Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/c1ab26-28b0-4637-b51b-3992c54e187b/1/uw2WshwMtLO2FcZuN7xWhCinB_8.roa
File:                     uw2WshwMtLO2FcZuN7xWhCinB_8.roa (raw, json)
Hash identifier:          nkzSgxMXHvVYjALA+QY3vWMG5LDK/rRtbKYXv80gFxk=
Subject key identifier:   BB:0D:96:B2:1C:0C:B4:B3:B6:15:C6:6E:37:BC:56:84:28:A7:07:FF
Certificate issuer:       /CN=47aa878f76b50947cbd7deca04ac832e287b514d
Certificate serial:       0194258FB0B50CB3C2DAD180370710C42451
Authority key identifier: 47:AA:87:8F:76:B5:09:47:CB:D7:DE:CA:04:AC:83:2E:28:7B:51:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R6qHj3a1CUfL197KBKyDLih7UU0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/c1ab26-28b0-4637-b51b-3992c54e187b/1/uw2WshwMtLO2FcZuN7xWhCinB_8.roa
Signing time:             Thu 02 Jan 2025 05:49:21 +0000
ROA not before:           Thu 02 Jan 2025 05:49:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15814
IP address blocks:        194.36.224.0/20 maxlen: 24
                          2a03:98c0::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/c1ab26-28b0-4637-b51b-3992c54e187b/1/R6qHj3a1CUfL197KBKyDLih7UU0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/c1ab26-28b0-4637-b51b-3992c54e187b/1/R6qHj3a1CUfL197KBKyDLih7UU0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R6qHj3a1CUfL197KBKyDLih7UU0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 17:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:b0:b5:0c:b3:c2:da:d1:80:37:07:10:c4:24:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47aa878f76b50947cbd7deca04ac832e287b514d
        Validity
            Not Before: Jan  2 05:49:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bb0d96b21c0cb4b3b615c66e37bc568428a707ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:c5:e7:52:0d:ba:05:e9:4a:27:22:78:1a:57:
                    8b:74:9e:04:84:53:7e:c1:74:91:f7:15:02:9c:43:
                    b9:06:86:4e:2e:09:a7:8f:f2:57:b1:8f:a6:ca:74:
                    bd:60:c7:c2:28:fe:66:af:37:ab:60:e5:94:b3:37:
                    9b:05:03:8b:22:2e:24:44:ab:32:12:a5:2e:cd:ee:
                    7c:f5:61:88:2c:c7:f5:4f:36:87:ea:38:75:b7:c6:
                    19:10:16:35:52:1b:f7:a2:5f:22:37:54:bf:7e:27:
                    17:60:09:3b:a4:17:85:6b:80:a8:ac:3b:4a:54:b6:
                    3d:80:97:e8:64:88:29:0f:c6:6d:9a:9e:84:99:ff:
                    ba:f6:ef:3d:11:89:19:bf:5e:ac:6b:b5:ef:16:ef:
                    78:a0:75:30:69:b0:88:47:94:ff:8e:98:0a:b1:48:
                    57:73:7c:60:9e:05:63:81:83:67:4c:c4:c1:e1:70:
                    4e:cf:25:e5:2a:ea:c8:b5:f9:dc:d6:a9:a0:b6:fc:
                    d4:1e:cd:24:ca:a3:aa:26:0e:7a:67:47:8a:23:a9:
                    4b:f6:1b:c0:f0:fc:95:c1:32:ff:25:9c:33:c4:b1:
                    33:e5:34:eb:75:47:16:a2:1d:c9:c7:82:d3:92:f1:
                    4c:38:e8:e0:ec:75:b1:6b:75:73:68:3d:33:bf:bf:
                    53:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:0D:96:B2:1C:0C:B4:B3:B6:15:C6:6E:37:BC:56:84:28:A7:07:FF
            X509v3 Authority Key Identifier:
                keyid:47:AA:87:8F:76:B5:09:47:CB:D7:DE:CA:04:AC:83:2E:28:7B:51:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R6qHj3a1CUfL197KBKyDLih7UU0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/c1ab26-28b0-4637-b51b-3992c54e187b/1/uw2WshwMtLO2FcZuN7xWhCinB_8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/c1ab26-28b0-4637-b51b-3992c54e187b/1/R6qHj3a1CUfL197KBKyDLih7UU0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.36.224.0/20
                IPv6:
                  2a03:98c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         06:f1:20:a2:2c:a1:54:e5:0d:3e:79:9b:86:ef:2d:b6:18:01:
         09:53:60:89:65:a3:89:16:aa:f4:f8:bd:0e:82:cc:d6:ad:bc:
         c0:93:b8:ae:08:3c:33:b1:b4:38:df:30:fa:f9:df:2a:68:ea:
         ca:a0:7c:a9:a9:5c:d3:6f:84:87:bd:b4:e9:fa:4e:28:58:5f:
         0f:a4:5f:8c:90:67:87:e4:f1:a9:6f:14:ed:d4:ab:1a:dd:5d:
         91:86:63:09:69:bd:fe:a0:f6:79:47:01:93:71:3f:5c:70:83:
         3a:07:d5:ee:01:e2:d8:dc:c3:6a:81:b1:73:31:78:45:ef:2c:
         3d:b1:ee:38:a5:5e:af:1e:c0:26:fb:26:f6:52:49:60:a9:35:
         81:0b:32:ef:09:08:60:93:46:21:4a:c1:2f:1b:be:8b:3c:b4:
         76:34:f2:fa:51:8a:d5:b9:f2:40:dc:b4:01:11:58:ec:50:74:
         0b:0b:35:44:23:02:c2:05:8e:57:43:8b:07:5f:0a:77:6a:10:
         80:3e:69:41:5c:f5:4b:f9:72:b3:51:5e:bb:85:8d:cf:a1:62:
         c5:83:8d:58:6c:8a:98:e6:1a:00:30:f9:52:25:15:e8:7a:f7:
         11:ad:e9:74:69:59:10:01:68:4a:d2:62:03:be:31:a6:5c:60:
         d1:65:1a:44
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlj7C1DLPC2tGANwcQxCRRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3YWE4NzhmNzZiNTA5NDdjYmQ3ZGVjYTA0YWM4MzJlMjg3
YjUxNGQwHhcNMjUwMTAyMDU0OTIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjBkOTZiMjFjMGNiNGIzYjYxNWM2NmUzN2JjNTY4NDI4YTcwN2ZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyMXnUg26BelKJyJ4GleLdJ4EhFN+
wXSR9xUCnEO5BoZOLgmnj/JXsY+mynS9YMfCKP5mrzerYOWUszebBQOLIi4kRKsy
EqUuze589WGILMf1TzaH6jh1t8YZEBY1Uhv3ol8iN1S/ficXYAk7pBeFa4CorDtK
VLY9gJfoZIgpD8Ztmp6Emf+69u89EYkZv16sa7XvFu94oHUwabCIR5T/jpgKsUhX
c3xgngVjgYNnTMTB4XBOzyXlKurItfnc1qmgtvzUHs0kyqOqJg56Z0eKI6lL9hvA
8PyVwTL/JZwzxLEz5TTrdUcWoh3Jx4LTkvFMOOjg7HWxa3VzaD0zv79TKwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLsNlrIcDLSzthXGbje8VoQopwf/MB8GA1UdIwQY
MBaAFEeqh492tQlHy9feygSsgy4oe1FNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjZxSGozYTFDVWZMMTk3S0JLeURMaWg3VVUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9jMWFiMjYtMjhiMC00NjM3LWI1MWIt
Mzk5MmM1NGUxODdiLzEvdXcyV3Nod010TE8yRmNadU43eFdoQ2luQl84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9jMWFiMjYtMjhiMC00NjM3LWI1MWItMzk5MmM1NGUxODdi
LzEvUjZxSGozYTFDVWZMMTk3S0JLeURMaWg3VVUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQEwiTgMA0E
AgACMAcDBQAqA5jAMA0GCSqGSIb3DQEBCwUAA4IBAQAG8SCiLKFU5Q0+eZuG7y22
GAEJU2CJZaOJFqr0+L0OgszWrbzAk7iuCDwzsbQ43zD6+d8qaOrKoHypqVzTb4SH
vbTp+k4oWF8PpF+MkGeH5PGpbxTt1Ksa3V2RhmMJab3+oPZ5RwGTcT9ccIM6B9Xu
AeLY3MNqgbFzMXhF7yw9se44pV6vHsAm+yb2UklgqTWBCzLvCQhgk0YhSsEvG76L
PLR2NPL6UYrVufJA3LQBEVjsUHQLCzVEIwLCBY5XQ4sHXwp3ahCAPmlBXPVL+XKz
UV67hY3PoWLFg41YbIqY5hoAMPlSJRXoevcRrel0aVkQAWhK0mIDvjGmXGDRZRpE
-----END CERTIFICATE-----