Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/f66b6b-cdde-40cb-a182-c5229863aeba/1/U-t-KYuIcMt9Lh-EEvDxBNSehA0.roa
File:                     U-t-KYuIcMt9Lh-EEvDxBNSehA0.roa (raw, json)
Hash identifier:          fNtqhAHoXJ8NAQIhvkEaB4dv9gnWdklcvBIBzltM3i4=
Subject key identifier:   53:EB:7E:29:8B:88:70:CB:7D:2E:1F:84:12:F0:F1:04:D4:9E:84:0D
Certificate issuer:       /CN=bb2b48f64358011c7842d3cec5cb2d47068b836d
Certificate serial:       019420D5CED4380744E75FBB5168889C28F5
Authority key identifier: BB:2B:48:F6:43:58:01:1C:78:42:D3:CE:C5:CB:2D:47:06:8B:83:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uytI9kNYARx4QtPOxcstRwaLg20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/f66b6b-cdde-40cb-a182-c5229863aeba/1/U-t-KYuIcMt9Lh-EEvDxBNSehA0.roa
Signing time:             Wed 01 Jan 2025 07:47:50 +0000
ROA not before:           Wed 01 Jan 2025 07:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215484
IP address blocks:        188.128.128.0/22 maxlen: 24
                          2a02:25af:dead::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/f66b6b-cdde-40cb-a182-c5229863aeba/1/uytI9kNYARx4QtPOxcstRwaLg20.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/f66b6b-cdde-40cb-a182-c5229863aeba/1/uytI9kNYARx4QtPOxcstRwaLg20.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uytI9kNYARx4QtPOxcstRwaLg20.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 19:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:ce:d4:38:07:44:e7:5f:bb:51:68:88:9c:28:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb2b48f64358011c7842d3cec5cb2d47068b836d
        Validity
            Not Before: Jan  1 07:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=53eb7e298b8870cb7d2e1f8412f0f104d49e840d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:d9:60:02:1c:42:47:26:0e:85:bd:5c:4d:ff:
                    15:9c:95:b5:4e:ba:d8:b1:6e:35:8a:41:9a:75:b9:
                    e1:55:dc:ef:31:64:a0:14:4c:04:20:07:ed:20:8e:
                    41:7b:bd:7b:04:d6:41:71:37:b0:b9:7b:4f:70:69:
                    e3:94:31:91:69:0c:d8:38:3d:e6:63:60:51:06:03:
                    fc:b2:7b:df:b4:e8:43:96:f0:64:38:e4:4a:c1:d5:
                    06:b0:ba:76:ab:aa:40:d1:64:25:18:10:0d:8d:90:
                    ef:69:61:62:43:28:35:3c:41:72:09:ea:fd:6c:c4:
                    7d:e6:e0:2e:e2:94:96:eb:17:c6:31:21:f0:30:18:
                    32:29:f5:4a:0c:51:38:75:41:dc:80:d3:81:0d:5e:
                    0e:5b:58:f6:10:c1:60:94:32:44:97:1b:92:c5:11:
                    90:40:9b:f1:2f:bd:88:b7:dd:20:e8:56:af:b0:78:
                    6e:a1:13:ee:83:94:89:1e:1b:73:fc:70:f0:70:65:
                    d4:71:1f:2a:ff:17:0d:69:ba:25:c2:60:b5:bc:d8:
                    4e:2f:6d:53:27:11:37:b4:2c:0c:d3:87:3e:87:3e:
                    0b:ad:7f:20:0a:f7:5b:77:54:5f:96:4c:54:f0:c2:
                    6e:36:2f:fd:88:5c:b6:3c:c5:a0:6a:9e:e5:35:c7:
                    ea:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:EB:7E:29:8B:88:70:CB:7D:2E:1F:84:12:F0:F1:04:D4:9E:84:0D
            X509v3 Authority Key Identifier:
