Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/a1c15f-8993-478d-a66d-1281823422e8/1/U5Sf8EIwweiyj9hzrhIGMqactzI.roa
File:                     U5Sf8EIwweiyj9hzrhIGMqactzI.roa (raw, json)
Hash identifier:          CZTXsy5CHfC3TM0twqbE3UTsU0jwuA9uX3y0Y/QOrU4=
Subject key identifier:   53:94:9F:F0:42:30:C1:E8:B2:8F:D8:73:AE:12:06:32:A6:9C:B7:32
Certificate issuer:       /CN=a3cff0b9e872f975cca3b23b20911cf678fff4be
Certificate serial:       0194B2329327B69CB67A1C71B6ECE094FB3E
Authority key identifier: A3:CF:F0:B9:E8:72:F9:75:CC:A3:B2:3B:20:91:1C:F6:78:FF:F4:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o8_wuehy-XXMo7I7IJEc9nj_9L4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/a1c15f-8993-478d-a66d-1281823422e8/1/U5Sf8EIwweiyj9hzrhIGMqactzI.roa
Signing time:             Wed 29 Jan 2025 13:14:06 +0000
ROA not before:           Wed 29 Jan 2025 13:14:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210288
IP address blocks:        185.229.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/a1c15f-8993-478d-a66d-1281823422e8/1/o8_wuehy-XXMo7I7IJEc9nj_9L4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/a1c15f-8993-478d-a66d-1281823422e8/1/o8_wuehy-XXMo7I7IJEc9nj_9L4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o8_wuehy-XXMo7I7IJEc9nj_9L4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b2:32:93:27:b6:9c:b6:7a:1c:71:b6:ec:e0:94:fb:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3cff0b9e872f975cca3b23b20911cf678fff4be
        Validity
            Not Before: Jan 29 13:14:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=53949ff04230c1e8b28fd873ae120632a69cb732
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:0b:c0:75:ca:ec:84:0e:65:f6:f7:04:98:16:
                    49:e1:f7:8e:85:a9:62:9a:78:2a:44:90:32:f3:97:
                    ad:65:a3:97:5f:f3:08:93:be:dd:2e:8e:54:4e:83:
                    e9:1b:8e:38:75:3a:94:aa:ac:f4:f0:92:df:e0:08:
                    77:06:65:6e:42:ec:33:0c:15:46:63:a7:de:9f:97:
                    a4:1e:06:cf:bc:c0:aa:1f:59:79:54:a2:b7:fe:98:
                    f7:04:23:0f:6b:97:ed:b0:44:9f:d9:5b:bb:56:ad:
                    38:ec:f6:5d:bd:85:01:97:01:25:5b:ee:0b:80:9a:
                    d9:3c:54:5e:9a:bb:13:32:82:2a:05:18:f9:8f:4f:
                    bd:cc:5f:f0:5c:1f:af:fb:c0:f0:d0:54:ef:40:4d:
                    a4:8f:03:5a:e3:83:6f:cf:fd:2b:60:d8:eb:0b:74:
                    ea:20:ef:d5:5b:db:e4:4f:02:cf:e3:d7:4c:0e:06:
                    15:c9:0e:0b:53:ca:a5:bf:b6:fc:60:91:a2:3b:83:
                    dd:f7:5e:f1:d5:d4:52:58:45:c9:77:7b:66:49:05:
                    8e:41:58:28:f1:cc:11:15:14:ea:2e:12:2d:5d:78:
                    db:21:23:46:8d:e8:7e:45:66:1b:7d:29:b8:8c:fa:
                    a1:8a:01:55:31:72:db:f3:ff:ce:0d:3e:51:50:3f:
                    6f:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:94:9F:F0:42:30:C1:E8:B2:8F:D8:73:AE:12:06:32:A6:9C:B7:32
            X509v3 Authority Key Identifier:
