Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/4b2c23-f535-4b6d-a445-e04dac61ce9d/1/5OzibFSrr2gY0VaIFYLHJq_qzxU.roa
File:                     5OzibFSrr2gY0VaIFYLHJq_qzxU.roa (raw, json)
Hash identifier:          I/bqIkdkYHAIm/Bp0vXDzU7ykzf4ma6u4Mih9TldA8Q=
Subject key identifier:   E4:EC:E2:6C:54:AB:AF:68:18:D1:56:88:15:82:C7:26:AF:EA:CF:15
Certificate issuer:       /CN=b68f940f1cc577f370f28428850dc7bf7418f121
Certificate serial:       019537E498BA3F2C1BA367E38398884E200D
Authority key identifier: B6:8F:94:0F:1C:C5:77:F3:70:F2:84:28:85:0D:C7:BF:74:18:F1:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/to-UDxzFd_Nw8oQohQ3Hv3QY8SE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/4b2c23-f535-4b6d-a445-e04dac61ce9d/1/5OzibFSrr2gY0VaIFYLHJq_qzxU.roa
Signing time:             Mon 24 Feb 2025 12:18:02 +0000
ROA not before:           Mon 24 Feb 2025 12:18:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     55002
IP address blocks:        193.26.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/4b2c23-f535-4b6d-a445-e04dac61ce9d/1/to-UDxzFd_Nw8oQohQ3Hv3QY8SE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/4b2c23-f535-4b6d-a445-e04dac61ce9d/1/to-UDxzFd_Nw8oQohQ3Hv3QY8SE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/to-UDxzFd_Nw8oQohQ3Hv3QY8SE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 15:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:37:e4:98:ba:3f:2c:1b:a3:67:e3:83:98:88:4e:20:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b68f940f1cc577f370f28428850dc7bf7418f121
        Validity
            Not Before: Feb 24 12:18:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e4ece26c54abaf6818d156881582c726afeacf15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:de:bb:c4:f7:19:34:e0:b9:d8:2d:8e:72:d2:
                    d5:8a:b2:36:57:98:c4:97:20:86:4e:2a:11:f6:d9:
                    1b:f8:3a:c9:ee:fa:58:d8:c2:80:db:e5:91:7b:a5:
                    ca:e0:85:a2:05:bc:49:0d:9f:3b:4d:7f:db:d7:97:
                    45:4c:cf:7f:b2:83:ec:f8:14:76:18:06:b9:f5:dc:
                    de:c8:1b:b9:1b:46:3b:cd:20:d7:7c:fd:fa:f7:c6:
                    e2:eb:47:14:19:4e:78:c0:4a:30:39:1f:bb:06:2b:
                    5e:cf:6b:98:0d:d3:f0:2c:58:ce:73:67:17:9c:62:
                    77:17:1b:68:4c:58:fd:0f:09:42:4e:95:d3:a5:69:
                    97:68:d3:8e:32:84:f7:d6:da:65:38:3b:d8:62:f7:
                    ef:67:0f:81:fa:be:6b:c9:e9:5d:45:25:03:40:f6:
                    c0:7e:7d:76:fa:56:79:2e:99:bc:73:52:b5:68:1a:
                    6f:82:35:de:03:66:f9:ec:72:cb:f8:74:0e:a2:b6:
                    a6:6e:b9:69:d1:80:19:38:08:7b:7c:2f:8a:d8:52:
                    14:88:96:90:cf:cf:5a:0f:c1:d3:a3:8d:f4:85:6a:
                    28:41:bd:d1:23:fd:a6:02:dd:03:53:8a:bd:d7:90:
                    a3:ce:ff:81:2d:d7:28:f3:33:3c:b5:f2:68:39:b1:
                    76:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:EC:E2:6C:54:AB:AF:68:18:D1:56:88:15:82:C7:26:AF:EA:CF:15
            X509v3 Authority Key Identifier:
