Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/19511d-537e-4241-a0d8-2d91cfd7aaf4/1/uVYVNQRzsDPwMzraGWOMobAeRZU.roa
File:                     uVYVNQRzsDPwMzraGWOMobAeRZU.roa (raw, json)
Hash identifier:          LlKkw85Oa6CIOC62S9TZpd9ZLNUlHcAGh3rwRjg40H0=
Subject key identifier:   B9:56:15:35:04:73:B0:33:F0:33:3A:DA:19:63:8C:A1:B0:1E:45:95
Certificate issuer:       /CN=2ac943517f5e3b747e7530320789a03444b43912
Certificate serial:       019424B3A7E208DD79B5AFF7AFED10BCB3A1
Authority key identifier: 2A:C9:43:51:7F:5E:3B:74:7E:75:30:32:07:89:A0:34:44:B4:39:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KslDUX9eO3R-dTAyB4mgNES0ORI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/19511d-537e-4241-a0d8-2d91cfd7aaf4/1/uVYVNQRzsDPwMzraGWOMobAeRZU.roa
Signing time:             Thu 02 Jan 2025 01:49:00 +0000
ROA not before:           Thu 02 Jan 2025 01:49:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209051
IP address blocks:        185.166.88.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/19511d-537e-4241-a0d8-2d91cfd7aaf4/1/KslDUX9eO3R-dTAyB4mgNES0ORI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/19511d-537e-4241-a0d8-2d91cfd7aaf4/1/KslDUX9eO3R-dTAyB4mgNES0ORI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KslDUX9eO3R-dTAyB4mgNES0ORI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:a7:e2:08:dd:79:b5:af:f7:af:ed:10:bc:b3:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac943517f5e3b747e7530320789a03444b43912
        Validity
            Not Before: Jan  2 01:49:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b95615350473b033f0333ada19638ca1b01e4595
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:84:b3:a4:9e:f5:ca:85:da:82:06:39:54:f7:
                    8a:02:16:13:af:5c:2c:29:c3:e7:b1:7b:ee:ae:4a:
                    28:33:9e:bb:d8:f2:e6:02:00:2e:07:7c:b0:71:5d:
                    25:e9:f6:2b:6c:59:e6:7c:61:f5:aa:e7:56:8e:ce:
                    ab:40:1a:c6:ab:b5:a0:bf:a4:cd:70:de:0f:ba:29:
                    6f:d5:27:d8:17:88:5d:bd:5f:de:c4:79:8c:76:df:
                    5a:ba:08:26:c4:6d:e8:92:84:61:26:86:7c:89:a8:
                    fe:02:f0:cf:9b:e6:58:d4:ae:77:c0:8f:12:d6:81:
                    a7:ac:aa:bb:00:9d:10:ff:2a:a7:f4:03:7b:ad:cf:
                    1b:3b:04:0b:bb:80:be:d0:3c:0d:af:90:ab:b4:d9:
                    2a:86:b2:31:4b:68:ce:11:a2:b2:5e:04:32:cd:86:
                    c9:de:e5:20:e5:14:69:33:e8:be:a2:30:96:04:e9:
                    b3:b5:e5:96:01:bb:21:d5:78:8f:15:a9:57:40:c4:
                    53:ca:5f:c0:e2:85:4e:f7:11:63:5a:2f:96:1d:9e:
                    99:e1:fb:9a:85:fd:67:63:bd:11:7a:3e:a4:3c:de:
                    bf:05:42:d5:f4:42:d5:3a:95:a6:0c:8e:50:7d:d5:
                    d0:1d:f8:05:1d:ae:9c:b8:73:79:18:64:e7:0c:f5:
                    74:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:56:15:35:04:73:B0:33:F0:33:3A:DA:19:63:8C:A1:B0:1E:45:95
            X509v3 Authority Key Identifier:
                keyid:2A:C9:43:51:7F:5E:3B:74:7E:75:30:32:07:89:A0:34:44:B4:39:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KslDUX9eO3R-dTAyB4mgNES0ORI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/19511d-537e-4241-a0d8-2d91cfd7aaf4/1/uVYVNQRzsDPwMzraGWOMobAeRZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/19511d-537e-4241-a0d8-2d91cfd7aaf4/1/KslDUX9eO3R-dTAyB4mgNES0ORI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.166.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:0b:9c:ea:ae:20:78:f5:c7:cc:83:9a:b6:80:fd:11:f1:f6:
         ac:0d:3f:c3:af:64:34:8f:9a:6f:36:68:4d:bf:c5:e6:00:1f:
         9e:d1:d9:46:a4:06:c4:4c:7b:58:25:4e:25:e5:57:5d:63:b8:
         9e:14:56:ef:98:6f:5c:2b:38:6b:ad:1e:37:51:04:25:a4:de:
         54:1e:04:f1:a8:05:4f:12:2e:fd:38:0d:38:00:98:dc:94:b1:
         14:5d:90:e4:bc:4d:fe:0b:ed:18:52:70:4e:9a:4c:14:85:62:
         2c:3f:2d:32:63:db:a8:70:fa:92:06:49:d6:90:af:8c:96:61:
         a8:0f:2e:2e:a4:5d:8e:9c:88:aa:63:a9:fd:3e:54:39:25:a7:
         f5:20:37:cb:00:6b:ff:4a:a3:de:90:80:8a:d7:ce:ce:d0:f1:
         59:e3:ff:0a:34:47:b5:29:0c:bf:f5:c4:73:69:33:18:0f:d7:
         c9:69:34:2b:1d:e9:69:cb:96:53:09:df:52:b2:49:57:07:2b:
         d7:01:f2:1a:8e:a6:c7:5a:ca:f4:d4:5a:68:fb:1f:10:2c:eb:
         01:48:22:80:1d:79:0c:5e:e9:e3:ab:45:b4:c2:a7:33:f8:78:
         35:de:ce:9e:3b:c4:de:f9:df:c8:75:fb:eb:ed:f1:36:4b:72:
         59:61:8d:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks6fiCN15ta/3r+0QvLOhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzk0MzUxN2Y1ZTNiNzQ3ZTc1MzAzMjA3ODlhMDM0NDRi
NDM5MTIwHhcNMjUwMTAyMDE0OTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTU2MTUzNTA0NzNiMDMzZjAzMzNhZGExOTYzOGNhMWIwMWU0NTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6YSzpJ71yoXaggY5VPeKAhYTr1ws
KcPnsXvurkooM5672PLmAgAuB3ywcV0l6fYrbFnmfGH1qudWjs6rQBrGq7Wgv6TN
cN4Puilv1SfYF4hdvV/exHmMdt9auggmxG3okoRhJoZ8iaj+AvDPm+ZY1K53wI8S
1oGnrKq7AJ0Q/yqn9AN7rc8bOwQLu4C+0DwNr5CrtNkqhrIxS2jOEaKyXgQyzYbJ
3uUg5RRpM+i+ojCWBOmzteWWAbsh1XiPFalXQMRTyl/A4oVO9xFjWi+WHZ6Z4fua
hf1nY70Rej6kPN6/BULV9ELVOpWmDI5QfdXQHfgFHa6cuHN5GGTnDPV0bQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLlWFTUEc7Az8DM62hljjKGwHkWVMB8GA1UdIwQY
MBaAFCrJQ1F/Xjt0fnUwMgeJoDREtDkSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NsRFVYOWVPM1ItZFRBeUI0bWdORVMwT1JJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS8xOTUxMWQtNTM3ZS00MjQxLWEwZDgt
MmQ5MWNmZDdhYWY0LzEvdVZZVk5RUnpzRFB3TXpyYUdXT01vYkFlUlpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS8xOTUxMWQtNTM3ZS00MjQxLWEwZDgtMmQ5MWNmZDdhYWY0
LzEvS3NsRFVYOWVPM1ItZFRBeUI0bWdORVMwT1JJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaZYMA0G
CSqGSIb3DQEBCwUAA4IBAQALC5zqriB49cfMg5q2gP0R8fasDT/Dr2Q0j5pvNmhN
v8XmAB+e0dlGpAbETHtYJU4l5VddY7ieFFbvmG9cKzhrrR43UQQlpN5UHgTxqAVP
Ei79OA04AJjclLEUXZDkvE3+C+0YUnBOmkwUhWIsPy0yY9uocPqSBknWkK+MlmGo
Dy4upF2OnIiqY6n9PlQ5Jaf1IDfLAGv/SqPekICK187O0PFZ4/8KNEe1KQy/9cRz
aTMYD9fJaTQrHelpy5ZTCd9SsklXByvXAfIajqbHWsr01Fpo+x8QLOsBSCKAHXkM
Xunjq0W0wqcz+Hg13s6eO8Te+d/Idfvr7fE2S3JZYY21
-----END CERTIFICATE-----