Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/18d132-9951-4055-b5a6-dc0e1a725221/1/uGd2svx2nM-ThRz4Z5ZLS4pryPE.roa
File:                     uGd2svx2nM-ThRz4Z5ZLS4pryPE.roa (raw, json)
Hash identifier:          miR6GHPuEFoodfHk/rc71EoG5Q+xZw/Ncoa5ppurE4s=
Subject key identifier:   B8:67:76:B2:FC:76:9C:CF:93:85:1C:F8:67:96:4B:4B:8A:6B:C8:F1
Certificate issuer:       /CN=d03046d16cfc391b028b88743773ce005cf97b1d
Certificate serial:       0194266C10DBB3272F1DC7C50F9A56134A26
Authority key identifier: D0:30:46:D1:6C:FC:39:1B:02:8B:88:74:37:73:CE:00:5C:F9:7B:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0DBG0Wz8ORsCi4h0N3POAFz5ex0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/18d132-9951-4055-b5a6-dc0e1a725221/1/uGd2svx2nM-ThRz4Z5ZLS4pryPE.roa
Signing time:             Thu 02 Jan 2025 09:50:03 +0000
ROA not before:           Thu 02 Jan 2025 09:50:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396982
IP address blocks:        185.168.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/18d132-9951-4055-b5a6-dc0e1a725221/1/0DBG0Wz8ORsCi4h0N3POAFz5ex0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/18d132-9951-4055-b5a6-dc0e1a725221/1/0DBG0Wz8ORsCi4h0N3POAFz5ex0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0DBG0Wz8ORsCi4h0N3POAFz5ex0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:10:db:b3:27:2f:1d:c7:c5:0f:9a:56:13:4a:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d03046d16cfc391b028b88743773ce005cf97b1d
        Validity
            Not Before: Jan  2 09:50:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b86776b2fc769ccf93851cf867964b4b8a6bc8f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:ea:e0:34:ea:44:7e:2d:b2:c4:aa:d3:de:dc:
                    73:23:9b:b3:e7:60:79:b2:92:28:8e:0d:ca:0b:3f:
                    cd:e8:be:39:6a:2b:6b:39:05:91:9e:aa:1c:09:0c:
                    20:f5:c1:e1:79:6b:ee:bc:67:e0:30:ee:06:66:96:
                    ec:c7:6c:e1:44:86:05:b2:2b:7f:db:be:74:19:ce:
                    5e:63:5b:33:12:df:2a:38:ab:4d:09:a2:19:7c:e1:
                    d9:ba:c3:7e:8d:da:a4:7a:04:45:f0:75:e8:ee:89:
                    55:45:73:4a:5c:0c:a4:aa:59:08:f1:c8:4f:ed:8e:
                    1b:d3:36:47:d7:62:1b:10:f8:4a:7d:51:15:65:80:
                    96:76:83:a9:5a:ce:ef:dd:ef:60:ed:eb:ae:02:6e:
                    81:94:89:42:5e:80:7a:29:13:42:be:02:b8:e4:83:
                    9f:ec:1a:36:be:5a:16:a0:c8:3a:d4:f2:58:cf:85:
                    0c:d3:2a:07:b0:b8:70:57:7b:af:9d:84:0f:8c:7e:
                    78:4b:ed:7e:13:21:e5:bb:d8:94:48:b3:5e:4f:e6:
                    0b:c3:6b:21:50:d3:90:f8:d7:1c:e7:41:11:f3:4c:
                    58:3e:44:d2:80:b0:94:67:c4:21:67:9c:ec:79:91:
                    80:51:4e:78:f6:95:7d:93:0b:c9:28:8b:fe:13:e2:
                    36:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:67:76:B2:FC:76:9C:CF:93:85:1C:F8:67:96:4B:4B:8A:6B:C8:F1
            X509v3 Authority Key Identifier:
