Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/ac410a-49a0-4e38-ae3b-5ca5bf67e69d/1/UesYrwjQAt5n35nunWJPeTym_vc.roa
File:                     UesYrwjQAt5n35nunWJPeTym_vc.roa (raw, json)
Hash identifier:          xvLW7BNqth0hAIyaZRHIz1XgxFZZgFJP35nzCDnm5eg=
Subject key identifier:   51:EB:18:AF:08:D0:02:DE:67:DF:99:EE:9D:62:4F:79:3C:A6:FE:F7
Certificate issuer:       /CN=d3367dba3a220060e67d4ec680b0f99f247a872c
Certificate serial:       019427B6158737C69E6127A0A2861420B830
Authority key identifier: D3:36:7D:BA:3A:22:00:60:E6:7D:4E:C6:80:B0:F9:9F:24:7A:87:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0zZ9ujoiAGDmfU7GgLD5nyR6hyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/ac410a-49a0-4e38-ae3b-5ca5bf67e69d/1/UesYrwjQAt5n35nunWJPeTym_vc.roa
Signing time:             Thu 02 Jan 2025 15:50:32 +0000
ROA not before:           Thu 02 Jan 2025 15:50:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        140.150.96.0/19 maxlen: 24
                          176.116.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/ac410a-49a0-4e38-ae3b-5ca5bf67e69d/1/0zZ9ujoiAGDmfU7GgLD5nyR6hyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/ac410a-49a0-4e38-ae3b-5ca5bf67e69d/1/0zZ9ujoiAGDmfU7GgLD5nyR6hyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0zZ9ujoiAGDmfU7GgLD5nyR6hyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:15:87:37:c6:9e:61:27:a0:a2:86:14:20:b8:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3367dba3a220060e67d4ec680b0f99f247a872c
        Validity
            Not Before: Jan  2 15:50:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=51eb18af08d002de67df99ee9d624f793ca6fef7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:a5:7b:2a:f8:79:8b:2d:1b:e5:23:9e:3e:7c:
                    8a:4b:ec:77:29:c4:23:7c:3f:e8:33:a1:c2:31:52:
                    a3:6c:16:d4:6d:b0:5d:39:90:98:09:f6:a4:75:13:
                    73:9e:9e:0b:36:58:dc:39:2b:51:28:27:65:45:91:
                    9a:d8:ae:06:a0:25:9b:9a:a6:f0:70:22:99:a2:de:
                    cd:f8:f2:60:34:00:d5:c0:d1:00:90:06:31:8b:25:
                    73:c7:2e:68:9d:18:83:66:c7:ea:e4:17:55:84:71:
                    60:bb:5d:d7:6f:6a:a4:72:50:5b:9f:6c:ba:c4:bc:
                    89:74:b1:92:98:a9:8e:0a:dc:78:29:a5:e7:c3:b4:
                    ee:08:7b:28:13:5f:4b:d9:16:6a:8d:c2:c9:0b:4c:
                    1b:02:46:4b:a6:2a:e6:31:3d:ff:83:3d:8e:cf:d5:
                    19:1c:33:9b:33:c4:00:31:af:b7:bc:b5:23:43:06:
                    4f:ac:7c:5f:47:c1:da:22:da:87:a5:cd:0d:57:6b:
                    49:3d:4c:e4:b9:52:cc:15:bb:e8:36:32:9d:7c:6e:
                    2e:8b:97:01:3e:83:ac:9d:95:75:ee:a2:0c:c6:be:
                    d2:dd:f0:87:a0:1a:ad:3d:27:ef:52:21:c9:d4:b5:
                    a4:d5:65:a1:ee:b5:d9:d9:8f:e4:b8:2a:9c:bd:e7:
                    fd:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:EB:18:AF:08:D0:02:DE:67:DF:99:EE:9D:62:4F:79:3C:A6:FE:F7
            X509v3 Authority Key Identifier:
