Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/fadb3f-dc96-4902-86eb-19df5b4d1014/1/4KuSjXjGdyF1nScN1LwMlleHlmA.roa
File:                     4KuSjXjGdyF1nScN1LwMlleHlmA.roa (raw, json)
Hash identifier:          HlUuzXxOiMUBV49vY7GcCdve69QZxWM3RwORJ/36zYI=
Subject key identifier:   E0:AB:92:8D:78:C6:77:21:75:9D:27:0D:D4:BC:0C:96:57:87:96:60
Certificate issuer:       /CN=e783b62ab8aea520770c57404be7771f679ec0b5
Certificate serial:       019425FC6498561C57935A978F4DAFB10D52
Authority key identifier: E7:83:B6:2A:B8:AE:A5:20:77:0C:57:40:4B:E7:77:1F:67:9E:C0:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/54O2KriupSB3DFdAS-d3H2eewLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/fadb3f-dc96-4902-86eb-19df5b4d1014/1/4KuSjXjGdyF1nScN1LwMlleHlmA.roa
Signing time:             Thu 02 Jan 2025 07:48:05 +0000
ROA not before:           Thu 02 Jan 2025 07:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        109.95.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/fadb3f-dc96-4902-86eb-19df5b4d1014/1/54O2KriupSB3DFdAS-d3H2eewLU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/fadb3f-dc96-4902-86eb-19df5b4d1014/1/54O2KriupSB3DFdAS-d3H2eewLU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/54O2KriupSB3DFdAS-d3H2eewLU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:64:98:56:1c:57:93:5a:97:8f:4d:af:b1:0d:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e783b62ab8aea520770c57404be7771f679ec0b5
        Validity
            Not Before: Jan  2 07:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e0ab928d78c67721759d270dd4bc0c9657879660
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:fe:2f:00:bf:0f:19:25:65:ff:b1:b4:a6:ba:
                    ef:14:41:50:32:b8:65:58:16:cd:4a:7a:77:32:3a:
                    15:10:57:17:e3:bd:c9:cd:6b:5c:7a:55:f0:88:32:
                    8f:06:1f:b9:cc:f3:98:89:07:5d:4c:1e:5d:50:b4:
                    47:7c:29:f0:52:2d:76:5a:33:10:05:42:9c:55:23:
                    96:38:a6:41:73:b1:2f:f4:90:21:bf:1e:9d:57:8f:
                    39:80:d6:77:78:ed:79:0a:66:34:7d:c0:19:69:e8:
                    47:b5:6e:55:99:29:a9:f7:f1:2c:a0:5b:f4:97:b3:
                    47:10:13:44:fb:31:df:cb:7a:df:90:dc:63:21:75:
                    89:ef:f7:b4:43:60:4c:5f:52:63:3c:8c:68:a8:af:
                    d0:83:4e:87:cf:ca:b4:cb:23:24:e9:65:3d:37:e3:
                    8a:8a:b9:b8:96:9f:d1:eb:23:be:2c:3c:3b:a8:d6:
                    7c:29:de:73:39:92:ad:c0:69:4f:01:61:34:58:ca:
                    41:8a:30:20:01:33:f0:0f:a0:a9:2d:8a:12:18:5b:
                    c2:fd:b1:41:08:48:95:22:40:a9:ae:d6:b2:26:80:
                    19:2e:fc:f4:a4:bb:87:8c:39:9d:bc:38:34:e6:61:
                    78:78:e9:fa:59:60:57:2b:ec:5f:79:72:bd:a7:a9:
                    f4:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:AB:92:8D:78:C6:77:21:75:9D:27:0D:D4:BC:0C:96:57:87:96:60
            X509v3 Authority Key Identifier:
