Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/ugAQlMVNRK04NKBeCKe0o-7jcYw.roa
File:                     ugAQlMVNRK04NKBeCKe0o-7jcYw.roa (raw, json)
Hash identifier:          0CxDf65FqOriVXIE5Jzh1mZAMOpJwGIxtatfvJFT308=
Subject key identifier:   BA:00:10:94:C5:4D:44:AD:38:34:A0:5E:08:A7:B4:A3:EE:E3:71:8C
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       01942747DD2D2E854F7234E56F861124A060
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/ugAQlMVNRK04NKBeCKe0o-7jcYw.roa
Signing time:             Thu 02 Jan 2025 13:50:08 +0000
ROA not before:           Thu 02 Jan 2025 13:50:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     4755
IP address blocks:        212.5.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:dd:2d:2e:85:4f:72:34:e5:6f:86:11:24:a0:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  2 13:50:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ba001094c54d44ad3834a05e08a7b4a3eee3718c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:58:cd:36:cd:59:a3:b3:37:50:5c:09:8b:16:
                    a7:80:4c:34:b4:09:73:ee:d7:d3:23:c5:92:4a:33:
                    13:9c:15:99:7f:9d:2a:bd:e0:3f:8e:40:ef:39:de:
                    f9:ce:ee:80:31:a3:30:a2:37:25:15:83:4b:21:dc:
                    d9:bd:b7:ef:42:99:83:5c:c1:1d:a9:77:f3:0f:9c:
                    e8:84:f8:b5:24:55:37:3d:bb:0a:8a:c8:2b:45:27:
                    20:a2:d5:0d:5e:8a:4e:da:3d:72:5e:aa:c1:1b:e1:
                    6c:64:d6:f9:9e:02:b9:4f:9e:9b:42:53:bf:85:66:
                    7d:11:52:19:f3:e3:9a:2a:71:2c:f6:45:7f:bc:e8:
                    cc:93:28:79:b5:6a:73:70:1f:cd:16:0f:12:fc:48:
                    29:be:c5:26:d1:ff:4d:c4:e7:b0:a1:d3:3b:50:a3:
                    67:60:4e:c5:3e:51:76:ba:c0:00:fd:83:7b:df:42:
                    18:5f:0e:5f:b5:60:59:bc:75:46:30:51:cb:59:d5:
                    b1:ea:53:d4:15:bf:fa:2b:54:b4:06:18:e2:79:ad:
                    3f:04:16:d9:6f:5f:c4:a4:07:ef:44:f2:be:00:b6:
                    24:a0:b4:51:57:d9:ce:23:20:e6:86:e6:1c:85:fb:
                    3d:ba:ad:eb:7a:d2:8f:c1:0c:e0:09:bc:19:19:b8:
                    73:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:00:10:94:C5:4D:44:AD:38:34:A0:5E:08:A7:B4:A3:EE:E3:71:8C
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/ugAQlMVNRK04NKBeCKe0o-7jcYw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.5.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:16:58:31:11:d0:ec:9d:ec:6e:97:29:45:77:81:68:57:c0:
         e9:6b:3d:39:18:e4:ff:b2:da:16:2b:7f:ad:32:46:0e:49:3b:
         e9:be:e9:68:f2:65:dc:d3:6f:22:fa:37:f2:72:fa:33:f5:f3:
         95:2a:58:2f:27:04:f7:78:25:d5:c3:f9:9d:0b:67:03:7e:66:
         0c:19:29:58:c4:8a:0e:81:bd:f8:c2:5f:de:89:dc:14:2c:c6:
         37:59:70:05:f9:13:69:ae:60:89:46:dd:7b:cb:ff:58:b9:bd:
         7d:70:b1:40:31:d9:07:6f:d3:1c:cb:69:16:5a:69:f8:35:ff:
         1b:41:80:04:ed:be:a0:11:61:8c:41:30:6c:7c:b0:27:46:a1:
         0c:c2:52:95:f7:cd:00:40:b5:94:56:ac:7a:54:cb:b3:36:16:
         70:f5:60:60:70:48:46:19:f9:4d:d7:41:16:2f:b8:c4:c9:61:
         37:ed:da:71:b5:f8:60:e4:cc:d3:eb:f1:6c:b9:02:bf:d4:48:
         5b:95:f7:48:f2:1b:c2:f9:13:73:a1:0d:c4:2c:97:82:4f:03:
         21:25:48:70:23:1f:39:aa:cd:67:25:e3:3e:63:5e:c2:25:eb:
         a9:89:87:b3:7b:94:63:cf:be:41:f8:cb:06:f6:b3:4d:4d:7e:
         ec:11:17:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR90tLoVPcjTlb4YRJKBgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjUwMTAyMTM1MDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTAwMTA5NGM1NGQ0NGFkMzgzNGEwNWUwOGE3YjRhM2VlZTM3MThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1jNNs1Zo7M3UFwJixangEw0tAlz
7tfTI8WSSjMTnBWZf50qveA/jkDvOd75zu6AMaMwojclFYNLIdzZvbfvQpmDXMEd
qXfzD5zohPi1JFU3PbsKisgrRScgotUNXopO2j1yXqrBG+FsZNb5ngK5T56bQlO/
hWZ9EVIZ8+OaKnEs9kV/vOjMkyh5tWpzcB/NFg8S/EgpvsUm0f9NxOewodM7UKNn
YE7FPlF2usAA/YN730IYXw5ftWBZvHVGMFHLWdWx6lPUFb/6K1S0Bhjiea0/BBbZ
b1/EpAfvRPK+ALYkoLRRV9nOIyDmhuYchfs9uq3retKPwQzgCbwZGbhzEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLoAEJTFTUStODSgXgintKPu43GMMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvdWdBUWxNVk5SSzA0TktCZUNLZTBvLTdqY1l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1AWcMA0G
CSqGSIb3DQEBCwUAA4IBAQATFlgxEdDsnexulylFd4FoV8Dpaz05GOT/stoWK3+t
MkYOSTvpvulo8mXc028i+jfycvoz9fOVKlgvJwT3eCXVw/mdC2cDfmYMGSlYxIoO
gb34wl/eidwULMY3WXAF+RNprmCJRt17y/9Yub19cLFAMdkHb9Mcy2kWWmn4Nf8b
QYAE7b6gEWGMQTBsfLAnRqEMwlKV980AQLWUVqx6VMuzNhZw9WBgcEhGGflN10EW
L7jEyWE37dpxtfhg5MzT6/FsuQK/1EhblfdI8hvC+RNzoQ3ELJeCTwMhJUhwIx85
qs1nJeM+Y17CJeupiYeze5Rjz75B+MsG9rNNTX7sERdy
-----END CERTIFICATE-----