                keyid:BB:2B:48:F6:43:58:01:1C:78:42:D3:CE:C5:CB:2D:47:06:8B:83:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uytI9kNYARx4QtPOxcstRwaLg20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/f66b6b-cdde-40cb-a182-c5229863aeba/1/U-t-KYuIcMt9Lh-EEvDxBNSehA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/f66b6b-cdde-40cb-a182-c5229863aeba/1/uytI9kNYARx4QtPOxcstRwaLg20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.128.128.0/22
                IPv6:
                  2a02:25af:dead::/48

    Signature Algorithm: sha256WithRSAEncryption
         30:5f:55:28:e0:da:1d:fa:87:93:b0:fd:02:2a:36:b6:30:0b:
         cf:33:dc:f2:81:64:6b:db:41:76:b6:1d:55:2f:dd:a8:6d:16:
         a5:ae:b4:86:b4:d4:13:ea:86:67:33:ea:c7:3a:bb:1b:8d:c5:
         65:52:43:8e:71:7d:f7:96:b6:5d:ba:39:ca:c1:0d:a3:4d:a0:
         c5:c8:33:c6:a5:ac:47:c5:85:a2:b1:a9:db:d8:6a:8c:40:21:
         ec:24:0e:49:e9:e2:b5:99:91:84:3e:5f:f9:73:81:57:82:44:
         fb:a1:34:30:93:87:c0:a1:d9:53:e7:b8:28:26:ca:b1:10:90:
         0e:57:0b:12:9a:3d:57:5a:70:18:3a:62:ed:03:8b:ae:95:8d:
         74:59:16:6e:1b:67:a8:b4:e2:58:19:17:21:69:00:61:8e:96:
         ae:81:c4:60:b4:43:15:b7:48:46:89:a4:27:81:8c:cf:b8:88:
         4f:1d:b5:09:24:18:ee:e6:5f:f5:9b:27:2a:4c:75:49:de:ca:
         35:87:09:fd:c9:0b:cd:d0:68:be:9f:ba:ba:32:38:58:41:ec:
         6f:00:4b:5f:52:51:81:f4:d4:ab:43:2f:92:f5:f9:21:84:c7:
         8a:b6:49:82:bb:cc:5d:b5:87:96:47:5b:ae:5d:1d:02:cc:96:
         2c:0f:c1:25
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQg1c7UOAdE51+7UWiInCj1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiMmI0OGY2NDM1ODAxMWM3ODQyZDNjZWM1Y2IyZDQ3MDY4
YjgzNmQwHhcNMjUwMTAxMDc0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2ViN2UyOThiODg3MGNiN2QyZTFmODQxMmYwZjEwNGQ0OWU4NDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA19lgAhxCRyYOhb1cTf8VnJW1TrrY
sW41ikGadbnhVdzvMWSgFEwEIAftII5Be717BNZBcTewuXtPcGnjlDGRaQzYOD3m
Y2BRBgP8snvftOhDlvBkOORKwdUGsLp2q6pA0WQlGBANjZDvaWFiQyg1PEFyCer9
bMR95uAu4pSW6xfGMSHwMBgyKfVKDFE4dUHcgNOBDV4OW1j2EMFglDJElxuSxRGQ
QJvxL72It90g6FavsHhuoRPug5SJHhtz/HDwcGXUcR8q/xcNabolwmC1vNhOL21T
JxE3tCwM04c+hz4LrX8gCvdbd1RflkxU8MJuNi/9iFy2PMWgap7lNcfqLwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFPrfimLiHDLfS4fhBLw8QTUnoQNMB8GA1UdIwQY
MBaAFLsrSPZDWAEceELTzsXLLUcGi4NtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXl0STlrTllBUng0UXRQT3hjc3RSd2FMZzIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9mNjZiNmItY2RkZS00MGNiLWExODIt
YzUyMjk4NjNhZWJhLzEvVS10LUtZdUljTXQ5TGgtRUV2RHhCTlNlaEEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9mNjZiNmItY2RkZS00MGNiLWExODItYzUyMjk4NjNhZWJh
LzEvdXl0STlrTllBUng0UXRQT3hjc3RSd2FMZzIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCvICAMA8E
AgACMAkDBwAqAiWv3q0wDQYJKoZIhvcNAQELBQADggEBADBfVSjg2h36h5Ow/QIq
NrYwC88z3PKBZGvbQXa2HVUv3ahtFqWutIa01BPqhmcz6sc6uxuNxWVSQ45xffeW
tl26OcrBDaNNoMXIM8alrEfFhaKxqdvYaoxAIewkDknp4rWZkYQ+X/lzgVeCRPuh
NDCTh8Ch2VPnuCgmyrEQkA5XCxKaPVdacBg6Yu0Di66VjXRZFm4bZ6i04lgZFyFp
AGGOlq6BxGC0QxW3SEaJpCeBjM+4iE8dtQkkGO7mX/WbJypMdUneyjWHCf3JC83Q
aL6furoyOFhB7G8AS19SUYH01KtDL5L1+SGEx4q2SYK7zF21h5ZHW65dHQLMliwP
wSU=
-----END CERTIFICATE-----