Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/UY4Vocase6h72_4iTYxo7gq0Exg.roa
File:                     UY4Vocase6h72_4iTYxo7gq0Exg.roa (raw, json)
Hash identifier:          TBbWWfyJhs7pAHsnUHAbgLCyY2ejseqTDzlU5s/6x80=
Subject key identifier:   51:8E:15:A1:C6:AC:7B:A8:7B:DB:FE:22:4D:8C:68:EE:0A:B4:13:18
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       0195E26D50FFF220EFC2C0225E5A072CE90B
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/UY4Vocase6h72_4iTYxo7gq0Exg.roa
Signing time:             Sat 29 Mar 2025 15:02:49 +0000
ROA not before:           Sat 29 Mar 2025 15:02:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211209
IP address blocks:        185.120.15.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 06:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:e2:6d:50:ff:f2:20:ef:c2:c0:22:5e:5a:07:2c:e9:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Mar 29 15:02:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=518e15a1c6ac7ba87bdbfe224d8c68ee0ab41318
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c9:17:0d:28:55:6b:47:eb:08:1d:0d:89:28:
                    d0:41:2a:ea:44:fa:b3:77:e3:a3:cf:bd:9d:3e:ea:
                    69:76:55:5f:c5:be:09:66:d0:1b:b2:9c:86:fc:56:
                    4b:ba:dd:a5:12:c7:85:a1:15:92:f4:45:89:e3:90:
                    b8:25:47:f7:cf:e3:55:ad:d0:1c:5f:3b:31:27:c7:
                    ea:db:7b:6e:21:4c:7b:72:97:c3:92:8d:26:fb:0f:
                    9b:f7:46:15:bf:5d:b0:5c:f5:ea:87:71:80:8a:00:
                    a7:12:fc:96:aa:97:1c:8c:b8:a5:53:24:00:7e:46:
                    7a:fc:f0:c7:43:7a:3f:e3:eb:61:e3:65:72:e1:5c:
                    48:b4:8c:7e:88:9b:9a:49:f8:d2:4d:d1:a8:49:5e:
                    7b:30:b8:40:48:35:c4:a0:19:7c:0b:bd:0c:56:01:
                    77:4b:b4:62:93:17:a1:8b:8c:a2:c5:c6:43:1e:5f:
                    e1:c9:f9:dd:5e:9c:ff:e3:6a:3b:c0:09:b2:f3:54:
                    fa:c1:3c:65:bf:06:87:8b:40:1f:af:b3:db:a4:2e:
                    8a:8a:32:6e:2b:d9:df:b5:07:63:84:9f:e7:9d:8d:
                    26:dc:af:9f:13:a5:34:55:5e:ce:da:fa:e4:3d:36:
                    52:b0:19:3e:99:21:5d:f1:9c:af:ff:9b:d8:eb:0e:
                    16:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:8E:15:A1:C6:AC:7B:A8:7B:DB:FE:22:4D:8C:68:EE:0A:B4:13:18
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/UY4Vocase6h72_4iTYxo7gq0Exg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.120.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:7f:96:6f:18:24:dd:b3:3b:c9:42:61:f8:bc:93:86:0c:77:
         66:a3:83:23:2e:2f:18:f2:2e:74:0d:7c:6c:a5:d2:3e:f4:b0:
         ed:8d:8b:77:21:ce:0f:b1:51:aa:7e:a0:70:16:06:11:c9:56:
         05:88:cc:60:26:21:06:e1:9b:1e:a0:67:0d:bc:c1:53:2e:7e:
         d0:b4:e7:cb:a5:92:d9:d5:12:91:77:d6:59:e1:e1:86:b2:ed:
         06:9e:f3:b7:81:39:1b:89:04:92:c7:76:e8:a4:18:da:15:73:
         3b:db:09:26:65:7d:63:0d:52:c2:cf:48:aa:ee:95:1d:72:0c:
         bf:a1:84:69:e7:25:68:48:48:50:b1:b4:a7:52:ff:49:af:d3:
         a0:d1:37:66:41:ef:0c:93:6b:33:e8:ea:96:29:42:04:c2:30:
         de:29:96:21:8a:13:a0:0c:fb:4f:90:6a:b4:f9:fa:b2:1d:0a:
         59:ac:93:79:0f:1a:06:63:39:de:b0:64:de:04:5d:ad:e7:54:
         bf:05:05:ae:a2:6d:60:5a:6d:19:ab:09:cc:18:26:b9:43:c0:
         0f:bd:c1:6e:a6:d4:46:b7:70:97:f3:6d:78:93:25:87:95:84:
         02:56:c1:e3:91:f9:8e:3d:c3:b6:96:9c:1b:e8:25:ff:a2:a8:
         7f:61:8f:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXibVD/8iDvwsAiXloHLOkLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjUwMzI5MTUwMjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MThlMTVhMWM2YWM3YmE4N2JkYmZlMjI0ZDhjNjhlZTBhYjQxMzE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqckXDShVa0frCB0NiSjQQSrqRPqz
d+Ojz72dPuppdlVfxb4JZtAbspyG/FZLut2lEseFoRWS9EWJ45C4JUf3z+NVrdAc
XzsxJ8fq23tuIUx7cpfDko0m+w+b90YVv12wXPXqh3GAigCnEvyWqpccjLilUyQA
fkZ6/PDHQ3o/4+th42Vy4VxItIx+iJuaSfjSTdGoSV57MLhASDXEoBl8C70MVgF3
S7Rikxehi4yixcZDHl/hyfndXpz/42o7wAmy81T6wTxlvwaHi0Afr7PbpC6KijJu
K9nftQdjhJ/nnY0m3K+fE6U0VV7O2vrkPTZSsBk+mSFd8Zyv/5vY6w4WoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFGOFaHGrHuoe9v+Ik2MaO4KtBMYMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvVVk0Vm9jYXNlNmg3Ml80aVRZeG83Z3EwRXhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXgPMA0G
CSqGSIb3DQEBCwUAA4IBAQBpf5ZvGCTdszvJQmH4vJOGDHdmo4MjLi8Y8i50DXxs
pdI+9LDtjYt3Ic4PsVGqfqBwFgYRyVYFiMxgJiEG4ZseoGcNvMFTLn7QtOfLpZLZ
1RKRd9ZZ4eGGsu0GnvO3gTkbiQSSx3bopBjaFXM72wkmZX1jDVLCz0iq7pUdcgy/
oYRp5yVoSEhQsbSnUv9Jr9Og0TdmQe8Mk2sz6OqWKUIEwjDeKZYhihOgDPtPkGq0
+fqyHQpZrJN5DxoGYznesGTeBF2t51S/BQWuom1gWm0ZqwnMGCa5Q8APvcFuptRG
t3CX8214kyWHlYQCVsHjkfmOPcO2lpwb6CX/oqh/YY/O
-----END CERTIFICATE-----