                keyid:D3:36:7D:BA:3A:22:00:60:E6:7D:4E:C6:80:B0:F9:9F:24:7A:87:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0zZ9ujoiAGDmfU7GgLD5nyR6hyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/ac410a-49a0-4e38-ae3b-5ca5bf67e69d/1/UesYrwjQAt5n35nunWJPeTym_vc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/ac410a-49a0-4e38-ae3b-5ca5bf67e69d/1/0zZ9ujoiAGDmfU7GgLD5nyR6hyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.150.96.0/19
                  176.116.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:fe:b5:97:08:61:e8:f7:bc:37:2d:59:dd:2b:44:f5:c8:5d:
         13:17:f2:e3:67:fb:50:58:0e:a5:d8:68:c2:0a:07:0b:63:cd:
         df:93:2b:ca:53:d4:4b:2c:0e:bf:45:aa:4d:bd:de:d6:59:83:
         69:18:61:da:14:73:12:87:cd:4d:cd:2e:f0:62:a6:3a:e3:bb:
         0d:a7:1c:94:43:10:1a:e0:09:78:ba:e9:64:10:dd:4a:76:7a:
         78:97:24:b2:df:4c:ae:f3:17:48:20:84:4c:a4:a5:16:08:3e:
         a6:1d:93:d5:1a:e0:b5:26:62:18:0e:47:5c:e6:c8:d0:42:91:
         a7:97:73:66:0c:88:49:64:be:50:7e:6d:cd:fd:61:7e:bc:06:
         88:96:39:f9:b4:62:cc:2b:cc:8e:ab:f7:ed:61:b5:95:23:b3:
         6b:c9:4d:80:34:41:52:74:e1:84:9e:8b:50:55:2b:6f:fa:80:
         26:55:cf:93:c0:1b:61:83:e0:3e:a1:eb:8e:94:07:80:d8:d8:
         e0:8d:23:32:91:2f:66:df:20:86:69:b9:3c:5e:0c:df:51:0a:
         e3:ce:4e:3b:5e:77:06:50:b6:d0:59:94:d3:9e:66:23:e0:88:
         f6:20:80:22:21:77:7e:99:cc:08:6d:46:68:14:ca:b0:ac:4e:
         57:d4:d3:10
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnthWHN8aeYSegooYUILgwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzMzY3ZGJhM2EyMjAwNjBlNjdkNGVjNjgwYjBmOTlmMjQ3
YTg3MmMwHhcNMjUwMTAyMTU1MDMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWViMThhZjA4ZDAwMmRlNjdkZjk5ZWU5ZDYyNGY3OTNjYTZmZWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA56V7Kvh5iy0b5SOePnyKS+x3KcQj
fD/oM6HCMVKjbBbUbbBdOZCYCfakdRNznp4LNljcOStRKCdlRZGa2K4GoCWbmqbw
cCKZot7N+PJgNADVwNEAkAYxiyVzxy5onRiDZsfq5BdVhHFgu13Xb2qkclBbn2y6
xLyJdLGSmKmOCtx4KaXnw7TuCHsoE19L2RZqjcLJC0wbAkZLpirmMT3/gz2Oz9UZ
HDObM8QAMa+3vLUjQwZPrHxfR8HaItqHpc0NV2tJPUzkuVLMFbvoNjKdfG4ui5cB
PoOsnZV17qIMxr7S3fCHoBqtPSfvUiHJ1LWk1WWh7rXZ2Y/kuCqcvef9WwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFHrGK8I0ALeZ9+Z7p1iT3k8pv73MB8GA1UdIwQY
MBaAFNM2fbo6IgBg5n1OxoCw+Z8keocsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHpaOXVqb2lBR0RtZlU3R2dMRDVueVI2aHl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy9hYzQxMGEtNDlhMC00ZTM4LWFlM2It
NWNhNWJmNjdlNjlkLzEvVWVzWXJ3alFBdDVuMzVudW5XSlBlVHltX3ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy9hYzQxMGEtNDlhMC00ZTM4LWFlM2ItNWNhNWJmNjdlNjlk
LzEvMHpaOXVqb2lBR0RtZlU3R2dMRDVueVI2aHl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFjJZgAwQA
sHQVMA0GCSqGSIb3DQEBCwUAA4IBAQCY/rWXCGHo97w3LVndK0T1yF0TF/LjZ/tQ
WA6l2GjCCgcLY83fkyvKU9RLLA6/RapNvd7WWYNpGGHaFHMSh81NzS7wYqY647sN
pxyUQxAa4Al4uulkEN1Kdnp4lySy30yu8xdIIIRMpKUWCD6mHZPVGuC1JmIYDkdc
5sjQQpGnl3NmDIhJZL5Qfm3N/WF+vAaIljn5tGLMK8yOq/ftYbWVI7NryU2ANEFS
dOGEnotQVStv+oAmVc+TwBthg+A+oeuOlAeA2NjgjSMykS9m3yCGabk8XgzfUQrj
zk47XncGULbQWZTTnmYj4Ij2IIAiIXd+mcwIbUZoFMqwrE5X1NMQ
-----END CERTIFICATE-----