                keyid:D0:30:46:D1:6C:FC:39:1B:02:8B:88:74:37:73:CE:00:5C:F9:7B:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0DBG0Wz8ORsCi4h0N3POAFz5ex0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/18d132-9951-4055-b5a6-dc0e1a725221/1/uGd2svx2nM-ThRz4Z5ZLS4pryPE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/18d132-9951-4055-b5a6-dc0e1a725221/1/0DBG0Wz8ORsCi4h0N3POAFz5ex0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:c0:98:73:bf:5d:82:71:a4:04:25:69:65:08:3e:8c:85:ce:
         8a:b4:4d:6f:b3:c3:9f:39:33:0a:4e:94:5d:bc:b3:8c:e6:3f:
         fa:18:11:16:1f:c4:90:09:e9:f4:82:55:9f:8b:c5:e0:6e:5a:
         75:92:7c:8b:af:d4:2b:52:8a:8f:61:4f:78:17:71:ce:98:56:
         b4:83:9a:83:f3:a2:a7:37:7d:69:41:94:ef:5c:ee:7e:53:57:
         0b:83:82:34:d0:cc:2f:25:cd:e1:c2:21:f4:06:56:91:3f:0a:
         29:a7:38:e0:3f:32:84:08:9a:44:62:8a:67:26:ca:95:be:26:
         af:93:0a:9f:24:16:6b:2f:fb:a4:12:7f:60:c6:b3:47:53:4b:
         b0:66:af:08:7c:be:4d:49:19:89:5d:52:3f:f2:c7:23:99:5d:
         da:e6:5f:71:7c:56:b5:6a:9f:69:e6:dc:f9:5a:c9:44:ad:f5:
         59:03:e5:f1:4f:35:42:45:5c:c6:ff:1f:9d:44:a9:52:64:c5:
         9a:f6:55:b3:93:2f:9c:a8:78:45:9b:69:56:28:eb:bf:e0:b1:
         26:1d:e5:4b:32:5d:bd:32:85:5d:4d:fb:b1:b4:76:36:51:e7:
         d4:31:a5:5b:35:cd:eb:d0:34:c2:e5:7b:47:3c:6c:4c:54:79:
         04:c8:e7:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbBDbsycvHcfFD5pWE0omMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMzA0NmQxNmNmYzM5MWIwMjhiODg3NDM3NzNjZTAwNWNm
OTdiMWQwHhcNMjUwMTAyMDk1MDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODY3NzZiMmZjNzY5Y2NmOTM4NTFjZjg2Nzk2NGI0YjhhNmJjOGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAourgNOpEfi2yxKrT3txzI5uz52B5
spIojg3KCz/N6L45aitrOQWRnqocCQwg9cHheWvuvGfgMO4GZpbsx2zhRIYFsit/
2750Gc5eY1szEt8qOKtNCaIZfOHZusN+jdqkegRF8HXo7olVRXNKXAykqlkI8chP
7Y4b0zZH12IbEPhKfVEVZYCWdoOpWs7v3e9g7euuAm6BlIlCXoB6KRNCvgK45IOf
7Bo2vloWoMg61PJYz4UM0yoHsLhwV3uvnYQPjH54S+1+EyHlu9iUSLNeT+YLw2sh
UNOQ+Ncc50ER80xYPkTSgLCUZ8QhZ5zseZGAUU549pV9kwvJKIv+E+I2gwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLhndrL8dpzPk4Uc+GeWS0uKa8jxMB8GA1UdIwQY
MBaAFNAwRtFs/DkbAouIdDdzzgBc+XsdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMERCRzBXejhPUnNDaTRoME4zUE9BRno1ZXgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS8xOGQxMzItOTk1MS00MDU1LWI1YTYt
ZGMwZTFhNzI1MjIxLzEvdUdkMnN2eDJuTS1UaFJ6NFo1WkxTNHByeVBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS8xOGQxMzItOTk1MS00MDU1LWI1YTYtZGMwZTFhNzI1MjIx
LzEvMERCRzBXejhPUnNDaTRoME4zUE9BRno1ZXgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuajMMA0G
CSqGSIb3DQEBCwUAA4IBAQAKwJhzv12CcaQEJWllCD6Mhc6KtE1vs8OfOTMKTpRd
vLOM5j/6GBEWH8SQCen0glWfi8Xgblp1knyLr9QrUoqPYU94F3HOmFa0g5qD86Kn
N31pQZTvXO5+U1cLg4I00MwvJc3hwiH0BlaRPwoppzjgPzKECJpEYopnJsqVviav
kwqfJBZrL/ukEn9gxrNHU0uwZq8IfL5NSRmJXVI/8scjmV3a5l9xfFa1ap9p5tz5
WslErfVZA+XxTzVCRVzG/x+dRKlSZMWa9lWzky+cqHhFm2lWKOu/4LEmHeVLMl29
MoVdTfuxtHY2UefUMaVbNc3r0DTC5XtHPGxMVHkEyOcN
-----END CERTIFICATE-----