Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/Uam3fdY-U_8FUcIs9C1Cu9j0kXU.roa
File:                     Uam3fdY-U_8FUcIs9C1Cu9j0kXU.roa (raw, json)
Hash identifier:          lAwNykQezUevV1G5+PHKNJlIk5Yd8h58FItNjQ6jmrw=
Subject key identifier:   51:A9:B7:7D:D6:3E:53:FF:05:51:C2:2C:F4:2D:42:BB:D8:F4:91:75
Certificate issuer:       /CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
Certificate serial:       0196919177DF40A3B0FC337C4FB33379A37F
Authority key identifier: 8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/Uam3fdY-U_8FUcIs9C1Cu9j0kXU.roa
Signing time:             Fri 02 May 2025 15:15:51 +0000
ROA not before:           Fri 02 May 2025 15:15:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209986
IP address blocks:        94.131.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 15 May 2025 06:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:91:91:77:df:40:a3:b0:fc:33:7c:4f:b3:33:79:a3:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
        Validity
            Not Before: May  2 15:15:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=51a9b77dd63e53ff0551c22cf42d42bbd8f49175
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:21:a2:58:b9:1d:b5:b8:03:3c:50:48:cb:13:
                    f8:5b:47:eb:2c:2f:f4:6d:52:2a:a1:79:00:11:01:
                    b1:7d:29:46:42:9c:ca:ba:9e:10:16:d8:d4:46:d8:
                    d2:ba:5c:98:c5:5c:eb:fd:90:b8:c6:a8:28:b1:e6:
                    24:44:bb:f3:94:e2:73:a9:fa:89:2a:8f:97:ff:9b:
                    1d:f3:7c:66:66:5a:4f:b6:b2:65:10:d3:7d:87:09:
                    99:13:f0:7b:24:12:1a:b5:01:d0:90:94:08:8b:df:
                    8f:73:56:9a:a9:c7:30:cc:11:fd:f7:8f:14:8b:67:
                    b3:63:4e:c6:74:78:a1:ac:f2:98:71:b1:be:08:27:
                    5b:2f:bf:38:af:44:63:3f:57:01:9f:81:c4:14:38:
                    87:0d:05:17:5e:06:7f:cb:ad:35:ce:e7:9c:45:ca:
                    10:41:be:0f:34:e4:58:5b:f0:27:ea:84:1c:98:49:
                    da:41:23:77:77:b4:1b:fa:8d:5e:4d:dc:cc:30:d7:
                    8f:74:86:98:cd:75:fb:95:aa:4d:6b:df:ef:28:3c:
                    c0:d3:11:b8:82:dd:3b:b0:e5:e4:02:3c:f6:8e:d8:
                    9d:f8:65:07:eb:e5:26:a1:69:ca:01:77:e6:ff:99:
                    fc:d9:a4:f8:a7:8a:39:0a:d9:06:c8:73:ac:9a:84:
                    72:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:A9:B7:7D:D6:3E:53:FF:05:51:C2:2C:F4:2D:42:BB:D8:F4:91:75
            X509v3 Authority Key Identifier:
                keyid:8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/Uam3fdY-U_8FUcIs9C1Cu9j0kXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:16:ef:6b:26:4d:36:a4:6b:32:91:8e:ca:c4:3e:8a:43:e4:
         e6:ef:67:03:8b:74:99:57:ee:f7:28:2c:ac:10:71:9c:ce:07:
         6a:7d:d8:79:e9:16:46:3a:1a:d8:1f:a1:e6:6f:61:bd:0d:ea:
         40:b4:c2:8b:15:fc:81:63:a1:6e:0e:16:0a:09:ea:e9:3e:be:
         91:a6:54:15:c7:06:ba:fa:a1:6f:cf:ae:62:68:35:20:90:dd:
         b8:0f:3f:ae:34:53:ef:ec:b7:49:31:af:4a:4b:2e:94:d6:25:
         32:0b:50:09:7e:bb:f8:a7:4b:60:61:58:da:f1:0f:5a:1a:e4:
         39:c6:92:cb:45:58:16:20:7a:9c:f7:b9:8a:f6:a4:d8:c8:bd:
         d6:72:13:99:6a:44:5c:1f:2e:43:cc:a4:bb:10:24:d3:2e:6e:
         fb:cf:4f:f7:07:6c:2d:2f:16:ad:96:c6:1a:74:b9:87:5c:29:
         76:6e:b7:44:75:3e:87:74:61:92:3f:b6:47:2f:d2:86:c3:e5:
         70:58:ba:f3:ac:18:fb:e2:f0:8d:a6:60:f0:60:b5:b7:1c:a4:
         d9:c4:bd:32:92:ee:a2:a8:33:84:30:6b:1c:be:8a:22:de:77:
         73:6f:86:b0:1a:a2:63:71:5e:0e:e8:a2:7d:72:5a:4a:88:92:
         6a:04:3f:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaRkXffQKOw/DN8T7MzeaN/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYjQ0MWRhZGJiZWNiNjk2NWQ0ZWExZjA0NmNjNWM4ZTI4
ODE3ZmMwHhcNMjUwNTAyMTUxNTUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWE5Yjc3ZGQ2M2U1M2ZmMDU1MWMyMmNmNDJkNDJiYmQ4ZjQ5MTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvCGiWLkdtbgDPFBIyxP4W0frLC/0
bVIqoXkAEQGxfSlGQpzKup4QFtjURtjSulyYxVzr/ZC4xqgoseYkRLvzlOJzqfqJ
Ko+X/5sd83xmZlpPtrJlENN9hwmZE/B7JBIatQHQkJQIi9+Pc1aaqccwzBH9948U
i2ezY07GdHihrPKYcbG+CCdbL784r0RjP1cBn4HEFDiHDQUXXgZ/y601zuecRcoQ
Qb4PNORYW/An6oQcmEnaQSN3d7Qb+o1eTdzMMNePdIaYzXX7lapNa9/vKDzA0xG4
gt07sOXkAjz2jtid+GUH6+UmoWnKAXfm/5n82aT4p4o5CtkGyHOsmoRy5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFGpt33WPlP/BVHCLPQtQrvY9JF1MB8GA1UdIwQY
MBaAFI60QdrbvstpZdTqHwRsxcjiiBf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmIt
NDZiOTQ5MDkyY2JlLzEvVWFtM2ZkWS1VXzhGVWNJczlDMUN1OWowa1hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmItNDZiOTQ5MDkyY2Jl
LzEvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXoPDMA0G
CSqGSIb3DQEBCwUAA4IBAQCJFu9rJk02pGsykY7KxD6KQ+Tm72cDi3SZV+73KCys
EHGczgdqfdh56RZGOhrYH6Hmb2G9DepAtMKLFfyBY6FuDhYKCerpPr6RplQVxwa6
+qFvz65iaDUgkN24Dz+uNFPv7LdJMa9KSy6U1iUyC1AJfrv4p0tgYVja8Q9aGuQ5
xpLLRVgWIHqc97mK9qTYyL3WchOZakRcHy5DzKS7ECTTLm77z0/3B2wtLxatlsYa
dLmHXCl2brdEdT6HdGGSP7ZHL9KGw+VwWLrzrBj74vCNpmDwYLW3HKTZxL0yku6i
qDOEMGscvooi3ndzb4awGqJjcV4O6KJ9clpKiJJqBD8E
-----END CERTIFICATE-----