                keyid:E7:83:B6:2A:B8:AE:A5:20:77:0C:57:40:4B:E7:77:1F:67:9E:C0:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/54O2KriupSB3DFdAS-d3H2eewLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/fadb3f-dc96-4902-86eb-19df5b4d1014/1/4KuSjXjGdyF1nScN1LwMlleHlmA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/fadb3f-dc96-4902-86eb-19df5b4d1014/1/54O2KriupSB3DFdAS-d3H2eewLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.95.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:bb:94:21:ff:00:b0:31:63:7b:9d:db:e9:aa:3c:5e:6a:53:
         43:75:12:90:aa:09:1e:0f:c8:d3:e8:87:c3:b2:8a:29:7d:ec:
         b8:79:65:2e:84:75:6d:a4:6a:16:a3:f2:ec:e2:72:5f:cf:e3:
         70:11:79:8b:56:b5:0e:88:29:89:de:8e:bb:f1:f7:79:f3:86:
         6f:55:9e:7f:ce:b3:22:03:c1:47:36:07:b9:94:51:6d:5c:c9:
         74:fb:01:8b:80:74:7d:ea:f2:2a:a0:5c:a0:29:a4:85:ff:b8:
         3d:87:2d:a3:b3:66:ac:ec:3e:38:81:a2:08:48:ee:30:d3:c5:
         7e:a5:d8:a5:76:64:b9:d5:a5:7e:b7:65:91:9a:59:02:ff:09:
         d3:1f:e5:c1:99:5b:08:15:94:a9:86:3d:79:69:4e:0c:f3:bd:
         c8:ba:84:ab:30:5e:e8:55:b8:1c:88:54:7e:bc:9f:2e:20:46:
         a8:dc:bb:49:7d:6b:44:f1:c0:f9:a9:fc:60:2b:20:d8:12:c0:
         4f:c6:95:d7:24:d9:9a:48:a4:fa:4c:90:88:06:94:ec:85:5a:
         c7:fd:d2:8f:74:de:c0:1d:1b:b5:e3:07:b8:4e:54:7f:14:33:
         b3:a7:f2:47:e0:e1:23:96:e3:f4:34:a1:2e:d1:41:4e:8f:6c:
         49:4d:4d:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/GSYVhxXk1qXj02vsQ1SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3ODNiNjJhYjhhZWE1MjA3NzBjNTc0MDRiZTc3NzFmNjc5
ZWMwYjUwHhcNMjUwMTAyMDc0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGFiOTI4ZDc4YzY3NzIxNzU5ZDI3MGRkNGJjMGM5NjU3ODc5NjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzf4vAL8PGSVl/7G0prrvFEFQMrhl
WBbNSnp3MjoVEFcX473JzWtcelXwiDKPBh+5zPOYiQddTB5dULRHfCnwUi12WjMQ
BUKcVSOWOKZBc7Ev9JAhvx6dV485gNZ3eO15CmY0fcAZaehHtW5VmSmp9/EsoFv0
l7NHEBNE+zHfy3rfkNxjIXWJ7/e0Q2BMX1JjPIxoqK/Qg06Hz8q0yyMk6WU9N+OK
irm4lp/R6yO+LDw7qNZ8Kd5zOZKtwGlPAWE0WMpBijAgATPwD6CpLYoSGFvC/bFB
CEiVIkCprtayJoAZLvz0pLuHjDmdvDg05mF4eOn6WWBXK+xfeXK9p6n0vQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOCrko14xnchdZ0nDdS8DJZXh5ZgMB8GA1UdIwQY
MBaAFOeDtiq4rqUgdwxXQEvndx9nnsC1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTRPMktyaXVwU0IzREZkQVMtZDNIMmVld0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS9mYWRiM2YtZGM5Ni00OTAyLTg2ZWIt
MTlkZjViNGQxMDE0LzEvNEt1U2pYakdkeUYxblNjTjFMd01sbGVIbG1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS9mYWRiM2YtZGM5Ni00OTAyLTg2ZWItMTlkZjViNGQxMDE0
LzEvNTRPMktyaXVwU0IzREZkQVMtZDNIMmVld0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbV+/MA0G
CSqGSIb3DQEBCwUAA4IBAQCXu5Qh/wCwMWN7ndvpqjxealNDdRKQqgkeD8jT6IfD
soopfey4eWUuhHVtpGoWo/Ls4nJfz+NwEXmLVrUOiCmJ3o678fd584ZvVZ5/zrMi
A8FHNge5lFFtXMl0+wGLgHR96vIqoFygKaSF/7g9hy2js2as7D44gaIISO4w08V+
pdildmS51aV+t2WRmlkC/wnTH+XBmVsIFZSphj15aU4M873IuoSrMF7oVbgciFR+
vJ8uIEao3LtJfWtE8cD5qfxgKyDYEsBPxpXXJNmaSKT6TJCIBpTshVrH/dKPdN7A
HRu14we4TlR/FDOzp/JH4OEjluP0NKEu0UFOj2xJTU3R
-----END CERTIFICATE-----