Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/510c3b-f870-476b-a163-9d392eee0f66/1/uZh2AnZNpwJzqGeqyj0Ta39MeXQ.roa
File:                     uZh2AnZNpwJzqGeqyj0Ta39MeXQ.roa (raw, json)
Hash identifier:          PADIK4DMoDtHYMc5TV7G7ovGq5+PPvnIxnFG/DxJSjE=
Subject key identifier:   B9:98:76:02:76:4D:A7:02:73:A8:67:AA:CA:3D:13:6B:7F:4C:79:74
Certificate issuer:       /CN=1808bf7fe48b057f9f2f3d5d1a6310fd9e14c571
Certificate serial:       0196AE9657290FBABA9954BE29A2AB12C9CD
Authority key identifier: 18:08:BF:7F:E4:8B:05:7F:9F:2F:3D:5D:1A:63:10:FD:9E:14:C5:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GAi_f-SLBX-fLz1dGmMQ_Z4UxXE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/510c3b-f870-476b-a163-9d392eee0f66/1/uZh2AnZNpwJzqGeqyj0Ta39MeXQ.roa
Signing time:             Thu 08 May 2025 06:30:10 +0000
ROA not before:           Thu 08 May 2025 06:30:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     393406
IP address blocks:        5.42.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/510c3b-f870-476b-a163-9d392eee0f66/1/GAi_f-SLBX-fLz1dGmMQ_Z4UxXE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/510c3b-f870-476b-a163-9d392eee0f66/1/GAi_f-SLBX-fLz1dGmMQ_Z4UxXE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GAi_f-SLBX-fLz1dGmMQ_Z4UxXE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ae:96:57:29:0f:ba:ba:99:54:be:29:a2:ab:12:c9:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1808bf7fe48b057f9f2f3d5d1a6310fd9e14c571
        Validity
            Not Before: May  8 06:30:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b9987602764da70273a867aaca3d136b7f4c7974
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:83:cd:70:b1:53:84:96:82:d3:f8:a1:f3:68:
                    70:e9:2b:c8:cf:7c:e7:98:0a:cf:db:b1:58:dd:cd:
                    ba:54:21:78:ef:a3:70:44:be:1f:7f:3c:77:e9:2c:
                    cc:7f:08:49:06:cb:77:03:de:bf:4b:02:52:94:67:
                    84:34:00:86:a7:84:bd:7d:c2:67:7a:87:a0:b5:c6:
                    de:c0:10:5e:99:cc:b5:fe:dd:60:ed:24:da:fc:8f:
                    58:19:b4:d8:4c:7e:a3:a0:42:95:e9:4b:b7:cc:20:
                    80:38:45:5b:5b:51:92:a8:07:62:31:fa:2a:22:fc:
                    ec:2c:b9:8f:50:9d:83:76:68:84:7d:0b:72:83:c6:
                    74:81:65:4b:40:7e:0c:4f:80:29:d8:9b:64:12:ce:
                    ca:c3:7b:3f:cf:47:49:a1:5b:9e:9b:7e:f4:29:31:
                    c4:37:c3:7c:54:e1:4a:68:30:91:86:5e:04:b6:a0:
                    df:33:2f:57:38:a7:96:ca:49:a7:95:a4:d3:4b:75:
                    4e:e5:43:e0:d6:bf:3e:9c:4f:ec:a3:43:fe:27:d0:
                    93:de:b2:d0:5c:9d:c6:64:f2:9a:2a:61:91:a7:53:
                    b5:9c:0f:e9:a9:32:94:bd:3a:63:1d:0c:61:af:d0:
                    9a:f9:25:65:43:9b:15:fe:af:de:ab:c0:36:3e:27:
                    45:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:98:76:02:76:4D:A7:02:73:A8:67:AA:CA:3D:13:6B:7F:4C:79:74
            X509v3 Authority Key Identifier:
                keyid:18:08:BF:7F:E4:8B:05:7F:9F:2F:3D:5D:1A:63:10:FD:9E:14:C5:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GAi_f-SLBX-fLz1dGmMQ_Z4UxXE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/510c3b-f870-476b-a163-9d392eee0f66/1/uZh2AnZNpwJzqGeqyj0Ta39MeXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/510c3b-f870-476b-a163-9d392eee0f66/1/GAi_f-SLBX-fLz1dGmMQ_Z4UxXE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:96:e6:a1:ff:b6:9e:19:cc:c2:96:8a:ee:91:af:7a:de:43:
         00:ea:2b:26:2e:3c:01:8a:94:74:21:ef:a4:05:30:b1:0a:ac:
         19:8a:e0:e2:3e:81:4d:2c:54:d6:6c:f7:50:81:73:b1:36:f1:
         c9:21:83:aa:54:33:dc:56:13:d1:21:00:7f:83:f0:7f:d4:a7:
         47:9a:89:04:99:16:09:0e:f1:1a:ab:8c:fc:5f:00:8a:3b:65:
         aa:14:65:07:99:99:01:13:c3:93:d5:48:ea:aa:51:14:5c:1a:
         70:fe:c5:eb:f3:5f:cd:68:70:24:e2:35:e0:8d:f9:95:64:91:
         84:9b:1b:24:ae:0b:13:e2:ad:69:37:58:1c:02:88:21:d8:4b:
         49:12:29:d5:84:eb:e5:f7:59:d5:d6:59:c1:3c:fc:70:7d:8c:
         cb:d5:11:b7:30:33:d5:85:5b:db:e3:d1:0a:46:64:0c:81:57:
         83:74:06:a1:68:f1:0b:32:f5:75:e1:b4:de:30:64:b0:f8:ce:
         f6:73:05:9d:50:ba:46:97:49:91:43:71:77:7e:4b:b0:9e:ca:
         77:41:c6:d8:5e:06:20:60:27:31:b3:97:e7:e7:77:16:a4:2f:
         f0:7c:c2:a0:91:3f:8c:7c:ad:b7:66:f7:56:22:cf:7b:9e:58:
         83:87:4c:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaullcpD7q6mVS+KaKrEsnNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MDhiZjdmZTQ4YjA1N2Y5ZjJmM2Q1ZDFhNjMxMGZkOWUx
NGM1NzEwHhcNMjUwNTA4MDYzMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTk4NzYwMjc2NGRhNzAyNzNhODY3YWFjYTNkMTM2YjdmNGM3OTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsoPNcLFThJaC0/ih82hw6SvIz3zn
mArP27FY3c26VCF476NwRL4ffzx36SzMfwhJBst3A96/SwJSlGeENACGp4S9fcJn
eoegtcbewBBemcy1/t1g7STa/I9YGbTYTH6joEKV6Uu3zCCAOEVbW1GSqAdiMfoq
IvzsLLmPUJ2DdmiEfQtyg8Z0gWVLQH4MT4Ap2JtkEs7Kw3s/z0dJoVuem370KTHE
N8N8VOFKaDCRhl4EtqDfMy9XOKeWykmnlaTTS3VO5UPg1r8+nE/so0P+J9CT3rLQ
XJ3GZPKaKmGRp1O1nA/pqTKUvTpjHQxhr9Ca+SVlQ5sV/q/eq8A2PidF8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLmYdgJ2TacCc6hnqso9E2t/THl0MB8GA1UdIwQY
MBaAFBgIv3/kiwV/ny89XRpjEP2eFMVxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0FpX2YtU0xCWC1mTHoxZEdtTVFfWjRVeFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC81MTBjM2ItZjg3MC00NzZiLWExNjMt
OWQzOTJlZWUwZjY2LzEvdVpoMkFuWk5wd0p6cUdlcXlqMFRhMzlNZVhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC81MTBjM2ItZjg3MC00NzZiLWExNjMtOWQzOTJlZWUwZjY2
LzEvR0FpX2YtU0xCWC1mTHoxZEdtTVFfWjRVeFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABSrLMA0G
CSqGSIb3DQEBCwUAA4IBAQAyluah/7aeGczCloruka963kMA6ismLjwBipR0Ie+k
BTCxCqwZiuDiPoFNLFTWbPdQgXOxNvHJIYOqVDPcVhPRIQB/g/B/1KdHmokEmRYJ
DvEaq4z8XwCKO2WqFGUHmZkBE8OT1UjqqlEUXBpw/sXr81/NaHAk4jXgjfmVZJGE
mxskrgsT4q1pN1gcAogh2EtJEinVhOvl91nV1lnBPPxwfYzL1RG3MDPVhVvb49EK
RmQMgVeDdAahaPELMvV14bTeMGSw+M72cwWdULpGl0mRQ3F3fkuwnsp3QcbYXgYg
YCcxs5fn53cWpC/wfMKgkT+MfK23ZvdWIs97nliDh0z+
-----END CERTIFICATE-----