Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/c251f1-cb70-4283-8433-8c9fcbb3ec52/1/uDDSIBamhzWkhMClbzH_9oqf3KA.roa
File:                     uDDSIBamhzWkhMClbzH_9oqf3KA.roa (raw, json)
Hash identifier:          m1HA6uhPnc0quVohM65OVF8eaR3/NxsjEYFcU7UUjUA=
Subject key identifier:   B8:30:D2:20:16:A6:87:35:A4:84:C0:A5:6F:31:FF:F6:8A:9F:DC:A0
Certificate issuer:       /CN=932460b78f6e8f4662aec7858e92051e856099f5
Certificate serial:       01941FFA3456105C9941DF5594C83E7A8815
Authority key identifier: 93:24:60:B7:8F:6E:8F:46:62:AE:C7:85:8E:92:05:1E:85:60:99:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kyRgt49uj0ZirseFjpIFHoVgmfU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/c251f1-cb70-4283-8433-8c9fcbb3ec52/1/uDDSIBamhzWkhMClbzH_9oqf3KA.roa
Signing time:             Wed 01 Jan 2025 03:47:58 +0000
ROA not before:           Wed 01 Jan 2025 03:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1299
IP address blocks:        185.161.88.0/22 maxlen: 24
                          2a00:ddc0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/c251f1-cb70-4283-8433-8c9fcbb3ec52/1/kyRgt49uj0ZirseFjpIFHoVgmfU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/c251f1-cb70-4283-8433-8c9fcbb3ec52/1/kyRgt49uj0ZirseFjpIFHoVgmfU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kyRgt49uj0ZirseFjpIFHoVgmfU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:34:56:10:5c:99:41:df:55:94:c8:3e:7a:88:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=932460b78f6e8f4662aec7858e92051e856099f5
        Validity
            Not Before: Jan  1 03:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b830d22016a68735a484c0a56f31fff68a9fdca0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:26:b9:11:6c:d3:54:e6:48:e5:f2:41:12:84:
                    8c:13:73:d3:78:2f:53:d2:b5:b1:32:3c:74:7d:44:
                    82:5f:41:1b:2d:4f:12:8e:ce:c1:6f:ff:b4:85:8a:
                    a3:3c:24:32:56:a2:a9:af:0f:23:20:9d:7e:81:f1:
                    ab:31:f4:a0:bd:b2:5e:79:04:9c:ea:39:2c:56:5e:
                    f9:22:82:6e:7f:89:34:f7:ef:f0:df:b0:61:cd:38:
                    9b:41:d7:77:33:33:94:fe:ee:1f:8c:91:32:59:88:
                    85:0c:d4:db:33:1b:bb:b3:49:91:92:1a:e2:6a:36:
                    3d:aa:68:52:07:f4:79:eb:9d:b1:ba:46:14:c4:82:
                    d3:fe:f0:19:61:15:22:25:79:15:9d:62:07:0c:9d:
                    97:eb:37:42:1a:a0:d5:68:ef:d1:74:9d:79:aa:1f:
                    f6:e2:46:a2:c5:a3:05:23:b7:47:af:79:2d:fb:0b:
                    d7:54:89:4b:24:e9:da:2e:0b:a0:eb:3f:1d:12:2e:
                    ca:5c:06:a9:46:e1:01:2b:f0:23:17:79:98:96:99:
                    f5:0f:1d:87:07:78:9b:d4:6d:96:ad:61:5f:0c:d9:
                    5c:ee:17:be:83:54:98:e5:b0:25:58:a0:48:ef:d1:
                    65:a2:06:15:de:53:74:9f:aa:d7:9a:ce:fd:b6:25:
                    d3:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:30:D2:20:16:A6:87:35:A4:84:C0:A5:6F:31:FF:F6:8A:9F:DC:A0
            X509v3 Authority Key Identifier:
                keyid:93:24:60:B7:8F:6E:8F:46:62:AE:C7:85:8E:92:05:1E:85:60:99:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kyRgt49uj0ZirseFjpIFHoVgmfU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/c251f1-cb70-4283-8433-8c9fcbb3ec52/1/uDDSIBamhzWkhMClbzH_9oqf3KA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/c251f1-cb70-4283-8433-8c9fcbb3ec52/1/kyRgt49uj0ZirseFjpIFHoVgmfU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.88.0/22
                IPv6:
                  2a00:ddc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         30:89:47:66:ea:e2:77:32:1a:3e:bb:8d:01:8e:21:ae:4a:82:
         e1:4e:61:d7:c9:75:94:be:57:9e:30:46:df:59:71:fd:86:8d:
         07:8a:46:f2:b4:82:01:92:69:1d:ca:d6:08:ed:38:0f:6b:74:
         a9:42:1b:78:b1:6d:18:43:c2:60:16:7f:94:35:81:0a:eb:e8:
         32:d5:e5:f5:03:55:a3:00:b5:ca:c6:f9:e7:fe:09:ae:0c:d1:
         b3:32:5c:a9:06:1a:2a:b1:8a:54:0f:03:a1:35:b2:96:7f:32:
         6c:62:98:af:a5:82:e7:0b:c6:34:1d:af:d5:1a:9b:f8:95:7e:
         35:f9:d6:8a:0c:fc:b2:32:9d:20:49:ea:42:3c:37:a4:d2:11:
         9f:af:06:84:70:9c:1a:09:3e:98:a5:7d:66:0a:ad:5e:fc:73:
         e1:d8:2e:a3:ec:0c:3b:ae:32:d5:38:3d:ce:d8:72:32:1b:27:
         fb:a6:0a:00:42:d1:1c:5d:66:af:55:a7:35:4b:9a:0e:a5:a0:
         2a:d7:f0:54:1c:e9:87:e1:f4:ea:b6:e6:a5:f7:ee:97:00:93:
         00:9e:b7:9e:b9:01:a9:5b:c6:fd:8d:f3:a8:f4:f1:2e:0c:1b:
         56:3d:be:98:d1:e5:d5:ab:8a:3b:f1:2d:67:09:01:63:f8:28:
         f6:e1:65:4c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQf+jRWEFyZQd9VlMg+eogVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzMjQ2MGI3OGY2ZThmNDY2MmFlYzc4NThlOTIwNTFlODU2
MDk5ZjUwHhcNMjUwMTAxMDM0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODMwZDIyMDE2YTY4NzM1YTQ4NGMwYTU2ZjMxZmZmNjhhOWZkY2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCa5EWzTVOZI5fJBEoSME3PTeC9T
0rWxMjx0fUSCX0EbLU8Sjs7Bb/+0hYqjPCQyVqKprw8jIJ1+gfGrMfSgvbJeeQSc
6jksVl75IoJuf4k09+/w37BhzTibQdd3MzOU/u4fjJEyWYiFDNTbMxu7s0mRkhri
ajY9qmhSB/R5652xukYUxILT/vAZYRUiJXkVnWIHDJ2X6zdCGqDVaO/RdJ15qh/2
4kaixaMFI7dHr3kt+wvXVIlLJOnaLgug6z8dEi7KXAapRuEBK/AjF3mYlpn1Dx2H
B3ib1G2WrWFfDNlc7he+g1SY5bAlWKBI79FlogYV3lN0n6rXms79tiXTVQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLgw0iAWpoc1pITApW8x//aKn9ygMB8GA1UdIwQY
MBaAFJMkYLePbo9GYq7HhY6SBR6FYJn1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3lSZ3Q0OXVqMFppcnNlRmpwSUZIb1ZnbWZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9jMjUxZjEtY2I3MC00MjgzLTg0MzMt
OGM5ZmNiYjNlYzUyLzEvdUREU0lCYW1oeldraE1DbGJ6SF85b3FmM0tBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9jMjUxZjEtY2I3MC00MjgzLTg0MzMtOGM5ZmNiYjNlYzUy
LzEva3lSZ3Q0OXVqMFppcnNlRmpwSUZIb1ZnbWZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuaFYMA0E
AgACMAcDBQAqAN3AMA0GCSqGSIb3DQEBCwUAA4IBAQAwiUdm6uJ3Mho+u40BjiGu
SoLhTmHXyXWUvleeMEbfWXH9ho0HikbytIIBkmkdytYI7TgPa3SpQht4sW0YQ8Jg
Fn+UNYEK6+gy1eX1A1WjALXKxvnn/gmuDNGzMlypBhoqsYpUDwOhNbKWfzJsYpiv
pYLnC8Y0Ha/VGpv4lX41+daKDPyyMp0gSepCPDek0hGfrwaEcJwaCT6YpX1mCq1e
/HPh2C6j7Aw7rjLVOD3O2HIyGyf7pgoAQtEcXWavVac1S5oOpaAq1/BUHOmH4fTq
tual9+6XAJMAnreeuQGpW8b9jfOo9PEuDBtWPb6Y0eXVq4o78S1nCQFj+Cj24WVM
-----END CERTIFICATE-----