Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/fb823f-7296-4279-9721-92e08ba5e2bf/1/uq8LGKG3oEbowZ7v4iuP9ClmWdw.roa
File:                     uq8LGKG3oEbowZ7v4iuP9ClmWdw.roa (raw, json)
Hash identifier:          hgRaSL//DCXKQ88iWICAvE3iKVN2MVceZAG3WSssG0U=
Subject key identifier:   BA:AF:0B:18:A1:B7:A0:46:E8:C1:9E:EF:E2:2B:8F:F4:29:66:59:DC
Certificate issuer:       /CN=3fafd07dc086dd7feec69e64e094dee5f49cea7d
Certificate serial:       01941F8C519D42498906DBCEAFF8A48A3F91
Authority key identifier: 3F:AF:D0:7D:C0:86:DD:7F:EE:C6:9E:64:E0:94:DE:E5:F4:9C:EA:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P6_QfcCG3X_uxp5k4JTe5fSc6n0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/fb823f-7296-4279-9721-92e08ba5e2bf/1/uq8LGKG3oEbowZ7v4iuP9ClmWdw.roa
Signing time:             Wed 01 Jan 2025 01:47:57 +0000
ROA not before:           Wed 01 Jan 2025 01:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215358
IP address blocks:        193.35.110.0/24 maxlen: 24
                          195.128.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/fb823f-7296-4279-9721-92e08ba5e2bf/1/P6_QfcCG3X_uxp5k4JTe5fSc6n0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/fb823f-7296-4279-9721-92e08ba5e2bf/1/P6_QfcCG3X_uxp5k4JTe5fSc6n0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P6_QfcCG3X_uxp5k4JTe5fSc6n0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 22:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:51:9d:42:49:89:06:db:ce:af:f8:a4:8a:3f:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fafd07dc086dd7feec69e64e094dee5f49cea7d
        Validity
            Not Before: Jan  1 01:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=baaf0b18a1b7a046e8c19eefe22b8ff4296659dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:b4:51:7b:a9:d0:50:bc:cf:29:43:89:59:eb:
                    12:10:a7:95:5c:10:15:c3:0a:8b:42:ef:55:3f:d2:
                    7f:0b:9c:8c:1d:d3:78:94:70:b2:51:16:7f:b4:13:
                    4c:6b:b9:17:76:0f:31:5d:a2:b8:d9:37:de:01:73:
                    5e:ed:29:79:ce:e7:dc:09:55:53:09:ee:55:5b:c7:
                    e3:08:44:5b:c4:48:cb:7a:ec:9a:ae:1c:95:a4:0a:
                    00:d9:5c:05:fe:ba:5b:0f:18:e7:d8:2e:1b:6a:4b:
                    7e:1f:91:39:33:93:d5:38:55:ea:a7:06:70:43:65:
                    fe:2e:e6:00:c4:9b:60:12:8b:5c:14:e2:35:9e:ad:
                    97:d9:10:23:4d:72:ed:7c:86:d0:2c:b6:89:23:22:
                    b6:d1:03:a1:07:ce:5d:6b:b0:e3:ff:ce:f3:3e:a3:
                    8a:33:d0:e8:d5:c8:9a:7a:9f:3f:40:22:b9:91:6e:
                    35:18:4d:50:54:7b:42:da:f4:30:28:af:bd:28:eb:
                    27:c0:27:93:f6:14:33:70:08:ab:3b:c5:21:5f:ca:
                    08:c5:05:f8:71:b5:aa:8a:bd:e2:06:3a:a5:b6:a2:
                    14:c8:3f:9d:a7:33:fa:2c:63:bf:c9:b9:1e:0c:9a:
                    9e:ed:3e:f4:9d:47:24:76:0f:6c:50:61:8b:ec:a6:
                    e2:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:AF:0B:18:A1:B7:A0:46:E8:C1:9E:EF:E2:2B:8F:F4:29:66:59:DC
            X509v3 Authority Key Identifier:
                keyid:3F:AF:D0:7D:C0:86:DD:7F:EE:C6:9E:64:E0:94:DE:E5:F4:9C:EA:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P6_QfcCG3X_uxp5k4JTe5fSc6n0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/fb823f-7296-4279-9721-92e08ba5e2bf/1/uq8LGKG3oEbowZ7v4iuP9ClmWdw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/fb823f-7296-4279-9721-92e08ba5e2bf/1/P6_QfcCG3X_uxp5k4JTe5fSc6n0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.35.110.0/24
                  195.128.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:04:fc:0d:4b:40:a0:76:3c:de:85:eb:5f:04:86:bd:4a:66:
         12:26:d7:fd:cc:fd:75:5d:a2:3a:25:bb:9a:cc:41:c1:d2:a2:
         5e:f5:fb:66:4f:06:6f:2a:3e:ce:03:24:c6:a4:86:6e:23:1c:
         9e:b8:5a:0c:db:2c:95:48:de:4d:1b:7b:3d:66:2e:bc:a0:92:
         e8:d2:c4:1c:47:1d:4b:41:73:ce:78:ec:6b:30:d7:2a:c7:93:
         54:73:2f:71:56:6a:0e:81:1b:eb:e7:29:b3:80:a0:de:e5:df:
         ca:ba:91:c1:fb:3e:33:ee:b8:8a:42:65:05:d8:76:da:01:eb:
         2f:5f:e8:e1:33:12:00:1a:74:db:b9:8d:94:3f:21:99:31:c5:
         66:bf:4e:3e:c5:7b:df:9b:86:86:5f:0c:2b:b5:a3:f3:85:94:
         71:c7:a0:37:c0:fb:71:8b:15:84:5c:b6:2e:90:fa:63:08:18:
         78:01:32:c8:75:28:d6:c0:2a:52:72:f8:b7:93:3e:71:a9:e7:
         eb:93:4a:68:1d:5d:a8:64:8d:ea:1d:fe:cc:63:21:c9:e2:89:
         f2:c9:0e:38:10:0c:3d:36:ba:93:78:93:6a:7a:2a:44:77:c8:
         17:72:04:4f:ab:fb:a1:2b:e9:c8:02:33:e1:88:90:49:b6:2b:
         b5:8b:f9:f9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQfjFGdQkmJBtvOr/ikij+RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmYWZkMDdkYzA4NmRkN2ZlZWM2OWU2NGUwOTRkZWU1ZjQ5
Y2VhN2QwHhcNMjUwMTAxMDE0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWFmMGIxOGExYjdhMDQ2ZThjMTllZWZlMjJiOGZmNDI5NjY1OWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4bRRe6nQULzPKUOJWesSEKeVXBAV
wwqLQu9VP9J/C5yMHdN4lHCyURZ/tBNMa7kXdg8xXaK42TfeAXNe7Sl5zufcCVVT
Ce5VW8fjCERbxEjLeuyarhyVpAoA2VwF/rpbDxjn2C4bakt+H5E5M5PVOFXqpwZw
Q2X+LuYAxJtgEotcFOI1nq2X2RAjTXLtfIbQLLaJIyK20QOhB85da7Dj/87zPqOK
M9Do1ciaep8/QCK5kW41GE1QVHtC2vQwKK+9KOsnwCeT9hQzcAirO8UhX8oIxQX4
cbWqir3iBjqltqIUyD+dpzP6LGO/ybkeDJqe7T70nUckdg9sUGGL7KbijQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLqvCxiht6BG6MGe7+Irj/QpZlncMB8GA1UdIwQY
MBaAFD+v0H3Aht1/7saeZOCU3uX0nOp9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDZfUWZjQ0czWF91eHA1azRKVGU1ZlNjNm4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9mYjgyM2YtNzI5Ni00Mjc5LTk3MjEt
OTJlMDhiYTVlMmJmLzEvdXE4TEdLRzNvRWJvd1o3djRpdVA5Q2xtV2R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9mYjgyM2YtNzI5Ni00Mjc5LTk3MjEtOTJlMDhiYTVlMmJm
LzEvUDZfUWZjQ0czWF91eHA1azRKVGU1ZlNjNm4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwSNuAwQA
w4CaMA0GCSqGSIb3DQEBCwUAA4IBAQBSBPwNS0CgdjzehetfBIa9SmYSJtf9zP11
XaI6JbuazEHB0qJe9ftmTwZvKj7OAyTGpIZuIxyeuFoM2yyVSN5NG3s9Zi68oJLo
0sQcRx1LQXPOeOxrMNcqx5NUcy9xVmoOgRvr5ymzgKDe5d/KupHB+z4z7riKQmUF
2HbaAesvX+jhMxIAGnTbuY2UPyGZMcVmv04+xXvfm4aGXwwrtaPzhZRxx6A3wPtx
ixWEXLYukPpjCBh4ATLIdSjWwCpScvi3kz5xqefrk0poHV2oZI3qHf7MYyHJ4ony
yQ44EAw9NrqTeJNqeipEd8gXcgRPq/uhK+nIAjPhiJBJtiu1i/n5
-----END CERTIFICATE-----