Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/ce77b1-1c4d-47b0-a77b-843948cbfb81/1/UFEpRGmmgSxI-Cj4mUoULnogLh0.roa
File:                     UFEpRGmmgSxI-Cj4mUoULnogLh0.roa (raw, json)
Hash identifier:          uynyMnukvUhaVDa9YBwkcCoinwLXAu+vAC1b07ExVN4=
Subject key identifier:   50:51:29:44:69:A6:81:2C:48:F8:28:F8:99:4A:14:2E:7A:20:2E:1D
Certificate issuer:       /CN=45d34fd048b597b3e5f7da89dfe64657697e8ee3
Certificate serial:       019649140341BE91CF38248A1150F7C94D1B
Authority key identifier: 45:D3:4F:D0:48:B5:97:B3:E5:F7:DA:89:DF:E6:46:57:69:7E:8E:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RdNP0Ei1l7Pl99qJ3-ZGV2l-juM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/ce77b1-1c4d-47b0-a77b-843948cbfb81/1/UFEpRGmmgSxI-Cj4mUoULnogLh0.roa
Signing time:             Fri 18 Apr 2025 13:26:10 +0000
ROA not before:           Fri 18 Apr 2025 13:26:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        194.119.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/ce77b1-1c4d-47b0-a77b-843948cbfb81/1/RdNP0Ei1l7Pl99qJ3-ZGV2l-juM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/ce77b1-1c4d-47b0-a77b-843948cbfb81/1/RdNP0Ei1l7Pl99qJ3-ZGV2l-juM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RdNP0Ei1l7Pl99qJ3-ZGV2l-juM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 10:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:49:14:03:41:be:91:cf:38:24:8a:11:50:f7:c9:4d:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45d34fd048b597b3e5f7da89dfe64657697e8ee3
        Validity
            Not Before: Apr 18 13:26:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5051294469a6812c48f828f8994a142e7a202e1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:69:ce:64:ba:8e:cb:be:c2:0c:96:7c:43:75:
                    8f:6a:dc:a7:41:50:ad:f0:d0:25:9e:e1:74:46:5a:
                    ac:92:d4:89:9e:ab:74:05:86:84:3e:b3:e8:3e:be:
                    98:2b:24:b3:21:13:c2:d8:fe:bd:08:65:e1:22:05:
                    9a:a3:e1:14:77:8f:a3:c2:92:50:c1:3a:45:12:2e:
                    5d:e0:ab:65:7c:92:83:20:10:d7:99:c1:09:1f:11:
                    4a:1f:4b:e1:2f:53:ad:bc:a1:44:52:00:dc:4d:42:
                    77:ba:77:22:00:ff:97:2c:28:dc:e7:0c:8e:20:2b:
                    36:8f:d9:e0:bd:e8:47:d3:78:fd:21:7b:6f:87:1d:
                    1e:73:f1:e0:19:95:24:38:f0:2b:ed:10:84:c6:e6:
                    f9:a7:a1:28:3b:ca:92:5b:8f:90:3e:38:ab:12:38:
                    b0:06:15:6e:0a:26:5c:d6:23:33:cf:b1:9d:b1:38:
                    80:d2:de:9a:86:18:42:f8:87:12:10:36:a5:18:9e:
                    d1:a6:06:0e:82:d1:c4:9c:01:1e:aa:4f:97:80:95:
                    be:73:e5:1b:1c:af:9a:a9:9a:24:4f:97:65:3a:71:
                    3e:29:a5:f5:06:16:3f:99:19:77:fb:69:97:1c:a0:
                    d9:97:09:f6:05:00:08:7f:d7:41:3b:6b:b6:94:9e:
                    41:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:51:29:44:69:A6:81:2C:48:F8:28:F8:99:4A:14:2E:7A:20:2E:1D
            X509v3 Authority Key Identifier:
