Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/9d0e14-113b-4cba-8308-acc56977b6f4/1/UttiV2rZhXbpiEroK90NOoWzeyo.roa
File:                     UttiV2rZhXbpiEroK90NOoWzeyo.roa (raw, json)
Hash identifier:          clJAUfrgzlJXm2cn+fD7HIKwQaoQPkMOMFf6DpqSgo0=
Subject key identifier:   52:DB:62:57:6A:D9:85:76:E9:88:4A:E8:2B:DD:0D:3A:85:B3:7B:2A
Certificate issuer:       /CN=0f9c77a1dcdb8eed62cd3ca80a5144dc4e243f4e
Certificate serial:       019421B199930C59880AE47CEF131BF5F989
Authority key identifier: 0F:9C:77:A1:DC:DB:8E:ED:62:CD:3C:A8:0A:51:44:DC:4E:24:3F:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D5x3odzbju1izTyoClFE3E4kP04.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/9d0e14-113b-4cba-8308-acc56977b6f4/1/UttiV2rZhXbpiEroK90NOoWzeyo.roa
Signing time:             Wed 01 Jan 2025 11:47:54 +0000
ROA not before:           Wed 01 Jan 2025 11:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210289
IP address blocks:        195.177.230.0/24 maxlen: 24
                          195.177.231.0/24 maxlen: 24
                          195.178.104.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/9d0e14-113b-4cba-8308-acc56977b6f4/1/D5x3odzbju1izTyoClFE3E4kP04.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/9d0e14-113b-4cba-8308-acc56977b6f4/1/D5x3odzbju1izTyoClFE3E4kP04.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D5x3odzbju1izTyoClFE3E4kP04.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:99:93:0c:59:88:0a:e4:7c:ef:13:1b:f5:f9:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f9c77a1dcdb8eed62cd3ca80a5144dc4e243f4e
        Validity
            Not Before: Jan  1 11:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=52db62576ad98576e9884ae82bdd0d3a85b37b2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:e4:fc:87:f0:b4:0c:9b:55:c0:4e:63:aa:78:
                    db:59:d4:22:d1:f6:c8:ae:d5:2e:1f:03:a7:a5:e9:
                    3a:56:c0:a0:19:ac:7e:35:1c:eb:b5:97:b1:46:93:
                    df:6e:78:3f:f6:1e:1f:ef:09:67:32:25:6b:99:27:
                    fc:ff:3b:33:51:4c:84:e5:cd:2c:75:b9:f9:f3:ed:
                    4f:46:37:b2:98:71:e3:cc:e5:e2:3f:cb:c8:44:59:
                    b2:bd:00:07:c5:4a:b0:ad:52:3a:44:60:2e:0b:18:
                    41:5f:9a:4e:d1:17:8a:69:5d:22:7b:bd:1a:01:f7:
                    5a:9f:9d:4a:b9:7c:e0:cc:2c:d0:6c:db:72:82:81:
                    4d:0f:9e:5d:37:81:50:1c:13:11:13:74:6a:c7:4f:
                    09:47:82:00:45:36:5c:fa:8f:87:ba:91:dc:d6:85:
                    ab:00:5c:81:bd:de:a3:9d:78:02:88:9e:00:bc:8e:
                    f5:12:bb:b8:01:c6:b3:45:4f:a1:b9:d1:35:75:d4:
                    e0:47:12:90:ce:a4:56:77:d2:02:15:d3:82:fa:61:
                    56:6e:74:ae:fd:e6:ed:3c:33:3e:50:1c:ad:72:3e:
                    e0:38:eb:6e:5d:9b:7b:ba:9b:47:51:72:9b:3f:28:
                    02:c6:f4:8d:55:de:93:1b:ea:c3:44:2a:40:a0:a0:
                    48:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:DB:62:57:6A:D9:85:76:E9:88:4A:E8:2B:DD:0D:3A:85:B3:7B:2A
            X509v3 Authority Key Identifier:
                keyid:0F:9C:77:A1:DC:DB:8E:ED:62:CD:3C:A8:0A:51:44:DC:4E:24:3F:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D5x3odzbju1izTyoClFE3E4kP04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/9d0e14-113b-4cba-8308-acc56977b6f4/1/UttiV2rZhXbpiEroK90NOoWzeyo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/9d0e14-113b-4cba-8308-acc56977b6f4/1/D5x3odzbju1izTyoClFE3E4kP04.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.177.230.0/23
                  195.178.104.0/23

    Signature Algorithm: sha256WithRSAEncryption
         80:1b:54:2c:6e:3e:40:16:bc:88:31:37:6d:6c:20:10:5b:1d:
         88:60:50:1d:9c:26:ae:f7:95:d8:79:95:77:16:ba:07:ba:3f:
         ca:76:56:97:6c:5c:c5:eb:67:b6:36:ba:4f:a0:c4:6d:6a:16:
         2e:f4:b6:bd:c0:f0:74:f6:68:07:1e:4e:7d:be:10:17:b3:c4:
         a2:6e:ec:c3:81:92:03:76:26:2b:6a:f6:a4:1a:43:f5:cb:27:
         b8:25:49:29:54:eb:54:a8:a1:be:e1:d6:02:a0:9d:77:fd:5a:
         eb:26:0c:75:90:54:59:f3:ef:2a:fe:65:e6:e2:0c:26:d0:a2:
         4b:9b:a4:08:ac:fa:44:a4:4d:ea:96:8f:50:8e:b3:83:bf:23:
         0a:7a:de:90:51:71:ba:02:c7:0e:c2:28:c3:bb:3f:43:f4:f3:
         77:43:96:79:47:ec:cd:e9:ec:95:9f:93:b2:70:d9:ec:5f:a7:
         ac:f4:52:71:f6:da:ae:b0:8f:56:e3:86:3e:fa:9c:21:91:a9:
         8a:a7:7a:a3:5b:a1:20:1a:fb:b6:f2:ad:28:d8:54:ab:7e:2d:
         10:21:c5:91:88:9c:1b:5b:dc:ae:44:3b:64:b9:de:d1:d2:4a:
         d8:fd:e9:ca:ce:ae:63:41:17:fd:a8:37:d3:6a:aa:8a:83:5b:
         c4:8e:34:21
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhsZmTDFmICuR87xMb9fmJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmOWM3N2ExZGNkYjhlZWQ2MmNkM2NhODBhNTE0NGRjNGUy
NDNmNGUwHhcNMjUwMTAxMTE0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmRiNjI1NzZhZDk4NTc2ZTk4ODRhZTgyYmRkMGQzYTg1YjM3YjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqOT8h/C0DJtVwE5jqnjbWdQi0fbI
rtUuHwOnpek6VsCgGax+NRzrtZexRpPfbng/9h4f7wlnMiVrmSf8/zszUUyE5c0s
dbn58+1PRjeymHHjzOXiP8vIRFmyvQAHxUqwrVI6RGAuCxhBX5pO0ReKaV0ie70a
Afdan51KuXzgzCzQbNtygoFND55dN4FQHBMRE3Rqx08JR4IARTZc+o+HupHc1oWr
AFyBvd6jnXgCiJ4AvI71Eru4AcazRU+hudE1ddTgRxKQzqRWd9ICFdOC+mFWbnSu
/ebtPDM+UBytcj7gOOtuXZt7uptHUXKbPygCxvSNVd6TG+rDRCpAoKBI9QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFLbYldq2YV26YhK6CvdDTqFs3sqMB8GA1UdIwQY
MBaAFA+cd6Hc247tYs08qApRRNxOJD9OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDV4M29kemJqdTFpelR5b0NsRkUzRTRrUDA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS85ZDBlMTQtMTEzYi00Y2JhLTgzMDgt
YWNjNTY5NzdiNmY0LzEvVXR0aVYyclpoWGJwaUVyb0s5ME5Pb1d6ZXlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS85ZDBlMTQtMTEzYi00Y2JhLTgzMDgtYWNjNTY5NzdiNmY0
LzEvRDV4M29kemJqdTFpelR5b0NsRkUzRTRrUDA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBw7HmAwQB
w7JoMA0GCSqGSIb3DQEBCwUAA4IBAQCAG1Qsbj5AFryIMTdtbCAQWx2IYFAdnCau
95XYeZV3FroHuj/KdlaXbFzF62e2NrpPoMRtahYu9La9wPB09mgHHk59vhAXs8Si
buzDgZIDdiYravakGkP1yye4JUkpVOtUqKG+4dYCoJ13/VrrJgx1kFRZ8+8q/mXm
4gwm0KJLm6QIrPpEpE3qlo9QjrODvyMKet6QUXG6AscOwijDuz9D9PN3Q5Z5R+zN
6eyVn5OycNnsX6es9FJx9tqusI9W44Y++pwhkamKp3qjW6EgGvu28q0o2FSrfi0Q
IcWRiJwbW9yuRDtkud7R0krY/enKzq5jQRf9qDfTaqqKg1vEjjQh
-----END CERTIFICATE-----