Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/e3fd0b-9f4a-4452-92af-be151839f366/1/UuUtfUqV-KgwhgFjzhSy5k-b5wQ.roa
File:                     UuUtfUqV-KgwhgFjzhSy5k-b5wQ.roa (raw, json)
Hash identifier:          N1q9DTLPcvQy64VHKRJdfX47laqGR6sY8ENSz3JjEqw=
Subject key identifier:   52:E5:2D:7D:4A:95:F8:A8:30:86:01:63:CE:14:B2:E6:4F:9B:E7:04
Certificate issuer:       /CN=077946f04742c66279acd322009be15e3d588a5a
Certificate serial:       019424457FCC94E1C444F6196FD17CB76B35
Authority key identifier: 07:79:46:F0:47:42:C6:62:79:AC:D3:22:00:9B:E1:5E:3D:58:8A:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B3lG8EdCxmJ5rNMiAJvhXj1Yilo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/e3fd0b-9f4a-4452-92af-be151839f366/1/UuUtfUqV-KgwhgFjzhSy5k-b5wQ.roa
Signing time:             Wed 01 Jan 2025 23:48:41 +0000
ROA not before:           Wed 01 Jan 2025 23:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24806
IP address blocks:        85.255.0.0/20 maxlen: 32
                          185.186.20.0/22 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/e3fd0b-9f4a-4452-92af-be151839f366/1/B3lG8EdCxmJ5rNMiAJvhXj1Yilo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/e3fd0b-9f4a-4452-92af-be151839f366/1/B3lG8EdCxmJ5rNMiAJvhXj1Yilo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B3lG8EdCxmJ5rNMiAJvhXj1Yilo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 14:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:7f:cc:94:e1:c4:44:f6:19:6f:d1:7c:b7:6b:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=077946f04742c66279acd322009be15e3d588a5a
        Validity
            Not Before: Jan  1 23:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=52e52d7d4a95f8a830860163ce14b2e64f9be704
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:47:4f:48:c4:4c:34:35:b2:b1:bc:85:27:ce:
                    64:38:6f:96:6f:aa:9a:d9:fc:64:d0:49:3e:b7:4d:
                    ca:ca:cd:11:cb:b7:7e:79:d3:ed:16:c8:97:07:25:
                    6a:a1:d8:0c:0a:1c:a5:d9:84:f6:b8:af:dd:60:ec:
                    7f:37:5b:37:03:53:8f:3f:0f:d2:e7:b8:26:1f:e3:
                    5f:cf:95:c7:e9:d2:29:42:5e:6b:78:5e:7b:b9:3d:
                    1e:9f:87:76:e3:d0:27:4c:5d:d4:ac:06:bf:95:1e:
                    68:c9:2d:45:a5:98:f8:e8:02:dd:ab:7d:b3:de:6d:
                    1c:cf:7d:df:1b:70:e6:b5:11:4e:df:13:21:88:5f:
                    a1:e2:2f:da:77:a8:51:00:9e:1b:64:dc:9b:3c:2a:
                    97:49:49:50:dd:ee:ab:c4:d2:86:97:37:7e:d9:de:
                    df:5e:6c:66:e8:46:75:e5:dd:ea:a6:ea:f4:6a:57:
                    1b:51:24:63:a2:d1:48:89:ed:24:4a:fe:bb:4a:58:
                    19:d5:9d:31:05:df:37:15:7e:16:36:1a:7f:f7:35:
                    f0:4b:b0:a3:4c:7c:28:03:66:4b:69:36:79:45:1d:
                    3d:71:e1:8a:ad:12:fe:a4:18:21:c7:86:96:e1:c3:
                    de:25:f2:f3:f9:cd:af:38:43:00:b0:71:f0:d3:aa:
                    66:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:E5:2D:7D:4A:95:F8:A8:30:86:01:63:CE:14:B2:E6:4F:9B:E7:04
            X509v3 Authority Key Identifier:
