Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/546c7e-d840-4e54-9223-534ebeef3389/1/UxsTUJ3i3bRyx6hBigKTh5V_pzI.roa
File:                     UxsTUJ3i3bRyx6hBigKTh5V_pzI.roa (raw, json)
Hash identifier:          hCyMOI3ro18CpyVh9ARwQzWK3Oa2vshWDEi2X+gYh7I=
Subject key identifier:   53:1B:13:50:9D:E2:DD:B4:72:C7:A8:41:8A:02:93:87:95:7F:A7:32
Certificate issuer:       /CN=10eedc33aa442907189f0b3c563836951fb185bb
Certificate serial:       01942369EB30415A48236B2444E49DD1E343
Authority key identifier: 10:EE:DC:33:AA:44:29:07:18:9F:0B:3C:56:38:36:95:1F:B1:85:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EO7cM6pEKQcYnws8Vjg2lR-xhbs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/546c7e-d840-4e54-9223-534ebeef3389/1/UxsTUJ3i3bRyx6hBigKTh5V_pzI.roa
Signing time:             Wed 01 Jan 2025 19:48:51 +0000
ROA not before:           Wed 01 Jan 2025 19:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207094
IP address blocks:        185.165.220.0/22 maxlen: 24
                          185.165.220.0/24 maxlen: 24
                          185.165.221.0/24 maxlen: 24
                          185.165.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/546c7e-d840-4e54-9223-534ebeef3389/1/EO7cM6pEKQcYnws8Vjg2lR-xhbs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/546c7e-d840-4e54-9223-534ebeef3389/1/EO7cM6pEKQcYnws8Vjg2lR-xhbs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EO7cM6pEKQcYnws8Vjg2lR-xhbs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Apr 2025 04:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:eb:30:41:5a:48:23:6b:24:44:e4:9d:d1:e3:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10eedc33aa442907189f0b3c563836951fb185bb
        Validity
            Not Before: Jan  1 19:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=531b13509de2ddb472c7a8418a029387957fa732
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:db:e8:2f:d5:df:ef:2e:ef:85:bd:92:a3:23:
                    8b:a8:b2:1c:1b:31:ea:f5:83:6b:85:c2:d3:b9:6d:
                    6d:0d:39:4f:db:c2:66:24:3f:69:13:bc:16:d1:b1:
                    a2:ba:9f:fc:e5:d9:76:f7:4a:98:b9:9d:3b:e9:07:
                    c2:91:13:5b:2b:1f:1c:63:5c:32:b5:ab:9f:c8:3d:
                    1f:d2:4b:5a:9a:06:6f:f5:cc:bf:fb:ee:96:51:11:
                    0e:1a:f4:e2:d8:39:47:bd:4b:74:88:7a:4f:1e:12:
                    2e:12:88:0e:a7:cf:0d:40:4a:0f:22:c1:b4:4b:d6:
                    d3:00:10:80:18:ee:69:05:71:9f:b0:57:04:7f:63:
                    2b:99:37:0a:d1:0a:b8:01:1d:44:5c:1d:d5:bf:90:
                    9b:50:ee:b3:aa:74:36:4c:62:3a:e5:1e:8e:4f:e3:
                    13:87:98:61:08:ce:91:65:8d:50:56:b1:77:a1:61:
                    ce:7f:ab:76:56:05:0d:77:c8:39:0e:e6:ac:49:06:
                    7b:fc:ac:fc:7a:ac:92:b0:d5:5d:be:e0:96:c6:9a:
                    1f:0f:f8:43:f7:1e:1f:f6:d6:90:89:6a:38:5a:ad:
                    7c:72:66:e3:8b:38:d5:97:e3:3a:aa:70:a7:75:5c:
                    75:e5:fc:c3:05:5d:ef:11:c4:c8:8d:6b:db:13:f5:
                    43:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:1B:13:50:9D:E2:DD:B4:72:C7:A8:41:8A:02:93:87:95:7F:A7:32
