Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/8a90d9-948a-46c2-977a-643f02daeb9e/1/0ehbELwlxIROAJUXnHI7q0hHZvU.roa
File:                     0ehbELwlxIROAJUXnHI7q0hHZvU.roa (raw, json)
Hash identifier:          I3OhyXjmUaPoDinsu8stBnr83W6cuJYkPeqcRDRwksw=
Subject key identifier:   D1:E8:5B:10:BC:25:C4:84:4E:00:95:17:9C:72:3B:AB:48:47:66:F5
Certificate issuer:       /CN=5aae19678aa37525512229a94e7890147183273c
Certificate serial:       019420680DFD6F5731328370969E9BE55EDF
Authority key identifier: 5A:AE:19:67:8A:A3:75:25:51:22:29:A9:4E:78:90:14:71:83:27:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wq4ZZ4qjdSVRIimpTniQFHGDJzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/8a90d9-948a-46c2-977a-643f02daeb9e/1/0ehbELwlxIROAJUXnHI7q0hHZvU.roa
Signing time:             Wed 01 Jan 2025 05:47:57 +0000
ROA not before:           Wed 01 Jan 2025 05:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51021
IP address blocks:        195.182.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/8a90d9-948a-46c2-977a-643f02daeb9e/1/Wq4ZZ4qjdSVRIimpTniQFHGDJzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/8a90d9-948a-46c2-977a-643f02daeb9e/1/Wq4ZZ4qjdSVRIimpTniQFHGDJzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wq4ZZ4qjdSVRIimpTniQFHGDJzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:0d:fd:6f:57:31:32:83:70:96:9e:9b:e5:5e:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5aae19678aa37525512229a94e7890147183273c
        Validity
            Not Before: Jan  1 05:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d1e85b10bc25c4844e0095179c723bab484766f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:a9:f5:9d:65:1a:df:3f:ea:eb:74:a0:b9:d5:
                    a4:df:ff:8e:cf:a2:11:c6:5f:32:79:03:63:6b:6f:
                    f5:b3:5e:50:46:88:e0:18:8c:93:ab:7d:21:2f:c3:
                    4e:d8:09:c0:3f:7d:8b:a0:cd:c5:ef:3e:29:bb:a1:
                    78:96:dd:b5:d7:62:08:d8:45:bd:e3:c0:f3:d6:36:
                    0c:28:7b:be:b7:17:10:20:97:64:0e:b8:79:08:ab:
                    8a:fc:29:22:cc:47:0b:67:0e:0b:01:64:36:7e:f8:
                    f9:01:70:5a:af:aa:1f:96:68:66:3a:5b:aa:42:57:
                    83:8c:cc:6b:85:22:ba:21:d7:09:b4:ee:59:c9:ff:
                    cd:8b:5a:4c:f5:55:74:7b:8c:79:c4:b5:eb:8f:d8:
                    f6:33:2f:af:3b:91:ae:c6:60:6c:0f:a4:e0:c9:52:
                    61:b1:94:1b:7b:ce:ed:79:41:10:7c:1a:27:d6:45:
                    b8:47:60:11:d2:e1:da:3f:6b:26:a3:3f:ec:3d:bc:
                    78:9d:38:65:28:85:40:63:9e:10:ef:b8:ff:3f:26:
                    51:91:20:df:69:12:15:82:af:4f:c3:4e:fc:76:ec:
                    e8:01:7a:43:dc:66:d3:fd:18:bd:86:6c:8f:dc:de:
                    7c:d0:6e:2a:ed:b6:b8:24:33:47:d7:5e:12:00:13:
                    c4:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:E8:5B:10:BC:25:C4:84:4E:00:95:17:9C:72:3B:AB:48:47:66:F5
            X509v3 Authority Key Identifier:
                keyid:5A:AE:19:67:8A:A3:75:25:51:22:29:A9:4E:78:90:14:71:83:27:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wq4ZZ4qjdSVRIimpTniQFHGDJzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/8a90d9-948a-46c2-977a-643f02daeb9e/1/0ehbELwlxIROAJUXnHI7q0hHZvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/8a90d9-948a-46c2-977a-643f02daeb9e/1/Wq4ZZ4qjdSVRIimpTniQFHGDJzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.182.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:c5:14:b8:5c:47:1e:c0:5b:cc:7a:20:9b:e3:3c:2e:88:bd:
         a4:d8:89:e7:85:02:38:7f:7e:73:14:ae:bf:34:f1:e2:c2:5f:
         27:5f:ed:95:98:0b:4d:c9:1d:90:25:a4:4c:1c:ac:13:52:a4:
         b8:93:6f:34:3e:13:bb:94:6b:30:45:ca:3c:aa:60:a1:b5:61:
         cc:e6:17:97:18:1c:bd:4f:5e:d8:f1:2f:9c:0d:54:4b:60:1e:
         4f:0c:43:1d:d8:48:c8:c6:4d:00:e4:51:3c:a0:9c:5d:d6:c5:
         78:6f:43:8b:ae:4c:1f:68:69:bb:54:d4:f8:62:2b:68:3b:fa:
         2e:21:54:44:a8:4b:63:95:88:85:ac:8c:83:02:79:d3:e3:b9:
         dc:5a:fa:69:6e:37:42:e2:c3:f7:13:7c:4d:72:05:9e:d6:3a:
         c3:ca:42:dd:de:18:7e:3b:35:81:fd:68:54:b4:91:c3:87:a6:
         b8:7a:e3:c0:29:b9:22:3b:90:a9:a5:67:ee:c9:d9:9b:84:15:
         7f:47:46:3b:00:44:da:53:9c:03:cd:eb:3a:06:4d:88:d3:af:
         41:d0:1c:12:3b:ad:be:33:cc:48:09:e3:f1:06:dd:4e:81:cf:
         b5:0c:be:3c:e5:f7:77:b2:bf:df:e8:de:2e:05:59:79:19:b7:
         17:94:b2:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaA39b1cxMoNwlp6b5V7fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhYWUxOTY3OGFhMzc1MjU1MTIyMjlhOTRlNzg5MDE0NzE4
MzI3M2MwHhcNMjUwMTAxMDU0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWU4NWIxMGJjMjVjNDg0NGUwMDk1MTc5YzcyM2JhYjQ4NDc2NmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnqn1nWUa3z/q63SgudWk3/+Oz6IR
xl8yeQNja2/1s15QRojgGIyTq30hL8NO2AnAP32LoM3F7z4pu6F4lt2112II2EW9
48Dz1jYMKHu+txcQIJdkDrh5CKuK/CkizEcLZw4LAWQ2fvj5AXBar6oflmhmOluq
QleDjMxrhSK6IdcJtO5Zyf/Ni1pM9VV0e4x5xLXrj9j2My+vO5GuxmBsD6TgyVJh
sZQbe87teUEQfBon1kW4R2AR0uHaP2smoz/sPbx4nThlKIVAY54Q77j/PyZRkSDf
aRIVgq9Pw078duzoAXpD3GbT/Ri9hmyP3N580G4q7ba4JDNH114SABPE3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNHoWxC8JcSETgCVF5xyO6tIR2b1MB8GA1UdIwQY
MBaAFFquGWeKo3UlUSIpqU54kBRxgyc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3E0Wlo0cWpkU1ZSSWltcFRuaVFGSEdESnp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS84YTkwZDktOTQ4YS00NmMyLTk3N2Et
NjQzZjAyZGFlYjllLzEvMGVoYkVMd2x4SVJPQUpVWG5ISTdxMGhIWnZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS84YTkwZDktOTQ4YS00NmMyLTk3N2EtNjQzZjAyZGFlYjll
LzEvV3E0Wlo0cWpkU1ZSSWltcFRuaVFGSEdESnp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7YqMA0G
CSqGSIb3DQEBCwUAA4IBAQBVxRS4XEcewFvMeiCb4zwuiL2k2InnhQI4f35zFK6/
NPHiwl8nX+2VmAtNyR2QJaRMHKwTUqS4k280PhO7lGswRco8qmChtWHM5heXGBy9
T17Y8S+cDVRLYB5PDEMd2EjIxk0A5FE8oJxd1sV4b0OLrkwfaGm7VNT4YitoO/ou
IVREqEtjlYiFrIyDAnnT47ncWvppbjdC4sP3E3xNcgWe1jrDykLd3hh+OzWB/WhU
tJHDh6a4euPAKbkiO5CppWfuydmbhBV/R0Y7AETaU5wDzes6Bk2I069B0BwSO62+
M8xICePxBt1Ogc+1DL485fd3sr/f6N4uBVl5GbcXlLJz
-----END CERTIFICATE-----