Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/aa037c-32ce-4406-b0bc-89949fcc7afb/1/UkvE1AtgzFaEZZjsZiVXyyLbs5o.roa
File:                     UkvE1AtgzFaEZZjsZiVXyyLbs5o.roa (raw, json)
Hash identifier:          y7S6KVTG3N2Xe5Mq5Th3G1Pm17a7WWjgGUAMC2Q3dUs=
Subject key identifier:   52:4B:C4:D4:0B:60:CC:56:84:65:98:EC:66:25:57:CB:22:DB:B3:9A
Certificate issuer:       /CN=7832d060932d4785a10ca47de8002f65c1ef33ae
Certificate serial:       01969ED91AECD665D6A2F485A140AA99CBBE
Authority key identifier: 78:32:D0:60:93:2D:47:85:A1:0C:A4:7D:E8:00:2F:65:C1:EF:33:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eDLQYJMtR4WhDKR96AAvZcHvM64.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/aa037c-32ce-4406-b0bc-89949fcc7afb/1/UkvE1AtgzFaEZZjsZiVXyyLbs5o.roa
Signing time:             Mon 05 May 2025 05:09:10 +0000
ROA not before:           Mon 05 May 2025 05:09:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50107
IP address blocks:        45.66.24.0/22 maxlen: 22
                          45.66.25.0/24 maxlen: 24
                          45.66.26.0/24 maxlen: 24
                          2a09:6140::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/aa037c-32ce-4406-b0bc-89949fcc7afb/1/eDLQYJMtR4WhDKR96AAvZcHvM64.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/aa037c-32ce-4406-b0bc-89949fcc7afb/1/eDLQYJMtR4WhDKR96AAvZcHvM64.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eDLQYJMtR4WhDKR96AAvZcHvM64.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 02:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:9e:d9:1a:ec:d6:65:d6:a2:f4:85:a1:40:aa:99:cb:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7832d060932d4785a10ca47de8002f65c1ef33ae
        Validity
            Not Before: May  5 05:09:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=524bc4d40b60cc56846598ec662557cb22dbb39a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:10:58:3c:0a:a4:1d:4b:f9:b6:1e:df:cf:43:
                    58:0b:15:4a:63:de:58:fe:15:16:95:68:f5:c0:86:
                    e8:96:9b:7a:ff:70:ea:34:26:1e:56:b9:62:82:2b:
                    0c:44:18:7c:07:44:57:39:6e:c5:a7:97:7c:a1:13:
                    ca:fe:58:4a:bd:2f:1a:56:8a:25:76:fe:ec:9e:fa:
                    c4:af:60:d1:38:cf:0f:2a:49:b9:bf:f5:ac:c3:6c:
                    05:77:0a:04:02:ee:b6:e9:e2:d3:fc:84:4b:48:13:
                    7d:59:bf:b4:7e:19:57:9d:21:11:8f:05:b4:4f:eb:
                    cd:e7:53:f0:f9:fd:96:cd:10:ad:4c:f3:87:02:e9:
                    8f:28:99:89:66:92:ed:2d:bc:9c:11:3c:b9:2f:72:
                    9c:77:b1:be:c6:7b:e6:b5:fc:a0:f7:f3:89:03:8b:
                    f8:80:8c:ee:54:78:f8:e4:e0:93:7c:5a:2a:9c:0b:
                    94:65:29:e2:ca:24:83:e9:ab:2c:6c:c8:9e:79:1c:
                    1a:d1:bb:7f:98:01:f2:ab:62:0e:a9:06:06:85:17:
                    4d:45:13:cd:3c:b2:79:fc:88:3d:9d:ff:0b:ce:f0:
                    81:8a:a1:76:6b:be:19:7e:cd:4d:f3:e6:8f:a0:68:
                    46:35:e9:8b:a8:d7:a0:5c:d2:3c:27:01:1d:d8:63:
                    77:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:4B:C4:D4:0B:60:CC:56:84:65:98:EC:66:25:57:CB:22:DB:B3:9A
            X509v3 Authority Key Identifier:
                keyid:78:32:D0:60:93:2D:47:85:A1:0C:A4:7D:E8:00:2F:65:C1:EF:33:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eDLQYJMtR4WhDKR96AAvZcHvM64.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/aa037c-32ce-4406-b0bc-89949fcc7afb/1/UkvE1AtgzFaEZZjsZiVXyyLbs5o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/aa037c-32ce-4406-b0bc-89949fcc7afb/1/eDLQYJMtR4WhDKR96AAvZcHvM64.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.24.0/22
                IPv6:
                  2a09:6140::/29

    Signature Algorithm: sha256WithRSAEncryption
         21:80:ba:c3:fa:cc:13:f4:04:79:07:05:89:c3:20:4d:c3:a2:
         03:9a:f6:dc:42:c3:49:6a:5f:9b:e8:01:5c:16:de:db:52:47:
         e5:bf:15:5c:bf:c9:64:c8:fe:3a:7f:7f:a4:fc:b1:84:0e:86:
         ca:57:e2:c5:9b:f2:5c:4d:8d:bc:83:84:f4:c1:42:11:dd:cd:
         ce:db:61:27:9a:50:5a:cc:77:8a:36:20:d6:61:ab:db:7b:b7:
         c1:53:e9:46:b0:79:2a:83:23:4e:54:f6:66:e1:44:b1:e8:72:
         09:6c:10:f4:f9:9a:a3:69:e1:fa:a3:84:74:c9:1f:14:2d:01:
         65:ec:a1:a5:bd:bb:48:f0:49:a4:e4:87:45:f1:65:68:ca:d0:
         4f:ac:d1:db:1d:23:85:e8:d5:09:c3:a3:68:ac:8d:ea:74:c8:
         5f:19:1c:07:15:ca:69:8f:d6:d4:84:3f:00:43:44:3f:db:95:
         29:6b:da:ec:af:d4:78:a1:7d:fe:b7:23:60:7e:d7:11:9b:b0:
         c3:72:12:2f:78:9b:8b:80:54:2b:d0:02:61:73:c7:54:f1:f3:
         02:71:de:e3:b4:49:a0:5a:ed:c3:3d:c6:b8:98:dc:48:15:f4:
         ef:e9:95:f1:6a:37:fb:66:92:65:53:c6:98:58:e3:58:f3:48:
         4e:2e:dd:e7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZae2Rrs1mXWovSFoUCqmcu+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4MzJkMDYwOTMyZDQ3ODVhMTBjYTQ3ZGU4MDAyZjY1YzFl
ZjMzYWUwHhcNMjUwNTA1MDUwOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjRiYzRkNDBiNjBjYzU2ODQ2NTk4ZWM2NjI1NTdjYjIyZGJiMzlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRBYPAqkHUv5th7fz0NYCxVKY95Y
/hUWlWj1wIbolpt6/3DqNCYeVrligisMRBh8B0RXOW7Fp5d8oRPK/lhKvS8aVool
dv7snvrEr2DROM8PKkm5v/Wsw2wFdwoEAu626eLT/IRLSBN9Wb+0fhlXnSERjwW0
T+vN51Pw+f2WzRCtTPOHAumPKJmJZpLtLbycETy5L3Kcd7G+xnvmtfyg9/OJA4v4
gIzuVHj45OCTfFoqnAuUZSniyiSD6assbMieeRwa0bt/mAHyq2IOqQYGhRdNRRPN
PLJ5/Ig9nf8LzvCBiqF2a74Zfs1N8+aPoGhGNemLqNegXNI8JwEd2GN3FwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFJLxNQLYMxWhGWY7GYlV8si27OaMB8GA1UdIwQY
MBaAFHgy0GCTLUeFoQykfegAL2XB7zOuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZURMUVlKTXRSNFdoREtSOTZBQXZaY0h2TTY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi9hYTAzN2MtMzJjZS00NDA2LWIwYmMt
ODk5NDlmY2M3YWZiLzEvVWt2RTFBdGd6RmFFWlpqc1ppVlh5eUxiczVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi9hYTAzN2MtMzJjZS00NDA2LWIwYmMtODk5NDlmY2M3YWZi
LzEvZURMUVlKTXRSNFdoREtSOTZBQXZaY0h2TTY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLUIYMA0E
AgACMAcDBQMqCWFAMA0GCSqGSIb3DQEBCwUAA4IBAQAhgLrD+swT9AR5BwWJwyBN
w6IDmvbcQsNJal+b6AFcFt7bUkflvxVcv8lkyP46f3+k/LGEDobKV+LFm/JcTY28
g4T0wUIR3c3O22EnmlBazHeKNiDWYavbe7fBU+lGsHkqgyNOVPZm4USx6HIJbBD0
+ZqjaeH6o4R0yR8ULQFl7KGlvbtI8Emk5IdF8WVoytBPrNHbHSOF6NUJw6NorI3q
dMhfGRwHFcppj9bUhD8AQ0Q/25Upa9rsr9R4oX3+tyNgftcRm7DDchIveJuLgFQr
0AJhc8dU8fMCcd7jtEmgWu3DPca4mNxIFfTv6ZXxajf7ZpJlU8aYWONY80hOLt3n
-----END CERTIFICATE-----