Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/UOUh6uS-acmH4Eot8VYplsXU54w.roa
File:                     UOUh6uS-acmH4Eot8VYplsXU54w.roa (raw, json)
Hash identifier:          w6XRtd8cbU3EP7d0AHptDonGdkOppiC1Qld3c5w0fag=
Subject key identifier:   50:E5:21:EA:E4:BE:69:C9:87:E0:4A:2D:F1:56:29:96:C5:D4:E7:8C
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01942824F1023D0D7E79B6701F0926231C57
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/UOUh6uS-acmH4Eot8VYplsXU54w.roa
Signing time:             Thu 02 Jan 2025 17:51:37 +0000
ROA not before:           Thu 02 Jan 2025 17:51:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49981
IP address blocks:        195.133.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:f1:02:3d:0d:7e:79:b6:70:1f:09:26:23:1c:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 17:51:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=50e521eae4be69c987e04a2df1562996c5d4e78c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:0f:2a:ce:bf:13:5c:18:7a:53:eb:8b:47:5a:
                    72:48:71:0c:f4:ad:17:bf:29:d9:fb:bc:99:b8:5b:
                    41:f4:87:91:6d:7a:a6:2f:a1:0c:75:7c:20:88:e0:
                    e7:81:d1:c5:68:77:ad:e6:09:8a:0b:75:8c:70:20:
                    ea:27:5c:4e:4b:80:79:b7:53:02:00:be:3b:fe:83:
                    62:78:2c:a3:ed:ef:cb:5a:84:3b:60:0a:5d:dd:dc:
                    c7:0c:05:a1:62:ef:ce:5f:95:e0:2e:62:db:63:64:
                    86:44:df:07:36:e7:72:2d:19:b1:ec:95:bf:dd:56:
                    b9:af:9a:0f:ed:d4:c0:d2:6d:98:9e:3f:85:51:0e:
                    11:53:8a:75:3f:24:f7:e3:ad:65:6c:e7:03:df:9f:
                    bc:fd:b8:de:da:ad:24:d1:2a:fe:cc:fb:f8:ea:22:
                    00:6c:95:73:97:27:a1:28:eb:23:cd:58:95:7e:9f:
                    9b:4f:b4:c2:70:ca:93:82:4e:50:da:2a:6d:28:ab:
                    b5:99:b7:3e:1b:76:3a:a0:1b:a7:73:02:80:0c:40:
                    e6:9c:ba:00:be:00:e1:4a:13:91:86:4d:45:0c:11:
                    df:81:95:91:99:ac:60:98:de:1b:84:ff:fc:84:c0:
                    ca:6f:b4:81:e2:aa:18:13:12:c2:5a:88:e0:aa:b6:
                    b0:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:E5:21:EA:E4:BE:69:C9:87:E0:4A:2D:F1:56:29:96:C5:D4:E7:8C
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/UOUh6uS-acmH4Eot8VYplsXU54w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.133.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:c0:16:bf:76:0c:84:fe:c1:10:e3:ec:d7:2e:0d:c4:7b:1a:
         cf:c0:fe:89:70:5c:69:ad:5d:48:66:cf:28:55:c2:6b:1f:d9:
         66:08:e0:84:6e:b9:dd:69:95:e0:c2:0f:c3:97:38:b9:90:0b:
         ce:b4:b0:1c:93:0c:b5:ff:60:37:e9:0f:e4:b1:4d:f1:93:f7:
         19:a0:54:15:37:e1:8a:70:b0:44:a4:5c:d4:ac:05:4c:9e:55:
         8d:28:e9:78:86:8e:c2:b7:29:ea:45:40:0b:9a:45:46:8c:9d:
         09:85:47:fc:a9:1a:d8:e9:c2:98:81:68:9c:3d:c8:61:a1:a8:
         da:54:ff:90:a1:75:7e:3b:39:8d:6e:13:d8:5c:cb:07:47:91:
         fc:b6:fb:30:fd:a9:0e:99:02:48:12:92:e2:f3:8d:0d:c2:70:
         fb:ba:86:bf:9e:ca:03:7e:d6:19:8b:e2:09:c2:5e:af:1c:06:
         c9:88:fd:32:bf:30:3d:5c:76:02:1e:9b:f9:66:d6:05:76:62:
         b3:c8:f2:25:6f:b5:c9:11:16:d6:48:55:21:b5:46:1b:ad:4d:
         2f:1f:a4:95:ba:3e:65:34:d7:64:98:82:aa:20:0a:2d:ff:b7:
         f7:d3:19:b9:81:39:5b:de:87:99:b1:3c:32:52:23:09:18:1e:
         3e:bc:ee:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJPECPQ1+ebZwHwkmIxxXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTAyMTc1MTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGU1MjFlYWU0YmU2OWM5ODdlMDRhMmRmMTU2Mjk5NmM1ZDRlNzhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1A8qzr8TXBh6U+uLR1pySHEM9K0X
vynZ+7yZuFtB9IeRbXqmL6EMdXwgiODngdHFaHet5gmKC3WMcCDqJ1xOS4B5t1MC
AL47/oNieCyj7e/LWoQ7YApd3dzHDAWhYu/OX5XgLmLbY2SGRN8HNudyLRmx7JW/
3Va5r5oP7dTA0m2Ynj+FUQ4RU4p1PyT3461lbOcD35+8/bje2q0k0Sr+zPv46iIA
bJVzlyehKOsjzViVfp+bT7TCcMqTgk5Q2iptKKu1mbc+G3Y6oBuncwKADEDmnLoA
vgDhShORhk1FDBHfgZWRmaxgmN4bhP/8hMDKb7SB4qoYExLCWojgqrawvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFDlIerkvmnJh+BKLfFWKZbF1OeMMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvVU9VaDZ1Uy1hY21INEVvdDhWWXBsc1hVNTR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4UkMA0G
CSqGSIb3DQEBCwUAA4IBAQCPwBa/dgyE/sEQ4+zXLg3EexrPwP6JcFxprV1IZs8o
VcJrH9lmCOCEbrndaZXgwg/Dlzi5kAvOtLAckwy1/2A36Q/ksU3xk/cZoFQVN+GK
cLBEpFzUrAVMnlWNKOl4ho7CtynqRUALmkVGjJ0JhUf8qRrY6cKYgWicPchhoaja
VP+QoXV+OzmNbhPYXMsHR5H8tvsw/akOmQJIEpLi840NwnD7uoa/nsoDftYZi+IJ
wl6vHAbJiP0yvzA9XHYCHpv5ZtYFdmKzyPIlb7XJERbWSFUhtUYbrU0vH6SVuj5l
NNdkmIKqIAot/7f30xm5gTlb3oeZsTwyUiMJGB4+vO50
-----END CERTIFICATE-----