                keyid:A3:CF:F0:B9:E8:72:F9:75:CC:A3:B2:3B:20:91:1C:F6:78:FF:F4:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o8_wuehy-XXMo7I7IJEc9nj_9L4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/a1c15f-8993-478d-a66d-1281823422e8/1/U5Sf8EIwweiyj9hzrhIGMqactzI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/a1c15f-8993-478d-a66d-1281823422e8/1/o8_wuehy-XXMo7I7IJEc9nj_9L4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.229.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:76:8f:8e:78:a3:50:fd:c4:1a:74:c1:8d:f1:03:fb:8a:dd:
         fb:d9:4e:ba:29:1a:07:81:0b:90:ab:24:c9:2b:65:5a:1e:ae:
         de:98:14:4e:32:c0:63:82:08:0e:a3:5b:5d:ca:9f:59:80:1c:
         36:55:d5:80:8d:56:c0:3d:50:4c:6f:93:7d:1b:1d:9f:69:c2:
         65:7f:15:ac:37:41:5d:1f:6d:71:21:b1:08:aa:61:13:ce:4a:
         b1:bf:ae:67:2c:9c:89:09:65:07:8c:70:8c:1a:a5:69:85:ce:
         d0:d3:d6:36:74:e0:c0:6e:79:23:47:9c:db:ff:b3:1c:29:9f:
         5d:d0:48:6f:53:a1:5c:ad:2c:56:f3:c8:fe:bf:25:41:2c:0c:
         7f:68:2d:db:0f:8d:9d:f5:5f:2f:b9:8f:4a:7b:35:6f:4c:64:
         65:29:f5:a3:73:48:09:7a:2a:37:b5:7f:28:b5:f3:2c:59:93:
         1f:49:ea:9d:3a:25:d6:60:4a:b4:0b:50:79:71:09:1a:f6:a4:
         eb:83:f3:dd:c9:80:15:85:ed:43:44:f5:37:b0:23:3b:8d:02:
         5f:0f:c2:13:6c:20:8b:ce:23:3a:6e:de:2e:b7:3b:62:dd:eb:
         83:fe:f5:5f:03:be:b8:cb:b6:46:4f:c8:41:2a:3e:85:0a:28:
         68:1c:75:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSyMpMntpy2ehxxtuzglPs+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzY2ZmMGI5ZTg3MmY5NzVjY2EzYjIzYjIwOTExY2Y2Nzhm
ZmY0YmUwHhcNMjUwMTI5MTMxNDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Mzk0OWZmMDQyMzBjMWU4YjI4ZmQ4NzNhZTEyMDYzMmE2OWNiNzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQvAdcrshA5l9vcEmBZJ4feOhali
mngqRJAy85etZaOXX/MIk77dLo5UToPpG444dTqUqqz08JLf4Ah3BmVuQuwzDBVG
Y6fen5ekHgbPvMCqH1l5VKK3/pj3BCMPa5ftsESf2Vu7Vq047PZdvYUBlwElW+4L
gJrZPFRemrsTMoIqBRj5j0+9zF/wXB+v+8Dw0FTvQE2kjwNa44Nvz/0rYNjrC3Tq
IO/VW9vkTwLP49dMDgYVyQ4LU8qlv7b8YJGiO4Pd917x1dRSWEXJd3tmSQWOQVgo
8cwRFRTqLhItXXjbISNGjeh+RWYbfSm4jPqhigFVMXLb8//ODT5RUD9vPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFOUn/BCMMHoso/Yc64SBjKmnLcyMB8GA1UdIwQY
MBaAFKPP8Lnocvl1zKOyOyCRHPZ4//S+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzhfd3VlaHktWFhNbzdJN0lKRWM5bmpfOUw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS9hMWMxNWYtODk5My00NzhkLWE2NmQt
MTI4MTgyMzQyMmU4LzEvVTVTZjhFSXd3ZWl5ajloenJoSUdNcWFjdHpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS9hMWMxNWYtODk5My00NzhkLWE2NmQtMTI4MTgyMzQyMmU4
LzEvbzhfd3VlaHktWFhNbzdJN0lKRWM5bmpfOUw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueWGMA0G
CSqGSIb3DQEBCwUAA4IBAQCHdo+OeKNQ/cQadMGN8QP7it372U66KRoHgQuQqyTJ
K2VaHq7emBROMsBjgggOo1tdyp9ZgBw2VdWAjVbAPVBMb5N9Gx2facJlfxWsN0Fd
H21xIbEIqmETzkqxv65nLJyJCWUHjHCMGqVphc7Q09Y2dODAbnkjR5zb/7McKZ9d
0EhvU6FcrSxW88j+vyVBLAx/aC3bD42d9V8vuY9KezVvTGRlKfWjc0gJeio3tX8o
tfMsWZMfSeqdOiXWYEq0C1B5cQka9qTrg/PdyYAVhe1DRPU3sCM7jQJfD8ITbCCL
ziM6bt4utzti3euD/vVfA764y7ZGT8hBKj6FCihoHHUP
-----END CERTIFICATE-----