Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/434849-89da-43ae-b2be-66cd01961e46/1/U0OBxV0NmzWdhOROB_4XE_nOuxo.roa
File:                     U0OBxV0NmzWdhOROB_4XE_nOuxo.roa (raw, json)
Hash identifier:          R0oHniHcgRLjr+xP295YEa+yjJ7+h87sW92ahFuO7CI=
Subject key identifier:   53:43:81:C5:5D:0D:9B:35:9D:84:E4:4E:07:FE:17:13:F9:CE:BB:1A
Certificate issuer:       /CN=0944aaac7f2ebb2981c24763eb3d6045efbd6f06
Certificate serial:       019424B3C0BE000469E0C170F02324AED095
Authority key identifier: 09:44:AA:AC:7F:2E:BB:29:81:C2:47:63:EB:3D:60:45:EF:BD:6F:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CUSqrH8uuymBwkdj6z1gRe-9bwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/434849-89da-43ae-b2be-66cd01961e46/1/U0OBxV0NmzWdhOROB_4XE_nOuxo.roa
Signing time:             Thu 02 Jan 2025 01:49:07 +0000
ROA not before:           Thu 02 Jan 2025 01:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2611
IP address blocks:        185.182.132.0/22 maxlen: 24
                          2a10:8280::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/434849-89da-43ae-b2be-66cd01961e46/1/CUSqrH8uuymBwkdj6z1gRe-9bwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/434849-89da-43ae-b2be-66cd01961e46/1/CUSqrH8uuymBwkdj6z1gRe-9bwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CUSqrH8uuymBwkdj6z1gRe-9bwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:c0:be:00:04:69:e0:c1:70:f0:23:24:ae:d0:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0944aaac7f2ebb2981c24763eb3d6045efbd6f06
        Validity
            Not Before: Jan  2 01:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=534381c55d0d9b359d84e44e07fe1713f9cebb1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:39:5a:7f:c7:c7:14:8f:49:98:ae:9d:20:3c:
                    cf:f5:c9:e9:b2:13:0c:4f:5a:15:a0:fc:ad:d1:2d:
                    64:67:b1:d5:e7:6e:97:27:c6:d5:79:94:ac:4b:27:
                    c1:ea:03:60:30:a2:9a:8b:e8:9c:0f:7c:79:03:be:
                    37:dc:c6:39:f6:a4:60:5a:6a:a7:65:16:51:74:a3:
                    36:e7:10:3e:1d:6b:b0:6a:40:ff:07:6c:ed:48:b4:
                    e2:bb:bf:19:0e:91:ce:d1:aa:27:30:65:1b:8f:92:
                    3e:fd:e5:de:6b:a6:12:e2:38:60:dd:26:43:78:c9:
                    4b:9e:23:f5:fa:0b:37:da:97:e0:e3:f1:e9:dc:62:
                    eb:1c:db:80:fd:d5:29:ee:5a:5e:3d:44:ba:c3:56:
                    94:3b:12:08:17:0a:31:cb:98:5b:25:37:f4:33:00:
                    ac:ef:1c:ba:97:b6:99:ad:34:a8:15:b1:d0:77:7b:
                    d9:94:56:aa:46:4a:8e:f6:99:4d:53:f9:aa:ec:66:
                    1f:fc:7a:2b:4e:a0:bc:b8:1c:eb:18:25:50:9d:be:
                    33:5f:77:10:13:21:83:fa:74:57:5a:4f:fe:85:02:
                    5e:51:09:6e:55:e4:02:d4:76:e6:16:61:8a:06:01:
                    a1:d8:9f:3b:e4:73:09:03:a1:66:af:c8:16:40:3f:
                    1e:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:43:81:C5:5D:0D:9B:35:9D:84:E4:4E:07:FE:17:13:F9:CE:BB:1A
            X509v3 Authority Key Identifier:
