Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/657a92-6220-4425-8899-07f1950d8894/1/0UzsGme_k2nP3xmC23x_NIyPI4I.roa
File:                     0UzsGme_k2nP3xmC23x_NIyPI4I.roa (raw, json)
Hash identifier:          9GCcsHrAPMsxEip94efAnxBNP67TuW3l3gu24kwBziA=
Subject key identifier:   D1:4C:EC:1A:67:BF:93:69:CF:DF:19:82:DB:7C:7F:34:8C:8F:23:82
Certificate issuer:       /CN=eab476f677cd0c3298d2811e60f48e1b29b3afef
Certificate serial:       019421B186DD66E1271A56B9D9FFEF3B6FB3
Authority key identifier: EA:B4:76:F6:77:CD:0C:32:98:D2:81:1E:60:F4:8E:1B:29:B3:AF:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6rR29nfNDDKY0oEeYPSOGymzr-8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/657a92-6220-4425-8899-07f1950d8894/1/0UzsGme_k2nP3xmC23x_NIyPI4I.roa
Signing time:             Wed 01 Jan 2025 11:47:49 +0000
ROA not before:           Wed 01 Jan 2025 11:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1299
IP address blocks:        93.190.72.0/21 maxlen: 24
                          185.70.48.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/657a92-6220-4425-8899-07f1950d8894/1/6rR29nfNDDKY0oEeYPSOGymzr-8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/657a92-6220-4425-8899-07f1950d8894/1/6rR29nfNDDKY0oEeYPSOGymzr-8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6rR29nfNDDKY0oEeYPSOGymzr-8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 02:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:86:dd:66:e1:27:1a:56:b9:d9:ff:ef:3b:6f:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eab476f677cd0c3298d2811e60f48e1b29b3afef
        Validity
            Not Before: Jan  1 11:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d14cec1a67bf9369cfdf1982db7c7f348c8f2382
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:00:c2:93:6e:8c:38:37:a5:8a:06:32:bf:34:
                    5a:01:50:ab:24:b9:1b:24:7e:ac:23:ab:d8:c7:71:
                    1e:55:f7:95:a7:ed:9b:cc:ab:4d:f7:f7:cb:83:b5:
                    c3:33:92:4b:01:93:61:14:3b:fa:c7:79:a7:f0:c6:
                    af:5c:ec:9f:25:9d:d8:4d:ea:9a:25:23:0c:9c:c6:
                    cc:07:fc:4a:14:43:0e:7b:a5:cd:62:1e:cc:2b:1f:
                    ef:bb:c0:00:57:68:02:01:6b:61:ce:45:bd:9f:d0:
                    b7:17:32:37:ce:09:15:89:ee:40:25:cd:6f:4f:a8:
                    9a:6f:85:87:58:fc:60:4b:8b:d4:36:89:e7:9c:e7:
                    3b:d3:19:3f:4f:71:0d:76:bb:0d:82:ba:04:c2:24:
                    10:32:af:42:fa:81:bc:c0:21:9e:45:68:bc:9d:6f:
                    4c:c6:96:f4:4f:a3:f6:88:9f:71:3e:cf:5d:b0:c5:
                    45:88:a8:1a:92:01:42:87:b5:d3:ae:cd:13:cb:4d:
                    10:af:c7:ff:a4:d8:95:72:d8:ec:1a:81:7e:d4:2b:
                    7f:b4:92:94:f7:b3:90:75:d1:1d:62:8c:96:c5:d5:
                    c5:b4:cb:e8:4a:01:46:db:7d:fb:1c:e6:49:77:7d:
                    8c:f3:20:19:39:b8:9f:1d:0a:29:eb:47:15:d0:c5:
                    6e:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:4C:EC:1A:67:BF:93:69:CF:DF:19:82:DB:7C:7F:34:8C:8F:23:82
            X509v3 Authority Key Identifier:
