Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/ca686d-f35f-43f3-b889-9ffb0e41c4ef/1/Uq0vloXHdFb2aIE_oUN66H2BMxU.roa
File:                     Uq0vloXHdFb2aIE_oUN66H2BMxU.roa (raw, json)
Hash identifier:          8OMhbaYnopF2Asv1tjCQ758nxv0+wParcC98envOi54=
Subject key identifier:   52:AD:2F:96:85:C7:74:56:F6:68:81:3F:A1:43:7A:E8:7D:81:33:15
Certificate issuer:       /CN=f02e28e8ac7ab18c73079de84c8097d782aab69a
Certificate serial:       0194221F5A10BC1655A9FF9D16E9A854F74C
Authority key identifier: F0:2E:28:E8:AC:7A:B1:8C:73:07:9D:E8:4C:80:97:D7:82:AA:B6:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8C4o6Kx6sYxzB53oTICX14Kqtpo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/ca686d-f35f-43f3-b889-9ffb0e41c4ef/1/Uq0vloXHdFb2aIE_oUN66H2BMxU.roa
Signing time:             Wed 01 Jan 2025 13:47:47 +0000
ROA not before:           Wed 01 Jan 2025 13:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8896
IP address blocks:        91.188.232.0/22 maxlen: 22
                          2a09:a300::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/ca686d-f35f-43f3-b889-9ffb0e41c4ef/1/8C4o6Kx6sYxzB53oTICX14Kqtpo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/ca686d-f35f-43f3-b889-9ffb0e41c4ef/1/8C4o6Kx6sYxzB53oTICX14Kqtpo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8C4o6Kx6sYxzB53oTICX14Kqtpo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 10:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:5a:10:bc:16:55:a9:ff:9d:16:e9:a8:54:f7:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f02e28e8ac7ab18c73079de84c8097d782aab69a
        Validity
            Not Before: Jan  1 13:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=52ad2f9685c77456f668813fa1437ae87d813315
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:c2:92:15:9e:a5:19:fe:d7:10:08:81:41:98:
                    b8:bd:c3:ce:07:11:5f:d4:88:0c:04:f8:fa:75:37:
                    2e:6e:62:4b:f2:07:da:22:d1:8d:a3:03:99:83:22:
                    47:d3:d3:bf:3a:86:ff:e3:67:7e:53:7d:34:28:91:
                    ff:d1:42:ee:38:51:bf:27:19:63:4e:56:6c:d5:5c:
                    4c:4e:85:10:36:87:e4:5c:13:25:72:a0:48:1b:af:
                    d5:02:9f:60:5a:cc:9f:f1:de:3e:0d:4b:0a:92:85:
                    24:47:1c:e9:27:0b:2f:1f:34:94:c6:59:57:60:2a:
                    6a:4d:f5:c6:62:dc:60:7f:8b:ed:b1:28:4a:e3:ef:
                    dc:0a:06:04:ff:4e:eb:6a:1f:dd:70:70:ef:9d:3f:
                    9e:d0:68:47:ee:25:17:94:dc:82:20:f9:3a:c1:f6:
                    0a:90:46:47:a6:ad:50:86:ab:e8:10:21:f6:ac:03:
                    0a:b3:bd:21:8b:fe:46:6b:3f:59:81:55:9d:06:97:
                    1a:8d:08:a6:26:15:c5:73:15:17:c7:28:7d:24:67:
                    7e:e9:28:c0:ca:1c:59:f9:5c:81:c9:70:6e:67:6d:
                    6f:fc:6c:a3:06:a2:18:ea:79:d0:e2:29:bc:92:be:
                    1c:06:43:43:8f:16:20:94:34:68:65:1f:be:4d:40:
                    8f:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:AD:2F:96:85:C7:74:56:F6:68:81:3F:A1:43:7A:E8:7D:81:33:15
            X509v3 Authority Key Identifier:
                keyid:F0:2E:28:E8:AC:7A:B1:8C:73:07:9D:E8:4C:80:97:D7:82:AA:B6:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8C4o6Kx6sYxzB53oTICX14Kqtpo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/ca686d-f35f-43f3-b889-9ffb0e41c4ef/1/Uq0vloXHdFb2aIE_oUN66H2BMxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/ca686d-f35f-43f3-b889-9ffb0e41c4ef/1/8C4o6Kx6sYxzB53oTICX14Kqtpo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.188.232.0/22
                IPv6:
                  2a09:a300::/32

    Signature Algorithm: sha256WithRSAEncryption
         9e:1f:75:54:f4:f3:f5:50:62:1e:5e:0b:76:5a:32:98:e1:aa:
         79:85:3c:5d:f5:3e:32:81:d6:fa:75:05:b5:33:bb:33:33:40:
         40:01:1d:5f:f4:dd:25:f1:68:83:2b:12:95:65:8a:56:0f:5e:
         2c:96:2c:80:4c:cc:0b:6c:18:a8:91:2b:09:e0:22:55:d8:09:
         13:5b:c9:4f:33:7d:72:84:81:c6:4e:e0:d5:4a:78:d3:c4:1f:
         6d:09:6a:a9:d1:1e:8f:de:33:ce:39:84:d1:a4:f1:e6:d4:c0:
         1d:88:3c:e0:3e:36:ec:7e:5c:09:c6:38:de:8e:8e:e2:9d:37:
         ba:4e:b9:22:3d:c6:09:a7:85:3f:ee:1d:39:35:07:a0:27:7b:
         68:83:f0:3a:e9:b0:b8:78:de:43:4c:19:0c:5a:a3:c6:ea:a3:
         fe:bc:8b:2d:8d:ad:59:25:05:8f:17:47:21:f5:25:06:bd:5c:
         80:dd:59:4d:88:4c:4c:c0:28:e1:4e:7f:26:93:b7:2a:e2:a5:
         8c:a8:88:e0:03:3a:ac:e5:97:cc:ca:7a:62:57:54:fb:c2:f6:
         85:c5:26:7e:b4:97:ce:77:b4:42:61:bc:c5:1e:cf:41:44:3b:
         58:4e:1a:3b:b7:10:2e:f1:ec:8c:50:6a:07:70:07:fb:16:e5:
         1f:1e:5a:8d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQiH1oQvBZVqf+dFumoVPdMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMmUyOGU4YWM3YWIxOGM3MzA3OWRlODRjODA5N2Q3ODJh
YWI2OWEwHhcNMjUwMTAxMTM0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmFkMmY5Njg1Yzc3NDU2ZjY2ODgxM2ZhMTQzN2FlODdkODEzMzE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAscKSFZ6lGf7XEAiBQZi4vcPOBxFf
1IgMBPj6dTcubmJL8gfaItGNowOZgyJH09O/Oob/42d+U300KJH/0ULuOFG/Jxlj
TlZs1VxMToUQNofkXBMlcqBIG6/VAp9gWsyf8d4+DUsKkoUkRxzpJwsvHzSUxllX
YCpqTfXGYtxgf4vtsShK4+/cCgYE/07rah/dcHDvnT+e0GhH7iUXlNyCIPk6wfYK
kEZHpq1QhqvoECH2rAMKs70hi/5Gaz9ZgVWdBpcajQimJhXFcxUXxyh9JGd+6SjA
yhxZ+VyByXBuZ21v/GyjBqIY6nnQ4im8kr4cBkNDjxYglDRoZR++TUCPZQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFKtL5aFx3RW9miBP6FDeuh9gTMVMB8GA1UdIwQY
MBaAFPAuKOiserGMcwed6EyAl9eCqraaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEM0bzZLeDZzWXh6QjUzb1RJQ1gxNEtxdHBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi9jYTY4NmQtZjM1Zi00M2YzLWI4ODkt
OWZmYjBlNDFjNGVmLzEvVXEwdmxvWEhkRmIyYUlFX29VTjY2SDJCTXhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi9jYTY4NmQtZjM1Zi00M2YzLWI4ODktOWZmYjBlNDFjNGVm
LzEvOEM0bzZLeDZzWXh6QjUzb1RJQ1gxNEtxdHBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCW7zoMA0E
AgACMAcDBQAqCaMAMA0GCSqGSIb3DQEBCwUAA4IBAQCeH3VU9PP1UGIeXgt2WjKY
4ap5hTxd9T4ygdb6dQW1M7szM0BAAR1f9N0l8WiDKxKVZYpWD14sliyATMwLbBio
kSsJ4CJV2AkTW8lPM31yhIHGTuDVSnjTxB9tCWqp0R6P3jPOOYTRpPHm1MAdiDzg
PjbsflwJxjjejo7inTe6TrkiPcYJp4U/7h05NQegJ3tog/A66bC4eN5DTBkMWqPG
6qP+vIstja1ZJQWPF0ch9SUGvVyA3VlNiExMwCjhTn8mk7cq4qWMqIjgAzqs5ZfM
ynpiV1T7wvaFxSZ+tJfOd7RCYbzFHs9BRDtYTho7txAu8eyMUGoHcAf7FuUfHlqN
-----END CERTIFICATE-----