            X509v3 Authority Key Identifier:
                keyid:10:EE:DC:33:AA:44:29:07:18:9F:0B:3C:56:38:36:95:1F:B1:85:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EO7cM6pEKQcYnws8Vjg2lR-xhbs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/546c7e-d840-4e54-9223-534ebeef3389/1/UxsTUJ3i3bRyx6hBigKTh5V_pzI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/546c7e-d840-4e54-9223-534ebeef3389/1/EO7cM6pEKQcYnws8Vjg2lR-xhbs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.165.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         77:fe:fa:90:8d:20:49:28:1a:22:24:f9:54:ac:f6:45:a0:92:
         77:7f:ed:f9:6f:90:5e:73:c5:f2:10:fa:99:59:a9:19:09:38:
         06:8c:d1:aa:d7:c5:eb:5e:45:8e:b0:e5:6b:ef:89:ee:82:f3:
         0c:04:25:97:03:9e:1f:f3:4d:0c:0e:ff:f1:b1:d0:4c:a8:8f:
         d0:38:83:95:72:d5:5d:19:18:57:45:06:af:54:c7:d4:53:4f:
         dd:e0:74:29:99:4c:a4:b9:60:c6:4d:c3:ab:a4:78:01:87:0b:
         8d:3c:c3:10:45:8b:32:09:af:f7:98:eb:07:5b:ae:4a:20:61:
         ca:67:0e:c0:e1:3c:09:aa:66:cd:25:1f:6f:c7:58:4e:85:ab:
         34:55:72:d3:27:d4:58:b5:69:0f:40:ba:e9:97:29:ee:13:39:
         b7:3d:82:3d:9f:b3:cf:4f:80:43:50:f4:10:76:a0:76:3e:53:
         e0:2b:ee:b2:4e:1b:96:70:07:65:cd:4c:fe:75:4b:5b:aa:2c:
         13:86:e3:f5:e7:ee:99:05:45:be:77:fc:16:cc:c7:1a:5c:f8:
         78:d0:24:b1:02:9e:f9:69:43:ed:1d:49:93:1c:a5:b1:aa:d4:
         a7:11:e7:9f:97:f4:66:0f:92:f7:e6:8e:ca:12:64:1a:00:c8:
         a8:1e:3d:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaeswQVpII2skROSd0eNDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwZWVkYzMzYWE0NDI5MDcxODlmMGIzYzU2MzgzNjk1MWZi
MTg1YmIwHhcNMjUwMTAxMTk0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzFiMTM1MDlkZTJkZGI0NzJjN2E4NDE4YTAyOTM4Nzk1N2ZhNzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNvoL9Xf7y7vhb2SoyOLqLIcGzHq
9YNrhcLTuW1tDTlP28JmJD9pE7wW0bGiup/85dl290qYuZ076QfCkRNbKx8cY1wy
taufyD0f0ktamgZv9cy/++6WUREOGvTi2DlHvUt0iHpPHhIuEogOp88NQEoPIsG0
S9bTABCAGO5pBXGfsFcEf2MrmTcK0Qq4AR1EXB3Vv5CbUO6zqnQ2TGI65R6OT+MT
h5hhCM6RZY1QVrF3oWHOf6t2VgUNd8g5DuasSQZ7/Kz8eqySsNVdvuCWxpofD/hD
9x4f9taQiWo4Wq18cmbjizjVl+M6qnCndVx15fzDBV3vEcTIjWvbE/VDRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFMbE1Cd4t20cseoQYoCk4eVf6cyMB8GA1UdIwQY
MBaAFBDu3DOqRCkHGJ8LPFY4NpUfsYW7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRU83Y002cEVLUWNZbndzOFZqZzJsUi14aGJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy81NDZjN2UtZDg0MC00ZTU0LTkyMjMt
NTM0ZWJlZWYzMzg5LzEvVXhzVFVKM2kzYlJ5eDZoQmlnS1RoNVZfcHpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy81NDZjN2UtZDg0MC00ZTU0LTkyMjMtNTM0ZWJlZWYzMzg5
LzEvRU83Y002cEVLUWNZbndzOFZqZzJsUi14aGJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaXcMA0G
CSqGSIb3DQEBCwUAA4IBAQB3/vqQjSBJKBoiJPlUrPZFoJJ3f+35b5Bec8XyEPqZ
WakZCTgGjNGq18XrXkWOsOVr74nugvMMBCWXA54f800MDv/xsdBMqI/QOIOVctVd
GRhXRQavVMfUU0/d4HQpmUykuWDGTcOrpHgBhwuNPMMQRYsyCa/3mOsHW65KIGHK
Zw7A4TwJqmbNJR9vx1hOhas0VXLTJ9RYtWkPQLrplynuEzm3PYI9n7PPT4BDUPQQ
dqB2PlPgK+6yThuWcAdlzUz+dUtbqiwThuP15+6ZBUW+d/wWzMcaXPh40CSxAp75
aUPtHUmTHKWxqtSnEeefl/RmD5L35o7KEmQaAMioHj08
-----END CERTIFICATE-----