Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/UvStM4C1ON_TEAMmg9fq6hc82Uc.roa
File:                     UvStM4C1ON_TEAMmg9fq6hc82Uc.roa (raw, json)
Hash identifier:          SlY+Lo/28hKqzsNd1ppkCdNrUf1TTtSn6aZkBUTvj7I=
Subject key identifier:   52:F4:AD:33:80:B5:38:DF:D3:10:03:26:83:D7:EA:EA:17:3C:D9:47
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       01966B6654DC8D90A28D159150457FFE287B
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/UvStM4C1ON_TEAMmg9fq6hc82Uc.roa
Signing time:             Fri 25 Apr 2025 05:23:10 +0000
ROA not before:           Fri 25 Apr 2025 05:23:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7029
IP address blocks:        89.46.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:6b:66:54:dc:8d:90:a2:8d:15:91:50:45:7f:fe:28:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Apr 25 05:23:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=52f4ad3380b538dfd310032683d7eaea173cd947
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:9c:d7:0c:9c:cb:90:03:f8:c8:02:03:4b:52:
                    ec:d7:56:c2:15:b9:72:87:3d:92:75:98:67:98:87:
                    e6:78:96:b2:a0:2e:d6:db:21:fb:68:40:85:31:65:
                    f8:7e:d7:e9:d1:71:74:42:92:c2:ac:65:c5:59:8c:
                    ed:74:0e:7b:58:90:e4:c2:f6:b2:ae:a8:52:e8:0c:
                    ac:b4:58:f4:2c:61:68:fa:97:e4:8b:ac:3f:3d:61:
                    c1:67:3e:45:31:7e:f7:8b:e0:e1:29:2a:8f:ee:59:
                    b0:af:09:5e:8e:7e:19:18:48:96:7c:b6:9f:42:8e:
                    79:24:fd:2c:3b:d9:e1:f0:2e:5b:91:8c:f8:08:8d:
                    7d:09:51:dc:36:bc:f4:03:28:84:69:26:2c:83:4f:
                    c1:72:6c:a1:f5:f2:3e:2a:d4:24:e0:9b:28:64:e2:
                    20:0d:15:8d:3e:cb:cc:7a:5b:5e:f1:0b:44:98:27:
                    a0:ca:f3:cd:82:8c:b6:8b:a9:40:09:cc:77:71:83:
                    83:fb:d8:07:6e:4d:9d:3a:18:93:2b:91:d9:44:a1:
                    ec:21:e7:95:9d:7d:0a:5f:30:ed:de:25:31:fc:b6:
                    49:3b:31:f4:60:96:d2:8a:e3:8d:aa:0d:03:ec:67:
                    3a:84:d1:c6:be:8d:cd:36:1c:ca:64:71:60:07:e0:
                    04:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:F4:AD:33:80:B5:38:DF:D3:10:03:26:83:D7:EA:EA:17:3C:D9:47
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/UvStM4C1ON_TEAMmg9fq6hc82Uc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.46.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:f0:33:7d:06:37:c6:c1:d6:39:09:c4:c8:2c:57:42:36:20:
         29:c3:e2:8f:13:8b:be:de:df:81:23:f2:c4:e7:e0:5d:0f:53:
         49:0b:5a:0a:9a:61:74:c8:27:18:e4:29:59:d8:8c:37:3e:e5:
         0a:3f:9f:7c:e6:04:a5:29:d3:e1:8b:4d:af:20:25:e3:2d:34:
         9b:8f:76:3c:36:0f:a8:7c:1e:05:76:d0:3a:07:5a:6b:f7:4e:
         01:7c:51:44:2d:06:1b:4b:02:43:87:39:f4:e8:e2:26:58:d7:
         09:65:ce:c2:0b:81:50:4c:b7:a6:6a:f4:9a:8c:a1:c2:09:10:
         2e:ea:99:9e:89:28:aa:ad:d0:66:1e:68:fa:42:33:92:6a:cc:
         93:2d:d7:7d:a4:b9:4c:d2:ec:2c:17:61:00:57:d8:e6:4b:22:
         60:24:c0:93:c4:5b:2a:c3:48:7f:7b:2d:d0:d0:3f:a4:87:0e:
         df:b6:57:2a:92:53:da:db:b5:c0:db:e3:a3:b9:6e:07:7c:33:
         54:3a:d8:11:db:27:bc:90:8a:98:d8:e1:ae:f3:d2:af:42:1d:
         f7:6f:66:03:5e:10:19:33:c5:0a:8a:f4:7b:2b:b6:a6:91:d7:
         fa:09:b4:43:d1:04:45:bc:4b:65:14:c0:db:de:31:a9:77:6b:
         73:d2:51:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZrZlTcjZCijRWRUEV//ih7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjUwNDI1MDUyMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmY0YWQzMzgwYjUzOGRmZDMxMDAzMjY4M2Q3ZWFlYTE3M2NkOTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA55zXDJzLkAP4yAIDS1Ls11bCFbly
hz2SdZhnmIfmeJayoC7W2yH7aECFMWX4ftfp0XF0QpLCrGXFWYztdA57WJDkwvay
rqhS6AystFj0LGFo+pfki6w/PWHBZz5FMX73i+DhKSqP7lmwrwlejn4ZGEiWfLaf
Qo55JP0sO9nh8C5bkYz4CI19CVHcNrz0AyiEaSYsg0/Bcmyh9fI+KtQk4JsoZOIg
DRWNPsvMelte8QtEmCegyvPNgoy2i6lACcx3cYOD+9gHbk2dOhiTK5HZRKHsIeeV
nX0KXzDt3iUx/LZJOzH0YJbSiuONqg0D7Gc6hNHGvo3NNhzKZHFgB+AEoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFL0rTOAtTjf0xADJoPX6uoXPNlHMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvVXZTdE00QzFPTl9URUFNbWc5ZnE2aGM4MlVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWS4CMA0G
CSqGSIb3DQEBCwUAA4IBAQAC8DN9BjfGwdY5CcTILFdCNiApw+KPE4u+3t+BI/LE
5+BdD1NJC1oKmmF0yCcY5ClZ2Iw3PuUKP5985gSlKdPhi02vICXjLTSbj3Y8Ng+o
fB4FdtA6B1pr904BfFFELQYbSwJDhzn06OImWNcJZc7CC4FQTLemavSajKHCCRAu
6pmeiSiqrdBmHmj6QjOSasyTLdd9pLlM0uwsF2EAV9jmSyJgJMCTxFsqw0h/ey3Q
0D+khw7ftlcqklPa27XA2+OjuW4HfDNUOtgR2ye8kIqY2OGu89KvQh33b2YDXhAZ
M8UKivR7K7amkdf6CbRD0QRFvEtlFMDb3jGpd2tz0lFF
-----END CERTIFICATE-----