Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/uIR1LHytGLxBG-m1ItF5Gb4YgNQ.roa
File:                     uIR1LHytGLxBG-m1ItF5Gb4YgNQ.roa (raw, json)
Hash identifier:          yQTESteGBiq2xFU7IEuig4foaZ//mHQWxPJKt2rISCc=
Subject key identifier:   B8:84:75:2C:7C:AD:18:BC:41:1B:E9:B5:22:D1:79:19:BE:18:80:D4
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       0194EBF52A8695A7D42DB2E4C5660C0E8024
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/uIR1LHytGLxBG-m1ItF5Gb4YgNQ.roa
Signing time:             Sun 09 Feb 2025 18:25:00 +0000
ROA not before:           Sun 09 Feb 2025 18:25:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52423
IP address blocks:        185.190.80.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 03:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:eb:f5:2a:86:95:a7:d4:2d:b2:e4:c5:66:0c:0e:80:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Feb  9 18:25:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b884752c7cad18bc411be9b522d17919be1880d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:5d:6b:5e:7d:67:5c:94:d8:83:78:88:37:34:
                    e9:37:2c:a7:a7:39:ce:cb:15:d9:c0:f4:b1:4f:ac:
                    68:34:ae:86:d6:68:18:af:1f:ca:cc:1f:88:a2:7c:
                    46:2b:18:9e:71:73:80:aa:f6:e9:af:cf:06:ce:9a:
                    68:65:a5:f7:a5:98:00:c6:94:bd:9f:41:d8:61:3c:
                    5c:8e:c5:bd:1a:e7:40:a8:37:66:23:d4:5b:62:cc:
                    c3:95:63:70:0e:92:f6:d6:66:4f:f8:b8:f0:bf:08:
                    62:0a:c9:b9:cc:06:39:ef:77:e3:83:40:2d:06:4b:
                    24:a1:a8:56:2e:4e:4a:38:3f:fb:fa:3b:dd:4a:3c:
                    89:e7:82:6f:f9:f4:ea:23:23:28:f7:74:7a:fe:3a:
                    46:47:6d:77:b0:c8:da:9c:d3:99:0a:89:e8:1e:69:
                    7c:7d:42:c9:68:46:c2:ed:2c:ed:d0:3b:6f:15:bb:
                    3f:a7:86:71:87:4f:34:0d:e1:48:66:11:f0:66:7a:
                    43:24:c7:b7:d5:9b:0f:b5:b4:95:3c:99:a0:1c:dd:
                    57:8f:1d:7c:a9:f0:f6:f2:f9:16:f4:1a:cf:5a:d7:
                    c8:3e:36:34:82:e5:07:1e:43:25:39:55:fe:52:cf:
                    b5:55:2a:53:f6:9f:93:c4:14:0a:00:77:98:1c:1a:
                    06:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:84:75:2C:7C:AD:18:BC:41:1B:E9:B5:22:D1:79:19:BE:18:80:D4
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/uIR1LHytGLxBG-m1ItF5Gb4YgNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.190.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cb:a0:da:6a:14:5a:62:78:90:4b:6a:29:72:dc:9a:5e:a2:b0:
         3f:0e:4a:5e:f8:cb:15:56:21:0a:fc:df:43:e3:f6:b2:8d:01:
         85:02:3b:99:5a:d9:09:87:2e:d6:78:71:c6:f3:8b:97:22:de:
         84:7e:a5:5a:b3:89:d2:a9:3d:05:f3:f6:69:cd:ca:df:db:33:
         25:e8:35:f9:3d:bf:e1:75:f1:fd:81:21:c3:73:0b:e9:57:4a:
         be:ff:50:8d:e2:2c:bb:f9:0a:43:bd:67:ce:54:eb:82:ab:50:
         08:24:fe:34:ea:34:9f:ca:aa:36:b6:d4:a6:db:c1:22:71:99:
         4e:68:29:c8:b6:84:39:01:a0:b2:af:d0:94:15:6e:51:33:a4:
         0c:6e:a2:fd:04:70:15:9d:26:fa:a4:3b:e6:d0:ad:1c:d5:8e:
         28:4f:29:c2:a4:c2:db:20:96:ba:f7:4e:b5:8a:25:f0:52:46:
         2a:29:05:66:af:dc:cb:f4:96:21:63:9c:62:4b:51:72:39:d4:
         4e:e2:5d:1c:3e:3a:3a:93:23:e5:e5:9e:a3:50:95:28:ec:c9:
         77:32:2e:d3:1a:ee:f5:cc:a5:b1:1e:63:a3:48:93:1e:96:13:
         59:c2:70:be:16:cd:57:95:d9:e5:a2:ab:a2:5f:f7:39:26:ac:
         fb:c5:05:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZTr9SqGlafULbLkxWYMDoAkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjUwMjA5MTgyNTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODg0NzUyYzdjYWQxOGJjNDExYmU5YjUyMmQxNzkxOWJlMTg4MGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5F1rXn1nXJTYg3iINzTpNyynpznO
yxXZwPSxT6xoNK6G1mgYrx/KzB+IonxGKxiecXOAqvbpr88GzppoZaX3pZgAxpS9
n0HYYTxcjsW9GudAqDdmI9RbYszDlWNwDpL21mZP+LjwvwhiCsm5zAY573fjg0At
BkskoahWLk5KOD/7+jvdSjyJ54Jv+fTqIyMo93R6/jpGR213sMjanNOZConoHml8
fULJaEbC7Szt0DtvFbs/p4Zxh080DeFIZhHwZnpDJMe31ZsPtbSVPJmgHN1Xjx18
qfD28vkW9BrPWtfIPjY0guUHHkMlOVX+Us+1VSpT9p+TxBQKAHeYHBoGWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLiEdSx8rRi8QRvptSLReRm+GIDUMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvdUlSMUxIeXRHTHhCRy1tMUl0RjVHYjRZZ05RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAub5QMA0G
CSqGSIb3DQEBCwUAA4IBAQDLoNpqFFpieJBLaily3JpeorA/Dkpe+MsVViEK/N9D
4/ayjQGFAjuZWtkJhy7WeHHG84uXIt6EfqVas4nSqT0F8/Zpzcrf2zMl6DX5Pb/h
dfH9gSHDcwvpV0q+/1CN4iy7+QpDvWfOVOuCq1AIJP406jSfyqo2ttSm28EicZlO
aCnItoQ5AaCyr9CUFW5RM6QMbqL9BHAVnSb6pDvm0K0c1Y4oTynCpMLbIJa69061
iiXwUkYqKQVmr9zL9JYhY5xiS1FyOdRO4l0cPjo6kyPl5Z6jUJUo7Ml3Mi7TGu71
zKWxHmOjSJMelhNZwnC+Fs1XldnloquiX/c5Jqz7xQXT
-----END CERTIFICATE-----