Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/ab62e7-7367-4bde-934a-b42522d05895/1/Uo1cK66R2aK6t3W-haY6CJ3T5Ok.roa
File:                     Uo1cK66R2aK6t3W-haY6CJ3T5Ok.roa (raw, json)
Hash identifier:          TdM0BRsfVCdBcwILUGRp6PFfSeLJkFMfqDrq+673A1w=
Subject key identifier:   52:8D:5C:2B:AE:91:D9:A2:BA:B7:75:BE:85:A6:3A:08:9D:D3:E4:E9
Certificate issuer:       /CN=24350aa8a94af666099fd073ec621cd15d04b316
Certificate serial:       018CCA2A97D5966096599FB1870ACCED1791
Authority key identifier: 24:35:0A:A8:A9:4A:F6:66:09:9F:D0:73:EC:62:1C:D1:5D:04:B3:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JDUKqKlK9mYJn9Bz7GIc0V0EsxY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/ab62e7-7367-4bde-934a-b42522d05895/1/Uo1cK66R2aK6t3W-haY6CJ3T5Ok.roa
Signing time:             Tue 02 Jan 2024 12:33:58 +0000
ROA not before:           Tue 02 Jan 2024 12:33:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8307
IP address blocks:        195.250.192.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/ab62e7-7367-4bde-934a-b42522d05895/1/JDUKqKlK9mYJn9Bz7GIc0V0EsxY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/ab62e7-7367-4bde-934a-b42522d05895/1/JDUKqKlK9mYJn9Bz7GIc0V0EsxY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JDUKqKlK9mYJn9Bz7GIc0V0EsxY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 04:03:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:97:d5:96:60:96:59:9f:b1:87:0a:cc:ed:17:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24350aa8a94af666099fd073ec621cd15d04b316
        Validity
            Not Before: Jan  2 12:33:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=528d5c2bae91d9a2bab775be85a63a089dd3e4e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:37:cb:d4:c7:95:b3:8d:ce:8b:0e:b8:23:f6:
                    23:37:d0:b8:2b:36:d3:1f:cd:22:ca:8a:86:b0:98:
                    fd:0f:cf:45:da:f8:90:27:e8:b3:fc:a4:f8:c5:90:
                    d5:72:f2:d8:8f:9f:bf:2c:bf:b4:ac:88:20:2e:82:
                    ad:56:62:4d:0a:51:40:fe:1b:b4:e0:13:cc:4b:28:
                    57:08:e8:86:ea:80:3a:3d:47:6e:7e:44:f3:70:91:
                    a2:5d:2b:f7:29:98:9d:da:84:eb:12:73:f2:5a:f1:
                    46:93:d7:87:7a:89:b6:64:f4:c1:20:e5:f8:fc:ca:
                    db:80:b1:29:b2:36:9b:a2:5d:5d:8f:1d:54:b5:6a:
                    8e:84:39:93:45:87:d7:20:04:58:36:60:42:b6:da:
                    55:85:4c:21:c5:d7:46:5a:c0:7c:8e:43:8c:75:b5:
                    05:c0:b0:81:3b:b4:de:94:1c:9d:4e:c1:65:6a:9d:
                    eb:62:60:11:b5:42:dc:b4:20:41:fa:d3:af:4b:6f:
                    1d:94:53:97:f8:dd:cf:02:ee:34:c1:6b:f2:01:11:
                    cb:4d:ea:63:b9:b0:b4:8b:fc:d2:ca:67:0a:29:91:
                    ca:53:26:06:62:f3:35:56:ee:11:d0:c5:95:ab:c8:
                    ab:27:bc:71:69:2b:d8:45:13:2a:41:39:a2:4b:f2:
                    c5:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:8D:5C:2B:AE:91:D9:A2:BA:B7:75:BE:85:A6:3A:08:9D:D3:E4:E9
            X509v3 Authority Key Identifier:
                keyid:24:35:0A:A8:A9:4A:F6:66:09:9F:D0:73:EC:62:1C:D1:5D:04:B3:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JDUKqKlK9mYJn9Bz7GIc0V0EsxY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/ab62e7-7367-4bde-934a-b42522d05895/1/Uo1cK66R2aK6t3W-haY6CJ3T5Ok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/ab62e7-7367-4bde-934a-b42522d05895/1/JDUKqKlK9mYJn9Bz7GIc0V0EsxY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.250.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:d4:d3:a1:f3:ca:f1:2b:b5:58:d6:0d:67:e7:26:6c:f8:d9:
         f0:62:1b:ea:78:14:61:9d:27:72:b4:a1:fb:f9:64:89:99:7b:
         59:a3:24:91:ca:87:0a:9c:35:5a:5b:8c:f0:6c:a1:ef:13:8b:
         cc:13:f2:c4:ef:3a:30:fa:5b:c5:10:67:9c:6d:e6:65:98:b7:
         42:82:df:d0:77:80:bd:3c:a3:d7:36:06:a0:8a:80:77:26:56:
         10:95:41:a7:a8:8f:f5:0b:af:ba:02:a7:f3:67:ed:0c:9c:02:
         21:0b:81:96:c7:66:a5:1b:f9:28:ba:12:ef:64:53:ec:0c:d0:
         0d:74:53:4f:75:ad:e8:ae:b3:74:17:1f:db:1f:3e:f9:96:38:
         6c:b6:a5:e9:96:64:54:f8:bf:7a:45:64:51:26:e7:39:67:15:
         46:19:33:c5:ff:54:bd:32:c5:a6:05:0d:38:7e:98:02:65:52:
         3f:c3:cd:fd:d7:58:20:fd:64:24:8c:c7:da:cf:e6:f2:f6:a5:
         78:e8:f7:60:ea:06:42:45:83:45:26:41:a2:91:14:e7:a3:4d:
         20:b6:28:e7:39:41:b7:04:07:98:0d:43:21:a5:b5:af:ca:ae:
         8c:5d:d0:a4:63:bd:2e:a9:72:e6:36:5a:67:4c:85:37:22:f1:
         7c:bc:b1:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKpfVlmCWWZ+xhwrM7ReRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0MzUwYWE4YTk0YWY2NjYwOTlmZDA3M2VjNjIxY2QxNWQw
NGIzMTYwHhcNMjQwMTAyMTIzMzU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjhkNWMyYmFlOTFkOWEyYmFiNzc1YmU4NWE2M2EwODlkZDNlNGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjfL1MeVs43Oiw64I/YjN9C4KzbT
H80iyoqGsJj9D89F2viQJ+iz/KT4xZDVcvLYj5+/LL+0rIggLoKtVmJNClFA/hu0
4BPMSyhXCOiG6oA6PUdufkTzcJGiXSv3KZid2oTrEnPyWvFGk9eHeom2ZPTBIOX4
/MrbgLEpsjabol1djx1UtWqOhDmTRYfXIARYNmBCttpVhUwhxddGWsB8jkOMdbUF
wLCBO7TelBydTsFlap3rYmARtULctCBB+tOvS28dlFOX+N3PAu40wWvyARHLTepj
ubC0i/zSymcKKZHKUyYGYvM1Vu4R0MWVq8irJ7xxaSvYRRMqQTmiS/LFyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFKNXCuukdmiurd1voWmOgid0+TpMB8GA1UdIwQY
MBaAFCQ1CqipSvZmCZ/Qc+xiHNFdBLMWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkRVS3FLbEs5bVlKbjlCejdHSWMwVjBFc3hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS9hYjYyZTctNzM2Ny00YmRlLTkzNGEt
YjQyNTIyZDA1ODk1LzEvVW8xY0s2NlIyYUs2dDNXLWhhWTZDSjNUNU9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS9hYjYyZTctNzM2Ny00YmRlLTkzNGEtYjQyNTIyZDA1ODk1
LzEvSkRVS3FLbEs5bVlKbjlCejdHSWMwVjBFc3hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/rAMA0G
CSqGSIb3DQEBCwUAA4IBAQBQ1NOh88rxK7VY1g1n5yZs+NnwYhvqeBRhnSdytKH7
+WSJmXtZoySRyocKnDVaW4zwbKHvE4vME/LE7zow+lvFEGecbeZlmLdCgt/Qd4C9
PKPXNgagioB3JlYQlUGnqI/1C6+6AqfzZ+0MnAIhC4GWx2alG/kouhLvZFPsDNAN
dFNPda3orrN0Fx/bHz75ljhstqXplmRU+L96RWRRJuc5ZxVGGTPF/1S9MsWmBQ04
fpgCZVI/w83911gg/WQkjMfaz+by9qV46Pdg6gZCRYNFJkGikRTno00gtijnOUG3
BAeYDUMhpbWvyq6MXdCkY70uqXLmNlpnTIU3IvF8vLF7
-----END CERTIFICATE-----