                keyid:09:44:AA:AC:7F:2E:BB:29:81:C2:47:63:EB:3D:60:45:EF:BD:6F:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CUSqrH8uuymBwkdj6z1gRe-9bwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/434849-89da-43ae-b2be-66cd01961e46/1/U0OBxV0NmzWdhOROB_4XE_nOuxo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/434849-89da-43ae-b2be-66cd01961e46/1/CUSqrH8uuymBwkdj6z1gRe-9bwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.182.132.0/22
                IPv6:
                  2a10:8280::/32

    Signature Algorithm: sha256WithRSAEncryption
         90:d1:a0:0a:b0:3b:fb:df:74:e9:60:18:7f:d5:48:32:c5:aa:
         12:88:f3:ae:42:d2:d8:27:9b:67:98:41:26:90:db:b1:d5:28:
         4f:5a:f5:89:0b:32:49:a5:d1:66:af:ef:47:d1:47:11:7f:f2:
         b3:29:90:f7:ee:c3:29:15:43:0e:16:bb:d4:bc:4e:68:c7:c1:
         02:0f:41:08:d9:c6:0f:83:98:a1:ea:71:1d:de:fa:1e:1c:76:
         a5:b2:47:2e:e5:32:4e:47:62:5b:c5:a7:a6:11:76:a9:bb:87:
         a2:6b:e8:da:28:3f:29:7e:2b:af:ad:0a:00:3b:c7:e0:3d:20:
         e7:18:6c:58:a1:3f:2e:44:2c:58:e0:4b:cf:df:69:0d:7c:68:
         08:cd:58:27:fc:79:81:e6:80:37:51:dd:e7:5c:12:44:03:84:
         52:5b:f9:91:1f:c2:68:d1:ca:36:cd:a6:63:38:37:13:00:98:
         57:96:b2:73:41:7f:56:19:78:fa:60:49:65:9d:dd:71:4b:df:
         97:e4:1e:e0:d1:52:7f:49:91:9a:89:27:98:aa:3e:79:8d:00:
         5e:f1:29:60:65:24:b0:3d:e2:5c:db:ec:9b:56:ba:18:3c:e0:
         f3:30:10:00:3e:a0:49:7a:67:63:dd:66:8a:7e:11:a9:bc:3d:
         e5:2f:05:38
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQks8C+AARp4MFw8CMkrtCVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5NDRhYWFjN2YyZWJiMjk4MWMyNDc2M2ViM2Q2MDQ1ZWZi
ZDZmMDYwHhcNMjUwMTAyMDE0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzQzODFjNTVkMGQ5YjM1OWQ4NGU0NGUwN2ZlMTcxM2Y5Y2ViYjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7Dlaf8fHFI9JmK6dIDzP9cnpshMM
T1oVoPyt0S1kZ7HV526XJ8bVeZSsSyfB6gNgMKKai+icD3x5A7433MY59qRgWmqn
ZRZRdKM25xA+HWuwakD/B2ztSLTiu78ZDpHO0aonMGUbj5I+/eXea6YS4jhg3SZD
eMlLniP1+gs32pfg4/Hp3GLrHNuA/dUp7lpePUS6w1aUOxIIFwoxy5hbJTf0MwCs
7xy6l7aZrTSoFbHQd3vZlFaqRkqO9plNU/mq7GYf/HorTqC8uBzrGCVQnb4zX3cQ
EyGD+nRXWk/+hQJeUQluVeQC1HbmFmGKBgGh2J875HMJA6Fmr8gWQD8eywIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFNDgcVdDZs1nYTkTgf+FxP5zrsaMB8GA1UdIwQY
MBaAFAlEqqx/LrspgcJHY+s9YEXvvW8GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1VTcXJIOHV1eW1Cd2tkajZ6MWdSZS05YndZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS80MzQ4NDktODlkYS00M2FlLWIyYmUt
NjZjZDAxOTYxZTQ2LzEvVTBPQnhWME5teldkaE9ST0JfNFhFX25PdXhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS80MzQ4NDktODlkYS00M2FlLWIyYmUtNjZjZDAxOTYxZTQ2
LzEvQ1VTcXJIOHV1eW1Cd2tkajZ6MWdSZS05YndZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCubaEMA0E
AgACMAcDBQAqEIKAMA0GCSqGSIb3DQEBCwUAA4IBAQCQ0aAKsDv733TpYBh/1Ugy
xaoSiPOuQtLYJ5tnmEEmkNux1ShPWvWJCzJJpdFmr+9H0UcRf/KzKZD37sMpFUMO
FrvUvE5ox8ECD0EI2cYPg5ih6nEd3voeHHalskcu5TJOR2JbxaemEXapu4eia+ja
KD8pfiuvrQoAO8fgPSDnGGxYoT8uRCxY4EvP32kNfGgIzVgn/HmB5oA3Ud3nXBJE
A4RSW/mRH8Jo0co2zaZjODcTAJhXlrJzQX9WGXj6YEllnd1xS9+X5B7g0VJ/SZGa
iSeYqj55jQBe8SlgZSSwPeJc2+ybVroYPODzMBAAPqBJemdj3WaKfhGpvD3lLwU4
-----END CERTIFICATE-----