Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/UYksRDXtW74SE6UDJyjDOsmH73s.roa
File:                     UYksRDXtW74SE6UDJyjDOsmH73s.roa (raw, json)
Hash identifier:          08trxHACwD8ZsfnfBV7YKcM+4FISkU1bkodMMu4lv4E=
Subject key identifier:   51:89:2C:44:35:ED:5B:BE:12:13:A5:03:27:28:C3:3A:C9:87:EF:7B
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       0194228D2D7396AA65BB612C695861827881
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/UYksRDXtW74SE6UDJyjDOsmH73s.roa
Signing time:             Wed 01 Jan 2025 15:47:45 +0000
ROA not before:           Wed 01 Jan 2025 15:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43197
IP address blocks:        62.89.208.0/22 maxlen: 24
                          62.89.220.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 23:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:2d:73:96:aa:65:bb:61:2c:69:58:61:82:78:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Jan  1 15:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=51892c4435ed5bbe1213a5032728c33ac987ef7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:d6:1d:39:2b:07:1b:7e:ab:a3:41:85:4d:6e:
                    0f:7c:d2:e6:2f:77:0b:b0:2a:7f:57:5a:e5:96:c6:
                    8c:73:5d:fb:23:9c:85:0f:95:72:13:d6:a5:21:c8:
                    e7:fc:c7:b5:a2:bb:e6:da:2d:34:b8:45:de:c8:7b:
                    40:27:87:8a:20:f9:36:bd:3a:e5:ce:c4:ea:cd:4b:
                    7e:03:b9:1b:47:84:86:43:f4:48:1b:6e:2c:1b:44:
                    0c:37:70:77:8c:9b:b7:30:77:5e:59:bd:00:ff:01:
                    bd:d2:90:e7:c5:8c:b1:a0:a2:18:7a:44:93:1b:59:
                    1e:56:ec:4a:0a:b8:c0:fa:c1:32:d6:85:b5:95:5a:
                    b6:55:4c:0b:8b:eb:8d:a3:09:45:92:89:06:ff:e8:
                    11:18:0e:01:90:00:af:61:bb:f2:52:6d:d9:a9:f4:
                    dd:3c:d6:d9:94:58:25:c7:01:cc:8f:84:ee:e2:ea:
                    12:13:ac:2d:ec:ed:af:9a:c3:02:f4:30:c0:ac:3f:
                    36:f2:cb:fe:a3:20:f3:1a:19:05:9d:db:5a:6d:5c:
                    bb:8a:ed:63:ba:fb:5e:d0:47:6c:0e:5b:31:49:96:
                    e4:9e:1e:d4:d4:28:1f:e0:8a:07:30:b4:2b:81:6f:
                    1e:09:7f:bc:53:73:e8:86:31:eb:32:eb:48:ca:3a:
                    b4:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:89:2C:44:35:ED:5B:BE:12:13:A5:03:27:28:C3:3A:C9:87:EF:7B
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/UYksRDXtW74SE6UDJyjDOsmH73s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.89.208.0/22
                  62.89.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         64:dd:3e:8e:a1:65:1d:51:d5:99:e7:06:b3:42:3b:96:2f:4c:
         39:ad:a8:d0:83:80:8d:18:20:3d:70:74:de:20:c8:45:d1:c8:
         bd:2d:92:26:6b:00:4d:20:b4:c2:55:5e:a2:c6:c9:32:1b:07:
         a6:9b:24:30:39:e1:e8:6d:f5:9d:2d:9d:ad:3f:de:35:ae:aa:
         4e:63:ad:e2:bb:96:1a:77:98:a1:56:cb:f2:1a:ea:1c:b0:c4:
         49:c0:86:20:a5:16:7b:ab:50:67:90:84:84:45:8d:d4:36:b3:
         01:49:f4:9e:12:29:95:b1:bc:df:b8:36:e6:77:a3:56:1c:a2:
         fa:33:7b:66:63:64:61:9f:ca:be:85:c7:87:2c:43:57:ef:38:
         84:d6:b0:e9:2d:ef:47:3e:e2:ae:5b:0d:c2:0a:c0:ce:f4:2c:
         ef:ff:28:18:35:ca:e3:cb:75:6d:8e:6c:3b:87:aa:2d:c6:3a:
         08:f4:8a:4f:c5:81:bc:fa:d8:e3:44:fa:03:57:6f:a1:85:e9:
         fd:d3:86:9a:ec:e2:be:4c:72:30:6e:8a:7f:2d:4b:7e:46:36:
         56:0e:62:29:84:67:0c:64:38:bc:3d:24:7e:c5:04:6c:b8:af:
         ea:72:11:fb:c4:89:28:b4:bb:06:16:c5:6f:63:60:26:23:88:
         5e:c5:98:91
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQijS1zlqplu2EsaVhhgniBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjUwMTAxMTU0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTg5MmM0NDM1ZWQ1YmJlMTIxM2E1MDMyNzI4YzMzYWM5ODdlZjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyNYdOSsHG36ro0GFTW4PfNLmL3cL
sCp/V1rllsaMc137I5yFD5VyE9alIcjn/Me1orvm2i00uEXeyHtAJ4eKIPk2vTrl
zsTqzUt+A7kbR4SGQ/RIG24sG0QMN3B3jJu3MHdeWb0A/wG90pDnxYyxoKIYekST
G1keVuxKCrjA+sEy1oW1lVq2VUwLi+uNowlFkokG/+gRGA4BkACvYbvyUm3ZqfTd
PNbZlFglxwHMj4Tu4uoSE6wt7O2vmsMC9DDArD828sv+oyDzGhkFndtabVy7iu1j
uvte0EdsDlsxSZbknh7U1Cgf4IoHMLQrgW8eCX+8U3PohjHrMutIyjq0IwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFGJLEQ17Vu+EhOlAycowzrJh+97MB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvVVlrc1JEWHRXNzRTRTZVREp5akRPc21INzNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCPlnQAwQC
PlncMA0GCSqGSIb3DQEBCwUAA4IBAQBk3T6OoWUdUdWZ5wazQjuWL0w5rajQg4CN
GCA9cHTeIMhF0ci9LZImawBNILTCVV6ixskyGwemmyQwOeHobfWdLZ2tP941rqpO
Y63iu5Yad5ihVsvyGuocsMRJwIYgpRZ7q1BnkISERY3UNrMBSfSeEimVsbzfuDbm
d6NWHKL6M3tmY2Rhn8q+hceHLENX7ziE1rDpLe9HPuKuWw3CCsDO9Czv/ygYNcrj
y3Vtjmw7h6otxjoI9IpPxYG8+tjjRPoDV2+hhen904aa7OK+THIwbop/LUt+RjZW
DmIphGcMZDi8PSR+xQRsuK/qchH7xIkotLsGFsVvY2AmI4hexZiR
-----END CERTIFICATE-----