                keyid:45:D3:4F:D0:48:B5:97:B3:E5:F7:DA:89:DF:E6:46:57:69:7E:8E:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RdNP0Ei1l7Pl99qJ3-ZGV2l-juM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/ce77b1-1c4d-47b0-a77b-843948cbfb81/1/UFEpRGmmgSxI-Cj4mUoULnogLh0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/ce77b1-1c4d-47b0-a77b-843948cbfb81/1/RdNP0Ei1l7Pl99qJ3-ZGV2l-juM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.119.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:19:17:4e:65:8d:44:7e:1b:45:c4:66:5e:6a:36:47:bf:a9:
         59:aa:12:21:21:bd:b1:72:f2:e6:cf:4c:67:37:13:2e:1b:93:
         fd:e5:05:e6:f2:ec:08:67:77:ac:8b:66:72:69:43:a0:6e:81:
         db:b4:c3:49:79:48:de:5b:8c:f1:6c:6f:2e:ef:dd:46:6a:7e:
         64:3e:18:0b:53:28:5b:87:b2:cf:a6:b7:77:15:7b:44:e8:aa:
         b0:55:06:d5:c3:33:47:23:e4:4a:7b:f2:25:3e:76:bd:ad:8d:
         3d:28:7f:9a:0e:b8:5f:1e:b2:c8:c9:ee:6c:ee:af:79:82:cb:
         b4:55:75:a9:2b:07:e4:4d:3f:e3:8b:c6:f0:e2:ba:6a:ce:9e:
         15:10:e9:d4:f0:2b:5c:97:b6:41:d9:ea:02:37:aa:64:27:84:
         74:c8:47:28:f7:7b:d0:0a:ae:89:bb:ad:f7:bd:53:d7:18:40:
         dc:95:6d:07:17:e3:b5:01:33:4e:cd:51:b5:8a:bf:3c:a2:fa:
         b4:a6:66:c7:d2:4b:6a:0f:02:d8:3c:46:92:f2:58:d3:61:cc:
         46:f9:54:e2:22:4a:f3:0a:2f:71:28:57:6d:13:b6:c2:b3:66:
         58:99:4b:0b:28:2c:7c:3e:c0:71:36:ca:22:81:42:31:55:1d:
         76:9a:3a:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZJFANBvpHPOCSKEVD3yU0bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1ZDM0ZmQwNDhiNTk3YjNlNWY3ZGE4OWRmZTY0NjU3Njk3
ZThlZTMwHhcNMjUwNDE4MTMyNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDUxMjk0NDY5YTY4MTJjNDhmODI4Zjg5OTRhMTQyZTdhMjAyZTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmGnOZLqOy77CDJZ8Q3WPatynQVCt
8NAlnuF0RlqsktSJnqt0BYaEPrPoPr6YKySzIRPC2P69CGXhIgWao+EUd4+jwpJQ
wTpFEi5d4KtlfJKDIBDXmcEJHxFKH0vhL1OtvKFEUgDcTUJ3unciAP+XLCjc5wyO
ICs2j9ngvehH03j9IXtvhx0ec/HgGZUkOPAr7RCExub5p6EoO8qSW4+QPjirEjiw
BhVuCiZc1iMzz7GdsTiA0t6ahhhC+IcSEDalGJ7RpgYOgtHEnAEeqk+XgJW+c+Ub
HK+aqZokT5dlOnE+KaX1BhY/mRl3+2mXHKDZlwn2BQAIf9dBO2u2lJ5BUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFBRKURppoEsSPgo+JlKFC56IC4dMB8GA1UdIwQY
MBaAFEXTT9BItZez5ffaid/mRldpfo7jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmROUDBFaTFsN1BsOTlxSjMtWkdWMmwtanVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9jZTc3YjEtMWM0ZC00N2IwLWE3N2It
ODQzOTQ4Y2JmYjgxLzEvVUZFcFJHbW1nU3hJLUNqNG1Vb1VMbm9nTGgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9jZTc3YjEtMWM0ZC00N2IwLWE3N2ItODQzOTQ4Y2JmYjgx
LzEvUmROUDBFaTFsN1BsOTlxSjMtWkdWMmwtanVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwndGMA0G
CSqGSIb3DQEBCwUAA4IBAQBXGRdOZY1EfhtFxGZeajZHv6lZqhIhIb2xcvLmz0xn
NxMuG5P95QXm8uwIZ3esi2ZyaUOgboHbtMNJeUjeW4zxbG8u791Gan5kPhgLUyhb
h7LPprd3FXtE6KqwVQbVwzNHI+RKe/IlPna9rY09KH+aDrhfHrLIye5s7q95gsu0
VXWpKwfkTT/ji8bw4rpqzp4VEOnU8Ctcl7ZB2eoCN6pkJ4R0yEco93vQCq6Ju633
vVPXGEDclW0HF+O1ATNOzVG1ir88ovq0pmbH0ktqDwLYPEaS8ljTYcxG+VTiIkrz
Ci9xKFdtE7bCs2ZYmUsLKCx8PsBxNsoigUIxVR12mjpw
-----END CERTIFICATE-----