Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/a0b63e-1166-46b5-9e3e-38b5d1788007/1/UZvnE-CaTB9qoHVdVXMgB-LiNEM.roa
File:                     UZvnE-CaTB9qoHVdVXMgB-LiNEM.roa (raw, json)
Hash identifier:          Ycg6B0Rffq0DfziTHdPyE76c/wB4R/dWXA7Fjbacvbs=
Subject key identifier:   51:9B:E7:13:E0:9A:4C:1F:6A:A0:75:5D:55:73:20:07:E2:E2:34:43
Certificate issuer:       /CN=2aa3c99ff58b8f733ef2c62a7772c0c1f29e57fc
Certificate serial:       019426D9644F181159D3C47151088141C8D9
Authority key identifier: 2A:A3:C9:9F:F5:8B:8F:73:3E:F2:C6:2A:77:72:C0:C1:F2:9E:57:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KqPJn_WLj3M-8sYqd3LAwfKeV_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/a0b63e-1166-46b5-9e3e-38b5d1788007/1/UZvnE-CaTB9qoHVdVXMgB-LiNEM.roa
Signing time:             Thu 02 Jan 2025 11:49:28 +0000
ROA not before:           Thu 02 Jan 2025 11:49:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42334
IP address blocks:        185.236.204.0/24 maxlen: 24
                          185.236.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/a0b63e-1166-46b5-9e3e-38b5d1788007/1/KqPJn_WLj3M-8sYqd3LAwfKeV_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/a0b63e-1166-46b5-9e3e-38b5d1788007/1/KqPJn_WLj3M-8sYqd3LAwfKeV_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KqPJn_WLj3M-8sYqd3LAwfKeV_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:64:4f:18:11:59:d3:c4:71:51:08:81:41:c8:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2aa3c99ff58b8f733ef2c62a7772c0c1f29e57fc
        Validity
            Not Before: Jan  2 11:49:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=519be713e09a4c1f6aa0755d55732007e2e23443
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:68:3e:fa:fd:db:e1:87:e8:67:56:96:94:02:
                    3a:33:1f:02:a7:a4:23:05:09:9a:d4:2b:c4:37:fe:
                    95:21:f3:05:d1:7f:e5:92:d9:97:aa:9d:a4:3a:50:
                    10:f7:4e:fa:2e:a6:84:e1:2d:5e:38:f1:ff:bc:4f:
                    a2:59:90:26:17:b6:d1:ac:69:6a:d3:26:ef:71:28:
                    04:6b:1c:94:74:be:94:3d:33:01:dd:ea:c9:8a:80:
                    50:53:63:1b:22:f3:f5:17:76:e7:43:69:6b:c4:b6:
                    45:35:3d:6b:81:00:7e:87:12:c1:06:ed:2d:72:ed:
                    b6:ba:46:98:e3:e0:2a:59:80:15:f3:e6:ee:90:1b:
                    09:3a:87:e7:86:d0:ec:a4:97:96:47:a1:92:37:b3:
                    1f:df:92:f0:c3:d4:6a:ed:43:6d:b3:67:c2:30:39:
                    5a:12:9c:aa:b9:b7:8e:58:46:15:c1:64:97:b7:70:
                    26:7d:95:d0:c4:db:bd:7e:0c:79:57:81:1b:44:51:
                    53:38:ca:2a:c7:3d:f7:c1:2e:fb:53:f8:3f:db:ef:
                    98:72:d2:22:99:e3:dc:d2:fd:72:a7:b4:15:45:88:
                    21:ef:d4:67:e4:68:d1:cc:05:ce:42:e4:33:ce:20:
                    86:a1:ec:51:64:6d:9d:2a:8c:b1:d7:d5:cb:ef:5f:
                    fa:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:9B:E7:13:E0:9A:4C:1F:6A:A0:75:5D:55:73:20:07:E2:E2:34:43
            X509v3 Authority Key Identifier:
                keyid:2A:A3:C9:9F:F5:8B:8F:73:3E:F2:C6:2A:77:72:C0:C1:F2:9E:57:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KqPJn_WLj3M-8sYqd3LAwfKeV_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a0b63e-1166-46b5-9e3e-38b5d1788007/1/UZvnE-CaTB9qoHVdVXMgB-LiNEM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a0b63e-1166-46b5-9e3e-38b5d1788007/1/KqPJn_WLj3M-8sYqd3LAwfKeV_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.236.204.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b3:ae:09:c7:fc:fa:b6:75:82:3b:ae:9e:16:e1:fa:e5:4c:d0:
         c5:61:d0:f7:64:4c:21:da:02:f0:af:56:7c:46:fc:34:5f:72:
         35:ba:51:a2:20:e5:e2:55:fc:05:29:c9:3b:21:6c:07:66:de:
         5c:e0:36:da:0a:a7:38:21:1a:9d:87:b3:03:98:f1:f3:32:83:
         e1:58:37:11:e0:92:8a:e5:85:4e:c2:c8:ed:db:29:a8:6d:52:
         c9:4a:af:9c:fe:e9:54:5f:65:b9:a1:6a:41:b3:dd:bd:8e:8c:
         f4:31:cd:aa:87:45:66:61:0b:aa:65:87:c9:b9:a8:db:6d:29:
         43:64:65:27:6c:fa:d9:08:8d:48:b9:c6:93:a4:15:31:0a:0e:
         cd:0f:4e:bb:27:58:d3:46:10:19:82:b6:5b:36:09:c4:12:d8:
         0f:f7:60:86:1e:f8:7b:b7:dc:1a:c7:1e:24:32:f8:99:73:e2:
         93:38:8a:31:09:cf:5b:60:94:c7:73:68:71:3e:0a:c4:08:71:
         12:aa:33:00:cd:74:04:82:f3:ed:4e:62:4c:61:89:f5:fa:bc:
         70:2f:4c:c7:4d:6d:ed:71:14:d3:82:95:f6:c5:28:d9:ef:83:
         28:9d:57:cb:c4:18:d4:36:56:ca:68:ca:a9:4e:49:dc:b7:59:
         c4:73:0a:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2WRPGBFZ08RxUQiBQcjZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYTNjOTlmZjU4YjhmNzMzZWYyYzYyYTc3NzJjMGMxZjI5
ZTU3ZmMwHhcNMjUwMTAyMTE0OTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTliZTcxM2UwOWE0YzFmNmFhMDc1NWQ1NTczMjAwN2UyZTIzNDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjGg++v3b4YfoZ1aWlAI6Mx8Cp6Qj
BQma1CvEN/6VIfMF0X/lktmXqp2kOlAQ9076LqaE4S1eOPH/vE+iWZAmF7bRrGlq
0ybvcSgEaxyUdL6UPTMB3erJioBQU2MbIvP1F3bnQ2lrxLZFNT1rgQB+hxLBBu0t
cu22ukaY4+AqWYAV8+bukBsJOofnhtDspJeWR6GSN7Mf35Lww9Rq7UNts2fCMDla
EpyqubeOWEYVwWSXt3AmfZXQxNu9fgx5V4EbRFFTOMoqxz33wS77U/g/2++YctIi
mePc0v1yp7QVRYgh79Rn5GjRzAXOQuQzziCGoexRZG2dKoyx19XL71/60wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFGb5xPgmkwfaqB1XVVzIAfi4jRDMB8GA1UdIwQY
MBaAFCqjyZ/1i49zPvLGKndywMHynlf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3FQSm5fV0xqM00tOHNZcWQzTEF3ZktlVl93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9hMGI2M2UtMTE2Ni00NmI1LTllM2Ut
MzhiNWQxNzg4MDA3LzEvVVp2bkUtQ2FUQjlxb0hWZFZYTWdCLUxpTkVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9hMGI2M2UtMTE2Ni00NmI1LTllM2UtMzhiNWQxNzg4MDA3
LzEvS3FQSm5fV0xqM00tOHNZcWQzTEF3ZktlVl93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuezMMA0G
CSqGSIb3DQEBCwUAA4IBAQCzrgnH/Pq2dYI7rp4W4frlTNDFYdD3ZEwh2gLwr1Z8
Rvw0X3I1ulGiIOXiVfwFKck7IWwHZt5c4DbaCqc4IRqdh7MDmPHzMoPhWDcR4JKK
5YVOwsjt2ymobVLJSq+c/ulUX2W5oWpBs929joz0Mc2qh0VmYQuqZYfJuajbbSlD
ZGUnbPrZCI1IucaTpBUxCg7ND067J1jTRhAZgrZbNgnEEtgP92CGHvh7t9waxx4k
MviZc+KTOIoxCc9bYJTHc2hxPgrECHESqjMAzXQEgvPtTmJMYYn1+rxwL0zHTW3t
cRTTgpX2xSjZ74MonVfLxBjUNlbKaMqpTknct1nEcwqd
-----END CERTIFICATE-----