                keyid:EA:B4:76:F6:77:CD:0C:32:98:D2:81:1E:60:F4:8E:1B:29:B3:AF:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6rR29nfNDDKY0oEeYPSOGymzr-8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/657a92-6220-4425-8899-07f1950d8894/1/0UzsGme_k2nP3xmC23x_NIyPI4I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/657a92-6220-4425-8899-07f1950d8894/1/6rR29nfNDDKY0oEeYPSOGymzr-8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.190.72.0/21
                  185.70.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a9:53:bc:52:9e:b8:43:17:3a:b6:c6:79:3c:78:41:56:8a:12:
         bf:21:f0:ff:33:e7:cc:0a:4c:a0:d5:de:c0:8e:ba:59:a9:fa:
         ce:c8:96:a3:a1:cf:9a:3c:59:4c:4e:d5:70:78:35:12:ae:1c:
         1a:80:64:b9:fe:3a:1a:4d:e9:b5:b6:a2:d7:ef:bd:34:15:1f:
         30:ab:ec:f6:5a:bb:6a:1d:4e:7e:f7:75:0d:20:b2:8b:e6:3f:
         b6:7a:00:8a:9b:ae:78:2e:9c:77:d6:3d:ff:e6:be:44:7c:ac:
         b3:63:4e:a9:7f:56:1b:89:99:6e:00:c1:54:56:cd:41:74:79:
         0f:ca:30:0f:21:94:a4:91:be:b6:4f:f9:96:ce:04:81:5d:19:
         84:dc:fe:6d:70:db:df:86:1a:d6:17:e2:7e:1d:7b:1c:8a:41:
         9a:98:c6:58:67:1d:43:36:2c:96:ce:70:c9:f4:3a:53:98:bd:
         1c:ee:22:24:b7:7a:15:d1:af:4d:b4:04:0d:17:0c:bd:49:d4:
         9d:54:3e:e8:ea:e5:e1:7a:ef:cc:f1:bc:36:87:af:94:d9:d7:
         82:cf:69:d6:e0:67:30:c1:33:72:25:cc:9f:a2:7c:44:d4:93:
         33:71:4c:4e:81:e8:3d:2e:49:75:7c:f0:de:f7:59:e2:7c:2c:
         ff:a1:c0:9c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhsYbdZuEnGla52f/vO2+zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYjQ3NmY2NzdjZDBjMzI5OGQyODExZTYwZjQ4ZTFiMjli
M2FmZWYwHhcNMjUwMTAxMTE0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTRjZWMxYTY3YmY5MzY5Y2ZkZjE5ODJkYjdjN2YzNDhjOGYyMzgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAywDCk26MODeligYyvzRaAVCrJLkb
JH6sI6vYx3EeVfeVp+2bzKtN9/fLg7XDM5JLAZNhFDv6x3mn8MavXOyfJZ3YTeqa
JSMMnMbMB/xKFEMOe6XNYh7MKx/vu8AAV2gCAWthzkW9n9C3FzI3zgkVie5AJc1v
T6iab4WHWPxgS4vUNonnnOc70xk/T3ENdrsNgroEwiQQMq9C+oG8wCGeRWi8nW9M
xpb0T6P2iJ9xPs9dsMVFiKgakgFCh7XTrs0Ty00Qr8f/pNiVctjsGoF+1Ct/tJKU
97OQddEdYoyWxdXFtMvoSgFG2337HOZJd32M8yAZObifHQop60cV0MVuAQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNFM7Bpnv5Npz98Zgtt8fzSMjyOCMB8GA1UdIwQY
MBaAFOq0dvZ3zQwymNKBHmD0jhsps6/vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnJSMjluZk5EREtZMG9FZVlQU09HeW16ci04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi82NTdhOTItNjIyMC00NDI1LTg4OTkt
MDdmMTk1MGQ4ODk0LzEvMFV6c0dtZV9rMm5QM3htQzIzeF9OSXlQSTRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi82NTdhOTItNjIyMC00NDI1LTg4OTktMDdmMTk1MGQ4ODk0
LzEvNnJSMjluZk5EREtZMG9FZVlQU09HeW16ci04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDXb5IAwQC
uUYwMA0GCSqGSIb3DQEBCwUAA4IBAQCpU7xSnrhDFzq2xnk8eEFWihK/IfD/M+fM
Ckyg1d7AjrpZqfrOyJajoc+aPFlMTtVweDUSrhwagGS5/joaTem1tqLX7700FR8w
q+z2WrtqHU5+93UNILKL5j+2egCKm654Lpx31j3/5r5EfKyzY06pf1YbiZluAMFU
Vs1BdHkPyjAPIZSkkb62T/mWzgSBXRmE3P5tcNvfhhrWF+J+HXscikGamMZYZx1D
NiyWznDJ9DpTmL0c7iIkt3oV0a9NtAQNFwy9SdSdVD7o6uXheu/M8bw2h6+U2deC
z2nW4GcwwTNyJcyfonxE1JMzcUxOgeg9Lkl1fPDe91nifCz/ocCc
-----END CERTIFICATE-----