Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/uk8Xs6sStU3ZyWJ8zdcWAfJ0IEU.roa
File:                     uk8Xs6sStU3ZyWJ8zdcWAfJ0IEU.roa (raw, json)
Hash identifier:          i0tn3MfMtmUi1Kxww55qDRyh4koAbx6TkcwjLPBOqEg=
Subject key identifier:   BA:4F:17:B3:AB:12:B5:4D:D9:C9:62:7C:CD:D7:16:01:F2:74:20:45
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       01951F5A3E34621A5A14BE0E32897235D1A9
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/uk8Xs6sStU3ZyWJ8zdcWAfJ0IEU.roa
Signing time:             Wed 19 Feb 2025 17:56:02 +0000
ROA not before:           Wed 19 Feb 2025 17:56:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     11798
IP address blocks:        5.181.183.0/24 maxlen: 24
                          185.207.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:1f:5a:3e:34:62:1a:5a:14:be:0e:32:89:72:35:d1:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Feb 19 17:56:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ba4f17b3ab12b54dd9c9627ccdd71601f2742045
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:77:79:7b:2f:c8:a3:3a:37:e3:f2:68:f2:ec:
                    cd:27:28:f9:75:fa:45:f0:65:83:85:b9:40:2d:fe:
                    4f:35:02:3d:17:aa:f7:af:f0:69:2f:96:fa:f7:52:
                    5f:eb:85:2a:f7:36:de:12:04:7d:4b:c8:a3:60:9d:
                    1e:8b:05:6c:66:91:37:ae:71:17:7f:13:cb:f1:c7:
                    d8:bd:82:6e:15:6a:65:51:3e:7f:ec:a7:7b:e4:c7:
                    1e:ff:f0:99:55:a7:07:1b:77:c7:c0:77:eb:22:00:
                    5c:c1:8e:1a:8b:91:28:ed:9b:10:8a:5a:fd:97:a7:
                    83:e4:93:52:51:4c:e7:3f:64:a7:a3:5c:d4:0a:9b:
                    1b:3a:22:2a:f0:e3:f1:94:ee:80:a1:ff:25:8d:2c:
                    47:2a:db:8c:06:65:f8:7e:0c:6f:fe:a6:c3:03:5b:
                    d2:5d:9a:28:32:76:31:ac:cd:ea:f7:6e:23:ef:10:
                    99:cc:85:28:b7:d8:26:dc:f9:78:70:c9:06:73:63:
                    50:3f:0c:fd:ae:d6:b1:f7:0e:cd:9d:7d:a1:34:32:
                    f1:a4:5c:bf:95:d1:b5:e4:45:a7:d8:75:29:10:7e:
                    9b:cc:ee:da:9f:0f:a6:f9:31:26:f5:fd:3c:76:e8:
                    46:d9:bc:2d:1e:71:3e:1a:66:c4:c9:31:09:58:e0:
                    8c:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:4F:17:B3:AB:12:B5:4D:D9:C9:62:7C:CD:D7:16:01:F2:74:20:45
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/uk8Xs6sStU3ZyWJ8zdcWAfJ0IEU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.183.0/24
                  185.207.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:df:40:80:6c:a9:fd:9c:6c:09:56:f8:59:15:b2:b2:6f:69:
         78:5f:51:29:13:6e:d1:66:96:b4:8b:8b:ec:f8:3b:15:03:a0:
         f7:70:c5:d1:75:c2:40:cb:df:a6:1d:e6:4c:1b:0c:d9:92:98:
         17:a9:ba:5d:44:be:99:05:37:14:f2:38:8b:45:55:33:73:1e:
         64:18:04:82:b8:e2:8a:fa:b3:7b:ab:2d:3d:6e:88:35:34:2f:
         dc:ab:9d:e1:e4:87:3c:0b:f5:a0:06:43:8f:50:6a:aa:b7:59:
         01:76:12:29:3f:47:c8:e4:ed:4d:24:c8:13:43:07:25:f4:77:
         45:37:87:8b:54:f8:ad:59:4c:85:81:ee:72:18:e8:f6:06:43:
         e3:c2:eb:38:16:b2:b9:b3:a7:14:b9:dc:ae:d0:74:2d:f0:14:
         d6:8b:f1:7f:f1:90:c2:80:35:b8:b3:85:91:54:9a:44:2a:a6:
         04:0f:5c:e7:75:4a:7f:29:fa:db:3c:e3:75:9d:b7:d8:9e:20:
         cf:8f:de:5c:0e:19:e1:bc:91:2d:ea:1b:97:48:3c:f8:b2:cb:
         c0:f1:22:8b:b7:fd:87:3a:92:31:4a:db:c9:a9:44:95:be:92:
         1a:01:12:21:4f:ab:d7:43:a3:e6:43:ad:51:3c:c4:a4:0e:a9:
         37:7c:95:59
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZUfWj40YhpaFL4OMolyNdGpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwMjE5MTc1NjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTRmMTdiM2FiMTJiNTRkZDljOTYyN2NjZGQ3MTYwMWYyNzQyMDQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHd5ey/Iozo34/Jo8uzNJyj5dfpF
8GWDhblALf5PNQI9F6r3r/BpL5b691Jf64Uq9zbeEgR9S8ijYJ0eiwVsZpE3rnEX
fxPL8cfYvYJuFWplUT5/7Kd75Mce//CZVacHG3fHwHfrIgBcwY4ai5Eo7ZsQilr9
l6eD5JNSUUznP2Sno1zUCpsbOiIq8OPxlO6Aof8ljSxHKtuMBmX4fgxv/qbDA1vS
XZooMnYxrM3q924j7xCZzIUot9gm3Pl4cMkGc2NQPwz9rtax9w7NnX2hNDLxpFy/
ldG15EWn2HUpEH6bzO7anw+m+TEm9f08duhG2bwtHnE+GmbEyTEJWOCMowIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLpPF7OrErVN2clifM3XFgHydCBFMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvdWs4WHM2c1N0VTNaeVdKOHpkY1dBZkowSUVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABbW3AwQA
uc+HMA0GCSqGSIb3DQEBCwUAA4IBAQAc30CAbKn9nGwJVvhZFbKyb2l4X1EpE27R
Zpa0i4vs+DsVA6D3cMXRdcJAy9+mHeZMGwzZkpgXqbpdRL6ZBTcU8jiLRVUzcx5k
GASCuOKK+rN7qy09bog1NC/cq53h5Ic8C/WgBkOPUGqqt1kBdhIpP0fI5O1NJMgT
Qwcl9HdFN4eLVPitWUyFge5yGOj2BkPjwus4FrK5s6cUudyu0HQt8BTWi/F/8ZDC
gDW4s4WRVJpEKqYED1zndUp/KfrbPON1nbfYniDPj95cDhnhvJEt6huXSDz4ssvA
8SKLt/2HOpIxStvJqUSVvpIaARIhT6vXQ6PmQ61RPMSkDqk3fJVZ
-----END CERTIFICATE-----