Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/9a72e0-fb9c-4e72-af34-dc48cecd1545/1/UIgf9ajrQrDmAPpLPV90kRuj32I.roa
File:                     UIgf9ajrQrDmAPpLPV90kRuj32I.roa (raw, json)
Hash identifier:          AlX36a6BnwjhKrdVjNHSqwcRq3yixFLnOubI+UNJ9cQ=
Subject key identifier:   50:88:1F:F5:A8:EB:42:B0:E6:00:FA:4B:3D:5F:74:91:1B:A3:DF:62
Certificate issuer:       /CN=b3a4714a695c63cf2e9c4adea6171827d866e298
Certificate serial:       019424B378A32B5E4F0CB790D5CC088E777C
Authority key identifier: B3:A4:71:4A:69:5C:63:CF:2E:9C:4A:DE:A6:17:18:27:D8:66:E2:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s6RxSmlcY88unErephcYJ9hm4pg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/9a72e0-fb9c-4e72-af34-dc48cecd1545/1/UIgf9ajrQrDmAPpLPV90kRuj32I.roa
Signing time:             Thu 02 Jan 2025 01:48:49 +0000
ROA not before:           Thu 02 Jan 2025 01:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212818
IP address blocks:        195.177.214.0/23 maxlen: 23
                          195.177.214.0/24 maxlen: 24
                          195.177.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/9a72e0-fb9c-4e72-af34-dc48cecd1545/1/s6RxSmlcY88unErephcYJ9hm4pg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/9a72e0-fb9c-4e72-af34-dc48cecd1545/1/s6RxSmlcY88unErephcYJ9hm4pg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s6RxSmlcY88unErephcYJ9hm4pg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Apr 2025 01:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:78:a3:2b:5e:4f:0c:b7:90:d5:cc:08:8e:77:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3a4714a695c63cf2e9c4adea6171827d866e298
        Validity
            Not Before: Jan  2 01:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=50881ff5a8eb42b0e600fa4b3d5f74911ba3df62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:3d:dd:2e:2c:b9:60:f1:9f:ff:8d:7d:47:ec:
                    18:9d:07:88:6b:aa:89:ac:31:5f:85:78:cf:0c:b5:
                    64:7f:06:9f:d1:28:11:3d:25:9f:ab:55:2a:91:37:
                    48:e1:39:2d:61:e2:3b:ac:53:12:7d:d3:2c:f7:c8:
                    36:51:54:4b:f4:fa:a9:9c:9d:79:24:ff:ab:eb:3e:
                    db:0c:6b:2c:0b:88:dc:25:ef:c6:75:07:0d:42:4c:
                    f9:25:ce:8e:e7:50:d7:7b:a2:54:55:53:ae:28:a4:
                    69:f3:92:0d:5d:99:90:d4:b2:d0:68:f6:9a:44:61:
                    30:03:4f:19:bc:5d:2b:08:82:96:ce:65:d9:d9:19:
                    eb:83:50:d7:0a:7d:4e:f0:88:66:01:b9:af:2e:07:
                    7e:77:32:a5:d3:56:86:45:76:d6:6a:f3:9d:2a:98:
                    49:a2:2b:b5:12:6a:7c:fa:6c:76:ad:0a:a7:8c:59:
                    41:b2:9c:ef:54:68:8d:44:01:aa:75:40:3e:f0:18:
                    5f:5d:46:5a:47:e2:38:4c:9e:0f:d3:b3:be:a9:c5:
                    74:e6:f0:70:47:54:c4:0e:94:5c:f1:6e:1c:6e:1b:
                    d3:8f:10:9b:8f:ae:a3:c0:ee:cb:53:84:ed:f3:a5:
                    f3:78:b3:66:e4:45:fb:22:2b:e2:9b:98:59:db:31:
                    b4:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:88:1F:F5:A8:EB:42:B0:E6:00:FA:4B:3D:5F:74:91:1B:A3:DF:62
            X509v3 Authority Key Identifier:
                keyid:B3:A4:71:4A:69:5C:63:CF:2E:9C:4A:DE:A6:17:18:27:D8:66:E2:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s6RxSmlcY88unErephcYJ9hm4pg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/9a72e0-fb9c-4e72-af34-dc48cecd1545/1/UIgf9ajrQrDmAPpLPV90kRuj32I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/9a72e0-fb9c-4e72-af34-dc48cecd1545/1/s6RxSmlcY88unErephcYJ9hm4pg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.177.214.0/23

    Signature Algorithm: sha256WithRSAEncryption
         30:a8:63:02:3e:de:8f:c3:17:df:c3:ed:1f:2f:5a:cf:e9:ea:
         3a:2e:95:0a:57:f0:50:29:93:63:23:ca:58:a8:71:d7:7d:33:
         65:f0:f9:e7:b3:dc:b2:78:4f:77:33:64:05:b5:2a:48:6a:b4:
         c6:29:39:9f:ef:fa:db:da:37:dd:60:a7:44:2b:8d:ad:c1:8a:
         e8:3e:34:87:82:85:3a:5b:aa:b1:3c:37:ed:f2:4d:0d:d5:60:
         5c:e3:58:80:e9:85:4a:8f:94:5c:17:4a:8a:e9:4d:d8:f1:07:
         80:c9:1a:ac:aa:7c:f0:14:df:35:84:39:b0:48:3c:a8:07:26:
         99:47:18:1b:fd:c5:95:2d:43:2a:74:08:0e:cb:f5:42:3d:6a:
         03:a6:b9:1a:55:f3:8a:e2:d0:d2:8d:94:01:e1:fe:70:ac:4a:
         32:8f:77:3f:f2:97:46:d4:03:21:36:4a:52:9a:7f:b5:71:54:
         36:8c:96:74:02:8b:a1:6d:d5:3d:7c:e5:76:e6:84:21:ba:b5:
         66:c7:5e:de:f8:70:71:4c:84:53:62:e0:79:55:30:15:0e:41:
         f0:ba:7c:11:6b:68:60:4d:d8:6d:84:55:6c:06:72:fd:0f:45:
         93:34:8e:64:12:5a:48:10:c5:ea:23:d1:72:9f:e9:36:9b:8b:
         93:a0:69:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks3ijK15PDLeQ1cwIjnd8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzYTQ3MTRhNjk1YzYzY2YyZTljNGFkZWE2MTcxODI3ZDg2
NmUyOTgwHhcNMjUwMTAyMDE0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDg4MWZmNWE4ZWI0MmIwZTYwMGZhNGIzZDVmNzQ5MTFiYTNkZjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApD3dLiy5YPGf/419R+wYnQeIa6qJ
rDFfhXjPDLVkfwaf0SgRPSWfq1UqkTdI4TktYeI7rFMSfdMs98g2UVRL9PqpnJ15
JP+r6z7bDGssC4jcJe/GdQcNQkz5Jc6O51DXe6JUVVOuKKRp85INXZmQ1LLQaPaa
RGEwA08ZvF0rCIKWzmXZ2Rnrg1DXCn1O8IhmAbmvLgd+dzKl01aGRXbWavOdKphJ
oiu1Emp8+mx2rQqnjFlBspzvVGiNRAGqdUA+8BhfXUZaR+I4TJ4P07O+qcV05vBw
R1TEDpRc8W4cbhvTjxCbj66jwO7LU4Tt86XzeLNm5EX7Iivim5hZ2zG0EQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFCIH/Wo60Kw5gD6Sz1fdJEbo99iMB8GA1UdIwQY
MBaAFLOkcUppXGPPLpxK3qYXGCfYZuKYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczZSeFNtbGNZODh1bkVyZXBoY1lKOWhtNHBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy85YTcyZTAtZmI5Yy00ZTcyLWFmMzQt
ZGM0OGNlY2QxNTQ1LzEvVUlnZjlhanJRckRtQVBwTFBWOTBrUnVqMzJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy85YTcyZTAtZmI5Yy00ZTcyLWFmMzQtZGM0OGNlY2QxNTQ1
LzEvczZSeFNtbGNZODh1bkVyZXBoY1lKOWhtNHBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw7HWMA0G
CSqGSIb3DQEBCwUAA4IBAQAwqGMCPt6Pwxffw+0fL1rP6eo6LpUKV/BQKZNjI8pY
qHHXfTNl8Pnns9yyeE93M2QFtSpIarTGKTmf7/rb2jfdYKdEK42twYroPjSHgoU6
W6qxPDft8k0N1WBc41iA6YVKj5RcF0qK6U3Y8QeAyRqsqnzwFN81hDmwSDyoByaZ
Rxgb/cWVLUMqdAgOy/VCPWoDprkaVfOK4tDSjZQB4f5wrEoyj3c/8pdG1AMhNkpS
mn+1cVQ2jJZ0AouhbdU9fOV25oQhurVmx17e+HBxTIRTYuB5VTAVDkHwunwRa2hg
TdhthFVsBnL9D0WTNI5kElpIEMXqI9Fyn+k2m4uToGn6
-----END CERTIFICATE-----