Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/ufwXrYHICWHfHKo6i-11Xy8XxDE.roa
File:                     ufwXrYHICWHfHKo6i-11Xy8XxDE.roa (raw, json)
Hash identifier:          wzviVt1JzgPyofJmjOmZiOic44Kr4jKlAuGseoOoCMs=
Subject key identifier:   B9:FC:17:AD:81:C8:09:61:DF:1C:AA:3A:8B:ED:75:5F:2F:17:C4:31
Certificate issuer:       /CN=3517c9de927fa75beaef7885f0d88f6f4d2a0ed6
Certificate serial:       019424458A708B43E29E55316A74C9B10E50
Authority key identifier: 35:17:C9:DE:92:7F:A7:5B:EA:EF:78:85:F0:D8:8F:6F:4D:2A:0E:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NRfJ3pJ_p1vq73iF8NiPb00qDtY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/ufwXrYHICWHfHKo6i-11Xy8XxDE.roa
Signing time:             Wed 01 Jan 2025 23:48:44 +0000
ROA not before:           Wed 01 Jan 2025 23:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61112
IP address blocks:        185.155.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/NRfJ3pJ_p1vq73iF8NiPb00qDtY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/NRfJ3pJ_p1vq73iF8NiPb00qDtY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NRfJ3pJ_p1vq73iF8NiPb00qDtY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:8a:70:8b:43:e2:9e:55:31:6a:74:c9:b1:0e:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3517c9de927fa75beaef7885f0d88f6f4d2a0ed6
        Validity
            Not Before: Jan  1 23:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b9fc17ad81c80961df1caa3a8bed755f2f17c431
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:4b:fa:cd:ef:4f:95:15:d4:80:85:ba:fb:82:
                    30:05:c0:25:87:69:16:06:3f:84:b9:9f:84:8a:b1:
                    cf:48:72:ea:70:7d:3c:b4:23:a1:bd:c0:4a:aa:f9:
                    14:ff:b6:b1:e7:72:4b:32:db:42:f4:4f:0c:18:eb:
                    2b:15:d2:d5:7c:c8:95:0a:61:2e:f3:17:8b:40:49:
                    25:ce:bc:22:cb:8b:eb:a3:f9:40:53:2d:51:13:55:
                    1d:77:8f:3f:e5:5c:bf:91:80:27:9d:0c:5d:09:2f:
                    67:09:53:a1:9a:32:1e:ca:4c:b8:06:b2:58:42:34:
                    ea:42:7a:ae:63:29:0d:4f:d7:29:c7:6d:9a:ae:ea:
                    51:6f:5e:3a:e7:f3:9e:2d:08:00:4e:ef:db:21:75:
                    82:45:d0:67:60:37:c8:52:cd:1e:c4:e9:ff:20:97:
                    a1:ad:47:c7:6f:a3:94:72:f0:50:c3:da:ba:fb:db:
                    dc:c1:72:e3:d2:c0:e5:33:8e:dc:0b:8c:20:f4:a5:
                    8c:ee:65:38:57:18:3d:23:5f:4b:5b:6c:07:c4:60:
                    c2:dc:26:0b:14:8e:1a:88:52:e9:ae:a6:fc:2e:39:
                    b0:b5:60:63:68:6e:c2:da:cf:76:03:d5:a3:92:c4:
                    3f:56:a2:00:2a:25:a9:73:62:ad:9a:5a:d8:10:da:
                    57:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:FC:17:AD:81:C8:09:61:DF:1C:AA:3A:8B:ED:75:5F:2F:17:C4:31
            X509v3 Authority Key Identifier:
                keyid:35:17:C9:DE:92:7F:A7:5B:EA:EF:78:85:F0:D8:8F:6F:4D:2A:0E:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRfJ3pJ_p1vq73iF8NiPb00qDtY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/ufwXrYHICWHfHKo6i-11Xy8XxDE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/NRfJ3pJ_p1vq73iF8NiPb00qDtY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:a1:54:3c:ef:b1:d6:c8:2b:63:51:58:3c:7a:74:d7:8d:95:
         cd:f5:ed:e3:4d:e7:f2:c7:a9:fe:04:7f:39:99:57:f0:8c:29:
         fa:ee:55:cc:9e:a5:a4:56:08:01:08:45:6b:e6:f7:a0:d9:53:
         15:63:5a:8f:8e:9d:2e:26:1c:9d:f7:06:27:2c:0a:8d:79:c0:
         9f:54:f9:32:40:48:30:ad:b0:2d:d2:da:8b:98:8b:f0:25:f4:
         e5:07:c3:75:df:d5:71:54:bc:49:6c:f6:15:cd:06:51:3a:d4:
         61:3e:db:5f:a3:b9:64:f7:0e:4f:c8:6a:aa:b8:68:63:71:5a:
         f9:e0:f6:3c:b9:0c:4e:c9:2c:28:16:4e:8d:b4:40:6d:18:53:
         2c:66:2b:eb:4a:54:67:8e:cc:d6:1d:50:5c:c0:13:34:fc:63:
         11:0e:0f:39:43:91:ce:ac:b0:a7:0a:63:a6:8b:32:28:60:94:
         9e:11:0c:7f:88:52:6d:8d:b1:ad:69:d0:52:82:e7:86:1b:5f:
         10:83:2e:61:56:a2:1a:09:ae:c4:b6:dc:cb:96:2b:84:4b:75:
         99:bd:5a:c3:8d:0c:9f:ea:49:d5:57:ad:6b:72:a7:ab:a2:83:
         14:23:f8:01:9a:c3:1f:68:d8:32:d7:00:69:d5:b1:f3:85:e5:
         cf:a0:8b:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRYpwi0PinlUxanTJsQ5QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MTdjOWRlOTI3ZmE3NWJlYWVmNzg4NWYwZDg4ZjZmNGQy
YTBlZDYwHhcNMjUwMTAxMjM0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWZjMTdhZDgxYzgwOTYxZGYxY2FhM2E4YmVkNzU1ZjJmMTdjNDMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0v6ze9PlRXUgIW6+4IwBcAlh2kW
Bj+EuZ+EirHPSHLqcH08tCOhvcBKqvkU/7ax53JLMttC9E8MGOsrFdLVfMiVCmEu
8xeLQEklzrwiy4vro/lAUy1RE1Udd48/5Vy/kYAnnQxdCS9nCVOhmjIeyky4BrJY
QjTqQnquYykNT9cpx22arupRb1465/OeLQgATu/bIXWCRdBnYDfIUs0exOn/IJeh
rUfHb6OUcvBQw9q6+9vcwXLj0sDlM47cC4wg9KWM7mU4Vxg9I19LW2wHxGDC3CYL
FI4aiFLprqb8LjmwtWBjaG7C2s92A9WjksQ/VqIAKiWpc2KtmlrYENpXKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLn8F62ByAlh3xyqOovtdV8vF8QxMB8GA1UdIwQY
MBaAFDUXyd6Sf6db6u94hfDYj29NKg7WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJmSjNwSl9wMXZxNzNpRjhOaVBiMDBxRHRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy85NTRhZGUtODRiNy00NDZkLWE2ZTIt
ZmQzYjMwMDJjMGJiLzEvdWZ3WHJZSElDV0hmSEtvNmktMTFYeThYeERFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy85NTRhZGUtODRiNy00NDZkLWE2ZTItZmQzYjMwMDJjMGJi
LzEvTlJmSjNwSl9wMXZxNzNpRjhOaVBiMDBxRHRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZvrMA0G
CSqGSIb3DQEBCwUAA4IBAQDAoVQ877HWyCtjUVg8enTXjZXN9e3jTefyx6n+BH85
mVfwjCn67lXMnqWkVggBCEVr5veg2VMVY1qPjp0uJhyd9wYnLAqNecCfVPkyQEgw
rbAt0tqLmIvwJfTlB8N139VxVLxJbPYVzQZROtRhPttfo7lk9w5PyGqquGhjcVr5
4PY8uQxOySwoFk6NtEBtGFMsZivrSlRnjszWHVBcwBM0/GMRDg85Q5HOrLCnCmOm
izIoYJSeEQx/iFJtjbGtadBSgueGG18Qgy5hVqIaCa7EttzLliuES3WZvVrDjQyf
6knVV61rcqerooMUI/gBmsMfaNgy1wBp1bHzheXPoItZ
-----END CERTIFICATE-----