Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/uxnZYNa8d97ZTb_0yY6HvXc3zYY.roa
File:                     uxnZYNa8d97ZTb_0yY6HvXc3zYY.roa (raw, json)
Hash identifier:          Uc2FRxSyDw4WWufpEWvzn7eMEVoT2cdYyXigSL+3Mr8=
Subject key identifier:   BB:19:D9:60:D6:BC:77:DE:D9:4D:BF:F4:C9:8E:87:BD:77:37:CD:86
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       01941F8CBA589A68AB5F513D548530C6531C
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/uxnZYNa8d97ZTb_0yY6HvXc3zYY.roa
Signing time:             Wed 01 Jan 2025 01:48:23 +0000
ROA not before:           Wed 01 Jan 2025 01:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202599
IP address blocks:        185.159.212.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:ba:58:9a:68:ab:5f:51:3d:54:85:30:c6:53:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 01:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bb19d960d6bc77ded94dbff4c98e87bd7737cd86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:1b:4b:68:c8:e9:f0:33:15:f1:91:c1:48:65:
                    fb:de:1f:a9:19:ff:e6:b8:46:02:2e:2a:5c:21:90:
                    72:32:bc:50:9a:eb:f9:39:05:94:69:90:5b:04:e3:
                    b9:5d:8d:eb:d2:ff:5c:1b:96:56:da:d2:3c:b8:fc:
                    aa:8c:2c:4c:7a:e9:f4:30:52:83:d1:ad:f1:ba:e4:
                    3d:4b:50:ad:46:66:84:2b:74:b2:a2:b7:a3:fa:a5:
                    4c:f7:ea:6b:14:08:6e:84:60:02:ab:6a:6b:ea:be:
                    0b:cc:4b:4a:88:fe:06:8a:a6:88:93:c8:05:f2:65:
                    dc:66:86:aa:e2:be:69:5b:46:51:95:e7:45:7b:79:
                    61:33:06:70:52:32:a7:29:1f:df:81:1a:bb:30:10:
                    5b:e8:82:e3:6e:0e:4f:31:05:0b:18:47:34:c6:69:
                    9e:d3:f5:b9:78:c0:d1:49:12:c2:18:76:ab:f0:b7:
                    b8:55:25:c3:31:fd:3e:38:cf:e1:d4:6f:0d:5b:13:
                    8c:3c:f1:bb:1d:30:59:de:eb:16:01:b6:2b:7f:d9:
                    e8:6a:7f:82:a9:8f:5b:78:d1:fb:ac:e7:8f:71:ce:
                    9c:11:1b:73:c2:eb:3e:e0:94:08:fd:4a:2b:b4:e5:
                    e9:36:64:18:be:42:ea:2a:a8:09:e9:9b:aa:07:14:
                    86:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:19:D9:60:D6:BC:77:DE:D9:4D:BF:F4:C9:8E:87:BD:77:37:CD:86
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/uxnZYNa8d97ZTb_0yY6HvXc3zYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.159.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8b:ea:7d:18:53:f2:63:fe:2a:4d:30:94:f3:de:0f:09:c9:67:
         0d:1e:6c:fc:19:23:6c:8f:d7:10:1a:ee:46:22:da:97:d9:57:
         6a:f9:bd:dd:c6:cb:49:ee:b1:c3:28:25:e3:e8:9e:eb:3d:de:
         59:ff:56:2d:d8:b4:b7:75:f0:f1:1b:82:8d:44:7e:68:89:19:
         b9:5e:88:00:97:6d:cf:82:3e:85:02:04:92:bf:f0:45:95:90:
         ef:1e:c0:dd:fb:65:a3:dd:82:ee:39:04:ae:7c:4d:2c:0a:8b:
         0a:7d:12:a0:a5:c5:71:30:77:cd:e3:d4:c2:f9:a8:8d:96:d0:
         99:0d:bd:81:0f:5a:70:58:81:7c:dc:98:ee:55:1b:58:61:5d:
         58:0f:69:e1:71:01:46:36:aa:45:06:8b:9d:cf:db:ec:71:1b:
         ae:8c:20:be:0d:a7:af:00:37:f3:45:07:e3:da:89:f6:80:34:
         a8:4b:10:77:1a:0a:72:32:2a:15:45:5e:78:4f:49:7d:77:40:
         b2:ab:ca:86:b1:d2:15:17:62:9b:bd:11:c7:d3:73:9b:12:97:
         76:54:ea:1c:19:d1:e9:d1:25:92:f7:b8:06:5e:40:e6:db:50:
         fe:77:91:70:4c:fc:15:c6:e2:0b:bc:e3:75:d0:3c:e2:83:b7:
         de:d8:e2:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjLpYmmirX1E9VIUwxlMcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjUwMTAxMDE0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjE5ZDk2MGQ2YmM3N2RlZDk0ZGJmZjRjOThlODdiZDc3MzdjZDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsxtLaMjp8DMV8ZHBSGX73h+pGf/m
uEYCLipcIZByMrxQmuv5OQWUaZBbBOO5XY3r0v9cG5ZW2tI8uPyqjCxMeun0MFKD
0a3xuuQ9S1CtRmaEK3Syorej+qVM9+prFAhuhGACq2pr6r4LzEtKiP4GiqaIk8gF
8mXcZoaq4r5pW0ZRledFe3lhMwZwUjKnKR/fgRq7MBBb6ILjbg5PMQULGEc0xmme
0/W5eMDRSRLCGHar8Le4VSXDMf0+OM/h1G8NWxOMPPG7HTBZ3usWAbYrf9noan+C
qY9beNH7rOePcc6cERtzwus+4JQI/UortOXpNmQYvkLqKqgJ6ZuqBxSGewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLsZ2WDWvHfe2U2/9MmOh713N82GMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvdXhuWllOYThkOTdaVGJfMHlZNkh2WGMzellZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZ/UMA0G
CSqGSIb3DQEBCwUAA4IBAQCL6n0YU/Jj/ipNMJTz3g8JyWcNHmz8GSNsj9cQGu5G
ItqX2Vdq+b3dxstJ7rHDKCXj6J7rPd5Z/1Yt2LS3dfDxG4KNRH5oiRm5XogAl23P
gj6FAgSSv/BFlZDvHsDd+2Wj3YLuOQSufE0sCosKfRKgpcVxMHfN49TC+aiNltCZ
Db2BD1pwWIF83JjuVRtYYV1YD2nhcQFGNqpFBoudz9vscRuujCC+DaevADfzRQfj
2on2gDSoSxB3GgpyMioVRV54T0l9d0Cyq8qGsdIVF2KbvRHH03ObEpd2VOocGdHp
0SWS97gGXkDm21D+d5FwTPwVxuILvON10Dzig7fe2OIv
-----END CERTIFICATE-----