Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/b311d4-e358-4721-ab8d-6e6a5f172be3/1/ugc9sZedf1kQim_ILlGgEqT8zEQ.roa
File:                     ugc9sZedf1kQim_ILlGgEqT8zEQ.roa (raw, json)
Hash identifier:          il9YS8RE+T8nxwMQDbcqvrV75JMzYR3yLbUc6KCg+oU=
Subject key identifier:   BA:07:3D:B1:97:9D:7F:59:10:8A:6F:C8:2E:51:A0:12:A4:FC:CC:44
Certificate issuer:       /CN=0b1027ace17f0067f697c65361488192eaf64138
Certificate serial:       019423D744076A01F070FC7F44CD2FB64CE4
Authority key identifier: 0B:10:27:AC:E1:7F:00:67:F6:97:C6:53:61:48:81:92:EA:F6:41:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CxAnrOF_AGf2l8ZTYUiBkur2QTg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/b311d4-e358-4721-ab8d-6e6a5f172be3/1/ugc9sZedf1kQim_ILlGgEqT8zEQ.roa
Signing time:             Wed 01 Jan 2025 21:48:17 +0000
ROA not before:           Wed 01 Jan 2025 21:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209919
IP address blocks:        31.40.244.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/b311d4-e358-4721-ab8d-6e6a5f172be3/1/CxAnrOF_AGf2l8ZTYUiBkur2QTg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/b311d4-e358-4721-ab8d-6e6a5f172be3/1/CxAnrOF_AGf2l8ZTYUiBkur2QTg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CxAnrOF_AGf2l8ZTYUiBkur2QTg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 06:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:44:07:6a:01:f0:70:fc:7f:44:cd:2f:b6:4c:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b1027ace17f0067f697c65361488192eaf64138
        Validity
            Not Before: Jan  1 21:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ba073db1979d7f59108a6fc82e51a012a4fccc44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:04:db:f1:55:28:22:30:8e:f5:21:f5:34:16:
                    c9:e9:92:01:80:ed:1f:3c:37:f3:c7:52:43:7d:87:
                    04:6c:8a:6b:95:c1:56:24:ff:c2:df:a2:f0:3b:ef:
                    82:f5:90:c1:5c:62:8e:d7:f2:79:f5:fc:86:f0:68:
                    c7:5d:2d:82:25:2c:a6:62:62:ac:9f:84:e0:50:14:
                    5f:59:77:e0:58:18:96:fb:e2:31:be:e5:45:79:22:
                    08:c7:17:37:2c:b8:f6:94:46:c6:97:ed:4e:6e:de:
                    c0:2b:a5:05:b1:90:30:19:37:8d:ac:2f:8d:61:ac:
                    bb:76:a5:72:37:b5:99:13:27:c5:de:86:15:70:82:
                    9c:05:e1:15:9a:de:80:7b:0d:4c:9d:27:87:ac:c5:
                    ec:00:31:37:9f:fd:f1:15:5a:d9:de:08:28:28:04:
                    d7:5c:76:67:23:fe:6a:1b:7f:fd:bb:d8:4f:78:3b:
                    51:5d:2b:ec:b8:1e:f7:7e:8d:78:f8:0d:f7:c2:5b:
                    e5:63:e0:f2:54:f2:41:3a:01:0a:b6:f2:ab:e0:ec:
                    57:90:bb:1f:d4:3e:dc:07:2b:19:72:f4:55:ee:27:
                    79:c4:ec:dd:89:fe:5c:6c:dd:fe:04:b0:a6:96:57:
                    3f:b4:0c:eb:67:2a:d5:f3:c0:8e:6b:c8:44:9d:5b:
                    93:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:07:3D:B1:97:9D:7F:59:10:8A:6F:C8:2E:51:A0:12:A4:FC:CC:44
            X509v3 Authority Key Identifier:
                keyid:0B:10:27:AC:E1:7F:00:67:F6:97:C6:53:61:48:81:92:EA:F6:41:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CxAnrOF_AGf2l8ZTYUiBkur2QTg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/b311d4-e358-4721-ab8d-6e6a5f172be3/1/ugc9sZedf1kQim_ILlGgEqT8zEQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/b311d4-e358-4721-ab8d-6e6a5f172be3/1/CxAnrOF_AGf2l8ZTYUiBkur2QTg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.40.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0f:06:ee:81:a0:a2:c7:5f:e9:dc:7b:07:5d:85:5c:14:17:c9:
         0b:cf:3b:f3:4f:9d:97:36:24:27:7f:00:4a:43:f6:8d:48:55:
         ac:a1:f7:12:14:75:eb:1f:3d:d5:3c:b0:5c:9b:0c:89:30:5b:
         db:6e:6b:f8:90:85:53:b3:d6:a8:92:02:a6:c6:e3:f7:a1:fb:
         11:2e:21:e2:13:94:ca:9b:5d:4c:f1:b7:f6:09:13:68:e6:19:
         1f:41:ce:35:c1:cf:51:b9:f1:e7:b6:bd:ca:a1:11:3d:26:47:
         02:73:b3:bd:d9:6d:cb:df:b7:dd:0d:07:5b:0b:a6:ac:db:a7:
         86:09:af:15:db:30:cb:7c:91:04:3b:83:4d:c1:3b:1c:27:4e:
         50:89:49:a8:75:ee:9a:90:f0:4b:a0:9f:d9:19:55:7c:0b:97:
         aa:bd:a2:7f:58:da:20:99:ad:72:14:7a:d7:21:a8:be:fb:31:
         23:52:ac:14:59:17:62:df:94:ea:e0:96:86:9a:07:ea:e0:92:
         f7:1d:e5:5c:aa:c8:f4:ef:c5:cc:82:1c:1e:9d:cb:a0:46:86:
         ff:f9:d3:d3:46:b4:57:bc:c0:ca:ee:0d:4a:57:67:9d:e2:d8:
         64:54:71:49:bd:9c:5c:45:b8:93:a2:30:c0:87:66:d8:06:d4:
         b8:8d:aa:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj10QHagHwcPx/RM0vtkzkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiMTAyN2FjZTE3ZjAwNjdmNjk3YzY1MzYxNDg4MTkyZWFm
NjQxMzgwHhcNMjUwMTAxMjE0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTA3M2RiMTk3OWQ3ZjU5MTA4YTZmYzgyZTUxYTAxMmE0ZmNjYzQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQTb8VUoIjCO9SH1NBbJ6ZIBgO0f
PDfzx1JDfYcEbIprlcFWJP/C36LwO++C9ZDBXGKO1/J59fyG8GjHXS2CJSymYmKs
n4TgUBRfWXfgWBiW++IxvuVFeSIIxxc3LLj2lEbGl+1Obt7AK6UFsZAwGTeNrC+N
Yay7dqVyN7WZEyfF3oYVcIKcBeEVmt6Aew1MnSeHrMXsADE3n/3xFVrZ3ggoKATX
XHZnI/5qG3/9u9hPeDtRXSvsuB73fo14+A33wlvlY+DyVPJBOgEKtvKr4OxXkLsf
1D7cBysZcvRV7id5xOzdif5cbN3+BLCmllc/tAzrZyrV88COa8hEnVuTuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLoHPbGXnX9ZEIpvyC5RoBKk/MxEMB8GA1UdIwQY
MBaAFAsQJ6zhfwBn9pfGU2FIgZLq9kE4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3hBbnJPRl9BR2YybDhaVFlVaUJrdXIyUVRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9iMzExZDQtZTM1OC00NzIxLWFiOGQt
NmU2YTVmMTcyYmUzLzEvdWdjOXNaZWRmMWtRaW1fSUxsR2dFcVQ4ekVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9iMzExZDQtZTM1OC00NzIxLWFiOGQtNmU2YTVmMTcyYmUz
LzEvQ3hBbnJPRl9BR2YybDhaVFlVaUJrdXIyUVRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCHyj0MA0G
CSqGSIb3DQEBCwUAA4IBAQAPBu6BoKLHX+ncewddhVwUF8kLzzvzT52XNiQnfwBK
Q/aNSFWsofcSFHXrHz3VPLBcmwyJMFvbbmv4kIVTs9aokgKmxuP3ofsRLiHiE5TK
m11M8bf2CRNo5hkfQc41wc9RufHntr3KoRE9JkcCc7O92W3L37fdDQdbC6as26eG
Ca8V2zDLfJEEO4NNwTscJ05QiUmode6akPBLoJ/ZGVV8C5eqvaJ/WNogma1yFHrX
Iai++zEjUqwUWRdi35Tq4JaGmgfq4JL3HeVcqsj078XMghwencugRob/+dPTRrRX
vMDK7g1KV2ed4thkVHFJvZxcRbiTojDAh2bYBtS4jaoo
-----END CERTIFICATE-----