Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/1f6073-87b2-4bb3-acb7-5c3db98bf864/1/ugFuorQM8DhT-wz-0vA4nqmcQwE.roa
File:                     ugFuorQM8DhT-wz-0vA4nqmcQwE.roa (raw, json)
Hash identifier:          b33Tld52Z6orIx0s3ge2TfpSdeJbJcXrLaJg2ZbQtPU=
Subject key identifier:   BA:01:6E:A2:B4:0C:F0:38:53:FB:0C:FE:D2:F0:38:9E:A9:9C:43:01
Certificate issuer:       /CN=5598ae5d5f12825a84e6c401c013ca5e5dcd9ec9
Certificate serial:       0194228E17FFEB6495C601246ACA3D82BE69
Authority key identifier: 55:98:AE:5D:5F:12:82:5A:84:E6:C4:01:C0:13:CA:5E:5D:CD:9E:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VZiuXV8SglqE5sQBwBPKXl3Nnsk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/1f6073-87b2-4bb3-acb7-5c3db98bf864/1/ugFuorQM8DhT-wz-0vA4nqmcQwE.roa
Signing time:             Wed 01 Jan 2025 15:48:45 +0000
ROA not before:           Wed 01 Jan 2025 15:48:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        45.157.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/1f6073-87b2-4bb3-acb7-5c3db98bf864/1/VZiuXV8SglqE5sQBwBPKXl3Nnsk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/1f6073-87b2-4bb3-acb7-5c3db98bf864/1/VZiuXV8SglqE5sQBwBPKXl3Nnsk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VZiuXV8SglqE5sQBwBPKXl3Nnsk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:17:ff:eb:64:95:c6:01:24:6a:ca:3d:82:be:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5598ae5d5f12825a84e6c401c013ca5e5dcd9ec9
        Validity
            Not Before: Jan  1 15:48:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ba016ea2b40cf03853fb0cfed2f0389ea99c4301
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:dd:dc:4c:f5:33:52:79:59:e1:cc:81:c3:32:
                    61:6c:20:19:21:cd:bb:db:c8:c1:74:df:cb:a1:3a:
                    82:ef:4f:20:d2:80:f4:43:46:1a:19:88:f1:53:5b:
                    43:f8:b5:04:64:32:3c:3e:e7:b8:1d:b6:a8:41:be:
                    65:8f:10:1c:39:10:51:db:0d:a1:bf:6b:d0:4d:b9:
                    9a:a9:dc:8b:92:33:de:71:e9:ee:19:68:48:b4:91:
                    08:e2:7c:8c:a4:97:b7:0d:45:94:3c:8a:e1:d5:a3:
                    2e:8b:55:c9:3f:f7:51:8f:e2:4e:34:36:6a:d7:3f:
                    be:32:f5:e2:b0:c9:de:ac:ed:ed:d9:57:8a:b7:fd:
                    4d:f0:09:61:55:7b:c4:43:da:8f:45:6e:67:d4:9d:
                    8e:c2:c9:be:88:b3:62:10:6f:13:84:04:7c:e2:ec:
                    ae:f0:33:4e:e0:e3:bb:68:4e:9f:a3:a6:32:3a:a9:
                    15:3c:86:1f:68:3b:2e:72:b7:91:35:d2:b0:0b:4b:
                    e4:25:c2:9f:8a:f5:ea:6a:f6:5e:53:5b:35:b4:26:
                    12:33:cf:92:46:72:af:ca:d3:2a:ab:1b:4a:7d:fa:
                    95:7f:7e:cb:c7:05:f0:20:46:00:ee:64:27:a5:31:
                    e5:c7:f0:07:8d:82:53:ff:42:b4:4b:7b:df:e1:13:
                    a8:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:01:6E:A2:B4:0C:F0:38:53:FB:0C:FE:D2:F0:38:9E:A9:9C:43:01
            X509v3 Authority Key Identifier:
                keyid:55:98:AE:5D:5F:12:82:5A:84:E6:C4:01:C0:13:CA:5E:5D:CD:9E:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VZiuXV8SglqE5sQBwBPKXl3Nnsk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/1f6073-87b2-4bb3-acb7-5c3db98bf864/1/ugFuorQM8DhT-wz-0vA4nqmcQwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/1f6073-87b2-4bb3-acb7-5c3db98bf864/1/VZiuXV8SglqE5sQBwBPKXl3Nnsk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:4e:7a:1a:24:ad:be:97:ca:45:26:8a:79:82:0e:49:96:21:
         ad:36:7b:6a:f3:1f:30:e4:0c:38:8c:d6:0d:29:35:8a:57:23:
         79:8b:ea:2b:57:74:c6:12:bf:bd:e9:f5:ed:fd:93:f1:60:3d:
         86:1b:6b:d9:37:fb:dc:98:6f:8b:88:de:6b:78:a7:86:5f:65:
         fd:58:60:47:97:e8:ea:d5:c9:18:59:64:f3:63:95:19:29:8f:
         c5:21:15:55:01:30:b8:3f:b6:e8:7a:b6:5d:b8:db:44:87:12:
         b8:10:f8:5c:35:22:7e:04:60:ac:1c:d1:e7:21:a5:f4:f2:e9:
         d7:f2:7b:69:cc:99:e3:92:a1:bf:86:4d:3f:6c:81:c6:bc:07:
         76:a5:38:10:3d:f3:93:56:13:38:e4:4b:cd:26:03:02:8c:ef:
         33:39:0e:39:4f:b3:69:ab:8c:10:e2:4c:9a:1a:bf:ce:52:19:
         a8:c4:ef:47:63:d0:48:36:cb:75:ed:96:38:5a:e7:be:65:ae:
         37:f3:28:e7:1a:4c:bc:59:b7:73:a2:6e:8c:e6:3b:3f:f3:8e:
         99:a9:b3:a0:f6:2d:5a:00:cf:51:53:74:31:83:2e:87:92:24:
         64:c1:bb:41:bd:d0:c3:cf:24:37:b2:ae:84:e7:67:9a:ed:f5:
         73:c5:61:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijhf/62SVxgEkaso9gr5pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1OThhZTVkNWYxMjgyNWE4NGU2YzQwMWMwMTNjYTVlNWRj
ZDllYzkwHhcNMjUwMTAxMTU0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTAxNmVhMmI0MGNmMDM4NTNmYjBjZmVkMmYwMzg5ZWE5OWM0MzAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7d3cTPUzUnlZ4cyBwzJhbCAZIc27
28jBdN/LoTqC708g0oD0Q0YaGYjxU1tD+LUEZDI8Pue4HbaoQb5ljxAcORBR2w2h
v2vQTbmaqdyLkjPecenuGWhItJEI4nyMpJe3DUWUPIrh1aMui1XJP/dRj+JONDZq
1z++MvXisMnerO3t2VeKt/1N8AlhVXvEQ9qPRW5n1J2Owsm+iLNiEG8ThAR84uyu
8DNO4OO7aE6fo6YyOqkVPIYfaDsucreRNdKwC0vkJcKfivXqavZeU1s1tCYSM8+S
RnKvytMqqxtKffqVf37LxwXwIEYA7mQnpTHlx/AHjYJT/0K0S3vf4ROouwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLoBbqK0DPA4U/sM/tLwOJ6pnEMBMB8GA1UdIwQY
MBaAFFWYrl1fEoJahObEAcATyl5dzZ7JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlppdVhWOFNnbHFFNXNRQndCUEtYbDNObnNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8xZjYwNzMtODdiMi00YmIzLWFjYjct
NWMzZGI5OGJmODY0LzEvdWdGdW9yUU04RGhULXd6LTB2QTRucW1jUXdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8xZjYwNzMtODdiMi00YmIzLWFjYjctNWMzZGI5OGJmODY0
LzEvVlppdVhWOFNnbHFFNXNRQndCUEtYbDNObnNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ01MA0G
CSqGSIb3DQEBCwUAA4IBAQAJTnoaJK2+l8pFJop5gg5JliGtNntq8x8w5Aw4jNYN
KTWKVyN5i+orV3TGEr+96fXt/ZPxYD2GG2vZN/vcmG+LiN5reKeGX2X9WGBHl+jq
1ckYWWTzY5UZKY/FIRVVATC4P7boerZduNtEhxK4EPhcNSJ+BGCsHNHnIaX08unX
8ntpzJnjkqG/hk0/bIHGvAd2pTgQPfOTVhM45EvNJgMCjO8zOQ45T7Npq4wQ4kya
Gr/OUhmoxO9HY9BINst17ZY4Wue+Za438yjnGky8Wbdzom6M5js/846ZqbOg9i1a
AM9RU3Qxgy6HkiRkwbtBvdDDzyQ3sq6E52ea7fVzxWGK
-----END CERTIFICATE-----