e7:4b:9b:01:c0:37:73:af:d0:d8:86:2d:ac:05:3f:09:99:db:
         1b:ff:2b:fb:a3:83:fd:5a:ae:8d:8c:0e:09:71:2b:57:d2:00:
         3d:7b:60:65:c9:6b:77:a2:d1:87:35:20:8c:76:b0:f2:54:85:
         4b:97:23:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjBbHifaJTBTH6Uwxve6kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0M2I1MzIyYjhlYTM4YTdhMDQ0ZGNiMDY3MWE3NWRiYTEw
NDNkN2UwHhcNMjUwMTAxMDE0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTI4Y2Y5MDc1NmI0MDYxMThjZjI0YTljYmMyY2VkZWY4NGU4NTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx897LQplSJT4WVqSHSATl0Jy4r87
2t+rerJ4MR/JRXoOfPYQ12b/hw2nbJtmpzqJGDlr3X80wOhCmULyBeQRf6TN5oAg
QOthYp2nSWfLuhBJuc3dOtspWZ88zarUIkR6+N3KAwVQUeDyCfiHDrVu9qw7O83Z
5N521rg1UOUUtMebieftrebljjsd/ZyRcwkBErlWJGQuz5kKkkajksjyisTHIewP
S28wSgXtDcWV15NNp31S2S/lhOKOGBes7A5qZ6TmjjHVulcY++zPvuf5HTJnEsk3
tXiIApubqct97GDk7qcvrd2RMK0PjohYZmagKw5bXfDrCmlOapls6a9lLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLkoz5B1a0BhGM8kqcvCzt74ToUJMB8GA1UdIwQY
MBaAFKQ7UyK46jinoETcsGcadduhBD1+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcER0VElyanFPS2VnUk55d1p4cDEyNkVFUFg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy9hZTUyMDYtYzg0My00YmQ1LTg4NjAt
NzFlOTViMDRiM2VjLzEvdVNqUGtIVnJRR0VZenlTcHk4TE8zdmhPaFFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy9hZTUyMDYtYzg0My00YmQ1LTg4NjAtNzFlOTViMDRiM2Vj
LzEvcER0VElyanFPS2VnUk55d1p4cDEyNkVFUFg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAub4RMA0G
CSqGSIb3DQEBCwUAA4IBAQDXR/BkX3+my0Odw0dnmm8Hmcnfx3JvCBeGEwuWWAvo
LVSjwtvRR//8OVi3f5CiDn+ZjcG53fZAFG221qULqMF7+mikZKb7QGaNxNaCcTz1
p7Dzij84FjPqT310/ZORjS/5bbJz9TeN2rxvqw5GJGc80f53pcCiVlK09cGIAybI
e8C1+inKKU2Osi6KVrl9fRqVMs2uEwVjQ4brHLlCw7MAPO6ANliDpl5w+hPAs2PY
O0kpVVpbJFPscxMyDTQ0GKzXw1Lrv3PnS5sBwDdzr9DYhi2sBT8Jmdsb/yv7o4P9
Wq6NjA4JcStX0gA9e2BlyWt3otGHNSCMdrDyVIVLlyOx
-----END CERTIFICATE-----