                keyid:07:79:46:F0:47:42:C6:62:79:AC:D3:22:00:9B:E1:5E:3D:58:8A:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B3lG8EdCxmJ5rNMiAJvhXj1Yilo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/e3fd0b-9f4a-4452-92af-be151839f366/1/UuUtfUqV-KgwhgFjzhSy5k-b5wQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/e3fd0b-9f4a-4452-92af-be151839f366/1/B3lG8EdCxmJ5rNMiAJvhXj1Yilo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.255.0.0/20
                  185.186.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         56:17:36:af:1e:02:98:df:10:3e:64:16:b3:76:19:a3:b4:f0:
         e2:c9:1c:58:fa:86:4a:2d:fd:c9:6e:3e:a5:3f:f8:16:92:07:
         c7:05:f9:2b:b9:c7:d3:3e:c3:90:54:ef:11:25:a4:c9:ce:61:
         b2:06:cb:83:e2:db:e8:5b:61:77:d6:b1:80:91:a4:f2:df:b1:
         5f:d8:86:a6:d6:7f:97:6a:e4:37:8c:94:fa:ee:70:2e:7a:bb:
         f0:05:4b:5d:f1:38:ff:92:db:ee:bc:ec:45:54:73:e7:49:00:
         47:cd:5d:56:c7:47:52:90:4e:22:97:58:13:92:32:56:ac:38:
         70:8f:6f:c3:30:d3:38:db:09:73:f3:a8:94:71:65:1b:ed:8a:
         66:10:d9:13:5c:9f:cc:e6:7b:ac:30:b1:7c:f5:04:88:1a:91:
         a4:2b:36:6c:e9:d6:05:e9:a6:26:2d:ec:56:e6:9d:d6:e5:21:
         d9:56:fa:d0:b5:40:73:f2:c6:50:03:48:3c:23:d5:c0:4c:26:
         9f:de:84:40:08:9a:7a:52:bf:6f:b5:df:33:23:87:fb:b2:bd:
         be:21:98:23:a3:df:97:52:a5:ac:94:84:d2:6e:f1:f5:73:64:
         0e:cb:13:53:73:e1:11:30:f8:11:de:af:06:82:68:03:5c:63:
         5e:a2:b4:48
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQkRX/MlOHERPYZb9F8t2s1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3Nzk0NmYwNDc0MmM2NjI3OWFjZDMyMjAwOWJlMTVlM2Q1
ODhhNWEwHhcNMjUwMTAxMjM0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmU1MmQ3ZDRhOTVmOGE4MzA4NjAxNjNjZTE0YjJlNjRmOWJlNzA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnEdPSMRMNDWysbyFJ85kOG+Wb6qa
2fxk0Ek+t03Kys0Ry7d+edPtFsiXByVqodgMChyl2YT2uK/dYOx/N1s3A1OPPw/S
57gmH+Nfz5XH6dIpQl5reF57uT0en4d249AnTF3UrAa/lR5oyS1FpZj46ALdq32z
3m0cz33fG3DmtRFO3xMhiF+h4i/ad6hRAJ4bZNybPCqXSUlQ3e6rxNKGlzd+2d7f
Xmxm6EZ15d3qpur0alcbUSRjotFIie0kSv67SlgZ1Z0xBd83FX4WNhp/9zXwS7Cj
THwoA2ZLaTZ5RR09ceGKrRL+pBghx4aW4cPeJfLz+c2vOEMAsHHw06pmDwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFLlLX1KlfioMIYBY84UsuZPm+cEMB8GA1UdIwQY
MBaAFAd5RvBHQsZieazTIgCb4V49WIpaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjNsRzhFZEN4bUo1ck5NaUFKdmhYajFZaWxvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9lM2ZkMGItOWY0YS00NDUyLTkyYWYt
YmUxNTE4MzlmMzY2LzEvVXVVdGZVcVYtS2d3aGdGanpoU3k1ay1iNXdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9lM2ZkMGItOWY0YS00NDUyLTkyYWYtYmUxNTE4MzlmMzY2
LzEvQjNsRzhFZEN4bUo1ck5NaUFKdmhYajFZaWxvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEVf8AAwQC
uboUMA0GCSqGSIb3DQEBCwUAA4IBAQBWFzavHgKY3xA+ZBazdhmjtPDiyRxY+oZK
Lf3Jbj6lP/gWkgfHBfkrucfTPsOQVO8RJaTJzmGyBsuD4tvoW2F31rGAkaTy37Ff
2Iam1n+XauQ3jJT67nAuervwBUtd8Tj/ktvuvOxFVHPnSQBHzV1Wx0dSkE4il1gT
kjJWrDhwj2/DMNM42wlz86iUcWUb7YpmENkTXJ/M5nusMLF89QSIGpGkKzZs6dYF
6aYmLexW5p3W5SHZVvrQtUBz8sZQA0g8I9XATCaf3oRACJp6Ur9vtd8zI4f7sr2+
IZgjo9+XUqWslITSbvH1c2QOyxNTc+ERMPgR3q8GgmgDXGNeorRI
-----END CERTIFICATE-----