Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/udBTfO6OrfClFVXdi-f7cLoWD3U.roa
File:                     udBTfO6OrfClFVXdi-f7cLoWD3U.roa (raw, json)
Hash identifier:          Y7Aj2XP1sfKjgXMcUqv6u0EQCb3Eh3vTR6plTukuniM=
Subject key identifier:   B9:D0:53:7C:EE:8E:AD:F0:A5:15:55:DD:8B:E7:FB:70:BA:16:0F:75
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       019424B2FDF6A13496A4831D681899B88264
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/udBTfO6OrfClFVXdi-f7cLoWD3U.roa
Signing time:             Thu 02 Jan 2025 01:48:17 +0000
ROA not before:           Thu 02 Jan 2025 01:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207689
IP address blocks:        159.148.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:fd:f6:a1:34:96:a4:83:1d:68:18:99:b8:82:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Jan  2 01:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b9d0537cee8eadf0a51555dd8be7fb70ba160f75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:e8:f7:67:ba:79:f2:f4:09:1d:7c:f2:43:12:
                    3f:95:0f:4a:0f:75:8b:76:08:74:ad:b4:16:db:d6:
                    03:7b:9f:82:40:d6:4c:2d:28:56:a5:d1:13:41:67:
                    fd:6b:12:78:8a:23:62:3a:7c:9a:00:cb:6e:fa:db:
                    25:6d:4c:81:37:24:22:fa:c8:74:91:4f:fb:2a:f0:
                    83:8a:84:72:9a:11:5b:ed:60:a5:11:54:e9:0a:a6:
                    83:60:aa:cd:b8:55:71:8f:2e:64:15:20:90:50:0f:
                    25:a3:9f:a6:a6:72:76:76:c2:e0:f9:63:30:fc:9e:
                    b3:43:17:42:ee:65:1b:eb:c1:e8:b4:ba:cc:ee:28:
                    b4:9f:6d:52:08:43:0b:d4:ca:dc:97:27:04:1a:58:
                    3c:1f:5f:fb:e5:ad:eb:61:a1:2a:8e:10:a7:87:05:
                    5e:3d:53:1f:67:0d:49:c6:08:68:29:93:e2:f0:65:
                    ff:1e:0d:6b:5e:c0:66:50:20:e7:f8:ba:a0:0a:44:
                    12:77:55:f0:18:06:38:68:72:f5:34:86:c6:72:29:
                    d7:5d:74:d7:a6:30:e3:aa:8f:cd:8c:3d:19:7e:90:
                    a4:af:f0:e5:34:b1:b9:99:e3:2d:73:45:7d:12:ab:
                    e3:84:c2:71:87:a3:b8:5b:be:24:7b:31:9a:82:58:
                    67:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:D0:53:7C:EE:8E:AD:F0:A5:15:55:DD:8B:E7:FB:70:BA:16:0F:75
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/udBTfO6OrfClFVXdi-f7cLoWD3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.148.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:34:b9:2d:a7:c1:f6:86:24:8c:3b:a9:7d:c6:c5:1f:fb:9f:
         8d:d9:93:f6:7b:4c:07:0e:f5:61:0c:10:2f:77:53:05:ae:53:
         f2:08:49:61:4a:2e:a8:76:ec:06:bb:15:9a:38:f0:b4:a6:a5:
         ef:e3:af:55:33:36:b3:26:d8:57:55:59:0a:d7:99:39:11:9d:
         56:2e:fd:1c:90:14:16:0e:e2:ee:b1:fd:90:89:a5:a4:e1:29:
         37:20:a8:ef:86:67:a3:14:80:0b:c0:79:22:44:a2:b7:76:1e:
         98:f6:92:0a:4c:50:9d:69:89:5f:09:3c:84:ea:5c:44:e1:bb:
         69:0b:77:1e:a1:5f:1e:21:7e:73:7f:4a:fa:da:78:9f:a4:b8:
         8c:33:72:65:c3:b9:ea:37:45:7b:85:23:7f:c2:c6:74:f3:af:
         a7:3b:2e:1f:75:47:a3:f3:38:9b:0e:8b:5b:9d:96:9e:6b:c6:
         22:62:64:d9:a3:29:60:f4:6d:72:70:86:e3:3e:5b:ac:0f:24:
         91:ce:e3:49:48:fd:4c:f4:09:b5:54:b1:e5:09:76:28:3f:9b:
         3c:d0:62:54:35:0a:b6:15:46:0f:58:34:02:dc:97:61:5f:31:
         41:c2:bc:c6:4e:72:51:6c:d8:50:06:d9:f6:0b:1a:8f:d0:64:
         db:08:d3:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQksv32oTSWpIMdaBiZuIJkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjUwMTAyMDE0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWQwNTM3Y2VlOGVhZGYwYTUxNTU1ZGQ4YmU3ZmI3MGJhMTYwZjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5ej3Z7p58vQJHXzyQxI/lQ9KD3WL
dgh0rbQW29YDe5+CQNZMLShWpdETQWf9axJ4iiNiOnyaAMtu+tslbUyBNyQi+sh0
kU/7KvCDioRymhFb7WClEVTpCqaDYKrNuFVxjy5kFSCQUA8lo5+mpnJ2dsLg+WMw
/J6zQxdC7mUb68HotLrM7ii0n21SCEML1MrclycEGlg8H1/75a3rYaEqjhCnhwVe
PVMfZw1JxghoKZPi8GX/Hg1rXsBmUCDn+LqgCkQSd1XwGAY4aHL1NIbGcinXXXTX
pjDjqo/NjD0ZfpCkr/DlNLG5meMtc0V9EqvjhMJxh6O4W74kezGaglhn4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLnQU3zujq3wpRVV3Yvn+3C6Fg91MB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvdWRCVGZPNk9yZkNsRlZYZGktZjdjTG9XRDNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAn5RjMA0G
CSqGSIb3DQEBCwUAA4IBAQAYNLktp8H2hiSMO6l9xsUf+5+N2ZP2e0wHDvVhDBAv
d1MFrlPyCElhSi6oduwGuxWaOPC0pqXv469VMzazJthXVVkK15k5EZ1WLv0ckBQW
DuLusf2QiaWk4Sk3IKjvhmejFIALwHkiRKK3dh6Y9pIKTFCdaYlfCTyE6lxE4btp
C3ceoV8eIX5zf0r62nifpLiMM3Jlw7nqN0V7hSN/wsZ086+nOy4fdUej8zibDotb
nZaea8YiYmTZoylg9G1ycIbjPlusDySRzuNJSP1M9Am1VLHlCXYoP5s80GJUNQq2
FUYPWDQC3JdhXzFBwrzGTnJRbNhQBtn2CxqP0GTbCNPr
-----END CERTIFICATE-----