Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/129a5b-b7f6-49d0-95c2-12f9cb0a2118/1/UKX34TFCd0figIbF32wm6M0tdxE.roa
File:                     UKX34TFCd0figIbF32wm6M0tdxE.roa (raw, json)
Hash identifier:          BFLvjvBRECITaOdgL/U7OU6npGQVInzdalw4vhrK37A=
Subject key identifier:   50:A5:F7:E1:31:42:77:47:E2:80:86:C5:DF:6C:26:E8:CD:2D:77:11
Certificate issuer:       /CN=8836bd8fad393e5131a023729315b356014e6637
Certificate serial:       0194266BDD31694F49A09B555BBAD5689BF2
Authority key identifier: 88:36:BD:8F:AD:39:3E:51:31:A0:23:72:93:15:B3:56:01:4E:66:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iDa9j605PlExoCNykxWzVgFOZjc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/129a5b-b7f6-49d0-95c2-12f9cb0a2118/1/UKX34TFCd0figIbF32wm6M0tdxE.roa
Signing time:             Thu 02 Jan 2025 09:49:50 +0000
ROA not before:           Thu 02 Jan 2025 09:49:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51485
IP address blocks:        192.40.70.0/24 maxlen: 24
                          192.40.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/129a5b-b7f6-49d0-95c2-12f9cb0a2118/1/iDa9j605PlExoCNykxWzVgFOZjc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/129a5b-b7f6-49d0-95c2-12f9cb0a2118/1/iDa9j605PlExoCNykxWzVgFOZjc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iDa9j605PlExoCNykxWzVgFOZjc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:dd:31:69:4f:49:a0:9b:55:5b:ba:d5:68:9b:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8836bd8fad393e5131a023729315b356014e6637
        Validity
            Not Before: Jan  2 09:49:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=50a5f7e131427747e28086c5df6c26e8cd2d7711
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:fd:c4:cd:48:71:4c:57:c2:6f:73:f8:00:2a:
                    15:b1:97:68:3e:99:29:11:c0:f7:41:df:fa:b2:cb:
                    6c:d9:8c:d2:8c:dd:d8:ef:dc:c4:d5:53:00:8f:63:
                    d9:ef:c5:38:3d:5d:3d:a8:1f:80:01:94:6b:47:1a:
                    aa:e8:f7:00:7d:05:06:12:a1:2d:a8:64:a3:9f:60:
                    72:af:14:33:53:ae:73:15:36:d1:ca:c5:83:11:5c:
                    7a:35:d3:05:12:c0:f5:3a:d3:53:12:7f:93:04:6c:
                    29:73:79:b5:3a:84:47:26:12:1e:47:7a:12:d1:b5:
                    4c:78:1a:95:59:57:71:96:5c:cd:7f:e1:f7:64:b2:
                    b7:a4:95:08:e3:34:1d:7d:8b:0d:47:90:54:18:21:
                    77:8d:9a:be:32:3f:78:08:7a:16:d5:5a:86:61:54:
                    e7:c1:d1:07:0a:cd:99:3a:88:6e:fd:ac:2f:3c:8d:
                    a9:8a:6a:a6:c3:45:75:9a:2b:d0:6e:82:a1:03:d2:
                    89:9c:3a:2f:1c:b7:0b:ea:4b:27:83:08:60:b6:e7:
                    e9:1f:3e:50:2f:8a:00:80:ca:66:4f:26:b2:72:2c:
                    96:9d:5b:9c:f5:03:c0:10:00:40:79:ad:bd:62:04:
                    4f:0c:e5:03:7c:d6:c8:f6:1d:f8:78:f7:9d:cd:f5:
                    18:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:A5:F7:E1:31:42:77:47:E2:80:86:C5:DF:6C:26:E8:CD:2D:77:11
            X509v3 Authority Key Identifier:
                keyid:88:36:BD:8F:AD:39:3E:51:31:A0:23:72:93:15:B3:56:01:4E:66:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iDa9j605PlExoCNykxWzVgFOZjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/129a5b-b7f6-49d0-95c2-12f9cb0a2118/1/UKX34TFCd0figIbF32wm6M0tdxE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/129a5b-b7f6-49d0-95c2-12f9cb0a2118/1/iDa9j605PlExoCNykxWzVgFOZjc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.40.70.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ad:08:eb:cf:5e:19:79:b8:99:70:cd:63:1d:79:0d:fa:71:64:
         cd:51:26:b7:6b:9a:b4:10:17:c2:55:7b:2b:e5:ed:3f:68:ed:
         e9:bd:f3:0a:8f:d8:96:8c:bf:77:af:e1:32:0e:8a:60:6d:80:
         3e:ee:1b:b2:40:29:35:8f:e9:dc:1e:82:68:60:35:0d:14:a6:
         44:82:63:d3:fb:bc:ef:76:5b:17:76:18:e4:17:34:8d:c2:35:
         21:1f:e9:a8:f4:1f:e5:e0:6b:84:f0:01:dc:d4:06:0f:6c:da:
         0b:05:ca:90:67:fc:aa:90:df:9e:ea:23:87:80:09:24:21:81:
         c1:2e:63:49:aa:1b:1b:d1:1c:5a:be:13:02:7a:0c:01:38:67:
         58:ba:26:b9:d3:06:36:f5:e0:ce:87:97:19:b1:de:c7:ef:eb:
         fe:36:ce:a2:fe:d2:eb:19:4c:93:ab:88:51:b3:2c:4c:c2:e2:
         79:c6:56:8a:05:62:70:9e:89:1e:8c:e6:70:73:8f:50:3e:d5:
         26:56:72:85:c9:12:bf:02:38:c5:7d:71:76:71:e4:6b:98:22:
         bf:35:be:5e:8b:43:0f:12:2b:e1:31:df:87:2f:c9:fd:6a:af:
         20:01:ec:0a:1a:af:33:4e:40:5a:e1:a4:b3:57:9a:4c:a8:0e:
         6f:69:f5:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma90xaU9JoJtVW7rVaJvyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4MzZiZDhmYWQzOTNlNTEzMWEwMjM3MjkzMTViMzU2MDE0
ZTY2MzcwHhcNMjUwMTAyMDk0OTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGE1ZjdlMTMxNDI3NzQ3ZTI4MDg2YzVkZjZjMjZlOGNkMmQ3NzExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzf3EzUhxTFfCb3P4ACoVsZdoPpkp
EcD3Qd/6ssts2YzSjN3Y79zE1VMAj2PZ78U4PV09qB+AAZRrRxqq6PcAfQUGEqEt
qGSjn2ByrxQzU65zFTbRysWDEVx6NdMFEsD1OtNTEn+TBGwpc3m1OoRHJhIeR3oS
0bVMeBqVWVdxllzNf+H3ZLK3pJUI4zQdfYsNR5BUGCF3jZq+Mj94CHoW1VqGYVTn
wdEHCs2ZOohu/awvPI2pimqmw0V1mivQboKhA9KJnDovHLcL6ksngwhgtufpHz5Q
L4oAgMpmTyayciyWnVuc9QPAEABAea29YgRPDOUDfNbI9h34ePedzfUYGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFCl9+ExQndH4oCGxd9sJujNLXcRMB8GA1UdIwQY
MBaAFIg2vY+tOT5RMaAjcpMVs1YBTmY3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaURhOWo2MDVQbEV4b0NOeWt4V3pWZ0ZPWmpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi8xMjlhNWItYjdmNi00OWQwLTk1YzIt
MTJmOWNiMGEyMTE4LzEvVUtYMzRURkNkMGZpZ0liRjMyd202TTB0ZHhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi8xMjlhNWItYjdmNi00OWQwLTk1YzItMTJmOWNiMGEyMTE4
LzEvaURhOWo2MDVQbEV4b0NOeWt4V3pWZ0ZPWmpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwChGMA0G
CSqGSIb3DQEBCwUAA4IBAQCtCOvPXhl5uJlwzWMdeQ36cWTNUSa3a5q0EBfCVXsr
5e0/aO3pvfMKj9iWjL93r+EyDopgbYA+7huyQCk1j+ncHoJoYDUNFKZEgmPT+7zv
dlsXdhjkFzSNwjUhH+mo9B/l4GuE8AHc1AYPbNoLBcqQZ/yqkN+e6iOHgAkkIYHB
LmNJqhsb0RxavhMCegwBOGdYuia50wY29eDOh5cZsd7H7+v+Ns6i/tLrGUyTq4hR
syxMwuJ5xlaKBWJwnokejOZwc49QPtUmVnKFyRK/AjjFfXF2ceRrmCK/Nb5ei0MP
EivhMd+HL8n9aq8gAewKGq8zTkBa4aSzV5pMqA5vafU7
-----END CERTIFICATE-----