Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/pUVRAGRxGer_PT9GoNVcHpcoPUc.roa
File:                     pUVRAGRxGer_PT9GoNVcHpcoPUc.roa (raw, json)
Hash identifier:          9De+mymT+37Q7sJV6Uh4eDoOTy/OcNptGN5ZBYfBFFM=
Subject key identifier:   A5:45:51:00:64:71:19:EA:FF:3D:3F:46:A0:D5:5C:1E:97:28:3D:47
Certificate issuer:       /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial:       019420D65F2B894C70B44D94BF55F3E09834
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/pUVRAGRxGer_PT9GoNVcHpcoPUc.roa
Signing time:             Wed 01 Jan 2025 07:48:27 +0000
ROA not before:           Wed 01 Jan 2025 07:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209242
IP address blocks:        93.114.182.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 02:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:5f:2b:89:4c:70:b4:4d:94:bf:55:f3:e0:98:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
        Validity
            Not Before: Jan  1 07:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a5455100647119eaff3d3f46a0d55c1e97283d47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:c1:a0:56:0e:37:80:c2:c6:a5:c0:76:16:c6:
                    74:cf:53:de:98:75:e4:8f:0e:48:7d:62:fa:07:a7:
                    15:f4:33:d1:08:74:42:e2:d3:e4:c0:0b:00:d1:54:
                    a2:07:21:b5:75:e4:a5:e4:9d:8d:32:58:79:2a:a4:
                    c8:dd:f7:bc:ba:83:32:f7:fc:42:3c:d7:e4:2f:c9:
                    0d:5a:60:36:eb:af:9d:13:8d:27:b8:e0:76:ab:42:
                    94:86:12:e0:a8:44:a7:16:fe:b3:42:41:53:a2:e6:
                    50:d3:64:c7:e7:95:34:79:c0:80:17:e6:3e:d8:e6:
                    ea:69:d0:26:7c:79:67:c4:d9:0d:ef:3f:73:43:25:
                    f8:23:1d:d8:08:62:87:6f:37:3f:fa:32:95:0b:31:
                    bb:f7:95:71:01:32:3d:0d:42:51:3c:db:c1:7d:b5:
                    b0:96:63:f3:87:87:f2:13:73:83:50:c5:88:89:52:
                    65:24:dc:07:b4:17:09:3a:31:d7:62:c7:0b:6d:99:
                    28:97:b8:cd:a4:24:72:61:30:63:7a:96:42:d4:32:
                    9a:9a:dc:79:e4:1a:14:d9:5a:15:77:8e:16:47:97:
                    d5:02:67:0e:e6:75:d6:bb:1d:3f:e1:3b:a7:91:9a:
                    fd:87:56:8d:40:8c:30:fe:c2:fb:91:7b:b6:1e:a5:
                    e3:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:45:51:00:64:71:19:EA:FF:3D:3F:46:A0:D5:5C:1E:97:28:3D:47
            X509v3 Authority Key Identifier:
                keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/pUVRAGRxGer_PT9GoNVcHpcoPUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.114.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:6a:2f:49:4e:91:22:0b:b9:51:8f:66:0e:f7:7a:cd:58:1a:
         d3:61:04:e3:43:68:ec:0d:6a:2e:cd:bd:70:eb:a9:97:e2:72:
         cd:a2:04:6c:57:6b:39:2c:f7:dd:41:a2:59:70:b2:dc:86:95:
         69:59:52:d7:54:1b:ef:b7:89:46:76:25:3d:63:e3:26:4c:18:
         9b:00:37:a5:25:02:60:96:59:61:b6:f3:6b:66:e5:8e:fe:c5:
         66:b2:a2:68:19:58:66:07:7e:e1:d2:46:2d:1f:d7:b5:79:44:
         25:b8:c8:7a:3d:12:15:eb:78:85:87:bb:29:17:1c:42:9e:67:
         44:81:c1:1b:d1:55:6d:79:9b:ce:5f:51:2f:99:29:a6:98:98:
         e4:7a:70:e2:f3:8c:4f:4a:20:e6:9b:55:20:64:fd:f1:f8:30:
         7f:1c:6c:8e:c1:97:7b:5e:38:cb:2e:3b:1e:7c:50:0d:40:84:
         dd:a1:0a:7f:a7:24:22:c3:ff:dd:09:0b:55:47:36:aa:b2:94:
         04:7b:ec:55:7e:76:1f:d6:51:59:eb:3e:5d:b5:40:4e:13:9d:
         47:cd:26:b3:d4:4e:f3:87:7a:3e:f3:fe:88:13:53:0a:1c:40:
         58:6e:d5:e9:d7:0c:30:0a:a4:b8:10:b2:4a:60:3e:7d:1b:07:
         3d:4e:ab:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1l8riUxwtE2Uv1Xz4Jg0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjUwMTAxMDc0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTQ1NTEwMDY0NzExOWVhZmYzZDNmNDZhMGQ1NWMxZTk3MjgzZDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAucGgVg43gMLGpcB2FsZ0z1PemHXk
jw5IfWL6B6cV9DPRCHRC4tPkwAsA0VSiByG1deSl5J2NMlh5KqTI3fe8uoMy9/xC
PNfkL8kNWmA266+dE40nuOB2q0KUhhLgqESnFv6zQkFTouZQ02TH55U0ecCAF+Y+
2ObqadAmfHlnxNkN7z9zQyX4Ix3YCGKHbzc/+jKVCzG795VxATI9DUJRPNvBfbWw
lmPzh4fyE3ODUMWIiVJlJNwHtBcJOjHXYscLbZkol7jNpCRyYTBjepZC1DKamtx5
5BoU2VoVd44WR5fVAmcO5nXWux0/4TunkZr9h1aNQIww/sL7kXu2HqXjAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKVFUQBkcRnq/z0/RqDVXB6XKD1HMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvcFVWUkFHUnhHZXJfUFQ5R29OVmNIcGNvUFVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXXK2MA0G
CSqGSIb3DQEBCwUAA4IBAQBKai9JTpEiC7lRj2YO93rNWBrTYQTjQ2jsDWouzb1w
66mX4nLNogRsV2s5LPfdQaJZcLLchpVpWVLXVBvvt4lGdiU9Y+MmTBibADelJQJg
lllhtvNrZuWO/sVmsqJoGVhmB37h0kYtH9e1eUQluMh6PRIV63iFh7spFxxCnmdE
gcEb0VVteZvOX1EvmSmmmJjkenDi84xPSiDmm1UgZP3x+DB/HGyOwZd7XjjLLjse
fFANQITdoQp/pyQiw//dCQtVRzaqspQEe+xVfnYf1lFZ6z5dtUBOE51HzSaz1E7z
h3o+8/6IE1MKHEBYbtXp1wwwCqS4ELJKYD59Gwc9TqsF
-----END CERTIFICATE-----