Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/7cc6ea-774a-4876-84f9-304d2191a4f3/1/UojdXawnx16jHvQuUPhyRGr9AUA.roa
File:                     UojdXawnx16jHvQuUPhyRGr9AUA.roa (raw, json)
Hash identifier:          Hr78TmcOhe37IFpeiMzuuAac0/dugWioMJ66bJbp/E8=
Subject key identifier:   52:88:DD:5D:AC:27:C7:5E:A3:1E:F4:2E:50:F8:72:44:6A:FD:01:40
Certificate issuer:       /CN=656d33c5f16e3cdd960ae05c80d9f6f36fc553f2
Certificate serial:       0194236915648B9871CFEA635B98541B5978
Authority key identifier: 65:6D:33:C5:F1:6E:3C:DD:96:0A:E0:5C:80:D9:F6:F3:6F:C5:53:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZW0zxfFuPN2WCuBcgNn282_FU_I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/7cc6ea-774a-4876-84f9-304d2191a4f3/1/UojdXawnx16jHvQuUPhyRGr9AUA.roa
Signing time:             Wed 01 Jan 2025 19:47:56 +0000
ROA not before:           Wed 01 Jan 2025 19:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        185.219.146.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/7cc6ea-774a-4876-84f9-304d2191a4f3/1/ZW0zxfFuPN2WCuBcgNn282_FU_I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/7cc6ea-774a-4876-84f9-304d2191a4f3/1/ZW0zxfFuPN2WCuBcgNn282_FU_I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZW0zxfFuPN2WCuBcgNn282_FU_I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:15:64:8b:98:71:cf:ea:63:5b:98:54:1b:59:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=656d33c5f16e3cdd960ae05c80d9f6f36fc553f2
        Validity
            Not Before: Jan  1 19:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5288dd5dac27c75ea31ef42e50f872446afd0140
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:91:74:d9:b9:13:11:3f:c7:80:ca:00:47:b0:
                    7c:d5:5d:d2:c0:f3:71:b9:59:cf:fc:19:67:1a:07:
                    95:cf:ef:f6:1e:79:af:0c:e9:3b:93:59:fb:6d:67:
                    db:5a:6d:d5:ea:66:ae:70:f6:0b:8c:3c:ee:af:55:
                    c7:b4:62:3b:16:5d:4a:02:36:a2:dd:dd:1a:e7:52:
                    10:91:20:ce:64:68:1b:4b:df:ea:20:ae:3b:b8:1e:
                    5e:fe:ce:8a:cc:0c:4e:8a:6e:d3:2b:fd:58:6a:0d:
                    4e:42:d6:fe:2b:1c:ac:d7:01:55:34:5e:cb:fc:82:
                    12:1c:be:e3:ff:fe:d2:b9:7e:cf:4d:3d:b4:c7:db:
                    50:dd:b9:3b:eb:df:ed:be:99:08:3e:e0:d7:70:88:
                    bc:06:32:be:93:f6:f7:e0:dd:a7:63:44:f4:43:ea:
                    36:dc:c6:10:39:bb:93:08:49:c2:d6:6a:83:7a:85:
                    39:e0:8b:7e:ac:7c:43:d8:db:9f:32:66:bc:19:16:
                    b8:d7:12:64:43:10:36:0c:ab:de:93:52:29:c2:35:
                    93:f2:4e:ad:8f:6c:1c:4f:01:ae:f8:1c:0d:35:20:
                    7e:a5:bb:b0:06:23:07:43:07:1b:c8:0e:68:ea:71:
                    0e:69:20:3b:68:bd:8e:74:75:06:39:8d:f2:db:1c:
                    02:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:88:DD:5D:AC:27:C7:5E:A3:1E:F4:2E:50:F8:72:44:6A:FD:01:40
            X509v3 Authority Key Identifier:
                keyid:65:6D:33:C5:F1:6E:3C:DD:96:0A:E0:5C:80:D9:F6:F3:6F:C5:53:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZW0zxfFuPN2WCuBcgNn282_FU_I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/7cc6ea-774a-4876-84f9-304d2191a4f3/1/UojdXawnx16jHvQuUPhyRGr9AUA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/7cc6ea-774a-4876-84f9-304d2191a4f3/1/ZW0zxfFuPN2WCuBcgNn282_FU_I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.219.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         71:b7:38:4f:9a:1a:4b:a7:ca:e7:30:28:c1:64:6e:61:69:e0:
         19:58:1c:41:a7:75:7d:11:1d:9f:a7:15:a4:b2:1d:2b:35:9d:
         81:94:54:b0:3e:41:e6:98:a7:95:ef:1e:5e:a8:33:7f:47:c5:
         b9:e9:c1:e4:37:2f:46:10:40:13:96:04:c8:72:0b:bb:96:ea:
         cc:56:0b:fd:9d:36:5c:01:18:44:7c:e2:72:d5:7d:9b:4a:2c:
         0d:3f:2d:62:16:82:5b:65:9f:e7:75:00:48:98:4c:57:a0:86:
         09:40:ab:3d:83:98:90:0d:f5:d4:be:f8:36:8b:a2:5a:a0:cb:
         2e:66:db:6d:2d:0c:dc:a6:8e:5d:c8:fc:f5:d0:8b:69:41:45:
         84:7d:4e:71:b2:24:86:8d:e0:d9:13:4b:4a:10:28:79:cd:cc:
         ad:97:34:49:ee:f2:dc:ef:6c:93:f5:9f:be:18:63:5b:65:aa:
         f1:64:d4:a1:40:0a:c1:9f:e7:42:3b:ce:f4:cf:cf:8e:8e:53:
         88:15:35:a7:13:76:e9:a7:0c:b5:b3:31:e7:23:9f:da:bb:c0:
         16:51:03:2a:ba:fd:83:fd:28:f9:57:97:e3:93:d9:c9:da:86:
         dd:3f:3d:95:30:b4:7a:61:af:fd:a3:3c:c9:13:7d:99:73:dc:
         37:23:4c:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaRVki5hxz+pjW5hUG1l4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1NmQzM2M1ZjE2ZTNjZGQ5NjBhZTA1YzgwZDlmNmYzNmZj
NTUzZjIwHhcNMjUwMTAxMTk0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Mjg4ZGQ1ZGFjMjdjNzVlYTMxZWY0MmU1MGY4NzI0NDZhZmQwMTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZF02bkTET/HgMoAR7B81V3SwPNx
uVnP/BlnGgeVz+/2HnmvDOk7k1n7bWfbWm3V6maucPYLjDzur1XHtGI7Fl1KAjai
3d0a51IQkSDOZGgbS9/qIK47uB5e/s6KzAxOim7TK/1Yag1OQtb+Kxys1wFVNF7L
/IISHL7j//7SuX7PTT20x9tQ3bk769/tvpkIPuDXcIi8BjK+k/b34N2nY0T0Q+o2
3MYQObuTCEnC1mqDeoU54It+rHxD2NufMma8GRa41xJkQxA2DKvek1IpwjWT8k6t
j2wcTwGu+BwNNSB+pbuwBiMHQwcbyA5o6nEOaSA7aL2OdHUGOY3y2xwCNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFKI3V2sJ8deox70LlD4ckRq/QFAMB8GA1UdIwQY
MBaAFGVtM8XxbjzdlgrgXIDZ9vNvxVPyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlcwenhmRnVQTjJXQ3VCY2dObjI4Ml9GVV9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy83Y2M2ZWEtNzc0YS00ODc2LTg0Zjkt
MzA0ZDIxOTFhNGYzLzEvVW9qZFhhd254MTZqSHZRdVVQaHlSR3I5QVVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy83Y2M2ZWEtNzc0YS00ODc2LTg0ZjktMzA0ZDIxOTFhNGYz
LzEvWlcwenhmRnVQTjJXQ3VCY2dObjI4Ml9GVV9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuduSMA0G
CSqGSIb3DQEBCwUAA4IBAQBxtzhPmhpLp8rnMCjBZG5haeAZWBxBp3V9ER2fpxWk
sh0rNZ2BlFSwPkHmmKeV7x5eqDN/R8W56cHkNy9GEEATlgTIcgu7lurMVgv9nTZc
ARhEfOJy1X2bSiwNPy1iFoJbZZ/ndQBImExXoIYJQKs9g5iQDfXUvvg2i6JaoMsu
ZtttLQzcpo5dyPz10ItpQUWEfU5xsiSGjeDZE0tKECh5zcytlzRJ7vLc72yT9Z++
GGNbZarxZNShQArBn+dCO870z8+OjlOIFTWnE3bppwy1szHnI5/au8AWUQMquv2D
/Sj5V5fjk9nJ2obdPz2VMLR6Ya/9ozzJE32Zc9w3I0wq
-----END CERTIFICATE-----