Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/UcVnvWo7TY6805Vj_phzk62vMC0.roa
File:                     UcVnvWo7TY6805Vj_phzk62vMC0.roa (raw, json)
Hash identifier:          zAfIX+koREdPSyt5/4USbmZgAq0QlkkGPpZzElox9MA=
Subject key identifier:   51:C5:67:BD:6A:3B:4D:8E:BC:D3:95:63:FE:98:73:93:AD:AF:30:2D
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       019474199255916160CE4D540FB9CE2A6ED2
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/UcVnvWo7TY6805Vj_phzk62vMC0.roa
Signing time:             Fri 17 Jan 2025 11:50:20 +0000
ROA not before:           Fri 17 Jan 2025 11:50:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216475
IP address blocks:        213.108.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:74:19:92:55:91:61:60:ce:4d:54:0f:b9:ce:2a:6e:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan 17 11:50:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=51c567bd6a3b4d8ebcd39563fe987393adaf302d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:cc:c9:a9:ed:f5:95:2f:c9:64:72:82:9a:41:
                    ff:6c:b9:4d:a9:54:60:6d:2d:f3:d6:28:f6:45:ed:
                    26:ee:43:30:34:b7:d4:00:9a:d7:a6:e6:c1:f3:29:
                    75:12:e6:f0:c8:e2:cc:e5:1c:71:24:5f:9f:16:93:
                    cc:e6:bc:6f:01:74:f0:22:01:27:98:f9:0d:49:f2:
                    52:65:7c:d4:a1:2a:d7:11:69:7f:5b:02:3c:f8:d1:
                    d5:d0:ac:21:20:d7:93:df:1e:30:fc:7b:9d:69:62:
                    6c:28:71:14:50:36:f2:cf:e8:d6:b7:1b:94:59:5d:
                    2f:af:c0:fa:32:be:13:ed:42:c5:6a:11:dc:84:6e:
                    4f:ce:9f:3b:ed:86:06:25:df:76:71:ef:f5:e5:2d:
                    52:24:32:e8:c6:af:80:85:73:dd:f3:69:6b:c2:e9:
                    c8:8a:0b:73:7b:50:21:bc:f1:f6:45:04:01:e1:95:
                    86:f8:11:ef:03:07:bb:02:c5:22:f7:65:81:61:2c:
                    8c:b6:c2:4f:75:d6:5b:5b:90:de:36:5a:f0:64:02:
                    dc:0d:11:29:6f:ce:e6:1e:61:00:d7:d0:79:9c:17:
                    04:6a:a2:e3:24:26:9d:a9:e4:91:87:88:57:f0:fa:
                    81:5f:88:39:27:c6:97:87:7d:2d:6f:07:a3:d5:7a:
                    a8:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:C5:67:BD:6A:3B:4D:8E:BC:D3:95:63:FE:98:73:93:AD:AF:30:2D
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/UcVnvWo7TY6805Vj_phzk62vMC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.108.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:45:ea:f1:e8:74:5e:6a:c8:b1:3f:ed:4c:29:5f:24:e9:41:
         74:ac:da:cc:b1:37:9e:66:e7:f1:88:ed:ba:83:50:c9:74:3e:
         aa:b9:52:88:1d:11:67:16:0c:f5:53:e8:66:f3:a7:1f:fa:06:
         4d:03:a3:d4:7a:14:d3:b4:e1:12:38:ad:bd:fe:91:ec:09:0d:
         08:6a:48:f1:7c:94:88:09:d6:7f:07:25:67:f7:cc:c4:3f:18:
         44:c4:75:5a:53:ed:6a:6e:70:91:f4:60:19:0e:49:39:ec:ac:
         ce:3d:d3:df:89:da:92:73:58:a3:bf:db:6e:95:16:5c:11:54:
         86:70:99:44:84:da:32:6a:60:ec:62:6e:24:9a:71:34:72:02:
         1c:41:ba:60:0a:1b:89:3f:2e:c0:f6:96:4e:e0:7b:e2:df:a1:
         08:15:a3:82:2e:18:00:99:07:a4:dc:f9:c1:cb:89:79:a4:25:
         39:5a:a3:9f:e3:b8:6a:cc:88:85:b1:16:01:c8:0c:1e:40:ab:
         56:1d:07:68:f1:7c:85:9e:60:bc:67:94:cd:1c:5a:16:95:cb:
         c1:a7:a8:37:11:08:ad:1b:98:73:84:b0:66:17:58:87:eb:62:
         22:7e:53:e8:b9:eb:d8:7a:4b:16:e6:6e:34:cf:59:16:26:f9:
         ac:68:b1:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZR0GZJVkWFgzk1UD7nOKm7SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwMTE3MTE1MDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWM1NjdiZDZhM2I0ZDhlYmNkMzk1NjNmZTk4NzM5M2FkYWYzMDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz8zJqe31lS/JZHKCmkH/bLlNqVRg
bS3z1ij2Re0m7kMwNLfUAJrXpubB8yl1EubwyOLM5RxxJF+fFpPM5rxvAXTwIgEn
mPkNSfJSZXzUoSrXEWl/WwI8+NHV0KwhINeT3x4w/HudaWJsKHEUUDbyz+jWtxuU
WV0vr8D6Mr4T7ULFahHchG5Pzp877YYGJd92ce/15S1SJDLoxq+AhXPd82lrwunI
igtze1AhvPH2RQQB4ZWG+BHvAwe7AsUi92WBYSyMtsJPddZbW5DeNlrwZALcDREp
b87mHmEA19B5nBcEaqLjJCadqeSRh4hX8PqBX4g5J8aXh30tbwej1XqonQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFHFZ71qO02OvNOVY/6Yc5OtrzAtMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvVWNWbnZXbzdUWTY4MDVWal9waHprNjJ2TUMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1WzGMA0G
CSqGSIb3DQEBCwUAA4IBAQCcRerx6HReasixP+1MKV8k6UF0rNrMsTeeZufxiO26
g1DJdD6quVKIHRFnFgz1U+hm86cf+gZNA6PUehTTtOESOK29/pHsCQ0IakjxfJSI
CdZ/ByVn98zEPxhExHVaU+1qbnCR9GAZDkk57KzOPdPfidqSc1ijv9tulRZcEVSG
cJlEhNoyamDsYm4kmnE0cgIcQbpgChuJPy7A9pZO4Hvi36EIFaOCLhgAmQek3PnB
y4l5pCU5WqOf47hqzIiFsRYByAweQKtWHQdo8XyFnmC8Z5TNHFoWlcvBp6g3EQit
G5hzhLBmF1iH62IiflPouevYeksW5m40z1kWJvmsaLHG
-----END CERTIFICATE-----