Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/U8ZUU3GFYbfbsIkHSaEoAuRmRVE.roa
File:                     U8ZUU3GFYbfbsIkHSaEoAuRmRVE.roa (raw, json)
Hash identifier:          a2cZj3mdQkz6E8lml04tuTT4l7mx+oruDy+eevwshvQ=
Subject key identifier:   53:C6:54:53:71:85:61:B7:DB:B0:89:07:49:A1:28:02:E4:66:45:51
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       019423D7605E79D2360B90D44B67EF37922F
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/U8ZUU3GFYbfbsIkHSaEoAuRmRVE.roa
Signing time:             Wed 01 Jan 2025 21:48:24 +0000
ROA not before:           Wed 01 Jan 2025 21:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44103
IP address blocks:        185.150.96.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:60:5e:79:d2:36:0b:90:d4:4b:67:ef:37:92:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  1 21:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=53c65453718561b7dbb0890749a12802e4664551
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:d0:76:fb:87:de:e1:ea:58:8c:62:8c:18:a0:
                    25:72:5d:d3:3e:e7:28:9e:6f:b8:72:98:78:f7:75:
                    05:18:22:e4:55:89:39:53:96:7c:32:ce:64:ab:2f:
                    93:8b:79:07:6a:89:16:8e:43:12:4b:7a:f9:65:03:
                    e3:23:b4:c9:64:d4:2f:1a:18:b3:2f:4b:9a:92:23:
                    a0:13:78:01:88:23:cf:b0:a6:88:c8:23:a8:79:93:
                    9b:f8:d7:dd:c8:f2:4f:25:52:bb:f9:c4:99:e9:ff:
                    dc:59:9b:34:a5:d8:a0:09:92:01:3e:58:79:8d:25:
                    ac:94:87:3a:08:b4:fc:2b:b8:08:7e:f0:81:19:7b:
                    a8:ed:6d:62:00:d4:d7:c1:e6:48:33:4f:96:65:1e:
                    f8:ee:55:08:4d:6d:4f:10:8f:84:d8:63:d3:d3:5e:
                    c6:d2:12:70:b6:65:d9:a5:97:38:0f:86:96:4a:02:
                    d6:6f:86:3e:7b:b1:95:67:87:b0:eb:c7:b9:8a:76:
                    6b:23:5c:67:f8:3c:02:6b:25:e6:6b:4f:24:93:df:
                    e5:7f:d0:3f:e2:98:4a:55:00:de:53:9f:e5:9f:ff:
                    c1:25:77:b7:ea:f5:3f:db:1c:99:62:12:39:a6:12:
                    14:e2:7f:5e:df:8a:18:94:03:95:a8:b6:a8:5e:70:
                    9c:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:C6:54:53:71:85:61:B7:DB:B0:89:07:49:A1:28:02:E4:66:45:51
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/U8ZUU3GFYbfbsIkHSaEoAuRmRVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.150.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:84:56:33:6c:88:09:af:86:2f:01:2b:83:85:64:a3:9d:cd:
         83:e9:bd:8f:90:19:7c:66:98:77:f1:80:92:59:a0:5a:52:7c:
         02:c9:5a:7a:49:cd:c8:da:39:65:96:84:21:1a:6b:2a:a8:be:
         33:de:67:29:5f:94:89:e9:29:d0:57:ac:b1:8e:0e:e7:fa:28:
         ff:1a:4e:0e:90:f2:ab:a1:f4:86:31:0d:af:9c:5a:de:d1:e4:
         46:92:7b:b4:a3:88:39:cb:f7:ff:c3:32:07:c1:1d:cb:b5:4e:
         bb:44:a3:c4:06:5c:70:5b:4d:6e:3d:91:9b:c2:94:3e:4b:ae:
         e1:86:65:13:78:ec:db:03:52:08:cc:58:08:80:36:a3:7e:a6:
         e6:8e:f7:c1:f2:69:f2:5f:74:70:74:d7:2f:f7:12:74:61:17:
         cb:8d:05:57:a3:0d:2b:00:2b:a4:e3:a0:78:51:a5:53:b5:8f:
         56:a3:e9:25:04:26:6d:a3:c7:55:cb:39:00:07:02:63:d1:6c:
         e3:af:40:22:18:cf:9f:41:31:c5:2a:2e:fb:14:5a:bd:c0:21:
         4d:2d:c1:c3:3a:71:e2:88:cd:68:f6:e2:20:bf:81:27:69:1b:
         2b:54:8e:cf:3a:37:00:03:53:69:6a:78:74:5e:30:8b:b7:e7:
         66:1a:67:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj12BeedI2C5DUS2fvN5IvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjUwMTAxMjE0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2M2NTQ1MzcxODU2MWI3ZGJiMDg5MDc0OWExMjgwMmU0NjY0NTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2dB2+4fe4epYjGKMGKAlcl3TPuco
nm+4cph493UFGCLkVYk5U5Z8Ms5kqy+Ti3kHaokWjkMSS3r5ZQPjI7TJZNQvGhiz
L0uakiOgE3gBiCPPsKaIyCOoeZOb+NfdyPJPJVK7+cSZ6f/cWZs0pdigCZIBPlh5
jSWslIc6CLT8K7gIfvCBGXuo7W1iANTXweZIM0+WZR747lUITW1PEI+E2GPT017G
0hJwtmXZpZc4D4aWSgLWb4Y+e7GVZ4ew68e5inZrI1xn+DwCayXma08kk9/lf9A/
4phKVQDeU5/ln//BJXe36vU/2xyZYhI5phIU4n9e34oYlAOVqLaoXnCcNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFPGVFNxhWG327CJB0mhKALkZkVRMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvVThaVVUzR0ZZYmZic0lrSFNhRW9BdVJtUlZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZZgMA0G
CSqGSIb3DQEBCwUAA4IBAQAfhFYzbIgJr4YvASuDhWSjnc2D6b2PkBl8Zph38YCS
WaBaUnwCyVp6Sc3I2jllloQhGmsqqL4z3mcpX5SJ6SnQV6yxjg7n+ij/Gk4OkPKr
ofSGMQ2vnFre0eRGknu0o4g5y/f/wzIHwR3LtU67RKPEBlxwW01uPZGbwpQ+S67h
hmUTeOzbA1IIzFgIgDajfqbmjvfB8mnyX3RwdNcv9xJ0YRfLjQVXow0rACuk46B4
UaVTtY9Wo+klBCZto8dVyzkABwJj0Wzjr0AiGM+fQTHFKi77FFq9wCFNLcHDOnHi
iM1o9uIgv4EnaRsrVI7POjcAA1Npanh0XjCLt+dmGmce
-----END CERTIFICATE-----