Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/5260d0-1855-4f30-b8ef-7c998079a6a9/1/UHa0PUrVvlqJmfxBpJVCi2m-y4g.roa
File:                     UHa0PUrVvlqJmfxBpJVCi2m-y4g.roa (raw, json)
Hash identifier:          k2wV1z1hH+x/xLCT2XUUrUL5LqUbzcz6dyzMF+S+UWA=
Subject key identifier:   50:76:B4:3D:4A:D5:BE:5A:89:99:FC:41:A4:95:42:8B:69:BE:CB:88
Certificate issuer:       /CN=5cfe3881f3c44774f51cc75ee7e6f91c5565a606
Certificate serial:       019423D6C3857A13743678F14E87C199DFDB
Authority key identifier: 5C:FE:38:81:F3:C4:47:74:F5:1C:C7:5E:E7:E6:F9:1C:55:65:A6:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XP44gfPER3T1HMde5-b5HFVlpgY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/5260d0-1855-4f30-b8ef-7c998079a6a9/1/UHa0PUrVvlqJmfxBpJVCi2m-y4g.roa
Signing time:             Wed 01 Jan 2025 21:47:44 +0000
ROA not before:           Wed 01 Jan 2025 21:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61162
IP address blocks:        185.133.68.0/22 maxlen: 24
                          193.104.32.0/24 maxlen: 24
                          2a05:2440::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/5260d0-1855-4f30-b8ef-7c998079a6a9/1/XP44gfPER3T1HMde5-b5HFVlpgY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/5260d0-1855-4f30-b8ef-7c998079a6a9/1/XP44gfPER3T1HMde5-b5HFVlpgY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XP44gfPER3T1HMde5-b5HFVlpgY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:c3:85:7a:13:74:36:78:f1:4e:87:c1:99:df:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5cfe3881f3c44774f51cc75ee7e6f91c5565a606
        Validity
            Not Before: Jan  1 21:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5076b43d4ad5be5a8999fc41a495428b69becb88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:8e:82:90:67:dc:00:be:9c:c7:71:f6:e1:ce:
                    19:fd:25:5d:1f:de:1e:ef:06:2f:02:b0:87:c2:33:
                    25:38:09:41:2d:b8:27:ce:1f:45:3e:55:29:3e:4c:
                    ae:72:1f:84:08:8f:7d:17:1c:4f:42:00:e2:12:68:
                    2c:04:99:ad:4b:83:89:d8:2e:e4:7d:25:66:f3:e3:
                    69:1f:82:e4:e5:01:43:17:6b:3d:f7:62:fa:ec:58:
                    8d:9b:d3:ce:7a:2f:02:a7:48:86:45:c5:fe:58:23:
                    0d:2c:8b:3f:fd:e3:2e:7b:56:c6:4d:df:52:76:4b:
                    ef:ae:90:7e:62:1b:1a:17:a8:cb:4e:4c:83:39:c7:
                    52:48:31:35:a3:8e:3a:e5:ac:3b:c9:b4:93:f4:5c:
                    35:33:e4:4d:ad:3e:ec:03:18:22:24:3c:5c:93:7b:
                    71:b6:b9:74:96:41:dd:cd:d1:50:6d:c5:39:75:f6:
                    15:eb:4d:7f:95:c1:54:76:d3:b9:a2:9d:c1:50:a4:
                    96:3b:e7:8a:b6:66:46:e9:0a:a2:ea:b4:5a:87:9b:
                    36:92:fd:5f:93:80:70:b9:1a:b3:42:39:83:5b:3f:
                    7e:23:70:28:76:af:ce:ee:b2:35:99:1a:66:21:86:
                    f2:49:6a:c3:f6:6f:35:db:4c:51:87:f1:1b:59:db:
                    31:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:76:B4:3D:4A:D5:BE:5A:89:99:FC:41:A4:95:42:8B:69:BE:CB:88
            X509v3 Authority Key Identifier:
                keyid:5C:FE:38:81:F3:C4:47:74:F5:1C:C7:5E:E7:E6:F9:1C:55:65:A6:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XP44gfPER3T1HMde5-b5HFVlpgY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/5260d0-1855-4f30-b8ef-7c998079a6a9/1/UHa0PUrVvlqJmfxBpJVCi2m-y4g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/5260d0-1855-4f30-b8ef-7c998079a6a9/1/XP44gfPER3T1HMde5-b5HFVlpgY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.133.68.0/22
                  193.104.32.0/24
                IPv6:
                  2a05:2440::/29

    Signature Algorithm: sha256WithRSAEncryption
         0a:47:8a:8d:7c:fd:7c:4f:c7:24:5f:8c:c1:35:c8:35:a7:7c:
         eb:a2:89:c1:50:0a:c7:c1:e9:4e:57:08:d3:28:72:9f:14:47:
         84:40:cc:dc:d7:a3:ad:3f:2b:d7:24:c6:73:d0:7f:47:92:62:
         93:29:b5:7f:09:34:1e:79:7a:7e:e8:92:a6:69:e0:07:af:1f:
         cb:a4:d8:88:cd:0d:9a:bb:ce:55:56:2b:b2:8e:e7:ff:88:54:
         da:6b:e1:de:d6:5d:61:42:86:f5:eb:5e:2e:ab:7d:2e:15:32:
         b7:a9:f7:5d:4f:d3:64:82:b3:39:ba:9a:ec:2d:3d:45:44:89:
         93:a0:97:4f:c6:b3:68:9d:6d:12:ec:a5:ab:16:35:4b:d4:71:
         63:b4:05:0f:ec:27:66:cd:97:12:a1:3d:d7:d1:73:e4:5f:bc:
         d8:2f:c4:d5:a3:2a:fc:37:c6:91:00:c8:88:41:b0:ef:18:ec:
         df:f9:17:d0:68:83:17:35:33:48:85:a7:e8:87:ff:a4:17:e5:
         9b:ec:4d:b2:35:99:c8:fe:9d:f4:bd:21:9f:63:90:60:06:2d:
         51:ec:71:d3:76:3a:6e:41:3a:e8:19:ac:db:1a:c0:59:e5:fd:
         a4:21:30:60:0e:51:9c:ea:9b:e1:0d:f3:f7:a1:11:2a:6e:ce:
         5d:2f:d3:4e
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQj1sOFehN0NnjxTofBmd/bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjZmUzODgxZjNjNDQ3NzRmNTFjYzc1ZWU3ZTZmOTFjNTU2
NWE2MDYwHhcNMjUwMTAxMjE0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDc2YjQzZDRhZDViZTVhODk5OWZjNDFhNDk1NDI4YjY5YmVjYjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmo6CkGfcAL6cx3H24c4Z/SVdH94e
7wYvArCHwjMlOAlBLbgnzh9FPlUpPkyuch+ECI99FxxPQgDiEmgsBJmtS4OJ2C7k
fSVm8+NpH4Lk5QFDF2s992L67FiNm9POei8Cp0iGRcX+WCMNLIs//eMue1bGTd9S
dkvvrpB+YhsaF6jLTkyDOcdSSDE1o4465aw7ybST9Fw1M+RNrT7sAxgiJDxck3tx
trl0lkHdzdFQbcU5dfYV601/lcFUdtO5op3BUKSWO+eKtmZG6Qqi6rRah5s2kv1f
k4BwuRqzQjmDWz9+I3Aodq/O7rI1mRpmIYbySWrD9m8120xRh/EbWdsx5wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFB2tD1K1b5aiZn8QaSVQotpvsuIMB8GA1UdIwQY
MBaAFFz+OIHzxEd09RzHXufm+RxVZaYGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFA0NGdmUEVSM1QxSE1kZTUtYjVIRlZscGdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS81MjYwZDAtMTg1NS00ZjMwLWI4ZWYt
N2M5OTgwNzlhNmE5LzEvVUhhMFBVclZ2bHFKbWZ4QnBKVkNpMm0teTRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS81MjYwZDAtMTg1NS00ZjMwLWI4ZWYtN2M5OTgwNzlhNmE5
LzEvWFA0NGdmUEVSM1QxSE1kZTUtYjVIRlZscGdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuYVEAwQA
wWggMA0EAgACMAcDBQMqBSRAMA0GCSqGSIb3DQEBCwUAA4IBAQAKR4qNfP18T8ck
X4zBNcg1p3zroonBUArHwelOVwjTKHKfFEeEQMzc16OtPyvXJMZz0H9HkmKTKbV/
CTQeeXp+6JKmaeAHrx/LpNiIzQ2au85VViuyjuf/iFTaa+He1l1hQob1614uq30u
FTK3qfddT9NkgrM5uprsLT1FRImToJdPxrNonW0S7KWrFjVL1HFjtAUP7CdmzZcS
oT3X0XPkX7zYL8TVoyr8N8aRAMiIQbDvGOzf+RfQaIMXNTNIhafoh/+kF+Wb7E2y
NZnI/p30vSGfY5BgBi1R7HHTdjpuQTroGazbGsBZ5f2kITBgDlGc6pvhDfP3oREq
bs5dL9NO
-----END CERTIFICATE-----