                keyid:B6:8F:94:0F:1C:C5:77:F3:70:F2:84:28:85:0D:C7:BF:74:18:F1:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/to-UDxzFd_Nw8oQohQ3Hv3QY8SE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/4b2c23-f535-4b6d-a445-e04dac61ce9d/1/5OzibFSrr2gY0VaIFYLHJq_qzxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/4b2c23-f535-4b6d-a445-e04dac61ce9d/1/to-UDxzFd_Nw8oQohQ3Hv3QY8SE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.26.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:0c:82:a4:0f:90:60:20:bc:d4:1e:07:60:56:34:7b:4b:dd:
         96:07:28:77:88:1a:fa:de:08:14:9f:e1:76:c2:df:8c:27:dd:
         b8:cb:c1:58:d0:17:58:a1:ee:fb:25:8c:d6:c0:b2:2c:90:57:
         73:72:bf:80:43:04:92:35:e4:d0:a9:e3:ef:7e:1f:78:30:b4:
         75:a1:a0:c2:14:26:de:28:28:42:55:52:c5:f6:59:77:d0:6c:
         d0:a3:40:8d:b2:2f:0c:fb:e7:25:a3:ec:92:90:82:cf:e2:b4:
         02:14:80:71:6c:16:b3:41:df:fc:2d:0d:4a:f7:2c:b5:bc:0e:
         09:ef:02:d5:a0:f5:e0:2e:64:0b:8d:fd:be:78:7b:39:0e:bf:
         55:74:8d:46:0e:93:0f:b4:fe:08:b1:cc:9f:07:c3:75:b3:b6:
         73:b1:e8:1a:da:3d:59:8a:e1:fb:f0:e4:16:ed:57:37:a1:40:
         33:85:1d:a4:d4:31:fb:ab:29:26:42:6a:f5:fd:ae:3d:12:ef:
         b7:3b:93:2c:07:99:6b:14:aa:da:33:65:40:c0:b4:95:9b:ee:
         69:3a:ce:60:e2:4b:30:a0:fd:e9:ef:37:d0:53:96:44:a4:60:
         09:9e:cc:86:7e:86:97:2a:d8:8e:cd:08:51:b2:c8:18:cd:a6:
         9c:ae:83:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZU35Ji6Pywbo2fjg5iITiANMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2OGY5NDBmMWNjNTc3ZjM3MGYyODQyODg1MGRjN2JmNzQx
OGYxMjEwHhcNMjUwMjI0MTIxODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGVjZTI2YzU0YWJhZjY4MThkMTU2ODgxNTgyYzcyNmFmZWFjZjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnd67xPcZNOC52C2OctLVirI2V5jE
lyCGTioR9tkb+DrJ7vpY2MKA2+WRe6XK4IWiBbxJDZ87TX/b15dFTM9/soPs+BR2
GAa59dzeyBu5G0Y7zSDXfP3698bi60cUGU54wEowOR+7Bitez2uYDdPwLFjOc2cX
nGJ3FxtoTFj9DwlCTpXTpWmXaNOOMoT31tplODvYYvfvZw+B+r5ryeldRSUDQPbA
fn12+lZ5Lpm8c1K1aBpvgjXeA2b57HLL+HQOorambrlp0YAZOAh7fC+K2FIUiJaQ
z89aD8HTo430hWooQb3RI/2mAt0DU4q915Cjzv+BLdco8zM8tfJoObF2SQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOTs4mxUq69oGNFWiBWCxyav6s8VMB8GA1UdIwQY
MBaAFLaPlA8cxXfzcPKEKIUNx790GPEhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdG8tVUR4ekZkX053OG9Rb2hRM0h2M1FZOFNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC80YjJjMjMtZjUzNS00YjZkLWE0NDUt
ZTA0ZGFjNjFjZTlkLzEvNU96aWJGU3JyMmdZMFZhSUZZTEhKcV9xenhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC80YjJjMjMtZjUzNS00YjZkLWE0NDUtZTA0ZGFjNjFjZTlk
LzEvdG8tVUR4ekZkX053OG9Rb2hRM0h2M1FZOFNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRp9MA0G
CSqGSIb3DQEBCwUAA4IBAQBCDIKkD5BgILzUHgdgVjR7S92WByh3iBr63ggUn+F2
wt+MJ924y8FY0BdYoe77JYzWwLIskFdzcr+AQwSSNeTQqePvfh94MLR1oaDCFCbe
KChCVVLF9ll30GzQo0CNsi8M++clo+ySkILP4rQCFIBxbBazQd/8LQ1K9yy1vA4J
7wLVoPXgLmQLjf2+eHs5Dr9VdI1GDpMPtP4IscyfB8N1s7Zzsega2j1ZiuH78OQW
7Vc3oUAzhR2k1DH7qykmQmr1/a49Eu+3O5MsB5lrFKraM2VAwLSVm+5pOs5g4ksw
oP3p7zfQU5ZEpGAJnsyGfoaXKtiOzQhRssgYzaacroNK
-----END CERTIFICATE-----